[This Transcript is Unedited]

Department of Health and Human Services

National Committee on Vital and Health Statistics

February 20, 2014

Hubert H. Humphrey Building
200 Independence Avenue, SW
Washington, D.C. 20024

Proceedings by:
CASET Associates, Ltd.
caset@caset.net

TABLE OF CONTENTS


P R O C E E D I N G S (9:03 a.m.)

Agenda Item: Call to Order, Welcome, Review
Agenda

DR. GREEN: Good morning. I am Larry Green. I am from the University of
Colorado. I chair the National Committee on Vital and Health Statistics. I wish
to welcome everyone to our next meeting. I just heard that I think it is
Justine Carr’s 108th meeting or something like that.

We will commence in our usual fashion, go around the table and have
everybody introduce themselves. I think we’ll have some people on the
telephone, and we will come back to the folks on the phone afterwards.

So I am introduced. I have no conflicts of interest. We will move to the
left.

MR. SCANLON: Good morning. Jim Scanlon, Deputy Assistant Secretary for
Planning and Evaluation, Executive Staff Director for the full committee.

DR. COHEN: Good morning. Bruce Cohen, Massachusetts Department of Public
Health, member of the full committee and co-chair of the Population Health
Subcommittee. No conflicts.

DR. STEAD: Bill Stead, Vanderbilt University, member of the full committee,
co-chair of the Population Health Subcommittee. No conflicts.

DR. MAYS: Vickie Mays, University of California Los Angeles, member of the
full committee and member of the Subcommittees on Population and Privacy.

MR. BURKE: Jack Burke, Harvard Pilgrim Health Care, member of the full
committee and member of the Subcommittees on Privacy, Confidentiality and
Security and Population Health. No conflicts.

DR. CORNELIUS: Good morning. Llewellyn Cornelius, University of Maryland,
member of the full committee and the Population Health Subcommittee, and I have
no conflicts.

DR. BLEWETT: Lynn Blewett, University of Minnesota, State Health Access Data
Assistance Center, School of Public Health, member of the full committee and
Public Health and Data Access, and no conflicts.

DR. GREEN: I want to welcome you. I think this is your first meeting with
us.

DR. BLEWETT: It’s the first meeting back. Thank you.

DR. GREEN: Well, yes, first meeting back.

DR. BLEWETT: We start the clock over.

DR. WALKER: Jim Walker, Siemens Corporation, a member of the full committee,
no conflicts.

MS. MURPHY: Judy Murphy from the Office of the National Coordinator for
Health IT, and no conflicts.

MS. SEEGER: Rachel Seeger, Office for Civil Rights, no conflicts.

MS. BUENNING: Denise Buenning, Acting Deputy Director, Office of EHealth
Standards and Services, CMS.

MR. TAGALICOD: Robert Tagalicod, director of OESS, CMS.

MS. GOSS: Alexandra Goss, Pennsylvania EHealth Partnership Authority, member
of the full committee, member of the Standards Subcommittee, and no conflicts.

MS. MILAM: Sallie Milam, West Virginia Health Care Authority, member of the
full committee, Privacy and Pops, no conflicts.

DR. FRANCIS: Leslie Francis, University of Utah, law and philosophy, member
of the full committee and co-chair of Privacy, Confidentiality and Security,
and no conflicts.

DR. CARR: Justine Car, Steward Health Care, chair of the Work Group on HHS
Data Access and Use.

MR. SOONTHORNSIMA: Ob Soonthornsima, Blue Cross-Blue Shield, Louisiana,
member of the Subcommittee on Standards, member of the full committee, no
conflicts.

DR. SUAREZ: Good morning, everyone. I am Walter Suarez with Kaiser
Permanente. I am a member of the full committee, co-chair of the Standards
Subcommittee, and I don’t have any conflicts.

MS. JACKSON: Debbie Jackson, National Center for Health Statistics, CDC,
interim executive secretary, the best acting job I’ve had in a while.

(Laughter)

DR. TANG: Paul Tang, Palo Alto Medical Foundation.

DR. FULCHER: Chris Fulcher, University of Missouri.

DR. GREEN: Before we introduce people in the room, let’s go to folks on the
phone.

MS. KLOSS: This is Linda Kloss, a member of the full committee, co-chair of
Privacy, Confidentiality and Security Subcommittee, member of the Standards
Subcommittee, and no conflicts.

DR. GREEN: Linda, everyone has been asking how you’re doing.

MS. KLOSS: Very well. Thank you so much, and I am sorry not to be there with
you in person.

DR. GREEN: Thank you. Anyone else on the phone?

(No response)

(Introductions around the room)

DR. GREEN: Welcome, everyone. Just a wee bit of framing of this meeting. You
might recall that in November we left with some sense simultaneously of
anticipation and apprehension. There were possibilities of three or four action
items from Standards and Populations and Privacy. Life intervened, and things
also got a little more complicated than maybe we thought they might be, and a
lot of that did not come to pass.

