This Transcript is Unedited



Subcommittee on Standards and Security

December 10, 2004

Room 705A
Hubert H. Humphrey Building
200 Independence Avenue, SW
Washington, D.C. 20201

Proceedings By:
CASET Associates, Ltd.
10201 Lee Highway, Suite 160
Fairfax, Virginia 22030
(703) 352-0091


P R O C E E D I N G S [8:57 a.m.]

AGENDA ITEM: Call to Order, Welcome and Introductions – DR. COHN, Chair

DR. COHN: Okay, we’re going to get started here in just a
minute. I believe we’re both on the Internet and we have John Paul Houston on
the phone, is that correct?

MR. HOUSTON: I’m here.

DR. COHN: Oh, good. Thank you for joining us.

Okay, good morning. I want to call the meeting to order.

This is the third day of three days of meetings of the
Subcommittee on Standards and Security of the National Committee on Vital and
Health Statistics. The Committee is the main public advisory committee to the
U.S. Department of Health and Human Services on national health information
policy. I’m Simon Cohn, Chairman of the Subcommittee, and the Associate
Executive Director of Health Information Policy for Kaiser Permanente.

I want to welcome fellow subcommittee members, HHS staff and
others here in person, and I also want to welcome those listening in on the
Internet and on the phone lines, John Paul.

I also want to remind everyone to speak clearly and into the
microphone. This morning we begin with a HIPAA update. It’s been a while since
we’ve had a chance really to discuss the progress of the HIPAA rules and it’s,
I think, an opportunity for us to reflect on how the implementation is going.

Also, the Subcommittee on Privacy and Confidentiality recently
had a half-day session specifically on security, and part of the HIPAA update
is, I think, directed at asking questions and getting some clarification about
advisories and other aspects of the security implementation, knowing that we’re
just a couple of months now from the actual full implementation of that rule.
And for that reason we have our corresponding member who is really the security
lead, John Paul Houston, on the phone joining us for this first session.

This will be followed by an update by industry work groups on
progress to improve the e-prescribing standards. As many of you will remember,
the NCVHS recommendations called upon the industry to work together to improve
e-prescribing standards in a number of areas, including codified SIG, the
development of standards for transmitting formulary and benefits information,
and then the issue of harmonization of HL7 and NCPDP e-prescribing
transactions. We have representatives here this morning to give us updates on
all those activities.

After the break, we have an open microphone, then we move into
subcommittee discussions primarily related to what we’ve heard over the last
couple of days and discussions of next steps, including our January and
February meetings.

The intent is that we will adjourn no later than 12:30.

I always want to thank Jeff Blair, our Vice Chair, for his
leadership in all of this, and Maria Friedman, without whom we would not have
been able to put things together over the last two and a half days of very
interesting testimony.

I want to emphasize, of course, that this is an open session.
Those in attendance are willing to make brief remarks and will ask questions on
any of the issues coming before us today.

Finally, for those on the Internet, we welcome letters and
email on any of the issues coming before us.

With that, let’s have introductions around the table and then
around the room, and John Paul, we’ll ask you also to introduce yourself. For
those on the National Committee, I would ask if you have conflicts of interest
relating to any issues coming before us today, if you would indicate that
during your introduction.

And John Paul, since you’re on the phone, why don’t you start
with the introductions.


No Conflicts of Interest Expressed]

DR. COHN: Now, our first representative is Nathan Colodney.
Nathan, a couple of days we welcomed you to the subcommittee for your first
meeting, and obviously today we get to welcome you for your first presentation
to the subcommittee, I’m sure of what will be many to meetings with us as well
as the full Committee.

I think, as all of you know, Nathan is the new Director of the
Office of HIPAA Standards and CMS. Obviously, we want to thank you not only for
joining us the last couple days but obviously taking time to give us his
presentation, so thank you.

AGENDA ITEM: HIPAA Implementation Update –

MR. COLODNEY: Thank you very much, Simon.

I’d like to go through a couple of the compliance and future
regulations that are upcoming.

On the TCS compliance, we’ve had a total of 270 complaints, of
which 123 remain open; the remainder have all been closed. I think we’re going
through those at a fairly consistent rate and addressing them as they’re

Eighty percent of the complaints have been against private
sector organizations. The reasons for these complaints fall into several
categories – 43 percent of them deal with trading partner agreements, 38
percent deal with the rejection of a compliant transaction, 12 percent deal
with the rejection of a compliant code, three percent deal with the receipt of
a non-compliant transaction, and the remainder cite companion guides or
violations of the NCPDP standards.

As to Medicaid compliance, 16 states are compliant.
Thirty-four states remain under a contingency plan. Eleven of those states plan
to lift the contingency by the end of this month. The state of Maine continues
to be unable to accept HIPAA compliant transactions. It is the only state
unable to do so.

Ninety-eight percent of the inbound claims are compliant into

As for the private sector, we currently have no new data from
industry sources.

As for future regulations, we have the enforcement proposed
regulation coming out expectedly in the first quarter of calendar year ’05.
This will detail the procedures for the enforcement of HIPAA. It will also
detail how violations will be determined and penalties will be calculated under
the regulation.

The claims attachment proposed rule is expected to come out
also in the first quarter of calendar year ’05 and it proposes the adoption of
standards for electronic claims attachments.

A notice of CMS complaint procedures is expected to be
published in the first quarter of calendar year ’05, the Federal
notice of time frames for complaint investigation procedures.

We also have the national plan ID proposed rule adopting
unique identifiers for each health plan and that’s expected to be published in
the summer of 2005.

And then we have a regulation concerning – or a
modification of the electronic TCS proposed rule which proposes a series of
policy updates to the initial TCS regulation. That’s expected to be published
in the summer of ’05.

I’d like to say a few words about the security regulation
which is of course mandatory as of April of ’05. We held a roundtable in
November and had approximately 2100 participants.

An overarching theme that came out was a desire for
information on technical standards, that is, minimum technical standards, which
of course the regulation forbids us from giving, given that it’s all based on
the risk assessment of each covered entity, and each covered entity must take
appropriate security precautions relative to the risk to determine in the risk

Unfortunately, organizations would like us to come out with
specific minimum technical standards – for example, minimum authentication
standards – which we cannot do, so this continues to be a recurrent theme.

If there are any questions from the subcommittee, I’d like to
entertain those.

DR. COHN: Sure. Are there questions from the subcommittee
before we move on to John Paul? Yes, Jeff?

Questions, Answers and Comments

MR. BLAIR: Nathan, welcome. This is the first time you’ve been
able to take this role in front of our subcommittee here.

One of the questions that we often hear from the vendors and
the networks and the folks involved with e-prescribing, and I’m not sure that
you’ll be able to give a definitive answer at this time, but they sort of
wonder when HHS, CMS would be able to provide guidance for the pilot tests.
Whatever plans you might have that you could share with us I think people would
be interested in.

MR. COLODNEY: Well, we’re currently looking into – are
you referring specifically to the pilot tests for e-prescribing?

MR. BLAIR: Yes – I’m sorry.

MR. COLODNEY: We’re currently looking into those. I think the
first thing we need to do is determine if there’s a standard that’s out there
that we can accept; if not, then to plan the pilot test.

So I think to talk about the pilot and get too much into
detail may be a little bit premature at this point in time.

MR. BLAIR: Okay.

MR. COLODNEY: I think we’ll have a much better idea perhaps by
the next meeting.

MR. BLAIR: Okay.

DR. COHN: Okay, let’s move back to HIPAA, if we can. This is
on HIPAA, Mike?


DR. COHN: Okay, good.

DR. FITZMAURICE: Last July, the CMS announced that they had a
new compliance procedure. It went into effect July 1st. Is there
going to be a change in that compliance procedure, the extending 15 days will
delay payment if it’s a non-compliant transaction?

MR. COLODNEY: I’m unaware of any changes right now. However, I
would warn you that I’ve only been there for all of six weeks, so there may
have been things that have been said or things that are planned that I have not
yet been briefed on.

DR. FITZMAURICE: Okay. And do you know who’s responsible for
the implementation of the pilots that Jeff asked about? Is that the
responsibility of the Office of HIPAA Standards or is it the responsibility of
some other place that we should know?

MR. COLODNEY: Planning those will be the responsibility of the
Office of HIPAA Standards.


DR. COHN: Please, Harry?

MR. REYNOLDS: Nathan, do you have any statistics on the
inquiry transactions, 27Xs, you know, 271, which would be eligibility response,
and 277, which would be claims response?

MR. COLODNEY: The only one I have – I have 835, which is
65 percent. I don’t have a further breakdown.

MR. REYNOLDS: And what’s the status of CMS’s implementing
their single clearinghouse?

MR. COLODNEY: To be honest, I’m unaware of that. I can get
back to you.


DR. COHN: Yes, and certainly you have our congratulations on
moving to 98 percent compliance with the 835, which is very impressive –
837. I’ll wake up here eventually. I think we’ll start moving to two-day
hearings for next year!


DR. COHN: John Paul, obviously we have you on the line –


DR. COHN: — because we wanted to talk some about the security


DR. COHN: And maybe I’ll start out, and I don’t know, John
Paul – I’m sure you probably have some other questions.

MR. HOUSTON: I do. But is that surprising to you?

DR. COHN: What?

MR. HOUSTON: Is that surprising?

DR. COHN: No, that is not surprising. Well, let me just start
out and just ask a couple of questions.

I mean, we know a couple of months ago we had an update from
Stan Nachimson about the security rule and we heard that there were plans for
various advisories to be coming out on a couple of problematic issues, and we
were just sort of curious about any updates about advisories that have come out
at this point.

MR. COLODNEY: We are currently working those and staffing them
within the Department.

DR. COHN: Okay. Now, John Paul, do you have a couple of

MR. HOUSTON: Sure. I do. I have a general question and I have
a couple specific ones specifically related to our testimony of a few weeks

You had indicated that the overwhelming theme of the
discussion was the desire to have technical standards, which I agree with you,
you know; not only can you not do but I don’t think necessarily should try to

Were there other themes, because frankly from my end and from
everything I have read and tried to understand about the issue and from my own
organization’s implementation of the security rule which I’m responsible rule,
really the silence has been deafening in terms of issues. What other themes
have you heard of?

MR. COLODNEY: The only one that really came out was just the
desire for minimum technical standards. I would say about 90 percent of the
questions on that conference call, on that roundtable, consisted of requests
for specifics – that is, does this solution satisfy this provision? And we
could not address those.

MR. HOUSTON: But were there any discussion or desire to ask
for any type of delays?

MR. COLODNEY: I did not hear any.

MR. HOUSTON: Okay, so nobody was screaming that this was an
unworkable deadline?

MR. COLODNEY: I have not heard any expressions of an inability
to comply by the April deadline.

MR. HOUSTON: Okay. But I have a specific question. We had held
testimony a number of weeks ago regarding medical equipment specifically, and I
think one of the themes that came out of that meeting was that

HIPAA’s been perceived as a stumbling block for the use and
implementation of medical devices and that the bulk of medical equipment out
there today that in some way stores medical information has some type of
security limitation whether that be because of simply the design of the
equipment or because of potential FDA regulation and the like. And one vendor
even indicated it would take five years in order for the medical equipment in
general to become HIPAA compliant by a strict reading of the rule.

I’d be interested in hearing your comments on that.

MR. COLODNEY: I had a chance to review the FDA paper on that
matter, and it’s my understanding that the first – and please correct me
if you believe otherwise – that the primary problem deals with equipment
that is connected to the network as opposed to stand-alone equipment and that’s
because at least as far as the FDA understood it, the security really stems
from the connection to the outside world as opposed to a stand-alone, protected
system, and that the patches for those would be considered normal and not
requiring further approval from the FDA unless it totally changed essentially
the composition of the equipment.


MR. COLODNEY: And therefore in my mind I wouldn’t see any
significant problem unless the equipment manufacturer were to say that there is
a significant risk to the network that they cannot fix through a patch and that
the patch would take years to correct.

MR. HOUSTON: Well, I think there were a number of cases, and
by example, where equipment may store – even if it’s not network-attached
– may store protected health information but may not even have such
rudimentary things as user log-in. It’s just a device that you turn on, you
use, it’s stores equipment but doesn’t really have any inherent security to it.
That was, I know, one of the points that was brought up; I don’t know if it was
in the testimony or in a side conversation. That was clearly something people
were concerned about in terms of compliance.

MR. COLODNEY: I believe those sorts of matters will require
further discussions to determine the risk posed against versus what the
regulation requires.

MR. HOUSTON: Okay. Do you have any thoughts – again, I
heard, at least from a number of people, that there was sort of this thought
that five years was really a realistic time frame for some of this equipment to
either phase out of the inventory and be replaced by equipment that could meet
the requirements of the security rule. Is there any thoughts on that?

MR. COLODNEY: I haven’t had a chance to talk to any of the
manufacturers, although I’d be particularly interested in doing so,
particularly some of those who have a significant market share, to share what
they have to say and their approach to doing it so that we could take this into
consideration when trying to craft a solution and determine what’s appropriate.

Obviously, I don’t think we’d want to be unrealistic with
manufacturers but we certainly want to make sure they’re going down the correct
path and then assess everything and strike a balance in how we approach this.

DR. COHN: And John Paul, let me chime in also on this one just
because I was also at the hearings, as was Harry. I think what we heard a lot
was that anything that’s currently produced is pretty much okay was done with
the knowledge of HIPAA security and has the appropriate safeguards and
approaches, so from their view everything from the last year is probably okay.

The problem is that there’s a large part of the industry that
has equipment that’s a little older than that, and so the question gets to be
around remediation. Do you remediate? Can you remediate? Do you necessarily
have to take things out of use just because of HIPAA security, that they’re
otherwise good pieces of equipment, especially if you’re in a situation where
the equipment was neither software nor the equipment was designed with the
HIPAA principles in mind?

And this is, to our view, sort of a complex issue but one that
needs some clarification.

MR. HOUSTON: That’s a good clarification, Simon. I appreciate
you saying that.

MR. COLODNEY: I think that this area is particularly sensitive
given the relationship to patient care versus so much of the remainder of the
HIPAA regulation which was more administrative support and administrative
management. Certainly, obviously, security access to clinical systems is of
concern and clearly envisioned during HIPAA.

But I think those systems are not as direct into patient care
when you talk about – I recall, for example, from the FDA paper, talking
about a ventilator, and although a ventilator doesn’t maintain any sort of
information on the patient, certainly any sort of equipment like that that may
pose a security risk because it does maintain some sort of data on the patient
I think it’s a little different than the other sorts of equipment we envisioned
when HIPAA was originally written and therefore requires a slightly different

MR. HOUSTON: I think we want to make sure there’s clarity on
this subject because I think some people read the HIPAA security rules very
strictly and say, okay, this medical equipment, you know, HIPAA applies to it
and it can’t be remediated.

MR. COLODNEY: Again, I think we just need to take a look at
that for further discussion.

DR. COHN: Okay. Well, I think probably the purpose of this
conversation was to raise the issue. We were trying to decide, and are trying
to decide, whether we need to send some sort of an emergent letter to CMS to
raise this issue but we thought a conversation would sort of may be a lot more
timely than a letter. Harry?

MR. REYNOLDS: Yes – if I read it correctly and we’re doing
it correctly, the security rule says that by March, or May –


MR. REYNOLDS: That’s right.

MR. COLODNEY: We’ll negotiate!


MR. REYNOLDS: — by April you have to have done an assessment
and you have to have put forth a plan on how you’re going to have everything

MR. COLODNEY: I believe you have to remediate the deficiencies
that you found during your risk assessment.

MR. REYNOLDS: Right, okay.

MR. COLODNEY: Correct.

MR. REYNOLDS: So any guidance, I think, that could come out as
you look at these issues, and any guidance you could come out with about these
subjects like this medical equipment or any other that come up would help
people understand if they could put a plan together or just what would happen
because it is a short time frame between now and then and that does have a lot
of people pretty concerned as to exactly what that is.