Meanwhile, this new-fangled thing we call our Working Group was beavering
away, and things accelerated there. So when you look at the agenda today for
this meeting, our goals don’t look exactly like what we thought they might look
like today. Not to worry and don’t take your seatbelts off. There’s a lot going
on.

(Laughter)

We do have a potential action item on the committee, and my first order of
business here is to clarify that we may not have an action item in terms of a
letter or a product today. But we might. It depends on how the conversation
goes today and tomorrow around the draft letter from the Working Group.

If you didn’t realize it, this is a new, never before event. This is the
first time the Working Group has presented a letter to be channeled through the
NCVHS to the Secretary. So the Working Group doesn’t submit its material
directly to anyone; it brings the material to the committee and then, through
the committee, it gets transmitted further. So this is a good thing.

What I wish to do is invite all of you to exhibit adaptive behavior. We
human beings know we can adapt, but we don’t always know whether we can exhibit
adaptive behavior. I have given myself the assignment to try to manage this
first-time event in a way that is satisfying to everyone and gets to a quality
product.

Some of you are having a new experience. Later on in the day, you’re going
to see a draft letter that is going to look very new to you. You’ll ask
yourself, where did this come from? What we are going to try to do is pay
attention to it and get everybody up to speed today. Then, depending on where
we get to, we may have an action item tomorrow relating to this letter.

DR. FRANCIS: Could I just ask to make sure that everybody has copies of the
latest draft? Because I don’t think members of the committee have — I know
that members of the committee who were not on the Executive Committee have not
seen it at all.

DR. GREEN: Yes.

DR. FRANCIS: So with Linda on the phone, it will need to go out
electronically.

DR. DR. GREEN: I suspect that that can be done, and maybe it should be done
like now.

DR. FRANCIS: That’s why I raised it. But they need to be electronic as well.

DR. GREEN: Yes. Let’s make sure that Linda Kloss gets this mailed to her,
yes. Thank you very much.

Now, one other business item. There are minutes. We don’t have a formal
place to go back over these again. I would invite anyone who has spotted
anything that they think needs to be adjusted in the record of our last meeting
— any changes from anyone? Part of the reason I am doing this is because I
have one, and that’s because I misspoke at the last meeting about something. It
was in that section — I referred to a section of the ACA as 5204. That is
not a pertinent section of the ACA. It was actually 5405. It was not about the
Public Health Work Force, it was about the Primary Care Extension Service, and
I would like to see that get fixed, which I think we should be able to do.

Any other concerns about the record?

MS. JACKSON: I will just add that for the Executive Subcommittee call, those
minutes are also included in the agenda, and that Dr. Michael Lincoln was
representing the VA. He was not listed as a participant, and he came on board.
I did give him a call. He is very interested in administrative simplification
in areas for the committee. So I just wanted to put that in the record, and
that will also be correct.

DR. GREEN: Anything else? If not, I think we are ready to commence. We will
do some things the way we traditionally do them, and we will open up with Jim
Scanlon getting us reoriented.

Agenda Item: Updates from the Department

MR. SCANLON: Thank you, Larry, and good morning, everyone.

We met last in November. Let me bring you up to date on some planning
activities and activities in the data policy and some new projects that we
started that will be of interest to the committee and where I think we will be
asking your help.

First of all, the Secretary has signed and renewed the charter for the
committee for 2 years, so we are good until January 2016.

On the personnel front — many of you know much of this — Charlie
Rothwell has been named as the director of the National Center for Health
Statistics. He was the acting, now he’s the director. I think we will hear from
him later.

Dr. Karen deSalvo, who was formerly the New Orleans health commissioner, is
the ONC director. She is on board now.

Rick Kronick — I think many of you know Rick. He was in ASPE. He was at
San Diego, I think. He is now the director of AHRQ.

Richard Frank, who was at Harvard Medical School, at the economics
department, he has been nominated as the ASPE. He has had his hearing, so we
are hoping to hear soon a favorable report out of the Senate for him as well.

There were two vacancies on the committee, you will remember, and I want to
thank you all for sending us your ideas about new members. We are looking at
the pool now. I think we have more or less decided on one and we are looking at
how we want to fill the other, and we’ll be working that through the
Secretary’s approval process shortly.

In the area of policy and programs, we have updated our strategic plan, so
now it is from 2014 to 2018. You have a one-pager that describes, in front of
you, just for your reference really, the goals, and then under the goals, the
objectives for the strategic plan. This is what will guide HHS at that very
high level over the next 4 years.

For each of those objectives, there are actions and programs and measures
which will be tracking how we’re doing in all those as well. Just generally,
the goals are: strengthen health care; advance scientific knowledge and
innovation; advance the health, safety, and well-being of the American people;
and ensure efficiency, transparency, accountability, and effectiveness. You
will see that virtually every one of those goals has very significant data
issues, data needs, and measurement and related issues.

In addition to the strategic plan, as you know, we have a number of other
strategic initiatives ranging from HIV prevention, tobacco control,
disparities, and national quality strategy, national prevention strategy,
global health, Alzheimer’s, and a number of other things. What we have tried to
do at HHS is, using the basic framework for the strategic plan, we have tried
to register all of the other action plans. We have tried to align objectives so
that we are more or less using similar objectives and similar measures in those
overall strategic planning systems. We have tried to track what we have said we
would do and what the impact has been.

Let me turn quickly to health reform, which is one of our major policy and
program issues, and it obviously has a number of data dimensions. On the side
of monitoring the implementation and impact of health reform, you remember that
we approached this really in terms of three dimensions: administrative data
— we try to use as much administrative data as we can; survey, research,
and surveillance data, particularly the survey data, to look at how the impact
is being felt in the population and overall; and then data standards and data
guidance, where we try to get everybody to address some of the critical
populations, subpopulations, and measures that we want to look at in terms of
the impact.

In terms of administrative data, we invite our own ASPE office — we
have been posting and summarizing the enrollment data from the exchanges, from
the federally facilitated exchanges, and reports from the states on a monthly
basis, so it is a cumulative basis since October when the exchanges opened. So
every month — and it’s a press release as well — we publish on the
ASPE Website an issue brief that describes the latest numbers of enrollees
through that month. We have just published the January cumulative report. It
amounts to about 3.3 million folks enrolled. We generally post it by age, by
major sex groups, and by the meta-level of the plan, remember, and we will be
probably having more data as we go along.

That information is based on the exchange activities and largely based on a
simplified application that was developed for the federally facilitated
exchanges. State-based markets don’t have to use that, though some of them use
it. So we have some demographic information, that information. We have race,
ethnicity, primary language, but we have not been able to get decent data from
that yet. It is voluntary data, obviously, and it is believed that it is not
quite at the process where you would want to publish anything from it but,
hopefully — so we will continue to do that. That will be one way of
looking at what the enrollment is.

The enrollment data is necessary but it’s not sufficient. We don’t know how
many of those people were already insured or have switched or churned, and so
on. We always look to our major surveys that measure insurance coverage, in
some cases over the same population over time. Remember, we made a number of
enhancements to our HHS surveys to try to get a handle on how can we measure
the insurance coverage. We have actually added a number of questions more
recently to try to get at people’s awareness of some of these insurance terms.
Do they know what a premium is? Do they know what a subsidy is? Do they know
what coverage is? And are they aware of healthcare.gov, have they actually
tried to use healthcare.gov, and have they actually gotten insurance through
health.gov? So we have that more or less through the Health Interview Survey on
an experimental basis.

There are other places that have published results from other surveys,
Gallup surveys and others. Again those are good to track and so on, but they
generally have fairly low response rates, so you don’t know exactly what you’re
getting until you actually have a benchmark from one of the national surveys.
At any rate, we will be monitoring those as well, and probably this summer
we’ll be publishing information from the Health Interview Survey for the first
quarter, from last December to January, on the early-release program.

Almost all the other surveys, we’ve had questions of the census, current
population survey, the American Community Survey, to the MEPS, to the NAMCS,
and even to the Behavioral Risk Factor Surveillance Systems. So we will try to
pull all that information together.

The problem, of course, is it takes a long time to get this data, and nobody
is happy. Everybody wants to know exactly, so how did we do in February? We
will talk a little bit later of some quicker response things.

Then the third dimension is on standards. You will remember we developed and
adopted the ACA standards, demographic standards, for sex, race, ethnicity,
language, and disability, which are pretty much — they are already
included in all of our HHS surveys, or will be. They are in that process.

We were also asked to look at, besides surveys, is there guidance we can
give to agencies in terms of programmatic information, community health
centers, for example, Ryan White, where services are provided that could be
reimbursed through new insurance policies. We’ve developed a set of demographic
data items, largely the ones we developed for surveys, and provided it to
agencies to use in their program reporting systems, working their health
centers, family planning, Ryan White, breast and cervical cancer programs. So
they will be able to look at the populations that they serve and how that
population as a group comports with what may be eligible under the ACA and what
trends occur after that time.

What we did there was to add two questions, one on the type of insurance,
sort of a simplified question so everybody is measuring it in the same way, and
we added some of the significant categories for the federal poverty level that
trigger your coverage or subsidies or other things. The agencies are in the
process of adding those to their reporting systems so that these pieces will
all come together. Again, we wish it were faster, but it is occurring now.

In all of this, we have been asked specifically to look at what the impact
is on vulnerable populations. These are racial and ethnic minority populations,
LGBT populations, and often we look at rural populations and disabled
populations as well, the idea there that these are often populations with
special needs and access issues, and so we wanted to be sure that we were
taking a look at not just the overall impact on populations and households and
so on but special populations as well.