You guys have done a great job on the FAQs and a great job on
the other stuff with the transactions and I think this would be a good one to
step up on and really –

MR. COLODNEY: I know we have some documents in the works that
we’re looking to try to get out as soon as practical.

MR. HOUSTON: To follow up on Harry’s comment, too, by the way,
I’m somewhat delinquent in getting the letter drafted from the last set of
hearings. Unfortunately, my schedule has been pretty bad. So I’m hoping to get
that done over the next week, for at least for draft.

DR. COHN: Yes, well, John Paul, we do understand and we’ll look
forward to your draft comments.

I guess from my view just generally, Nathan, I know you’ve only
been doing this for six weeks and it’s sort of tough to have you jump in and
suddenly you’re not responsible for all of this but I think most of us who have
been through all these HIPAA regs sort of know that as we move to three, four,
five months before a regulation implementation, suddenly we discover all of
these things and it isn’t intentionally that people have been ignoring them or
otherwise but suddenly the urgency increases because there is a deadline, as
you well know, and so I think what we’ve often called for in previous HIPAA
regs is usually a sort of a hurry up process, you know, like the two-minute
offensive in the last part of a football game, so that we really can give
everybody as much notice as possible about this and really move quickly to
clarify any of these sorts of – sometimes they’re odd issues, sometimes
they’re actually full industry concerns.

I do applaud you for having open roundtables on a frequent
basis with the industry but I think you have to be prepared that even though
you may not be hearing a whole lot at this point, you may be surprised at what
you hear starting in January or February as people really, I mean to say, get

MR. COLODNEY: No, I really wouldn’t be surprised! [Laughter.]

DR. COHN: Okay, you wouldn’t be surprised. And I guess my hope
would be that we’re in a mode where we can be very responsive in terms of FAQs
and advisories.

MR. COLODNEY: We are prepared, based on past experience, with
the transaction code sets to handle a significant increase in questions and to
help the industry address these problems that they face as they get closer to
the mandatory date.

DR. COHN: Okay. Well, thank you. We do appreciate that. Harry?

MR. REYNOLDS: Yes, one other comment. I think it’s actually
been good that there hasn’t been a lot of major issues come up to date because
if you think of the way most people approach this, they approached it by
looking at the security of their perimeter first, and then they went in, as you
aptly put it, and looked at their administrative systems, and now they’re
starting to trace out through their network.

And so obviously there haven’t been major stumbles over the
first two, which could have equally been as large subjects, if not more
significant subjects, than what we’re finding at the end of the network, into
the internal network.

MR. COLODNEY: And that’s not really any great surprise because
I think as a former CIO, one of the last things I would think of would be the
actual clinical systems that are used for patient care as opposed to any sort
of administrative systems. And we typically don’t think about those as storing
data on any of the software that run them.

MR. REYNOLDS: So, Simon, different than the other regs, I think
it’s good that there hasn’t been significant findings or significant uproar in
the industry to this point. And the only uproar to date is at the very end of
networks where it would have been maybe in some cases the last places you’d

MR. HOUSTON: But Harry – Harry, this is John. I think one
thing that I’ve heard that was just sort of people have got sort of burned out
on HIPAA and I think also some of the reason why we haven’t heard as much,
which right or wrong I think is occurring.

DR. COHN: Well, Harry, maybe I need to understand, John Paul, I
need to understand that a little better. What do you mean by “burn out on
HIPAA?” I can imagine people being really still focused on getting all the
administrative and financial transactions –

MR. HOUSTON: I think that’s probably more correct. I mean, I
think what’s happened here is this security is – I think people have taken
a lot of time on privacy on the transaction standards and I think a lot of
people simply are just – it’s just another piece of HIPAA and they’re
spending so much effort on other things that it hasn’t gotten a lot of
attention the way that the other rules have. “Burn out” has been a
term I’ve heard used by a number of people. In articles, too.

DR. COHN: Harry, and then Jeff.

MR. REYNOLDS: The one interesting thing, though, that
security’s probably a little different than any of the other HIPAA issues is
most people already have security. They didn’t have transactions in code sets
and they didn’t have some of the other stuff. Most every institution has some
security, so most people have gone through audit after audit after audit with
security and so now it’s just conforming to what this reg was much as anything
and John, I agree with you, and some people say, well, I got enough security,
and then when they finally look at the detail, they may have to do some things
differently, so you’re right.

MR. COLODNEY: Harry, I might be included to agree with you in
part. Yes, everybody has security, but as we find out, as we found out with
other industries, although they had security, people, as you said, really
weren’t meeting the standards that exist today. You know, typical industry-wide
standards. When I say industry-wide, I’m talking about the security industry.

And so when people do their risk assessment, they’re looking
– okay, what do I do? And also now, people are delving into more detail on
what’s expected on security rout, the corporate world in general.

I think within the last three years we’ve seen such a
significant development in information security and an emphasis put on it not
just with the HIPAA regulation but security out in other industries after we’ve
seen security breaches and other problems, security accidents, and with the
increasing complexity and sophistication of the equipment and of hackers, that
people are reacting to it now and it’s becoming a far more sensitive area.

And certainly health care organizations are finding a need now
to perhaps hire chief security officers, specifically, CISSPs, if they can find
them. Certainly, the development and further increase in the number of CISSPs
is in itself something that’s relatively new to industry. We didn’t find the
numbers that we have now three, four years ago when a lot of this was
originally conceived.

We find security overall changing throughout our country, you
know, the increased emphasis put on it within the government itself.

MR. REYNOLDS: But I would say that the HIPAA security rule is
less invasive than Sarbanes-Oxley and some of the external auditors, in many

MR. COLODNEY: I would agree to less invasive in that it’s less
prescriptive, but it may not be less invasive if a good risk analysis is done.
So the emphasis is really what’s done during a risk assessment.

If you do a shabby risk assessment, you’re going to say, yes,
it’s not really invasive. If you’re really scrutinizing your security and doing
a solid risk assessment, the standard should not be any different.

The only difference is that Sarbanes-Oxley comes out
specifically and says “you will do X, Y and Z,” much like in the
federal government we have the Federal Information Systems Management Act which
– it’s somewhat like HIPAA in that it doesn’t get prescriptive, but I
think the federal government has certainly come down saying, hey, we have
certain expectations depending on the risk you find. And we all know across the
security industry that there are generally certainly acts you take to prevent
certain threats. How people want to scrutinize those threats is up to the
individual institution.

MR. REYNOLDS: I was actually complimenting CMS. I don’t think
it’s that invasive of a law —


MR. REYNOLDS: — compared to the other stuff.

MR. COLODNEY: Are you advocating the application of
Sarbanes-Oxley across the health care industry?


MR. REYNOLDS: No, I want it clearly on the record I did not say


DR. COHN: Jeff, I think you have a question?

MR. BLAIR: Yes. Nathan, I’d like to introduce a different
perspective to this entire activity that I think tends to get lost because as
we begin to go through the regulations for the HIPAA financial administrative
transactions and all the identifiers and all the code sets that support them
and we get concerned about compliance and we get concerned about complaints,
which all of those things we have to do, but if there’s any opportunity for CMS
to gather data on the success and the benefits that are being achieved by the
industry by moving this portion of the health care industry into the
information age, I think that that is very much needed.

My comments are equally true, and may be even more true, in
terms of the privacy regs for HIPAA where there’s a lot of complaints that are
heard in the industry about the burden of compliance but there’s very little
public relations about the improvement of privacy. This is not your area, I
understand, but I’m just giving it as an example, and the public just doesn’t
realize the importance and the achievement and the improvement to the privacy
aspects of their health information.

By the same token, I think the nation really doesn’t know what
is being achieved by the level – what the compliance means, what the level
of compliance means. What are the benefits?

And if there’s any way to measure either cost savings, time
savings, other efficiencies that have come out of this transformation, I think
that that is equally if not more important than all of the data that we have
about compliance and complaints in helping the industry make the

MR. COLODNEY: I would agree with you, Jeff. I know on my side
of the HIPAA house, I’ve asked my staff to start to look at those so we could
tell people, tell the industry, why it’s important as well, the public and the

As far as the privacy side, while I can’t really talk to that,
I can tell you that I think there is a misunderstanding on the part of the
public as to what HIPAA is. I know when I first told my parents I was taking
this job, their reaction was: “You mean that stupid regulation that says
we can’t do this, this and this?” And I thought, Oh, God, yes. And then
they proceeded to launch into a 20-minute session on what’s wrong with HIPAA.

So I hear that from all over and I think they see obviously,
like most of us, we see those things that are negative but unless somebody
points out the positive, we naturally overlook them. And I think maybe we
haven’t done a very good job of pointing to the positive, assuming that people
inherently understand that, but that’s not necessarily always the case. People
don’t understand that.

Certainly, when we look at things like identity theft, if we
said, look, this prevents identity theft, it minimizes the likelihood of that
with your medical records, they might say, oh, yes, now we understand. But it
hasn’t necessarily been sold like that. We’ve been so busy trying to get the
industry to conform and getting it going.

I think you’re right. It may be the next phase that we need to
look at.

MR. BLAIR: Thank you.

DR. COHN: Harry, other questions? Okay. I guess one question
– I mean, you’d mentioned some FAQs and other advisories coming out of
there. You used the term “soon.” Do you want to get any more specific
than that?

MR. COLODNEY: I can’t.

DR. COHN: Okay. Well, great. Well, listen, we’ll look forward
to it. Expect that you’ll be probably receiving some additional communications
on the medical device area and we obviously just wanted to alert you and CMS
about the issue.

John Paul, do you have any comments or questions?

MR. HOUSTON: I don’t. Thank you very much.

DR. COHN: Well, thank you for joining us.

MR. HOUSTON: Thanks.

DR. COHN: Okay.

MR. HOUSTON: You all have a great holiday.

DR. COHN: And Nathan, thank you very much for the very
insightful presentation and discussion.

With that, let’s move into the industry work group update.

AGENDA ITEM: Industry Work Groups Update,
Codified SIG, Formulary and Benefits – MS. GILBERTSON

MS. GILBERTSON: Ready to roll? Hi, my name is Lynne
Gilbertson. I’m with the National Council for Prescription Drug Programs. I’m
here to provide testimony status on the NCVHS recommendations to HHS on
electronic prescribing for the MMA.

As a first statement, I want to say I’m very proud to
represent the numerous, numerous volunteers who are getting together, using
their time and effort, sharing their information, and working together really
to bring forth some industry collaborated standards.

I’m going to go very quickly through this document because as
you can see, it’s voluminous, but I had your time and it was time to give a
good status, so I’m going to shortcut the words that are in there and just go
to the highlighted areas.

Starting at Observation 3, which is the Prescription Messages
related to the fill status notification. The status on that is NCPDP Work Group
11 Prescriber/Pharmacist Interface formed a task group in August to work on
guidance for the Fill Status Notification transactions. The task group leader
is Teresa Strickland of Healthcare Computer Corporation.

The task group has met one to two times per week and is
building the guidance. Their goal is to provide implementation and operational
guidance to pharmacy and physician participants for the consistent utilization
of the Fill Status Notification transactions. Easy for you to say.

The guidance recommendation will be submitted for approval at
the next NCPDP work group meetings in March. If the guidance is approved, the
updates will be made to the SCRIPT Implementation Guide and that will go
directly to the NCPDP Board of Trustees for approval. Approval would occur
probably in the next month after that.

The guidance includes operational challenges such as automatic
triggering of fill status notifications, triggering on return to stock,
inferring pick up, privacy, liability, coordination with medication history, a
patient changing physicians, et cetera, all these different things that come
out of the woodwork.

Future steps may include some requests for modifications to
the SCRIPT standard.

Observation 4, which is the Coordination of Prescription
Message Standards. Ross will provide more update to that of the HL7-NCPDP
collaboration. We’ve been actively meeting two to three times per week to
continue working on this project.

Observation 5, the Formulary Messages – the
recommendation was an NCPDP standard for formulary and benefit information file
transfer using the RxHub protocol as a basis.

The status – in August, NCPDP Work Group 11
Prescriber/Pharmacist Interface formed a Formulary and Benefit Task Group led
by Teri Byrne of RxHub. The Task group consists of approximately 60 industry
representatives. They have met via conference calls and in a two-day
face-to-face meeting in November, which we were very proud CMS was able to

MultiMedia, RxHub and other companies have shared their
information as the starting basis so it start a kick start and jump started
quite effectively.

An aggressive work plan has been developed. The task group is
striving to submit a standard to NCPDP at the March, 2005, work group meeting.
The draft standard includes the sharing of formulary status lists with codes to
explain how to treat non-listed brand, generic, over-the-counter; whether the
drug is on formulary or preferred status, the relative value limit and other

It will list formulary alternatives, which is alternatives for
specific drugs – the source/the alternative.

Benefit coverage lists, conditions under which the patient’s
pharmacy benefit covers the medication.

Benefit co-pay lists, which is the extent to which the patient
is responsible for the cost of the prescription. The specification supports
multiple ways to state this cost, including flat dollar amounts, percentages,
and tier levels.

Cross-reference files for user-recognized health plan product
names to identifiers that are used within the Formulary, Alternative, Coverage,
and Co-Pay. Lots of cross-referencing meaning to go on.

There was much discussion about the identification of drugs.
The task group decided to support at this point multiple drug identifiers.
Further analysis will be done to understand how or if – that’s an
important “if” – RxNorm may be used and to what level it could
be qualified.

Observation 6, Eligibility and Benefit Messages – one of
the bullet recommendations was NCPDP’s efforts to create a guidance document to
map the pharmacy information on the Medicare Part D Pharmacy ID Card to the
appropriate fields in the X12 270/271 message that a prescriber might use to
inquire about eligibility in a pharmacy benefit.

Work Group 3 Standard Identifiers formed a task group led by
Todd Walbert of Walgreen’s and they are building their scope now. They are
collaborating with X12 Work Group 1 Health Care Eligibility as appropriate.

Observation 7, Prior Authorization Messages – one of the
recommendations: Developing prior authorization workflow scenarios to
contribute to the design of the 2005 pilot tests; automating prior
authorization communications between dispensers and prescribers and between
payers and prescribers in the 2006 pilot.

The status – NCPDP Work Group 11 Prescriber/Pharmacist
Interface formed a Prior Authorization Workflow-to-Transactions Task Group
during the November work group meeting. The task group leader is Tony Schueth
of Point of Care Partners.

NCPDP extended an invitation to X12N Work Group 10 Health Care
Services Review Co-Chairs and their participants to jointly work on prior
authorization from workflow to transactions.

The task group welcomes all interested stakeholders. Tony’s
been blasting emails throughout the industry lately.

The task group will work with X12N participation to understand
the identified gaps of medication prior authorizations in the 278 and recommend
modifications to the standard.

The task group will be working to understand the dialogue as
well, questions with answers, that is necessary for prior authorization

And it’s possible that this group may require support and
funding of face-to-face meetings or Webcasts. This group is specifically
looking at business flow, workflow, and then leading into the transactions and
all that and not doing it backwards.

Observation 8, Medication History Messages from Payer/PBM to
Prescriber – the recommendation was NCPDP standard for medication history
message for communication from a payer/PBM to a prescriber, using the RxHub
protocol as a basis.

The status – RxHub submitted what we would consider a data
maintenance, a DERF, a Data Element Request Form, at the November work group
meeting requesting that a medication history standard be approved by ballot and
it’s based on the SCRIPT standard.

The DERF was approved, with the modification that pharmacies be
included in the medication history flow so that basically any of the
participants can share as they deem appropriate, not just payer, or
payer-to-prescriber, but also pharmacy-to-prescriber, pharmacy-to-payer, so
just not distinctively only allowing payer-to-prescriber.

Although RxHub stated they didn’t have experience in pharmacy
sharing in this medication history messages, the standard is going to support
that exchange.