There we have added, as I think I reported to the group before, a question
on sexual orientation to the National Health Interview Survey. That was started
in January of last year, so we’ve completed a full year of data collection. We
will have to look at how do the numbers come out. We will, hopefully, be having
sufficient data for analysis this summer, so the project there as well.

Finally, we have added to the Behavioral Risk Factor Surveillance Survey, we
added questions on health insurance coverage, but we also added — we
developed a model, developed and tested a module that states could use that has
two questions, one on sexual orientation and one on gender identity. The states
voted to approve it as a module, a voluntary module for states to use, and so
far we have 17 states which are using it now. I am forgetting, Bruce, if the
calendar for all states is January.

DR. COHEN: Yes.

MR. SCANLON: It varies, but I think January is the start. This is a
telephone survey, so it was designed specifically for use on telephone and
protecting privacy. We have another 13 states that will be using some variation
of it. So we have 30 states, which is actually a good start. Honestly, there
are some states that will never ask questions like that in their state survey.

Let me talk a little bit just to remind you of our data strategy. Remember,
about 18 months ago, 2 years ago, the Data Council was asked to look at our
portfolio of surveys and major data collections, to look at a couple of areas.
Number one was what are the remaining data gaps and issues and how could we
address those in a coordinated fashion. We talked about those in terms of
health reform and others.

Secondly, we were asked to look at this issue of timeliness or rapid
response, and are there ways that — what is the technology currently being
used in our surveys and data collections, and are there opportunities to speed
those up through technology? It could be something as simple as a
quick-turnaround telephone survey or a Web-based survey or a case of electronic
health records as well. But it was the idea of we certainly value the
gold-standard sorts of data collections — interviews and so on — but
can technology help us here?

We developed several pilot projects there which I will tell you a little bit
about in terms of how using the Web and using Skype and other things to try to
speed some of this — it is a mixed bag, to be honest. Not everybody has
access to the Web. Not everybody can do surveys. You will get a very — if
that’s all you use, you will get a skewed population result that is not going
to be adequate for population estimates. But they certainly fit in with the
process, and we will get to the point where it’s a little more comprehensive.
So that’s the technology side.

And then the third area was that area that we’ve mentioned here, and it was
really how can we better align or integrate all of these data streams, the
current and the future ones, so the surveys, the administrative data, the
surveillance research, electronic health records, and so on, and how can we
view these more as a comprehensive — not in isolation but as a potential
source of comprehensive information on the population and employers and
providers and so on?

That brought up some issues, the mosaic effect, which I’ll talk a little bit
about. But in addition, we decided there that we’ve talked enough about it;
let’s now proceed to proof of concept and pilot studies. So we have a number of
pilot studies where we actually tried to do some applications, particularly
with the safety net and with vulnerable populations, but based on electronic
health records and others.

Let me turn to some of those projects then. And, of course, the fourth
dimension of all of this is to make this data available, because if we are the
only ones who have it, then essentially what have we done with all the taxpayer
money? So the whole emphasis here is to make it not only collected in a
high-quality and reliable way, do it quickly, do it economically, and do it
efficiently, and to make it available, obviously.

That feeds right into the work of the committee here and the Data Access
Work Group and a number of activities which are trying to get the data out as
well.

One interesting project that we have — and we just posted it, I think,
on our ASPE Website — we looked at so how can the electronic health
records — this is a pilot study — how can it help us with doing
research on hard-to-reach or small populations. We posted this just today, but
we looked at — there were some special and hard-to-reach populations,
populations you don’t reach in big national studies, so we looked at what is
the potential of electronic health record data to provide information in terms
of content and sufficient numbers to do research on special populations.

The four populations the contractor focused on were Asian, Asian
subpopulations, LBGT populations, rural populations, and adolescents on the
autism spectrum. The study involved interviews with experts on health care,
research for these populations, experts on electronic health records. Then we
pulled it together, and we actually carried it through in terms of how could
you do it, what is the possibility, and actually tested it in one EHR setting.

Again, this is not a silver bullet; this is one more research approach that
we add to the armamentarium. But it’s a nice report. It’s sort of a proof of
concept more than just a concept as well. So that is on our ASPE Website.

I did want to mention that we have, when we look at data resources in this
bigger fashion, everyone raises the issue of, well, you know, you not only have
to protect the data in the specific data source; protect it from
re identification or disclosure from that individual — the National Health
Interview Survey or MEPS or whatever. But the more you make it available, the
more you have to worry about all the other data that’s available commercially
and publicly in other data sets. This concept that — you all heard of it
before; I think it came up in the intelligence community — that when you
begin to be able to piece together insights and data from various sources like
this, that you may raise the risk of re-identification problems or inadvertent
disclosure.