The request will be balloted, beginning in January, 2005; we’ll
adjudicate the ballot at the March work group meeting.

Observation 9, Clinical Drug Terminology – the
recommendation, include in the 2006 pilot tests the RxNorm terminology in the
NCPDP SCRIPT standard for new prescriptions, renewals and changes.

Status – in August, NCPDP spoke with NLM and asked if they
could help map some examples of what’s prescribed to what shows up at the
pharmacy and how the pharmacy would use it to show the flow of a prescribed
clinical drug using RxNorm through to the pharmacy dispensing of an NDC. We’ve
gotten a status a few months ago that they were looking at a contractor to do
that, but I don’t have any status of if those examples have yet been created.

During the November NCPDP work group meetings, a great
presentation was given by some of our members to help explain RxNorm in the
pharmacy vernacular. The presentation included mapping examples from RxNorm to
drug databases and discussed where gaps exist and recommendations to close
those gaps and how the standards might support it.

The Work Group 2 Product Identification formed a task group to
clarify more how RxNorm would be used in electronic prescribing, identify the
gaps in usage, and present recommendations to NCVHS during the January
subcommittee meetings, and we would like to be added to the agenda with that

And during the January NCPDP annual conference in March, 2005,
the NLM has accepted an invitation to speak on RxNorm.

Let’s see – there was a recommendation dealing with the
Structured Product Label, the SPL. During the NCPDP November work group
meetings, Dr. Randy Levin of the FDA presented on the SPL, which was followed
by a quite informative question and answer session.

Observation 10, Structured and Codified Sig, the recommendation
of NCPDP, HL7 and others, especially including the prescriber community, in
addressing SIG components in their standards.

The status – in August, NCPDP Work Group 10 Professional
Pharmacy Services created an Industry SIG Task Group. We had fun with that one
because the minute we sent invitations to HL7 folks, they said “special
interest group?” No, no, another kind of SIG!

Participants who testified on the SIG who were here at NCVHS,
for example, were invited as stakeholders, so I went through the Minutes and
anybody who mentioned they thought SIGs were a good idea got invited.

Over 50 members, including doctors, pharmacists,
representatives from SNOMED, ISMP, HL7, CMS, VA, NCPDP, pharmacies, health
plans, vendors, processors and clearinghouses are all participating, and ASTM,
yes, that’s right.

The task group leaders are Laura Topor of Allina Hospitals and
Clinics and Keith Fisher of SXC Health Solutions, Inc.

The task group began meeting in September and has met numerous
times to propose foundational working documents. CMS is very nicely sponsoring
the calls for us.

Some members of the task group were also able to meet during
the NCPDP joint technical work group meetings in Atlanta in November, and a
face-to-face meeting is being discussed with sponsorship by AAHSI HISB and

Some of the work they have doing, since this is a topic
everybody loves to talk about, is data gathering. Work by NCPDP, HL7, the
Continuity of Care Record, DrFirst and others have been reviewed. So anybody
who had any thoughts of how you codify or standardize SIGs were kind of thrown
into the pile.

The task group is research current medical practice management
systems to understand prescriber workflow and processes. They are looking for
potential consistency and efficiency between inpatient and outpatient settings.
The focus has been on U.S. activities right now, with an eye to international

Their scope definition and management – they want to
maximize the use of the standard for inpatient and outpatient whenever possible
to simplify the process for prescribers and pharmacies and to address safety

They accept that some SIGs won’t lend themselves to the
standard, but they’re focusing on either the 80/20 or the 90/10 rule, whichever
they come up with. An input from pediatric prescriptions is being sought. They
want to optimize technology by using computable fields.

The draft operating assumptions – there will be no
abbreviations in the SIG.

Leverage and maximize existing standard vocabularies, for
example, SNOMED, external code lists, and data dictionary.

Defaults may be overridden, for example, the verb
“take,” “apply,” et cetera, then the user may be able to
change that to something else, “dissolve under tongue,” for example.
Or if a system defaults a common set of instructions, 1 po 2 times daily, the
user must be allowed to change to “2 po 1 time daily” if desired. So
those are some fundamentals they’ve gotten out on the table.

Textual representation will accompany a codified SIG. And they
will have mathematical and computable options wherever possible.

The standard is about interoperability transfer, not interface
creation. The standard should be able to be incorporated into various standards
as applicable, such as HL7, NCPDP, et cetera.

The next steps – they have done a lot of work right now
with mapping common scripts into proposed formats. It began in November and the
task group is now reviewing. They’ve got lists of SIGs they’re just plowing
through to make sure base rules are applying to all sorts of strange looking

They are going to draft implementation guides for NCPDP and HL7
versions to demonstrate the flexibility of the model. It may be how you think
in the HL7 world, how you might think in the NCPDP world, and to help people
with a frame of reference.

They will continue their bi-weekly calls and schedule
face-to-face meetings as needed. And they’re still identifying other
stakeholders and developing communication plans for 2005 such as – they
listed TEPR, HIMSS, ASAP, et cetera.

The timeline – they’re headed for the January, 2006,
implementation; actually, they went backwards, excuse me. November, 2004, they
met, for those who could meet, at the NCPDP meeting. In March, 2005, they’re
going to meet again just as a spot; there may be other meetings, but this is
one spot where there’s quite a few stakeholders who just wanted to get some
work done face to face as well.

In summer, 2005, they want to release proposed standards for
coding and testing and they recognize that CMS and NCVHS has acknowledged that
the timeline does not allow for completion of the ANSI approval process but it
at least gets things going. And in January, 2006, be ready for implementation.
Pretty aggressive.

And they want to include the 2006 pilot tests as developed
through the SDOs.

Observation 11, Dispenser Information – this is related to
the NPI and just the status – SCRIPT supports the NPI; it has for quite a

Let’s see. There were no specific other action items along that
line for NCPDP.

Observation 12, Prescriber Identifier – the NPI again;
SCRIPT supports the NPI, as I mentioned, for both prescribers and dispensers. I
put a caveat just for myself, it also is a reminder, that there may need to be
input from industry participants for any modifications or clarifications to the
SCRIPT standard because the NPI has the lack of location specificity we talked
about in the last testimony. If needs are shown, we’ll process those requests
from the industry and move forward with the standard. It’s not a big deal. But
until the industry evaluates how the NPI is going to affect them for
registering or for identifying, or if it even does affect them because it’s at
a lower level in the transaction, I don’t have an action.

Observation 13, Pilot Test Objectives – there were no
specific action items for NCPDP.

Observation 14, Support for Standards Collaboration – same

Observation 15, Policies to Remove Barriers – no specific

Conformance Testing and Certification, Observation 16 – as
we noted during testimony when this recommendation was built, NCPDP is looking
for guidance on what exactly needs to be stated. We may already satisfy these
requirements in the standards; we don’t know. So that’s still an open issue.
Remember, we talked about what certification versus conformance and what are
the criteria and things like that.

Nest steps. Electronic signature we talked about the last two
days. If I’m interpreting where we ended up yesterday, NCPDP could offer to,
through one of our task groups, look at the ASTM appropriate documents and then
look at if they need to build guidance or what you might call the registration
process related to the e-prescribing. I’m not sure if that’s what the Committee
wants, but we could make that offer, to go back to the task group and say
that’s something the Committee would like us to look at.

The other item is a directory that would identify prescribers,
nursing facilities, pharmacies et cetera. The status is during the NCPDP
November work group meeting, Work Group 11, once again, created a Provider
Broadcast Task Group. Alan Smith of ProxyMed is the task group leader.

In the past, a standard was designed using the common segments
and fields from NCPDP SCRIPT but was abandoned because there were other things
going on that were more important at that point for the e-prescribing world.

Trading partners are using this draft standard, which is, once
again, based on SCRIPT, as their starting point. So the task group has been
sharing their each interpretation of the draft standard and they’re going to
bring forth a standard to propose to the industry. They don’t have a specific
timeline, but it’s going to be soon because they’re all – I mean, it was
amazing – they’re all in agreement.

So that’s the status.

DR. COHN: I guess I should ask the subcommittee: Do we want to
talk about this before we move on to the HL7-NCPDP coordination efforts, or do
we want to do it all at once?

MR. BLAIR: There’s so much that she had there.

DR. COHN: Yes, I know. That was sort of what I was sort of
thinking. Ross, I hope you don’t mind if we sort of get into this and then
we’ll talk about the coordination.

Questions, Answers and Comments

Jeff, did you have a question? And certainly I have a couple.

MR. BLAIR: Yes. I think that NCPDP and all of the vendors and
members of NCPDP deserve congratulations for the tremendous amount of work that
you have done. Then I guess personally I’d just add my personal thanks for the
way you have committed yourself to following through on NCVHS recommendations,
and just thank you.

MS. GILBERTSON: I’ll accept that on behalf of all the industry
participants and our wonderful task group leaders.

MR. BLAIR: It’s really a major achievement.

DR. COHN: Yes. It’s going to be very interesting to see what
you come up with. I’m actually very curious about how many SIGs you discover
after all is said and done.

MS. GILBERTSON: Yes, the chart’s growing as we speak.

DR. COHN: Yes, I can imagine. I did have one question –
this is almost more clarification because I don’t want to get into exactly
figuring out right this moment what NCPDP needs to do from our conversations on

But you used the term “registration function,” and I
found myself going – gosh, we talked about credentialing, we talked about
authentication, we talked about security, we talked about all of these other
things. What exactly do you mean by registration? Is that the credentialing
function or is that something else?

MS. GILBERTSON: Well, it’s interesting. When I hear the term
“credentialing,” I think what makes a doctor allowed to practice or
what makes a pharmacist allowed to practice. So I have trouble using the term

And so therefore we’re trying to understand what it is the
Committee thinks where something’s lacking or where we could improve something.

So we were thinking if there were guidance for what is the
minimum you need to be assured that you have gotten the right information and
established verification of a doctor allowed in the e-prescribing system, for
example, a pharmacy allowed in the e-prescribing system, or a pharmacist? And
that whoever is allowing the entry in – say, it’s the point of care vendor
or the pharmacy practice management system or something has these kind of
established procedures for allowing that user on. And things like after you’ve
gone through and validated you’re who you say you are and you’re not somebody
else, that there are controls like a user ID and a password, and that another
level could include a PIN and another level could include whatever else. And
those kind of trusts built of that base level that says this is at least the
floor of what you must have to verify or – guarantee is kind of a hard
word, but that you are only allowing the right allowed people through in this
e-prescribing process.

So I wasn’t sure if that was exactly what the Committee was
headed for or if that was one of the things you thought as an action, but it’s
something we thought we would bring forward.

DR. COHN: I don’t know if I have the answer to that one other
than at least I understand what you mean by registration. But others may have
comments. I don’t know if we want to solve this one.

DR. FITZMAURICE: Add me to the question list.

DR. COHN: I’ll add you to the question list. On this issue, or
something else?

DR. FITZMAURICE: On this issue, yes.

DR. COHN: Okay – Michael, and then – okay, Michael.

DR. FITZMAURICE: I also want to echo Jeff’s comments about
praise for the industry and for NCPDP for pulling a lot of this together and
putting a lot of resources into it.

I will note that in good part to Lynne Gilbertson’s
intercession – I’ll use intercession – and Maria Friedman’s
intercession – AHRQ was able to support in small part the Minneapolis
meeting of the Formulary Standard and we’re probably looking forward to
providing support and partnership with the industry to help keep this moving
along and to undertake things that might otherwise not be undertaken.

I have a question about your testimony. It says “NCPDP
extended an invitation to X12N Working Group 10 to work jointly on prior
authorization from work flow to transactions.” Was that invitation

MS. GILBERTSON: Oh, yes, very definitely.

DR. FITZMAURICE: So there is a firm and consistent pattern of
industry cooperation –


DR. FITZMAURICE: — and everybody is moving very rapidly to get
these standards in place, and we’re looking at the pilot date which is coming
up in just a little bit over a year. So again, much kudos and much appreciation
to the industry.

DR. COHN: Harry and –

MR. REYNOLDS: Yes, a comment on Lynne’s recommendation on the
registration and so on, exactly at least what I was driving at.

MS. GILBERTSON: It is, or is not?



MR. REYNOLDS: That part of the picture that was going on
yesterday – you know, what we talked about, the picture talking about
secure networks, talking about other things.

You mentioned the process of registration and then – you
have registration, then you have it going through the secure network and then
picked up by whoever it

is. That’s exactly – because as you look at – again,
back to our earlier discussion about, we talked some yesterday, about the whole
idea of Level 2 and Level 3. When you establish those guidelines as to what
kind of a password, what kind of PIN, those kinds of things that you’re talking
about, it’s allowing us to have the industry look some kind of a structure that
would allow it to fit into the things that we’re going to have to be able to
recommend, or CMS would recommend, or the Secretary would recommend.

And these are the basics. You’ve got to do these things,
because this whole idea of knowing who did it is really going to be one of the
trip points in this whole discussion. And I think the registration itself,
because that’s where the industry’s stepping up and saying, if we’re going to
interface with a system in a physician’s office, we’re going to require this
before we let anybody into the network, before they can send the prescription
over, before they can do this and before they can do that.

And then when the pharmacy gets it, they will know these
things, which gives them assurance that it is who it was.

That’s what I was looking for. So the picture’s great.

Then the next other step is: Do you have any further guidance,
and it might not be NCPDP, on exactly what types of standards for those secured
networks once they’re registered and once the data starts to flow? Is there
anything there? That’s where I was. That’s the whole place I was going
yesterday. So yes, that’s a nice first step.

MS. GILBERTSON: Well, something else I just thought of that
– since we all know and love him, I was looking at ENAC, and they’ve got
some guidance as well and I know it would be very willing to help with some of
those pieces.

DR. COHN: Steve, and then Jeff.

DR. STEINDEL: Yes, Lynne, I’d like to add my congratulations to
the wonderful industry mobilization we’ve heard to bring this together.

I also would like to pick on one of my sister agencies because
in the midst of all this mobilization, I’m looking at several comments
concerning RxNorm. And Vivian, I would like you to take back to the Library my
comments and perhaps maybe of others. It seems like that they asked for
examples way back when and they’re still missing, and there was some nodding of
heads here between Simon and Maria when you requested to be put on the agenda
in January to prevent to us gaps that you’ve noticed in RxNorm. I actually
would not like to hear from you in January. I would like to hear from the
Library on how they’re filling those gaps.

We have a very rapid schedule going, and what I’m hearing in a
sense is that one of my sister agencies is not working at the pace that other
federal agencies are working at and are supporting.

MS. GILBERTSON: One of the things that was really a light bulb
to me during the presentation that was given at the NCPDP meeting was that
there’s some misconceptions of where RxNorm is appropriate. And there were some
misconceptions that you used, for example – and I’m going to get out of my
league very quickly – but the things that struck me: You would use RxNorm
as the prescribing drug, the prescribed drug. It’s meant as a mapping device,
not as a definition of what I prescribe, not as what I dispense. But yet, when
people say, can I throw it into SCRIPT? Into SCRIPT only means I’ve provided
what I prescribe in some form as well as this mapping key so that when you get
to the other side, if you don’t understand what I said, you can use the mapping
key to use what you are familiar with. That’s an important point.

One of the other important points was that there are many
different representations in the model, and we need to get to what is a vendor
implementing? I mean, you throw up a screen that’s got, I don’t know, eight,
12, 10 boxes, whatever it is – where do I go get what I need?

All the doctor wants is a list. Where out of all these tables
do I pull it up?

So we’re trying to get it into the pharmacy and the prescriber
vernacular to say these are the types of questions we’re hearing, too; can you
help us with that? And just whatever we can do to help facilitate –

DR. STEINDEL: If I can comment, my sense would be, based on
development et cetera, if we would like to start pilot studies in January, ’06,
this guidance needs to be in place to the industry probably a year earlier.