So the question comes up, so what do you do? Do you have to do a lot more
— what is the additional risk brought about by this mosaic effect? I think
everyone does a pretty good job. Certainly everyone has had data breaches, not
so much the federal government but others. My good friends at the University of
Maryland apparently announced a data breach today. But it’s almost every week
you hear about it. This is a case where we really don’t want the identity to
get out, for the most part, and we are trying to protect folks who participate
in this research and surveys.

We have a number of procedures, well-developed procedures, that almost every
one of these activities engage in, that are various things you can do to that
data so that you can still release individual records, but you have pretty much
taken most of the risk of re-identification out. So you top-code, you fuzz up
the data to some extent. You don’t necessarily report dates of admission and
dates of discharge or specific birth dates. There are ways to do this where you
minimize.

But the risk still comes up, and particularly when you go to the state level
or the sub-state level where people can get their hands on voter registration
records and DMV records and other things.

There is a whole little business available now of consultants who tell you
they will re-identify you. Give them an hour and a half, any data. The degree
to which this is true, I think we need some empirical information, but it is
something we now have to contend with. So we have awarded a contract to do a
sort of an environmental scan. We are pulling together a workshop. If any of
the committee members are expert in this area or know folks who are expert in
this area, let me know. I would like to get them there.

What we are looking for, really, is we don’t want to rehash or re-invent all
the very well-developed disclosure-avoidance techniques that are now available.
The question there is to get everybody to use them. The question is how much
additional risk is there brought about by this new concept, and what steps do
you need to minimize that or prevent that as well?

We are planning a workshop in the spring, maybe April probably, maybe May,
but we really need to get — we have dozens of very excellent folks who are
statisticians and researchers and epidemiologists and our regular IT and
administrative data experts. What we need are the folks who represent the red
hat, the other hat, in terms of the folks who know what other data is
available. GAO published a report recently, for example, on information
resellers, so this is not necessarily federal data but it’s other information
that people can buy. So you have that. You have other publicly available
information, and you have hospital discharge data. You might be able to
identify who those folks are, and in fact that has been demonstrated, I think
in Massachusetts, for instance, with I think it was the governor’s hospital
stay.

At any rate, we could use your help here, and any ideas you have,
literature, if you know experts who can help us here, let me know, and we would
like to proceed there as well.

Let me finish up.

DR. FRANCIS: That might be something that the Privacy Subcommittee could
take up briefly this afternoon.

MR. SCANLON: Okay, yes. And again, we have a lot of experts within HHS. We
know what agencies do, and we sort of know what the experience has been. We
really need folks who are coming at it from the other side. In fact, people who
actually try to link, wearing the white hat, obviously, and hire people to do
this, to test your security, or who just know that whole area of what’s
available outside the federal sphere. So that would be helpful to us.

Again, we need more empirical information. Otherwise, we will — well,
there is always, as you know better than I, there is always a balance between
data access and availability and privacy and confidentiality. One extreme is
never to make any data available, and the other is to make it all available. We
are somewhere in between where each case is a balance. But if there are
measures we could take that reduce that, that would help all of us as well.

Just on the survey side, just some quick other things. As I said, we added
on a test basis a Web-based capability for the National Health Interview
Survey. It is more for experimental purposes. We’ll see how all this goes.
Again, I think the first wave we found out that a lot of people still like to
get paper and they still like to be called, or something like that. But we are
working that through. But I think everyone agrees that the Web, the Internet
basis, and panel surveys are an addition; they are not a silver bullet.

We are also, in our office, trying to use some of the Web panel, the
commercial Web panels. I won’t mention specific names, but you’re aware of
them. They can turn the data around quickly because they have preexisting
panels, but they do have issues with representation, representativeness, and
with response rates. So they are good for certain things that you can track
over time, because whatever the bias is, it’s the same today as it was
yesterday, but if you really want to know what the number is in the population
or that sort of thing, you could be very wrong, and so you need some way to
calibrate, to understand those as well.

We also added, then I will close — and I have one more nice
announcement — but we have added — we want to be able to follow
low-income families — well, all families — in terms of their
experience with health insurance and health expenditures. The MEPS, as you
remember, if you are in the MEPS, you are in there for almost 2 years. In
addition, part of the survey is a survey of employers in terms of what their
plans are. So what we’ve added there is a longitudinal dimension where we can
follow employers back to see what they said last fall and what their changes
may be. So we will get a better understanding of that as well.

There is only one other survey like this, other than the HR benefit surveys.
It is sponsored by the Commonwealth Fund, and everybody uses it. But again, I
think there are response-rate issues there as well.

Let me close with a nice announcement. We have been asked — as you
know, one of our priorities is to increase our capacity for statistics and data
on vulnerable populations. One of the toughest groups in our national surveys
has always been Native Hawaiians and Pacific Islanders. It is just a small
group. It is very tough to get sufficient numbers in a survey if you just use
the normal sampling, and you’ve got oversampling.