DR. COHN: Ross, do you have a comment on this one?

DR. MARTIN: Yes, if I could just comment on the RxNorm issue.

One of the things I know that got talked about a lot in the
last sessions were about differentiating features and the notion that RxNorm
doesn’t always capture every concept of a drug that the prescriber may want to
indicate in their preferences.

And we’ve toyed around with the idea of adding – assuming
that there’s a place for the RxNorm in SCRIPT, in NCPDP SCRIPT, that we would
add a product differentiator field that would kind of be the difference between
what the RxNorm code captures – Erythromycin, 500 milligram capsules,
versus what the doctor was ordering – maybe they want a particular salt of
that Erythromycin capsule and it’s important to that patient for some reason,
that would kind of bubble out and say, here is the piece of it that’s missing
from the semantic clinical drug, the RxNorm code semantic clinical drug code,
and that would be added so that when the pharmacist wanted to fill this, the
PDRX norm code, they’d also see that differentiating features field and they
would know that the doctor stated a preference about that.

In the instance where the doctor doesn’t really care, the
RxNorm code would be sufficient, and if there is something that the RxNorm code
doesn’t capture in terms of a difference and they’ve got two products on their
shelves that are specifically different entities, they’re different drugs but
they both fit into that RxNorm code, they can say the doctor doesn’t care; I’ll
pick either one, according to my preference as a pharmacist, or I can ask the
patient. Normally, there would just be no preference at all.

And that’s being debated right now. That may be submitted as a
DERF in the next work group meeting of NCPDP depending on discussions that are
happening with some of the drug database companies.

MS. GILBERTSON: And what I’d like to do is take back to the
task group the recommendation and we can ask NLM if they would like to be
involved in the task group, if that would be appropriate, if they’d be
comfortable, if whatever. And I was just thinking of Apelon and a few companies
like that that are involved in some translations, too. Maybe we can cut to the
chase quickly, a little quicker.

And I have to say Vivian’s been great as my contact.

DR. STEINDEL: I think you read between my lines. Thank you.

DR. COHN: Okay. It looks like we’re developing some to-do’s for
January, it sounds like, in terms of conversation. Yes, do you have a comment
or question? You need to introduce yourself again – sorry.

MR. SCHUETH: My name’s Tony Scheuth and I’m Managing Partner of
Point of Care Partners.

And on the subject of RxNorm, I just want to disclose that
RxNorm has retained us to gather industry information to address and look at
some of the things that Lynne talked about. So it’s not like they’re off doing
their own thing without listening to the industry.

I just wanted to disclose that so you would know that they have
retained folks. And it’s not just myself; I have people that are quite
experienced in different areas including pharmacists and technology experts
that are helping sort of advise them on some of the gaps that Lynne talked

We also took the feedback, the testimony, the presentation that
was given to NCPDP, we’ve taken that back to them as well as done an additional
analysis. We’ve actually taken the top 100 drugs from the Department of Defense
and run through sort of a usability testing, and we’re providing that with
feedback to Stuart Nelson.

MS. GILBERTSON: Do you think that’ll be something you can
provide to the task groups?

MR. SCHUETH: I’d have to speak to Stuart about that. We have a
draft of a report that will be going back to him in my computer right now. I
mean, we’re close; within the next week or so, we’ll be giving him this

I also would like to say Stuart was not able to present at the
NCPDP meeting. Instead, it was industry folks that were sort of doing some
education. I do believe that if he was able to present, he might have been able
to shed some light on some of the kind of concerns, some of the questions, that
folks had about RxNorm. Not that there aren’t holes and gaps and that the
industry concerns aren’t relevant, but just so you know, I think there’s a
little bit of an education issue and educating the industry about RxNorm,
there’s a little bit of a challenge there. Certainly, he has challenges. He’s
aware of those and he has folks sort of helping him understand those.

DR. COHN: If you don’t watch out, you might be asked to testify
in January.

DR. STEINDEL: Just a comment. Thank you very much for that
update, because from Lynne’s comments, it wasn’t clear that the library was
actually moving aggressively in this area and it sounds like they are, so I
think this is very positive.

DR. COHN: Vivian, do you want to make any comments, I mean,
because you’re a sister agency?

MS. AULD: Only a minor one, that I have been trying to get a
hold of Stuart to give an update to the Committee, but because I asked for it
so late, he wasn’t able to give it to us, and we’re going to give it to you
later. But Steve’s points are well taken.

DR. COHN: Yes. Do you think January’s a good time for that
update? Is that a reasonable –

MS. AULD: That’s what I was aiming for at this point, yes.

DR. COHN: Okay, good. Okay. Michael?

DR. FITZMAURICE: I would mention that AHRQ and NLM have been
working together to fund a good deal of RxNorm and outreach and Betsy and I
have had just preliminary exchanges about what we’ll be doing in ’05. It sounds
this would be a good part of – maybe rise to the top of the list of things
that we’ll be talking about.

MS. GILBERTSON: If there’s anything you think of that might be
appropriate at the NCPDP annual conference that we include on the agenda, and
I’m not trying to sell anything – it’s just a matter you’ve got a captive
audience there of pharmacy-related industry perspectives – so perhaps that
would be an educational opportunity that could be considered.

DR. COHN: Lynne, thank you. Jeff, did you have a – please.

MR. BLAIR: The only other thought I had is I hate to leave
questions lying unanswered, and Lynne, you had wound up saying which of those
ASTM standards you’d be looking at considering. And I was wondering if Margaret
Amatayakul might be able to provide a little bit of clarity on that since is
much better familiar with those standards.

MS. AMATAYAKUL: Jeff, I am not familiar with all of the ones
that were identified yesterday, but I certainly would be happy to undertake a
review and try to parse out which ones would seem applicable.

I believe that Lynne had asked for clarification from the
subcommittee on the last recommendation relating to conformance testing?

DR. COHN: Oh, is that a question for us or are you going to
answer it? Okay.

MS. AMATAYAKUL: A memory jogger.

DR. COHN: Okay. Well, Lynne, let me try to provide some clarity
and I think as much as I can give you and I’ll look to the other subcommittee
members to see if you have other thoughts.

I don’t think any of us were thinking that NCPDP had a
responsibility for certification of software solutions, vendors or otherwise.
We think that the issue of certification is really much more of an issue
related to a certification group that is being formed, I guess been formed in
the industry, potentially an issue for the office of the National Coordinator
for Information Technology. How exactly it happens is yet to be determined.

However, I think we’re all aware that there’s this issue of
knowing whether somebody could certify, your conformance testing – can you
conform? I mean, is there a test that could be applied to a software or
application that would say, yes, your application conforms with NCPDP? And I
think there’s just sort of a general expectation that that’s really something
that standards development organizations know better than anybody else and that
there are likely candidates to actually develop those conformance tests. And I
think that was really what the expectation –

Now you may already have your standards so well specified that
essentially one could identify a conformance test from it. That certainly has
not universally been the case.

So, as I’m saying this one, I guess I’d have to think through
your standard and see if it’s there or whether there’s something more, just
taking it from your standard and specifying a variety of conformance tests that
might be appropriate. That was, I think, really the activity that we were sort
of recommending.

Now as I say that, Jeff, do you agree with my comments?

MR. BLAIR: Mmh-hmm.

DR. COHN: Okay, good. Well, that’s good. Do others have
comments on that? Then, okay, please.

MR. BROOK: Richard Brook. One of the things that have taken
place over the last couple years are the boards of pharmacy getting involved
with networks like myself and SureScripts that wants to be sure that the
certain software applications that are sending electronic transmissions to
retail pharmacies, that they meet certain requirements. There hasn’t been
particular language and I’m not really sure.

I’ve been before Washington State, Ohio, and Washington, some
of these states who were thinking about that. Their point of care vendors had
to meet certain requirements. It’s almost they were letting a ProxyMed or
SureScripts potentially or RxHub to be the trusted authority.

I’m not sure if there’s exact language to that, but we’ve
testified before the boards of pharmacy in Washington State because they didn’t
have the time to go out and look, where Ohio has some pretty has some pretty
interesting regs where each application has to be approved as well as our
network had to be certified and approved.

Just to let you know there is some potentially model
legislation out there as far as an application meeting certain requirements to
be able to send an electronic prescription within certain states.

DR. COHN: Thank you.

MR. BLAIR: If I may – in any way does that model
legislation in terms of certification of e-prescribing functions begin to match
or worked with the work at HL7 for the minimum function set for e-prescribing
functions? Or is that something that is entirely different? And if it is
entirely different, could you clarify it?


MR. BLAIR: Maybe Steve can help with that since he has
responsibility for the HL7 work.

MR. BROOK: Steve, do you want to take it first?

DR. STEINDEL: The only input that we may have had on it, which
means that we have had no specific input on it, has been from the work group
members who are familiar with it and have worked on modifications of the
conformance criteria such that it means what they know about these particular

MR. BROOK: And, Jeff, I’m not aware – it was just really
us as networks that were certified to be – I’m not aware of anything else
that was taking place, and I don’t think they had any thought further to take
it than that we were going to be like the certified network for an application.

And again, it doesn’t get saying that they have to use SCRIPT;
however, we all know that in order to get to the retail pharmacies, we support
and only – only actually there’s no proprietary formats that are going out
there that send prescriptions back and forth. It’s almost a de facto that we’re
using SCRIPT to be able to send prescription messages back and forth through
our networks. Thank you.

DR. COHN: Lynne, has this been helpful at all for you? Or,
Harry, do you have a – is it on this issue? Okay.

MR. REYNOLDS: Yes. Then I think you find yourself, at least in
my opinion, in a position of an aggregator. In other words, if you look at this
document – no, you look at this document and then you talk about
registration and you talk about some of the other things

that we’ve talked about, it’s a pretty significant end to end
look at the basic premise of what e-prescribing can be built on. It can be
built on SCRIPT, it can built on the agreed upon standards that you put within
there, if you step into registration and you step into these others.

And also, you happen to have at the table, by reading this,
this industry – you’re bringing the industry to the table. So you are an
environment that could at least recommend or at least put forward what a
structure would be to consider certify anybody that would want to use this,
would want to do e-prescribing.

So again, I don’t think it’s so much that you would do exactly
what it is, but you sure have the people at the table. You’re having the people
at the table many, many times. You have them all looking end to end through the
whole thing. So that may be a plus, why this is like it is. That’s my feeling.

DR. COHN: So have we helped or are we further confusing you?


DR. COHN: Okay, good.

MS. GILBERTSON: Thank you.

DR. COHN: Okay.

MS. GILBERTSON: There was only one other observation that I
think Maria mentioned would be maybe we start talking in January and that is
some kind of information about what metrics, what measurables, what general
information is going to be put into the pilot or what do we want out of it? And
just maybe a status from CMS of what kind of general things they might looking

I know it may not be to the level of detail exactly who is
going to participate or things like that, but surely we can start building some
of the what is the pilot going to look like, what does it need to prove it’s
supposed to do, what are we going to measure once we start doing some of these
things, or we’re already doing some of these things; what do we want to measure
about them? And those kind of things would be very helpful because we mentioned
in testimony that that’s a perfect opportunity to use that information as
metrics going forward and as educational opportunities for going forward as
well, because the pilot’s not going to sell it, but the information about what
was proven or shown or saved or whatever will help for the future.

DR. COHN: Do you have a comment?

DR. FRIEDMAN: I’m just thinking. We appreciate the offer, and
as you know we’re still working internally; we have some issues running through
on the pilots and we are looking at design issues and that kind of thing, so

MS. GILBERTSON: Just anything you could share just to give us
an idea of what –

DR. FRIEDMAN: We’ll do our best.

MS. GILBERTSON: — kinds of things you’re looking at, that
would be helpful.

DR. FRIEDMAN: We’ll do our best.

DR. COHN: Okay. Other questions or issues on this particular
presentation? I think, Lynne, we’ve all said thank you, congratulations. I
mean, we think you guys are doing great. You’re all doing great work. We know
that you’re fully occupied, so we really think you’re going in the right
direction, so thank you.

Ross, do you want to talk about the NCPDP-HL7 collaboration?

AGENDA ITEM: Presentation: HL7/NCPDP Harmonization

DR. MARTIN: Sure, thank you. I hope to be uncharacteristically
brief. I had a choice of either doing this or having all these movers at my new
home with my three-and-a-half-year-old and naturally – my name is Ross
Martin. I’m a Senior Manager of Business Technology at Pfizer and I’ll be
giving you a project update on the HL7-NCPDP mapping coordination project.

Just from the last summary I gave you back in August, although
it seems like it was last week, we did launch a coordination project to try to
map out the differences between HL7 and NCPDP so that the primary use case we
were looking at was discharging a patient from the hospital or an emergency
room where HL7 are more typically used and sending a discharge prescription
with that patient electronically to the retail pharmacy setting.

As I told you back in August, we had 16 participants at that
initial meeting and chose to develop a demonstration project that would be done
at the 2005 HIMSS and NCPDP conferences in February and March.

And then we looked at doing further projects that would include
mapping to Version 3. Currently we’re mapping to Version 2 X-portions of HL7
instead of Version 3 but we intend to move forward with the Version 3 shortly
and also develop a change management plan so that we can kind of build this
into a regular process instead of just a one-off.

So since that time, from the original meeting participation
– and by the way, your handouts, those are old hat; I made those at about
8:15 this morning and now these were the ones I made in the last few minutes,
so there’s –


DR. MARTIN: Along those lines, there was an ideal that the
standards organizations about which I am talking would have reviewed this
material, but aligned with my last comment, they hadn’t had a chance to do that
yet, so there are plenty of people in this room who can make corrections if
I’ve made any substantive errors.

So this was the first group. There were 16 participants. And
now we have about 50 that are on the Yahoo group server, and many of them
actively participate and many of them also vocally participate in this process,
so we have a lot going on.

We are still focusing on the Phase 1 scenario of looking at
that discharge prescription process so that it can go from an Hl7-based
electronic prescribing system and then be translated into an NCPDP message that
would be able to be digested by a retail pharmacy.

We’ve also been adding some other portions of that and had to
retract from a bit of them, too, that I’ll get into in just a second.

So we do have the demonstration projects going on at HIMSS in
February in Dallas, Texas, and then in NCPDP in March of 2005 in Phoenix,

For the HL7 demonstrations, the signed participants at this
point, and I hope I have all this right, is SureScripts doing the prescription
transmissions to the ambulatory for the retail pharmacy space; Epic Systems,
who’s kind of representing – and Cleveland Clinic, which will be the
inpatient system that will be submitting prescriptions and then the Cleveland
Clinic will be showing some of their functionality as a translator and Epic
Systems as well; NDCHealth will be serving as the pharmacy vendor with one of
their products; Apelon has also added another kind of piece of this where
they’re taking RxNorm and the National Drug File reference terminology
translation so that they can do medication history delivery; and then RXHub
– at the time, we weren’t sure if they were going to participate from the
initial meeting but they’ve been very active since then and they’re sort of
representing ExpressScripts in showing formulary eligibility and delivery,
medication history delivery, and also prescription transmission to the mail
order space.

The entities in parentheses there, the reason they’re different
is they’re not necessarily signed on, they didn’t pay the fee to participate in
the demo, but they’re the entity that is being represented, like Apelon is
using the NextGen electronic medical records system to do this functionality;
RxHub is just the vehicle for ExpressScripts to do that but they’re providing
the technology framework for it.

This next slide is just an example of the transactions that are
going on that will be demonstrated in the HIMSS meeting at the HL7 booth and it
just shows that there will be messages going from the Cleveland Clinic data

center through VPN connections and Internet connections that
are going to these different entities. So it’s not just a demo in a box,
although these are obviously not going to be real patients that we’ll be using.

So this is where it is and –


DR. MARTIN: — please come to Booth 3919 in Dallas, Texas, and
we’ll be waiting for you.