Beginning this month, the National Center for Health Statistics has launched
— it is basically the National Health Interview Survey, but it will
include 4,000 Native Hawaiians and Pacific Islanders. So starting this month
— and this is very interesting. How do you find 4,000 households,
nationally representative? This was a project with the Census Bureau. They
provided — well, it’s tricky. They don’t actually release any of this
information, but they provided the capability to survey at least 4,000
households, half of whom were in the sample of the folks that were in, I think,
the American Community Survey that identified as Native Hawaiian or Pacific
Islanders.

This will include, obviously, the continental United States and Hawaii, not
the islands, but they will try to get — hopefully, they will get 4,000,
which is a pretty good size, if they could get it, of households from this
group and probably take a full year, probably talking about 2015 or so before
the data is available. But it just shows how you can actually, with a little
creative thinking and some cooperation from some other agencies, you can
actually do almost anything — and sufficient funds.

Let me stop there.

DR. GREEN: Thank you, Jim, very much.

Bruce has a question.

DR. COHEN: It is always great to hear what is going on. It is really
incredibly exciting. Your portfolio is so broad.

I have a comment and a question about ACA work. This is sort of learnings
from the Commonwealth of Massachusetts. The focus is always so much on gaining
access, sometimes we lose sight of thinking about what the change in outcomes
is going to be for individuals and for populations.

I would like to see work now begin in developing some kind of framework for
assessing not the impact on increased access but the public health impact on
individuals who are directly now insured who weren’t, and the indirect impact,
I think, which might be just as great on the changing culture that affects
those — a focus on prevention or other kinds of activities. I think it
would really benefit all the states who are beginning to see newly insured
populations if we had some standards or guidelines or framework for measuring
health outcomes at the population level.

DR. GREEN: One more question? Vickie.

DR. MAYS: Thank you.

Like Bruce, I love these updates. What is so wonderful is in this
resource-shrinking time, you are able to do some very creative things. So
congratulations on that.

I have two questions. One is when you were talking about doing the research
on EHRs potentially for these vulnerable populations, the Institute of Medicine
has a committee that is looking — this is, I think, Bob’s Kaplan’s group
— that is attempting to look at the use of more behavioral indicators in
the electronic health record.

It would seem for these populations in particular those social determinants
are very important. So I am wondering if you all, as you consider it, will also
consider those kinds of data and whether or not those kinds of data can be a
part — I mean kind of thinking ahead in terms of what the recommendation
is going to be.

Then the other is, my question really has to do with the Native Hawaiian and
other Pacific Islanders. When that data is done, is it going to be in a special
file or will it be released for — because for California, this will be
absolutely wonderful. So I am just trying to get a sense of like if it is going
to take a while before we would get it or whether or not it should be okay.

MR. SCANLON: I think we actually announced when we thought it would be
available. But I think we would be releasing either through the Data Center or
through a public file. And remember, it is pretty much the Health Interview
Survey applied to this group, which I think is the best way to do this, because
then you have a comparison as well.

I think it is going to take at least the full year, obviously, but probably
in 2015. And remember, they have to weight it up, so even when the calendar
year is over, they have to weight it up and do the control totals and so on.
But it is nice way to — and Census rarely, I might say — there is a
committee that considers providing access to the census for these kinds of
purposes, and it’s a pretty tough — they usually say no, but in this case
it took a while but they actually agreed that this was worth doing. Apparently,
you can only do it once. You cannot make it a permanent — sort of like
once, so we might revisit that later, but you can’t make it continuing.

But this is the only way you can find populations. If you search for them in
a survey, even with oversampling, and even in California, you guys do the best
of any state probably or one of the best with the California Health Interview
Survey.

Again on the social determinants and so on, I think Judy is probably a
better — the way many of these things get implemented in the electronic
health records is through the meaningful use requirements. We clearly have
recommended demographic data, the standard items and some other data, that
hopefully would be considered. We often get pushback actually from the clinical
community on some of these things. For whatever reason, we don’t know where
it’s going to come out. But if there is a set of standards on social
determinants, if there is agreement that — because it covers so much area.
But it is education, it is income, it is things like that. If there is
agreement on maybe a small set of measures, we could at least think about that
for future cycles.

DR. GREEN: Walter.

DR. SUAREZ: Jim, thank you so much for the overview of the strategic plan of
the Department and all the activities that are happening. It is just
impressive.

The topic I wanted to ask about I think is one of the most incredible
opportunities in terms of what the Affordable Care Act and health reform are
offering. I wanted to explore what kinds of activities, and where within the
overall plan, you see it being developed.

The topic is population health management. I think there is really an
incredible opportunity for expanding the relationship between public health and
clinical care through advanced models and tools for better population health
management, both organizations that perform that by virtue of who they are and
what they are, and organizations such as accountable care organizations,
integrated delivery systems, and others, and then, in the public health arena,
of course, public health agencies.

My question is really where do you see the opportunities to converge and
bring together these two worlds under the direction of population health
managements?

MR. SCANLON: Well, it’s a good question. You are referring to two
populations, the population in a health plan — is that right? — and
the population at large.

The tools for — and again, maybe the other speakers here can talk to
this as well — so within the plans, accountable care organizations and so
on and other means — there are some demonstrations, a fair amount of money
available to do research and demos through the Medicare Innovation Center.
Again, I think electronic health records can help with that.

On the population side, community population, in the Affordable Care Act, as
you know, there were several dimensions that included public health. One of
them was the whole Prevention and Public Health Fund, which is used for a lot
of things; the data standards; the community health needs assessments that the
hospitals have to do. Then the grant program was the community transformation
grants.

Then in all of this there was this focus. It sort of implied — I don’t
think there are specifics mentioned — but it is how do you link the
clinical community — it is really linkages between the clinical community
and the community at large as well.

We have a study under way in ASPE about how do you strengthen that. Data is
a part of that as well. Actually, data is a big part of that. It is certainly
in the spirit of ACA, and there are tools, and data is a big part of it, but
again, we would look at — there are others who could probably answer more
— but we would look at any advice you have in terms of giving us
recommendations.

DR. SUAREZ: Just a very quick follow-up. I think you have highlighted it,
and the way I see it, it is really just the three, well, many groups, but there
are health plans that have a role, of course, in this; there are the provider
systems, both integrated and accountable care organizations and others. And
then there is public health. Each one has a — my sense is we are just
starting to put together some things, but they seem to be sort of somewhat
siloed still — responsibilities for hospitals to do community health, et
cetera, and the responsibilities for ACOs to do certain things on populations.

What I was looking for, and maybe that is one activity that we can consider
as a national committee, is taking a more holistic view of population health
management and seeing how all of these pieces perhaps can come together in a
better way.

MR. MILMAN: We have a study actually that is just exactly on the topic
you’re talking about that just started this fall. It is focusing on chronic
disease management and trying to — we are picking three conditions:
diabetes, smoking cessation and its role in cancer and cardiovascular disease,
and pediatric asthma. We are trying to look at the value proposition both on
the provider side and on the public health side and think through what the work
flow would look like, so then we could start thinking about what is the
electronic health record piece of this in terms of the exchange of data.

So to the extent that the committee wants to participate along with us, we
are sort at the beginning phases of this, so stay tuned. Those are exactly the
issues.

MR. SCANLON: I think Walter has raised a good question. From the committee’s
perspective, if there were opportunities — again, the key for the
committee is that it is a data issue or a measurement issue. We are not a
health policy committee. But if you have ideas about — and certainly data
is a big part of this, the electronic health data record and other data.

New York City actually tried to push this fairly far with the public health
department and some of the clinical practices at the city. They had some
success. Not every place is New York City, obviously.

But at any rate, it is exactly that interchange and that link that I think
has been a problem for a long time. It is nothing new that public health is
often on its own and the clinical care community is on its own, and even in a
community it is rare that there’s a lot of interchange. It is getting better.
But I think data might be the key, and if the committee has ideas along those
lines, we would be happy to hear them.

DR. GREEN: I think it is fair to say that based on Vickie’s question and
comments, Bruce’s, and Walter’s, that you should assume that the committee is
keenly interested in what you just talked about and that we should follow up.

MS. GOSS: To that point, I want to drive home a point that was discussed at
the recent Office of National Coordinator annual meeting. The sentiments that
you’ve heard so far are the pain points of many states in trying to tackle the
sustainability of the new IT infrastructure that enables us to get to the
triple aim. It’s a really critical aspect.

DR. GREEN: Out in Colorado there’s a ski pass that’s called the 4 by 40. The
40 refers to United States Highway 40 and the 4 are 4 days on the mountains,
either at Winter Park or Steamboat Springs. It’s a really cheap way to get a
lot of really great skiing in. You may wonder what the heck that has to do with
anything, but we’ve got about 40 minutes left to hear from their people. So
we’re about to have the 4-by-40 show, and we are going to start with Denise.

MS. BUENNING: No pressure here, huh? Hi, I am Denise Buenning with the
Centers for Medicare and Medicaid Services. Again, it’s a pleasure to be here
today to update you on the progress that CMS is making with regard to a number
of key CMS ehealth areas.

I have some really great slides, but in keeping with Jim’s comment this
morning about the importance of HHS’ privacy and security, the HHS laptop will
not accept my CMS encryption code. So given that, I will quickly talk our way
through this, and I do promise that I will get the committee my full slides
this afternoon.

Let’s start off with meaningful use. We have some preliminary 2013 data to
share on our meaningful use/EHR incentive programs. Eighty-three percent of all
eligible professionals registered for the program have participated in it by
the year’s end. This means that we have more than 261,000 Medicare-eligible
professionals, 138,000 Medicaid-eligible professionals, and 2,400 eligible
hospitals that have received a payment. This means to date that we have
disbursed more than $19 billion under this program. Ninety-four percent of all
eligible hospitals registered in the program, of those 87 percent received a
payment.