In terms of the timetables, we have experienced a few delays.
Things have been going very well. We have a lot of participants. Yesterday, a
call I was on, even though it was – a lot of the people were in this room
yesterday who couldn’t be there. We still had a good number of people on the
call just for the mapping part, the technical part. We also have regular calls
about not only the mapping but also the business processes and the workflows
and things.

We did have some project management turnover, and that has
affected our ability to move extremely quickly. We’ve only been working very
quickly at this point. And we are on target for doing the HIMSS demonstrations.
We are probably going to be a little later on the actual publication of an
implementation guideline is my guess at this point, but it should coincide with
the demonstration. And just in terms of scope, we really have been trying to
focus on an implementation guideline that fulfills the needs of the
demonstration project alone.

We’ve also in that process been adding what’s becoming an
increasingly long list of things that we want to address in short order
following the demonstration that we’ve worked out either completely or
partially or we know that we still have to get back to it because there are
lots of issues around e-prescribing that we’re not addressing in this first

This little mass print that I can submit to you electronically,
since it wasn’t in the original deck, is just about the project subteams, and
this is just evidence of how robust this is becoming. We couldn’t just do it
with our one group so we have all these other subgroups that are being formed
to deal with things like: How do you educate people on this? How do we publish
the guidelines? You know, the project management itself, the change management,
just the demonstration projects and then communication marketing, to the point
that I think, as I looked on this list a moment ago, I realized that my name
wasn’t on any of those subteams, so we’ve gotten a lot of support from many,
many people.

So, future collaboration communities – this is the same
slide from my last presentation and we still looking to map toward HL7 Version
3. Some of that work is already beginning.

I forgot to mention something about one thing that isn’t
happening in the demonstration project that initially we had intended. We were
planning on having not only an HL7 to NCPDP e-prescription, meaning a
prescriber within an HL7 environment prescribing to a pharmacy that uses NCPDP
as its messaging format, and we were also going to do it the other way around
where we had an ambulatory physician who would use NCPDP as a transaction
message going to, let’s say, an institutional pharmacy like a Cleveland Clinic
or at a Kaiser or at an Intermountain Health Care, and specifically to the VA.

We had to drop that part of it. VA is still extremely involved
in the process, but because our mapping was a little bit – we didn’t have
the deliverables for that quite in time for them to be able to internalize it
and have it ready for the demonstration. They fully intend to do this part of
being able to receive an NCPDP message, convert it into HL7 for their use, but
they just weren’t ready for the demonstration and they had to bow out of that.
But that’s just the one – it wasn’t part of our original scope; we added
it in, and then it had to be pulled back out again. So we’re still ahead of the
curve in terms of what we are demonstrating in February, but we had higher
hopes at one point that we had to curb back a little bit.

Again, VHA specifically through Jim McCain has been extremely
supportive and providing a lot of informational and expert resources for this

So as Lynne already alluded to, the SIG stuff has gotten beyond
this project scope and it’s gone over to another work group entirely, or task
group entirely. We are still looking at the telecommunications standard as a
future project. Actually, I should have probably dropped that one out because
that’s probably being handled differently as well, not for this group.

But the bi-directional medication history information exchange,
as was already mentioned – and I think Teri’s going to be talking about
later, is that right? No, is not going to be talking about later – that
proposed standard was approved at NCPDP at the last work group meeting, as
Lynne just mentioned. It’s being balloted in the January ’05 cycle and so the
timeline is as aggressive as it possibly could have been for that getting
through the process at this point. So that will be demonstrated at HL7; it is
not technically a balloted standard, but it’s well on its way.

We continue to enjoy the support of both boards; HL7 and NCPDP
have been very involved in helping this move along. And lots of stakeholders
have been providing in kind support.

We had said at the last hearing where we testified about this
that Café Rx would be a great source of project management support for
this if they would come up to the plate, and they in fact did, and that has
come to us in the form of Capgemini providing project management office
services for this project ongoing, which is why we now have subteams and
submessaging lists and all sorts of things that were not there before.

So it’s been extremely helpful to have them. They’ve been very
diligent in providing support for this. And what we continue to ask for is
further support for educational meetings and the need for this because Version
3 is specifically so much different from the world that most of the other
people have been used to living in and even the HL7 people. I think it would be
very helpful to have a Version 3 to NCPDP summit that provides education on
both sides of that for a larger audience that could be involved.

I think that’s all I’ve got. You can still join the Listserv.
You do not have to be a member of HL7 to join it even though it’s an HL7 list,
and the information is there. And you can contact any of the project
coordinators – myself, Karen Eckert, Jim McCain, Lynne, or Scott Robertson
from Kaiser Permanente to join that list or join the Yahoo group.

I will entertain questions.

Questions, Answers and Comments

DR. COHN: Okay. Well, thank you. I think Jeff has a question,
I know, others.

MR. BLAIR: I don’t want to be getting in a mode where I’m
pandering, but –


MR. BLAIR: — obviously, congratulations to your team as well
– applause, applause, outstanding.

My question might blur slightly beyond the demonstration
project that you’re involved in and this might involve Teri a little bit, too,
but it sounded as if you began to look at medication history information. You
indicated that that message is going to be balloted. So my question gets to
whether there was any investigation of some mergers of medication history that
might come from the PBM or payers and medication history that might come from
either the acute care sources or the ambulatory sources. And if that was
investigated, what kind of issues did you find, and where you able to solve
some of those merger issues?

DR. MARTIN: Well, Teri just sat down to address part of that.
I can start with the demonstration project side.

Because this was not part of our original scope for the
demonstration project, we did not actively review that. But it brings up a good
point about the effect of the conversations that are going on in these mapping

I was just on one of the calls yesterday and did talk with Tim
McNeil from RxHub and also somebody from SureScripts; I’m sorry, his name is
escaping me at the moment – Reese – just about what the impact that
these discussions have had on their processes in the areas that aren’t
specifically focused on the mapping.

And they both acknowledged that these conversations about HL7
versus NCPDP have informed these processes quite a bit, including things like
the medication history standards, and even though that’s not a scope of this
project. And I speak it speaks a lot about how helpful that can be.

We have not looked at any source for medication history other
than the PBMs at this point because it was out of scope, and my understanding
from the NCPDP process of the DERF that was approved recently that the
pharmacies have not even really looked at that standard but intend to look at
it to see how they can contribute to the medication history for the portion
that they’re aware of that maybe the payers are not aware of. But I don’t think
that work has begun yet, and I do think that those are issues that should be

MR. BLAIR: Teri?

MS. BYRNE: Jeff, hi. This is Teri Byrne with RxHub.

Part of the things to remember is the medication history is
really just a standard that transports data, so certainly the point of care
applications have learned how to migrate information from their own
applications or from their EMR applications and combine it with the medication
history that the payers provide, along with drugs that have been prescribed. So
although we’re only receiving information from the payers utilizing this
transaction, these applications certainly have their own data source of
information that they’re integrating with.

So I think a lot of it is going to be up to the applications
themselves and then the standard will just transport the information from any
source to any other source.

And as far as what we did talk about when we talked about
considering the pharmacies either providing or receiving this information, we
said certainly the industry is probably going to move there someday, but we
didn’t adding that to the standard to slow down the process for getting it

So we approved it as is, with the wording that the pharmacies
could use it. And then we all agreed that at some point if we need to modify
the standards to support pharmacies, we’ll certainly do that.

MR. BLAIR: Do you think that this issue is something that
should be included in the pilot test?

MS. BYRNE: The issue of pharmacies providing information?

MR. BLAIR: The fact that medication history can come from a
number of different sources and that somehow the prescribing system probably
will need to find some way of grouping this for the prescriber so the
prescriber isn’t looking at three independent sources, eventually three, when
they’re doing their prescription. Do you feel like this is the type of thing
that should be included in the pilot test?

MS. BYRNE: I think there’s kind of two questions there. And
the first one is should we pilot looking at how the information is presented to
the physician and combined with other information that the application has? And
I really that’s more of an application functionality issue. And some probably
do it better than others et cetera.


MS. BYRNE: As far as piloting it from the pharmacies, I don’t
know. I think that might add complexity. I don’t want to seem unsupportive of
that, but I think if there are willing participants who think that they can
figure it out and then pilot it ahead of time, it may be a good idea, but right
now we don’t have access to that so from RxHub’s perspective I can’t say that
we could do that.

DR. COHN: Please introduce yourself.

MS. HELM: Thank you. I am Jill Helm from Allscripts.

I’d just like to add another perspective to this dialogue, and
that is that the continuity of care of record, there’s a number of projects
underway right now regarding the continuity of care record and the concept of a
medication list, or a patient’s active medications in that list, which would be
an output from potentially an EMR or personal health record and would be a
combined list of medications not only that were created by a prescriber through
an EMR but also could be received by an RxHub-type feed into an EMR as well as
any patient-reported or office-administered medication.

So in thinking about whether or not that type of kind of
combined medication list or transport of that information should be part of the
NCVHS or HHS pilots under MMA, we should look at the work that’s already being
done with the CCR and see if maybe they’re not addressing some of those issues.

DR. COHN: Jeff, did you get an answer to your question?

MR. BLAIR: I think so, I think so, yes.

DR. COHN: Okay. I think one would observe, and I think as I’ve
looked at this over the last year, and Michael, then I’ll let you ask your
question or make a comment, is that there seems to be – I mean, I think
it’s still an evolving business case as well as exactly how some of these
things are going to happen is likely to sort of evolve as we move along and it
probably is okay in certain aspects that there be at least some redundancy in
what we’re seeing as opposed to just but one standard to do it all. But I think
it’s something people need to keep a watch on. That’s just sort of an
observation over the last year as I’ve been listening to all of this.

Michael, did you have a comment?

DR. FITZMAURICE: Jeff asked my main question so I guess two

One is, again, to give well deserved kudos to Ross Martin and
to Lynne Gilbertson not only for their effort in pulling this together but then
they’re giving credit to a lot of the people who work with them. Every time I
talk with them, it’s not just them; it’s a lot of the people who work with
them. They deserve a lot of credit for this.

Secondly, Jeff asked the question that I was going to ask about
the need to demonstrate this in a pilot. And if I were Nathan Colodney, I would
start making a list of things that would be in the pilot and things that are
suggested because some of the things I hadn’t thought of until today, so this
seems to keep on growing.

DR. COHN: Yes, and I’m glad we have Margaret keeping notes for
us. Teri?

MS. BYRNE: I just want to add one other note that I just
thought of kind of to help you with your question, Jeff. A part of the AHRQ’s
field task group, we’re talking about sending information back from the
pharmacy that a prescription was filled, which will certainly complement the
medication history information as well. So it kind of covers those cash

We’ve had some conversations about that – well, how is
this different than medication history from a pharmacy? And we’re not really
sure ultimately how that question gets answered, but I think as part of the
pilot, having that RX field transaction in there will certainly complement the

MR. BLAIR: Thanks.

DR. MARTIN: If I could just comment on that growing list of
potentials for the 2006 pilots. Knowing that this is a continuum of
development, that there will be

certainly many things that we want to pilot that are –
Lynne gave you this large list of things that have happened since the letter
came out from NCVHS about those recommendations – and the anticipation of
those pilots which are working very, very hard, when we add another list on
there, it’s often the same 50 people who are participating in these things. And
so it’s just the usual suspects show up at these calls.

But there will be things for the pilots that we may need to
pilot that aren’t intended for this should be ready by 2007 or 2009 or whatever
the date’s going to be, but this is something that we understand is an issue
that is our next layer of things that we’re going to nail down, but not expect
for out of the gate. When this is required, this will be done.

But I think that the example of medication history coming from
multiple sources trying to present that in a way that’s a unified view of that
that says this prescription that the patient said I’m taking is corroborated by
the fact that they’re filling it, or isn’t corroborated by that. They say, oh,
yeah, I’m taking my anti-epileptic or whatever it’s going to be, and you see
that in fact they haven’t filled it in two months, that’s very useful

MR. BLAIR: I have a suggestion –

DR. COHN: Sure, Jeff.

MR. BLAIR: — if I’m not out of turn.

DR. COHN: And we’ll try to break here in a couple of minutes.

MR. BLAIR: We’re all running as fast as we can, and clearly the
pilot tests become a real opportunity to achieve a number of major objectives.
It validates the standards that are either recommended or under development. It
also might be a test ground for standards that might be emerging that might be
considered later. So it has multiple purposes.

The thing I’m thinking of is that CMS, and Maria, this is in
part a question to you or to anyone else from CMS at this point, there’s
limitation and constraints on CMS in terms of how quickly they could provide
the industry guidance. The industry has asked multiple times for guidance in
terms of the pilot test, and CMS has reasons why they haven’t been able to
provide it yet and others that may delay them somewhat further.

So the suggestion I have is that I think the industry might be
both better prepared to move faster and to articulate what they could do in
pilot tests and maybe the team of Lynne and Ross might be in an especially good
position to gather maybe on an informal basis – we don’t have to make this
formal – but on an informal basis, since you’re already dealing with the
software vendors, with the PBMs, with the pharmacies, with the networks, all of
the folks that would be part of these pilot tests, maybe if they began to send
to the two of you during the next 90 days, for example, the types of things
that they would like to see and that they feel that they’d be capable of
including in the pilot tests, and that would be an information but maybe useful
list that CMS could use as it begins to craft what its guidance might be.

So as a suggestion I would ask Maria, is that constructive or
not constructive? And I’d ask Lynne and Ross whether they feel like this is
something that they’d feel comfortable doing or not.

DR. FRIEDMAN: Well, let me start off. I think one of the things
with the pilots is a chicken and egg issue for us, and aside from the fact that
we still have some issues internally that we have to resolve before we can
really start throwing some guidance out. But I think it would be helpful for us
to actually have kind of a menu, if you would, of people and stuff that we
could kind of consider as we go along and maybe mix and match because, very
frankly, once we get ready to go, we’re not going to have a whole lot of time
to not only design these pilots but to sign folks up for them.

And so I think having an informal list of potential
participants and testable items would be beneficial. I can’t say that we could
use all of it, but it certainly would inform our thinking and help jump start
the process.

MS. GILBERTSON: Maria, this is Lynne. Could you explain what
you mean by the chicken and the egg?

DR. MARTIN: And who’s the chicken and who’s the egg?

MS. GILBERTSON: I’m just trying to understand, because we know
what MMA said, we know what the recommendations said, and we know we’re heading
toward these, so they’re either on the list and are being done today and easily
go into a pilot because they’re being done or they’re being developed and they
could drop off the list if for some reason they don’t get done. But I’m not
following the chicken and the egg.

DR. FRIEDMAN: Well, I probably expressed that incorrectly and
I think you’re take is probably more accurate. It’s just that, from our
perspective, we have a scope issue in trying to figure out what might be in and
what might be out. And then as everybody knows, there are all these wonderful
things that are going on out in the world and people keep popping up all the
time who might be participating and might have value added.

So to the extent that we can work together to help figure that
out, that would be useful.

MS. GILBERTSON: Because one of the other things I was thinking
is I’m not sure what like AHRQ might be – I mean, one of the things we
talked about is what do we want to get out of the pilot? What is it we’re
trying to do? And I honestly don’t feel comfortable trying to provide that
guidance. I know exactly where I’d go for help, but I’m not a statistician, I’m
not marketing, all those kind of functions of what makes a good study and what
doesn’t, and how do you prove what it is you’re after.

So I’m wondering if we have some resources that people can at
least just rope in or whatever, because one of the things we have to be very
careful of: We’re not trying to solve all the problems of health care in this
pilot, so there’s got to be some things you can say, this is what we’re testing
and this is how we’re going to test it, and this is what we expect as
deliverables or to measure or whatever, period. Past that, wonderful, good,
wouldn’t it be cool – but not in scope.

And that’s the kind of stuff I’m kind of looking for what CMS
is thinking.

DR. FRIEDMAN: We’re still working on that. I really wish I
could make that presentation today, and that’s why I mentioned we have scope
issues because that’s a critical threshold for some of these other things. So I
hope we can present something in January.

DR. FRIEDMAN: And Mike, from your perspective of life, do you
see anything you could help with? I mean, I’m not committing; I’m just trying
to understand.

DR. FITZMAURICE: I think that as things come up, there are
avenues that AHRQ can help with, particularly in working with the SDOs and the
private sector.

We’ve had some discussions with CMS about are there funds
available to help speed this up? And word always gets back to us, did Congress
give CMS a billion dollars and is any small part of that billion dollars
available, as opposed to is there any part of AHRQ money available?

The thing is, AHRQ has $10 million of standards money to help
speed up the development and implementation of health care data standards
that’s going to improve patient safety and quality of care. This certainly
would, so it fits in.

So I think there could be partnership with CMS, there could be
partnership with the industry. AHRQ is looking at how best to do this.

Last year, our partnerships were with federal agencies who then
partnered with the private sector to get things speeded up like RxNorm, like
the FDA standards for the product listings, and we intend to continue to
support that, but we also are looking at how better to support the private
sector in doing this.

Part of our partnership with the federal agencies is that’s
where the expertise is. AHRQ doesn’t know everything about this, but NLM, FDA,
NITS, CMS, they know better what they need and how to specify what they need
from the private sector. That was the purpose of our partnership.

We know that we want to improve patient safety and quality of
care and we can see the link between the technical standards and the health
care data standards and getting better quality of care for the consumer and
getting more information to the prescriber and the physician to make these
better decisions. So we’re all looking for: What is specifically that needs to
be done?

You and Ross have given us great reports on what the private
sector is doing. You’ve called for HHS support that I think needs to be
addressed in ’05. We need to know what the scope will be for the pilots, and
CMS is charged with that so that we all need to hear from CMS I would hope
January, but time is getting short for what the scope is or what the
considerations for the scope are. And then maybe getting feedback from the
industry, yes, that’s a reasonable scope, and then partnerships for how can we
bring this about? It’s got to be the government, it’s got to be the health
plans, it’s got to be the standard developing organizations, and the vendors
working together to find out what’s at the top of this list of priorities? What
standards are in the way of making it work smoothly? What partnerships in the
private sector need to come together to say, here are the elements that need to
be exchanged to make this happen? And then the government needs to support

MS. GILBERTSON: And I see taking that and at the dummy level
creating a spreadsheet that says, what are we trying to prove? Do we have
standards for it? Do we have any participants in the industry already doing it?
You know, you start making the check boxes.

But then there’s a layer above that that says, for example,
what are the metrics? What do we want to get out of this? Do we just want a
count of transactions? Is that all we’re looking for? Or another way, or above
that, is there anything we can learn from this that could benefit – a
message to doctors, for example, about the benefits of why this pilot was so
good, or what they proved, or things like that?

And standards organizations – I don’t have any expertise
myself in trying to figure out what a doctor might want or what the message be
going out, so I see that as another layer of participation from some groups,
whoever’s comfortable doing those kind of things.

DR. COHN: Okay. And I’m going to try to – Michael, is
there something absolutely pertinent that you need to say at this point?

DR. FITZMAURICE: I was just going to say that what we’ve
learned is that the industry has shown us they can pull together and they can
achieve a goal. And if the government can be used as a lever in the private
industry, they can use us to achieve this. What we need to give them is some
financial support and some set of priorities to work on, and I think we can get
the job done.

DR. COHN: Yes, okay. And I just want to sort of bring this sort
of back to reality as well as give us a break here in just a second because I
think we’ve gone a little long.

First of all, I want to remind everybody that the role of the
NCVHS is to advise the Secretary. We are not going to design the pilots and
we’re not down at that level. Certainly, I think we will talk in January and
February some about the pilots, but I think at the end of the day it’s really
CMS’s responsibility.

Having said that, of course, we’ve had a 15-page letter, first
set of recommendations, and we’ll have a second set of recommendations. And if
one just reflects on this a bit, obviously one of the first purposes of the
pilot will be to prove and identify standards for e-prescribing. I mean, that’s
really what these pilots are all about. And then beyond that there is the piece
of the value added of having e-prescribing.

So the real question, I think, for the industry is not to
rethink everything that needs to be piloted, but is there something critical
that we sort of haven’t talked about already, something that’s being missed
here that really needs to be tested or piloted as we move forward?

And I think that’s really the conversation.

I think CMS, as the rule-making process allows, will probably
be happy to update us on their thinking and involvement, but, I mean, this is
once again, yes, we are an advisory committee and we will help advise as this
process moves forward.

Now, like everyone else, Ross and Lynne, you are doing a great
job. I do want to state for the record that you are neither eggs nor chickens.


DR. COHN: But we really appreciate your help in all this
stuff. And what we are going to do is take a 15-minute break and then we’ll get
together and sort of talk about the January and February hearings. So thank you
very much.

[Committee takes a break at 10:55 a.m. and resumes meeting at 11:18 a.m.]

DR. COHN: Okay. Will everyone please be seated. We’re going to
get started.

Okay, this is our last session of these three-day hearings.
We’re going to start with just an open microphone session in case anybody has
any additional comments, wants to make any statements related to any of the
issues or discussions we’ve had over the last three days.

AGENDA ITEM: Open Microphone

[No response.]

DR. COHN: Okay. I guess we’ve allowed people I guess free expression and I
think they’ve had their say.

MR. BLAIR: Maybe there’s one other comment I’d like to make.

DR. COHN: Do you want to use the open microphones to make a

MR. BLAIR: Oh, I’m sorry.

DR. COHN: Please.

MR. BLAIR: No, I’m going to listen.

DR. COHN: Well, we were just sort of finishing that up and are
going to move to subcommittee discussion, so I was just finishing off. You do
not want to make an open –


DR. COHN: Okay. You do not want to use the open mike, okay.

AGENDA ITEM: Planning for Next

DR. COHN: Now, just in terms of the final session, which is
really our opportunity to sort of next steps and all that, I do want to remind
the subcommittee and others listening on the Internet and here in person that
we obviously have hearings coming up in both January and February.

DR. FRIEDMAN: Do you want to give those dates?

DR. COHN: Yes. January dates are Thursday, January 13, and
Friday, January 14, and we would expect that the 14th would be a day
that finishes in the early afternoon, probably about the same time as today.

And then we have another set of hearings, and we had a whole
place, but I think based on I think our conversations over the last couple
days, we realize we’re going to need the time, on February 1st and
2nd, which is a Tuesday and Wednesday.

I think, as you all know, the next full Committee meeting is in
early March, which is the 3rd and 4th, which is a
Thursday and Friday, and I think the intent is to make good on our promise to
come up with a second letter of recommendations on e-prescribing, including the
issues that we decide to put into it, as well hopefully in these sessions also
take some time to actually talk about HIPAA

issues. So I think the intent, once again, in the next two
hearings, is sort of a combination of e-prescribing, follow-up of our current
conversations, discussions about whether there’s any other issues we need to
delve into, and then hopefully spending at least a half a day on a variety of
actual HIPAA implementation issues, updates, discussions with the industry, and
all of this.

So are people generally okay with that?

DR. FERRER: Simon, February is two days or a day and a half?

DR. COHN: Well, it would be a day and a half, and the same sort
of all day Tuesday and probably a half-day on Wednesday. Once again, on each of
these, we need to see what the agenda looks like to know whether we finish it
at 12:30 or 1:30 or whatever, but hopefully we’ll be able to keep it to a
reasonable time. Okay?

AGENDA ITEM: Subcommittee

DR. COHN: Now, I guess I’d open the floor to the subcommittee
members to talk about I think what people perceive as the next steps.
Obviously, I have my notes, but let’s hear from others first. Harry?

MR. REYNOLDS: I think we’ve had a good education on this
process which I think has been very, very helpful and I appreciate all the

I think that the next step is to figure out exactly what types
of recommendations and/or guidance we would want to put in the letter, based on
what we heard these last few days. In other words, are there are categories,
are there subjects, are there specific things that we want to say?

And I was sitting here drawing a picture of the whole
e-prescribing again and what we’ve heard, not heard, and what the categories
were. And obviously there’s good progress being made on the things we’ve
already done, so that feels good.

But whole idea of do we want – when we talk about whether
it’s e-signature or just the whole idea of the flow of this data and the
processes, what I can’t quite get a handle on yet as to what do we want to say
– are we talking about e-signatures? What are we talking about?

So I’m not sure I got an answer. I started first and I may come
back after I hear some other things. But I think if we could make a list of
what subjects we heard and what the subjects over the last few days break into
and I have some ideas, then we at least could debate what our step is.

DR. COHN: Well, I think we could all sort of comment on that
– and I’m not sure that I think that we have all of the answers at this

MR. REYNOLDS: No, I don’t, either.

DR. COHN: So I think that part of it is the next steps to
resolve some of those questions that you are very appropriately bringing up.

Jeff, do you have some of the answers or a framework?

MR. BLAIR: Oh, I don’t know. I think one of the things that I
began to struggle with, I think many of the other subcommittee members began to
struggle with, is MMA gave us the assignment of considering electronic
signatures for e-prescribing but it wasn’t entirely clear what the objectives
or goals of electronic signatures are in this context. And, to make it more
complicated, we also are aware of the fact that whatever recommendations we
make, we don’t want them to be a constraint in terms of using electronic
signatures in other health care contexts, like electronic health records.

So I think that our subcommittee probably needs to do some work
in figuring out what our criteria are, the criteria meaning what are the goals
or objectives of electronic signatures both within the context of e-prescribing
exclusively and within a broader context and maybe also within a long-term time
frame and a short-term time frame because we’ve heard a lot of folks say that
there maybe other options in the future but they’re not available now, they’re
not pragmatic, there’s other limitations on those.

So we may have to look at this in terms of a short term, and
the short term might be the next two to three years and the long term might be
sometime beyond three years.

So I think that that is work that we need to do before we can
go forward.

The other piece is there’s that major entity that we need to
hear from and that’s the DEA to understand how they’ve come up with their
guidance and recommendations on e-signatures. There may be something important
for us to understand on that, if at all possible that we hear from them.

DR. COHN: Other comments? Stan, did you –

DR. HUFF: At this point, I think we need to hear from the DEA.
My impression is that we can do some good by making some recommendations that
would put into place best practices, as many of the testifiers have suggested.
It seems it would be a high hurdle to get over if we require digital signatures
in the next year or two, but I think we need to hear from the DEA before we
could formulate what we would say as our final recommendations in this area.

DR. COHN: Judy, do you have a comment?

DR. WARREN: Yes, I just wanted to follow up on one of the
things Harry said.

I think we’ve heard quite a bit this time and we really need to
distinguish, when we make our recommendations, between what is security and
what’s authentication and how they’re related, because we’ve even kind of
wrapped them up together and then unwrapped them and unbundled them. So I think
if we can provide some clarity in there, we’ll be doing really good, too.

DR. COHN: Well, I think that’s a very good point. As I thought
about this one, I sort of don’t have the answers either on all of this stuff. I
think there’s a couple of action items that I think Harry, I’m sure, is already
thinking about.

There’s something we talked about yesterday – I mean
obviously Jeff and others who made comments about needing to hear – I
mean, the business rationales and the use cases and all of this, for example,
from the DEA, and we’ve talked about that as well as law enforcement, which
might help inform some of our conversations.

There’s actually some industry experience out there in this
whole use of PKI and others that, you know, hearing from the VA, hearing from
the DOD, would be good additional information just because these are real world
users to either validate or give us a different perspective of what we’ve
already been hearing the two days, and I think that’s always valuable.

Now, I agree with you; there is a difference between security
and electronic signature/authentication, and yet they are very close concepts.
And I think that there’s a piece of work we talked about yesterday, which I’m
actually looking at Margaret A., around that we really do need to take, I
think, the diagram that has been so well provided and well developed by the
industry and map that against the HIPAA security rule just to sort of see how
that all connects, or doesn’t connect, if there’s any disconnects there,
because there is that broad issue of sort of overall security.

And that to me is like the fundamental security question, sort
of the end to end process et cetera. As opposed to us trying to figure out what
security is, it’s really more a question of does the security rule apply to all
the entities here and will that be sufficient?

Now then there’s the other question about this issue of
authentication, and once again I guess I have high hopes in the 60-page NIST
document, which I know everybody’s going to read on the flight home tonight,
but I think that with some thinking, once again going from a what is it that’s
needed back to what sort of authentication, non-repudiation, do we really need
here, then going back to looking at some of their guidelines to sort of what
are they recommending in terms of the extent, but then also at that point
putting in the technical issues about what’s really there, what’s real today
versus real in three years, whatever, along with that whole concept which I
think is well known in security in mitigating issues and all that to provide
some guidance both for the industry and for CMS in terms of moving forward on
all of this stuff.

I mean, that’s sort of the frame I guess I’m thinking about. I
don’t know if I’m reflecting – Maria, you have your hand up first, and
then Harry, I think, wants to make a comment. And I may not have it right, so,
I mean, you may all have better ideas than I do.

DR. FRIEDMAN: I think just from my own perspective, flipping
through the NIST document, they’re not standards even though NIST is a
standards organization.

However, they may be de facto standards, again, that people are
using when they address these concepts.

And it looked like there’s a fairly close correlation between
what’s in there and what OMB provided in their framework as well.

And so my question again is, if we map back, if we find out
that current industry practice maps back or tracks closely to these, is that
good enough, count as a standard or what? I don’t know.

DR. COHN: Well, I think that’s a piece of information. I guess
I was going from an end – I mean, I think the question is if we discover
it maps to a level, acts, we’re still left with the question: Is that the right

Harry, do you have a comment?

MR. REYNOLDS: Yes. I also leafed through the NIST document
last night and partially this morning and I think you take the NIST document,
which I know Margaret was going to take a look at, and you take a look at these
levels that we’ve talked about, and then you hear this thing called
“registration,” which is really authentication, I’d love to have,
whether it’s somebody from NIST that could help pull that together or it’s
somebody that testified already because there’s a lot of people that we’ve
heard from that already do registration, which is their form of authentication.
And the industry’s already doing that for millions and millions of transactions
that we’ve heard.

So trying to start from a NIST, because Level 3 basically says
here “high confidence in asserted identity,” and as we said
yesterday, it’s going to be real hard to pass something forward and you’re a
whole lot less than a high certainty it might be the person.

But on the other hand, this document doesn’t go into the
detail to help you really get with 2-8, 2-9, rather than to absolutely require
on digital signature, and so I’d love to hear somebody from NIST tell us a
little more about – and if he used this as kind of a framework and had the
industry talk about how their registration and their authentication matches to
this kind of a structure which again is a federal structure so we might as well
not walk away from it.

And then secondly, if NIST would help us understand –
this thing puts down some pretty hard things. Two is PIN and password and three
is digital certificate. That’s a big chasm between those.

So I think that subject is one that’s key because I think at
some point, using the word “industry standard” for secured networks
probably allows the Secretary or anyone else plenty of leverage because there
are so many ways out there now to secure networks. I’m not sure.

But this whole idea if we say “digital signature,”
“electronic signature,” “digital certificate,” those are
the kind of things that really are going – we can either shut this thing
down pretty fast as what’s already going on or we can keep a good momentum
going, and we’re going to have to balance that because I know that’s the
toughest thing I’m going to have when I put my hand up as to which way we go,
because you want to keep the industry moving but there’s also some place
holders that make you just double-check.

So if anybody could do that, that would be, I think, a real
good next step, at least for me, for January, to really understand that. We
could put that one to bed.

DR. COHN: Sure. And maybe that’s a NIST or a consultant or
something like that trying to put it all together.

Jeff, you had a comment?

MR. BLAIR: Yes. My colleagues on the subcommittee may beat me
up for this, I don’t know. I think that clearly in the January session we’re
going to try to get additional information from DEA and VA and DOD and NIST and
gather additional information. And it’s a very short time frame.

But I do think that we will need to have an initial draft of
our thinking and our framework and our criteria available for the February
meeting so that there could be industry reaction comment at that point in a
public session. That doesn’t leave us a lot of time for an initial draft, but I
sort of feel like that’s the only opening we really have because — that puts
some pressure on us to do it that quickly, but once again I think we need to do

DR. COHN: Anybody have a comment or somebody reacting to that?
And, Maria, are you reacting to that? Okay.

DR. FRIEDMAN: I have a process issue to throw out. Actually, I
thought the process we had the last time worked well. Not only did we have some
working sessions that were closed just to the subcommittee members but we also
had some open calls, and that seemed to work very well with the short time
frames we’re on. So I just want to remind people we have that model; that
seemed to work pretty well.

My second question is one of substance. It seems to me, given
the time pressures we’re under, that the next set of recommendations may focus
I won’t say on e-signature but some of those relating issues. And we had talked
in previous meetings about maybe addressing some other topics and it looks to
me like that might be off the table now just given the time constraints.

DR. COHN: Well, I don’t think we’ve gotten to that
conversation yet so I think we should finish up what we’re trying to do here
and then talk about whether or not there are other things that we think we have
band width for. I mean, you may be right; it’s just that I’m not sure that we
made that decision.

DR. FRIEDMAN: Well, no, I just wanted to put that out as we
talk about – and I’m also looking at that with enlightening self-interest,
restructuring the next set of hearings.

DR. COHN: Okay. That’s right.

DR. FRIEDMAN: They’re close together. We have the holidays,
and I’m going to have to start working the phones pretty quick.

DR. COHN: Sure. No, I think that makes sense. Do other people
have other pieces? I think Jeff’s overall structure of, I mean, just based on
our previous experience, plus we’d also like to have the industry have a chance
to comment on something that’s substantive as opposed to – I mean, I think
there’s nothing much more anxiety provoking than vague comments made by
subcommittee members asking questions that worry people where they don’t
actually see a sentence or two that’s an actual statement of anything.

I’m hearing some laughter from back here but I presume that
that laughter reflects the reality of the situation. Michael?

DR. FITZMAURICE: Comments. When we go to the electronic
signature, there are questions that arise about scalability: Can you do it for
hundreds of thousands of transactions? And what about the vendor adoption? Not
the networks, but each physician is going to have to adopt something that would
permit e-signature.

I’m concerned that there’s no bridge across lots of certificate
authorities, although there is a government bridge project. I don’t see a lot
of applications of electronic signatures. And all of us are kind of hard
pressed to come up with one and the government even, when we describe it, but
I’m sure there must be five or maybe 10.

There is a time with security rule which was mentioned
earlier. Should a risk assessment be undertaken in the pilot to help guide
people who have to apply the security rule to electronic prescribing and can
some guidance for that come out of the pilot test?

And also, recommendations for pilot test points for standards
– do we want to think about here’s some standards being worked on; do we
want to recommend that they be tested in the pilots or let CMS determine what
they want to test and what they don’t want to test? Is it helpful for us to
make those kinds of recommendations to CMS? Maybe down the road, maybe not in
March, but maybe by the end of summer.

And to look for gaps to be tested in the pilot, gaps in the
standards – in other words, report back from the pilot tests to us or to
the industry what gaps do you find in the pilot test that need to be filled,
because there are some funding and some certainly resource interest in filling
those gaps. Then you do identify it and the public needs to be looking at them.

Then finally, as guided by MMA, probably we would need to know
what functionality does CMS want in the

e-prescribing pilots, and then do the standards support them?
What should happen after the pilots are over, when there’s no guidance from
MMA? Is there an ongoing process that should be developed for continual
refinement, maybe continual testing, and reporting back from the industry to
some place like NCVHS as to what the next steps are over the next five or 10

And then there ought to be some thinking somewhere along our
lines in the next year about not making a lot of these things HIPAA standards,
which will cross a regulation every time you make a change, but to have a
different process. A process might be set up, and maybe it would take a law,
that would have the Secretary reaffirm or change standards that the Secretary
has adopted every three months, and so every two months you say, yes, this is
still working – no changes. But then you might say, there are some demands
for changes and we’re going to consider making a change in six months. In three
months, you say, yes, we’re going to make the change, and then at the end of
time period, a change is coming, so that there’s a way to warn the industry
without us being the problem of holding it up.

So, somewhere we need to think about a new process and advice
on what that new process could look like.

DR. COHN: I actually want to compliment you on your brilliance
because some of these things we’ve all actually already put together and I
think some of those are actually in the initial recommendations. Are you
suggesting we put them also into the subsequent letters?

DR. FITZMAURICE: Yes, I’m suggesting we put them in the
subsequent letters.

And we have highlighted problems but we haven’t come up with
some solutions to those problems, like what are some possible new processes
that might – we’ve said, we can all be the enemy because of our
bureaucracy; can we make bureaucracy work for us instead? It’s like opt in
versus opt out. We say, yes, we reaffirm it, as we have to reaffirm it, but
then we reflect that changes have been recommended and what we’re going to do
about those changes on a regular basis.

DR. COHN: Okay, great. Okay, Harry?

MR. REYNOLDS: Yes, thinking about why not just comment and then
your original question.

I see four areas that could be included in a letter as we
consider it.

And the first obviously is e-signature, and obviously we could
consider presenting a continuum as part of this recommendation. Obviously for
the pilots and obviously what the industry is doing right now is not

e-signature and it’s not PKI and it’s not the other things. But
on the other hand, it’s proven it’s working and it would be a good thing to
test to allow the industry to consider as part of the pilots – while
Maria’s making faces. Let me finish and then you can respond.

Second would be a status on previous recommendations. In other
words, I think we heard that and I think that would be good because that would
show that the recommendations came forward and oh, by the way, they’re
happening, and oh, by the way, we got that response, and so you keep going.
Your momentum is good, keep going; looks like the key pieces are going to be in

The third would be, again, items that need further review but
won’t hold up the pilots. Okay, so what might we want to do? Prior auth was
mentioned; that would be an example of some of these things. You could still do
the pilots, you could still do e-prescribing, but you don’t necessarily have to
hold the world up, but, yes, we think we ought to do some more work on it. Back
to Jeff’s point of we’ve got to something about it in March, but that doesn’t
mean e-prescribing goes away and poof, it’s all happy and done.

And then I think a fourth would be whether or not we want to
make any comments or we want do any further discussion on a relationship of
e-prescribing and HIPAA, as you had mentioned.

So those would be four categories of thoughts that I think
could constitute a letter that would show we gave them the originals and kind
of moved us along, because I still think this whole continuum idea on
e-signature, you can justify from the testimony we heard, you can justify
e-signatures, you can justify PKIs, you can go as far as you want to go.

We also have talked about trying to make it cost-effective, so
we’ve got a lot of people that are giving people prescriptions, and I think the
other thing we could reference – the paper world right now, I think that
was a great chart that just really kind of summarized it, the paper world right
now is fraught with so many things that a continuum of moving kind of where the
industry is now, then looking at moving to this and moving to this if it
doesn’t, throughout the tests or whatever it is, doesn’t afford what would be
considered by everyone to be reasonable protection and reasonable assurance,
because remember, in the end, the pharmacist and the doctor are on the hook.
And if we go through the pilots and the pharmacist and the doctor in the end
say, we’re willing to take the liability and responsibility, adding a lot of
technology and add a lot of bells and whistles and gizmos doesn’t necessarily
buy you an ultimate end.

So that’s the balance that I think – that would be my

DR. COHN: Okay. Maria, and then I want to – I’m sorry;
Margaret –

DR. FRIEDMAN: Let me just follow on him real quick to explain
why I made that face. I’m struggling with the pilots and what might be tested
and what might not, and I’m struggling in this instance with what’s already
adequate industry experience with maybe not standards but what’s going on out
there and does that need to get tested again? Or, what’s tested is something
the next level, like PKI or some of the other enhancements.

So I just wanted to clarify why I made the face.

MR. REYNOLDS: I would maybe consider both. In other words,
remember, there’s stuff out there now, and, I mean, one of the reasons we were
talking to Lynne today about this whole registration process. But there are
many, many different flavors of it, and some of it I would say to you don’t
meet this Level 2 and 3 we’re talking about.

So, again, this has all got to be tied to what we’re thinking
a reasonable – so if we go with this idea of this Level 2-8 rather than
just saying “digital certificate,” then I think whatever would be
tested needs to be some kind of – and that’s why we talked to Lynne about
the idea of somebody putting together what a good registration would be or a
good authentication.

There may be people using PKI and that would be good; put them
in the pilot. And that’s why the continuum, because there is a continuum right
now on intensity, and that continuum goes through many steps.

DR. COHN: Okay. And I think the reality is we’re not ready to
make the recommendations yet but I do think your framework – I think we’re
just still information gathering because, I mean, there’s a set of outcomes to
e-signature conversation. One could be, hey, we’ve reviewed it and everything
is fine. One could be, geez, there needs to be a couple of small things
piloted. Another might be digital signatures may need to be piloted.

At the far extreme, there might be some belief or opinion
where there really needs to be a new technology implemented.

So I mean, there is a really vast array. And I don’t think
we’ve decided. But I think the framework of at least considering that, and I
think Maria’s right – if there’s something that currently exists, that’s
not the point of the pilot; the pilot of the pilot is not to test things that
are foundation standards or that are effectively already out there.

Now, Margaret, you have a comment? And then I want to sort of
move on from e-signature because there are other things, and I think Harry
brought them up, of other issues that we probably want to reflect on in the
next couple hearings.

MS. AMATAYAKUL: I just had a question for Mike. You had
identified as your first consideration vendor adoption of PKI. Which vendor are
you talking about?

DR. FITZMAURICE: Well, the first consideration was e-signature
in general, and one of the points was the scalability as one point.

Then the second point was vendor adoption. I don’t know that a
lot of vendors out there have them built into their record systems that
physicians and prescribers would buy and to have a lot of different e-signature
solutions being posed would cause an increase in the price of their software.

And so the question is: Is the benefit worth the cost to the
vendors and eventually to the prescribers and the pharmacists who would wind up
having to pay for this initially? And then it gets built into the costs of the
system and eventually to patients.

DR. COHN: Okay. So let’s move on from

e-signature only because I thought I heard talk sounds like
yesterday’s testimony. Are we okay on e-signature for the moment? Okay.

Now, I think Harry brought up some other issues, and I
actually sort of agree with him about this – I mean, obviously there’s a
piece that I think we began to get into today with Lynne and Ross about, sort
of this how we’ve been doing with our previous recommendations. I think we’ve
heard that we need to probably hear more from RxNorm as well as some other
probably perspectives on all that. And I think that that’s certainly something
that’s likely a January conversation because I think we really do have

And, Harry, I agree with you about all the things that we’ve
asked to start happening, how they’re doing, as well as some judgments that we
need to make for the March schedule about. Remember, there were some things we
sort of said, geez, is this a foundation standard, is this a pilot, is this
something that needs to be further explored as we go along? And I think we’re
going to have to be sort of capturing information both probably in January and
likely into February on all of that.

Obviously, we sort of opened the door today a little bit on
these pilot test objectives and all of that. I don’t know how we want to handle
that. I don’t think that’s a January conversation. It might be a February
conversation. Maybe a report from CMS if there’s progress, and the rule-making
progress has progressed far enough for a conversation about that.

But I do want to remind people, as I say – and I’ve tried
to put a box around it – our first 15 pages of recommendations are really
things that we’ve talked about for pilots, so it isn’t we have to start back at
ground zero and reprioritize and think again and ask the industry. I think
really the question is: Is there anything else that’s critical? Or more along
the lines of – which I think Lynne has expressed very well – are
there picker outcomes from all of this? Is it just that it worked? Did it
improve patient safety? I mean, we can actually look back at the actual
regulation, or the legislation, to find out a couple of outcomes that at least
Congress felt was important enough that we should be concerned about.

And so, once again, yes, we may decide we want to talk about
that more, but I’d say that that is not a January; that may be more of a
February conversation, if everyone’s okay with that. Jeff’s nodding his head
– that’s good.


DR. COHN: Jeff nodded his head a lot at me today.

Now, another question I’d have for you is that there were
– and once again I’m just referring back to work we did during conference
calls and all that, just trying to clump these recommendations. I mean, I think
we talked about e-signature and we’ve talked about e-signatures as an issue we
wanted to somehow wanted to get our arms around.

We have this issue of following up on basic and previously
recommended standards. We’ve talked about that.

Now there’s one other issue here. It’s called clinical
decision support. And we have it under – we have A, is sort of this
codification of allergens, drug interactions, other adverse reactions. Drug
therapy indication codes were another one. Medication history being sent around
was another issue, and we actually heard about that today from Lynne a little

There’s also medical history which remember was not part of
the really initial requirements but is a place holder, or is there anything
else that we want to do about this particular item either in January or
February? Harry?

MR. REYNOLDS: Yes, I think one thing, since it was a subject
that we did talk about and it does complete the circle in many cases of
e-prescribing, at least discussing it in one of these upcoming hearings would
help us as we think of the privacy, the security, the e-signature and
everything else. Is there something related to decision support that brings
other information or another view in that would make us think differently?

We kind of went through that picture, and that picture only
stopped at the pharmacy, but yet some of this other stuff’s going to come
either from a person or a doctor’s record. Is there anything, based on that
clinical decision support, that would make us think differently about any of
our other recommendations, either previous or the ones that we’re deliberating
with now?

And so at least talking about it would allow us to know that
anything that we recommended, we at least know that that’s not going to change
it dramatically. So that may be helpful at least to solidify that we do have
this picture and we do know where the data’s coming from and the information’s
coming from and who might have it and who the players are, and at least we take
a deep breath before we –

DR. COHN: Maria?

DR. FRIEDMAN: My recollection of decision support is that it’s
all over the map. There are some things like medication history that are there,
and everything else is in various stages of baking and batter, so I’m
struggling with is it going to be really helpful or are we going to just hear
something that’s all over the map?

MR. REYNOLDS: Well, Simon boxed it last night in a comment he
made. If you take the medication history plus the allergen, those two may be a
reasonable package to give you a good solid base e-prescribing, may or may not.

And you’re right. Once you go past that, you’re into electronic
health record and every lab result. But do we have a basic subset that we at
least want to touch, because even though we’ve talked about medication history,
thinking about it now as really a part of decision support, what do we think?
It may be one presentation, it may be none, it may be two.

I’m also wondering about the bite issue. I mean, it’s another
huge area that –

MR. REYNOLDS: Which one?

DR. FRIEDMAN: You know, scope issue. I’m kind of reeling after
the e-signature presentations. It was all very good and useful information, but
it turned out to be a lot more and a lot more complex than I or I think any of
the rest of us thought. I mean, I was feeling overwhelmed.

DR. COHN: Yes, I think we’re all used to this level of
complexity. I’m not sure bite issue; a question of band width is how I would
describe it. Getting away from the food and chicken and egg stuff for a minute.


DR. FRIEDMAN: I’m sorry, but I know my priorities!


DR. COHN: Jeff, do you have a comment?

MR. BLAIR: Yes, I’m going to weigh in with

Maria. As we started to look at e-signatures, we thought it
would be a day, then a day and a half; it’s two days, and we still haven’t
received testimony from VA, DOD, NIST or –


MR. BLAIR: — DEA. And so there’s three days of gathering
information, education gathering information, before we could deal with this

And when I start of think of decision support, there’s so many
different dimensions and interrelationships that I can’t see we could fit it
into the January session or even if there’s a part of a day in February in
order for us to be able to give careful recommendations by March.

I do think it’s a really important topic, and to be honest with
you, I don’t have a clear idea in my mind. There’s a lot of questions I have
about decision support.

And again, this is related to standards but it’s also related
to the source of the data, it’s related to how that information is used, what
the knowledge rules; you could go on and on and on. And at this stage, I would
feel like if Maria were to craft an agenda for a meeting, it would only be the
first iteration which would grow a lot, so I sort of don’t want to get started
on it until we could do a good job on it.

DR. FRIEDMAN: I agree with you.

DR. COHN: Okay. I see Stan, and then Michael.

DR. FRIEDMAN: Judy was first.

DR. COHN: Oh, I’m sorry – Judy.

DR. HUFF: Well, I would quit calling it “decision
support” and just say some particular topics that I think we could attack.

I think, in fact, there’s a limited scope on what we need to
allergies and what would enable drug-drug interaction checking. And I think
those two things would be hugely important in recognizing the benefits that
were hoped by doing this electronic messaging.

And so rather than call it “decision support” and
thinking that we have to do everything that might be implied by that, I would
scratch that and say, let’s talk about drug allergies and let’s talk about
drug-drug interactions and what transactions and code sets, or standards and
code sets or whatever, would enable that kind of activity to occur in an
automated way so that we could recognize the expected benefits from the drug

MR. BLAIR: Let me ask one other question about that, all

DR. COHN: Judy? Okay, go ahead, Jeff.

MR. BLAIR: And I don’t know the answer to this question, so
it’s not like I’m trying to take a position – my question is, with respect
to allergies and drug-to-drug interactions, our job is to recommend standards,
and the private sector with the drug knowledge base vendors and with the
e-prescribing vendors work with this to some degree now. I mean, especially the
drug knowledge base vendors; there’s a whole little industry there.

And standards are necessary where the industry is having
difficulty, where there’s an Impediment and standards are needed to break down
an impediment. I’m not aware that with respect to drug allergies or the other
areas of drug-to-drug interactions that the industry has a problem that they
need us to solve.

DR. HUFF: They work fine as long as you stay within a single
vendor solution, and so you never need standards if you’re only talking to
yourself. It’s when you’re talking from a hospital system or somebody’s other
system and the pharmacy wants to verify those actions and one’s using MediSpan
and one is using First DataBank or some other code system that you need to
worry about interoperability standards.

And it may be that this even short. I mean, that might be the
outcome of the hearing, is that we get testimony from these guys and they all
say they’re all interactive, they all work together, and whether you’re
prescribing with one system or another system and whether your prescribing
system uses MediSpan or Fist DataBank or

RxNorm, it all works together and there’s no problem.

But I’m guessing that’s not actually the situation.

DR. COHN: Okay. Let’s let –

DR. WARREN: In thinking about this, and I think Stan stated
some of my concerns, is in MMA, we were to address medical history, medication
history, and that was implicit in there that we look at drug-drug interaction
and allergies in order to do those kinds of things.

Somewhere in our own discussion we kind of rolled that up with
decision support. And I agree; I don’t want to slow things down by talking
about decision support.

But I do think we need to talk about these other things that
were explicit in it. Now, for our letter, it may be the only thing we can say
is this is still on our plate and it’s the next level. But some of these, like
allergens, may wind up being something that happens for us much the way SIGs
did, is that because of the testimony we brought in and looking at it, the
industry starts getting together and either provides us with code sets that we
can recommend, or standards, or however that plays out.

But I wouldn’t like us to back away from this in our letter. At
least give a status statement that we’re working on these things.

DR. COHN: Okay. Please introduce yourself.

MS. ECKERT: Karen Eckert from Medispan. In our earlier
testimony, we had identified the need for a standardized vocabulary for
allergens for the (?) notice, and I believe FDB echoed that, is we all have our
own proprietary but due to clution(?) reasons, we can’t talk to each other and
share that; we need to go through an intermediary. And we didn’t know if that
was going to be SNOMED or some other term, but we had recommended that there is
one, so I think we would very much like to have some guidance on a standardized
terminology for allergens.

And I guess on the drug interaction side, I’m a little
confused, because as you get the patient medication history, and comparing that
to the new drug you’re prescribing, each side, whether it be the physician or
the pharmacy or even the plan can do drug interactions.

And I thought we had talked about setting the results of the
drug interaction, sharing that among parties to say, yes, I’ve done this and I
know about it, rather than trying to codify the exact interactions or trying to
share that across parties.

DR. WARREN: Actually, I think that’s a good point to clarify,
because I was confused on what we were sending. I was kind of like saying if we
have to share what the interaction is, but if it’s just that you’ve done the
checking and there is a problem –

MS. ECKERT: Again, in our testimony, and I believe FDB also
echoed it in their testimony, is there’s places already in the SCRIPT standard
that can do the DUR result to say, yes, I found an interaction.

And that’s a lot of the sharing that needs to be done, is when
a physician’s already done an interaction check and found there’d be an
interaction, feels it can be managed, and still wants to give the drug, and
they send that across to the pharmacy, the pharmacy is doing that interaction
checking again and then calling the doc saying, do you know about this, and the
doc’s like, yes, I know it; damn it, give it out.

So if you could share that information of – yes, I mean,
to do that – sorry –


MS. ECKERT: — I think that would help a lot and cut down some
of the phone calls, which is I thought the intent of what we’re trying to do.

DR. HUFF: Yes, I know we wanted to enable the interaction that
you described — if we decided consciously that we didn’t want to communicate
the interaction itself — I’d forgotten about that.

MS. ECKERT: I guess it was the level of interaction. I mean,
what’s already available in the standard today is identifying the type of
interaction it was, that it was a drug interaction, and I believe it’s the
offending drug because you’re coming in on the new drug. And so it’s sharing
that information.

And then I think it’s giving a reference back of severity,
based upon who your source is. It doesn’t give you the complete monograph or
complete messaging.

DR. HUFF: Oh, actually – yes, the more I think about it, I
think – I’m remembering the same as you now. So the thing that’s related,
though, is the question of whether in fact there’s any standardization needed
for communicating which drugs interact with which drugs, because now that’s
proprietary format, too, and whether there’s any value in standardizing the
drugs and the level of severity of the interactions that are occurring and some
way to share that information, because, I mean, what we see now – this is
my own experience – is that if we implement everything that is provided in
the knowledge bases, then everything alerts and pretty quick they ignore every

And so there’s a strong need, in fact, to get experience from
the field to say which of things are people really using and find useful and at
what level or what – that sort of stuff.

So you’re right. I think it’s not an individual patient
reaction to say this drug interacts with this drug; it’s a general knowledge
base. And I think maybe the

question is whether there should be some further investigation
about ways that we could share a standard knowledge base, or the way that the
knowledge base is shared so that it’s easier to use and more effective.

DR. COHN: I think Lynne wanted to make a comment. Do you want
to respond?

MS. GILBERTSON: I sort of heard two things. Just a
clarification. With the way SCRIPT provides the drug interaction message back,
it’s a text string, so it’s not codified, so you don’t run into the problem of
not being able to identify the drug based upon your knowledge source.

But you are correct when it goes to the severity – that is
listed by supplier, and then what the severity was.

The second issue, of trying to standardize the drug
interactions, there have been several different initiatives going on –
AMCP and I think APHA had done some, of trying to identify the really hot, or
the top, interactions you do minimally want to screen for. And I think that’s
good information to bring back and that can be supplied as a filter.

But I guess I’m trying to figure out you’re really looking out
a standard for the threshold of content, and the maintenance of that, and I’m
just wondering if that is a need for the industry but I’m not sure, and maybe a
guidance from NCVHS that this needs to be done by the industry, but I’m trying
to figure out the role of what the role of NCVHS is directly in that area.

DR. COHN: Okay. Lynne?

MS. GILBERTSON: It’s a clarification that the SCRIPT standard
does contain some of DUR, the level of effort, the interactions, the results
information that Karen mentioned, and those codes have also been incorporated
into the HL7 standard as well. That’s one of the code sets that’s been shared.

DR. COHN: Yes, Phil?

MR. ROTHERMICH: I really just wanted to make an observation
that sort of parallels what Karen just made.

Yesterday, we heard I think a pretty broad consensus from a
number of testifiers about sort of where the industry is on a number of things
with respect to security and authentication, and at the end of the day we heard
a reticence by the committee to adopts things as standards solely because
that’s what people were doing if they weren’t really developed by
ANSI-accredited standards organizations.

And where I hear the conversation going today is maybe we
should create standards from scratch and I don’t hear –

DR. HUFF: No. We’re talking about standardizing code sets that
already exist, saying that we use RxNorm or we use SNOMED as the code set that
identifies the allergies.

MR. ROTHERMICH: Okay. And I see value in decision support, but
based on what’s going on in the industry, I don’t see any level of consensus as
to how it should be done. That’s really the point I was trying to make.

MR. BLAIR: Please – you wound up saying our
“reticence.” The NCVHS, when it winds up gathering information and
going through our decision-making processes, heard very loudly and clearly the
consensus that the industry stated, and it was not lost. It was not like we did
not hear that loud and clear.

We’re winding up trying to think of – okay, now that we’ve
heard that, are there other considerations from a broader scope, from a time
frame, from the industry as a whole?

But I have a sense that you are concerned that the testimony
from the first two days would be ignored or overridden. And I don’t think —

MR. ROTHERMICH: That wasn’t the point, Jeff. I didn’t mean it
as a criticism at all.


MR. ROTHERMICH: What I really was just trying to say is with
respect to decision support, I think it’s a lot bigger thing to tackle, given
what’s going on in the industry, and I just really wanted to make that point.

MR. BLAIR: Okay.

DR. COHN: So, Stan, do you want to try to put this together in
terms of a proposal? I mean, you’ve heard now a couple of things, and I think
what I’m hearing – and I have a couple pauses I’m somehow messing up
Lynne’s comment – but I’m hearing that it sounds like allergens are an
issue that sort of everybody recognizes as needing codification. I’m hearing
that there’s a fair amount of plus and minus about the sort of drug-to-drug
interaction testing. Am I –

DR. HUFF: Yes.

DR. COHN: And I guess the question – I guess I would ask
you and Judy: What do you think at this point and what you like to see happen?

DR. HUFF: I think we could benefit from hearings that would
ask: What standards could we adopt both in terms of message standards and code
sets that would allow allergy information to be exchanged appropriately between
the parties? I’d be happy to take drug interactions off the table for now, but
I think even there we could ask the question: Is there a use case for drug-drug
knowledge bases to have some standard way of being exchanged?

DR. COHN: Into more interoperable –

DR. HUFF: Yes.

DR. COHN: Steve? And then, Harry.

DR. STEINDEL: I know the question of allergies in particular
has been raised very strongly by VBA and DOD to CHI as trying to look at the
standard terminologies in that area. And so far, the groups haven’t been
convened for various reasons.

It might be just useful for NCVHS to recommend that CHI convene
this group in an expeditious fashion.

MR. COLODNEY: They have. They’re starting to do it now.

DR. STEINDEL: They’re starting to do it? Did that happen at the
last meeting or something?

MR. COLODNEY: Over the last couple of days.

DR. STEINDEL: Last couple days.

MR. COLODNEY: Thirty days.

DR. STEINDEL: So Nathan is the head of my knowledge base.
Because I know this was a very big issue to them, and so now we’ve heard from
the group that’s over CHI that there is a federal task force that’s looking
into it and they will, as in the past, report to NCVHS.

DR. COHN: Well, maybe you said it in a slightly different way.
As I’m listening to all this, this sounds to me like a February discussion as
opposed to a January discussion. Maria, hang on. And I’m thinking that at the
very least we want to have the CHI group come and give us a status update on
where they are and we may want to hear, based on, I think, communications
between now and then, we can determine whether there needs to be a wider
discussion about what’s happening.

I guess I would look to maybe Stan to sort of help us sort of
frame all of that together, assuming you’re comfortable with that.

DR. HUFF: Sure.

DR. COHN: But we need to get the other things that we’ve been
talking about sort of under control first, and I’m reminded that the allergen
issue is an important one, but let’s pull everything we can together with the
idea of maybe by February. And maybe if CHI knows that we’d like to hear from
them in February, maybe it might help them move along a little more quickly;
it’s hard to know. Certainly having a business case to get work done sometimes
is helpful.

DR. FRIEDMAN: We can take that back to CHI. I’m just thinking
again in a process issue because their previous deliberations have taken longer
than a month on other issues. So we can ask them for a status update in
February; I’m just not saying when they’ll have anything to tell us.

DR. COHN: Well, in that case we’ll have a process update.

DR. STEINDEL: A comment on that. There were some CHI groups
that did report back within weeks.

DR. COHN: But I think in all of this stuff I think what we’ve
identified is that we have somehow been able to take this overall issue of
decision support and turn it into some concrete things.

And Judy, are you comfortable with what we’re describing, which
is based on how we do in January as well as what we’re hearing from CHI –
I mean, I’m not sure that the fact that CHI is working on it negates the fact
that we may want to hear from people, and it may actually make it more
pertinent because they may need to hear from these people also and that might
be a value added.

But I think, yes, we need to in some way, in whatever these
March recommendations, I think reinforce the importance of this particular
areas. So I think we’ve all come to the – there’s industry support of the
idea, it’s in the legislation, and we don’t have an answer to it yet. So that’s
a reasonable outcome? Okay.

Now, I guess the other question is are we missing anything
else? Harry?

MR. REYNOLDS: Can I make a comment?

DR. COHN: Please.

MR. REYNOLDS: I had had a question a minute ago.

I think the thing I know I’m feeling and I think listening to
some of the others, we had a lot of things, we had a lot of testimony, and then
we came up with a base set of recommendations. And the expert testifiers can
come up to the microphone and remind us exactly what the details of each of
those pieces were.

But now that we’ve got those basics out of the way, I think we
just need – I need to hear one more time on a couple of them. That’s my
point. I’d just like to hear it by itself, not hear it over huge numbers of
days of hearings.

For example, the allergens. For example, the drug-drug
interaction. In other words, yes, we talked about them and yes, we know about
them, but the fact that we got all this at once and we got it from testifier
after testifier over the whole picture, I know where I am is so just hearing
one more time where it’s just the subject, not that e-prescribing – and
we’re sitting here trying to piece it all together – that’s what I was
trying to hit. And that’s why I also listed on here these items that need
further review.

And also, I would like to respond briefly to Phil, because I
was the one obviously in the conversation

with him on a regular basis, his comment about the committee. I
think the point is that when the committee continues to ask questions, that
means that the committee doesn’t understand what industry standard is if you’ve
got 45 people in the room. It doesn’t understand what it should use as a
framework. It is not challenging whether people are – or at least my
standpoint; when I speak, I am not challenging anybody from the standpoint of
what they are doing or not doing. We are trying to understand what that
industry standard is. And if they have one or two or three, those would be good
to know, rather than reminding us that there are industry standards.

That’s the help I could surely use, on a continuous basis, so
that’s what I’m really looking forward to.

DR. COHN: Well, any other comments, questions or otherwise? I
mean, I think we’re getting the flavor of what we’re going to be doing in
January, and I think with the combinations of hearing more on e-signature, sort
of these various discussions on RxNorm and probably we want to hear about the
daily med and other SPL things like this.

And, yes, I think we will have a pretty full session, I would
imagine. Of course, other items to be added. As I said, either in January or
February. We will stick a half-day to talk specifically about HIPAA and Harry

and I will try to coordinate that based on all the other stuff
that’s going on though I am potentially being persuaded, given that we have
sort of a time urgency, and as I think Jeff has commented, we would like to
have a letter for us to discuss in February as opposed to be writing the letter
in February. We may want to hold the HIPAA thing in February.

MR. REYNOLDS: I have a draft list that I’ll send to you next

DR. COHN: Okay, great, okay. Now, is there anything else we’re
missing from all these conversations? Okay.

Well, I want to thank everybody and I want to wish everybody
happy holidays, and the meeting is adjourned.

[Meeting adjourned at 12:21 p.m.]