We are continuing to get attestations in. Just this past week we had a new
system record, with more than 6,700 individual attestations in a single day
being recorded. So they are coming in.

To make sure that all of the hospitals and providers who need to attest can
do so, we have also just extended through the end of March the time when they
may access the attestation system and get their data loaded.

Just as exciting, we are continuing to get new participants in the program.
We note that we had 21,000 new attestations being logged in just over the past
few weeks. So the results are coming in. I am sure we will have updates as this
information comes in. But we are pretty excited about our numbers, we are
pretty excited about the number of new attestations we have coming in, and we
look forward to getting more data as it comes in.

Operating rules. I know that for the Standards Subcommittee members this may
be a little bit redundant, but for the rest of us, I think we are all aware
that the Affordable Care Act requires that we develop new operating rules for
the remaining HIPAA standards, including healthcare claims, enrollment and
disenrollment in a health plan, health plan premium payments, referrals,
certification and authorization, and health claims attachments.

I am sure you already heard from CORE, which is the authoring entity of the
operating rules. Again, just a reminder that they really need all levels of
participation as they start to draft these operating rules. So if you haven’t
already done so, if participants on the phone or in the room represent certain
industry segments, please reach out to CORE. Make sure that your voice is
heard. That is the only way that they can ensure that operating rules that
evolve from this process are robust, accurate, and usable.

As I think we all know, the Secretary is required to obtain the review and
recommendations from this committee prior to operating rules. We anticipate
that we will see something from CORE probably fourth quarter of this year, and
we will follow that prescribed process in taking those things forward once the
operating rules are in place.

We have another set of operating rules, electronic funds transfer and
electronic remittance advice, which took effect January 1 of this year. We have
not received a whole lot of feedback from industry as to what the level of
compliance is for this particular operating rule, so if anybody has anecdotal
information that they would like to share with us, we would love to hear about
that.

DR. SUAREZ: We heard a lot about it yesterday during the hearing, and we
will report on that this morning. Real-time reporting.

MS. BUENNING: Okay, great.

We are in the process of expanding provider outreach regarding the benefits
of all the existing operating rules, including eligibility for the health plan,
claim status, and EFT.

You may have also heard this yesterday, and again I apologize if I am being
redundant, but we have gotten some feedback that providers are using
eligibility data to build predictive analytics, to help determine staffing
needs and work assignments. One of our large health plans reports that their
electronic eligibility requests have almost doubled, along with those of claim
status requests. But the same plan reports that manual requests have not gone
down. The plan thinks that this may be because some health plans are not using
compliant transactions, so providers have to revert back to manual processing.

Again, any feedback on this would be appreciated. This is again one case,
but it is an interesting concept. Again, if this is the case, then it probably
points to the need for certification of compliance among health plans.

The health plan identifier gets into full swing in 2014, with large plans
having to enumerate by the first week of November. Health plans are continuing
to work on their enumeration strategies, and CMS is increasing its outreach and
education to help explain and clarify the requirement.

The HPID enumeration will also provide us with a database of the universe of
HIPAA-covered health plans. This is something that we have not had before. For
example, prior to this, we did not really have a good handle on how many
self-funded health plans were covered under HIPAA. So this information is going
to be helpful as we move forward on other administrative simplification
initiatives.

Of course, just like every other commercial health plan, CMS’ Medicare fee
for service, Medicaid, and Medicare Advantage plans are in the process of
coming up with their enumeration strategies.

There are some other administrative simplification activities going on.
Proposed rule was published earlier this year asking for public comments on CMS
0037-P. This is a regulation proposing health plan certification of compliance
with certain standards and operating rules. This proposed rule suggests pushing
out the deadline for this requirement another year to better align with the
HPID requirements. We are using that system to dovetail for certification
purposes.

We are looking forward to comments. I think they close on the first week of
March, March 6, I believe. We are really looking for comments especially on the
time frames. We met with an industry group this past week, and they came back
with some very good feedback on HPID that we didn’t have prior to finalizing
that rule. One of the things I mentioned to them was, if you had had more time
to comment during the public comment period, would you have had this
information at that time? So we are now looking at perhaps again taking this
into consideration on a one-on-one basis, maybe extending the public comment
time.

I know that everybody wants these things to be turned around very quickly,
but on the other hand, it’s better to have that time up front and get more
robust data and information back as to how this is going to really impact
operationally, as opposed to finalizing the plan and then having folks come
back and say, well, we didn’t know about this, we didn’t think about it, maybe
if we had had more time. So we are going to be taking a look at that as we go
forward.

We need to adopt a standard for claims attachments. We plan to align this
with any clinical data standards that may be adopted in any EHR certification
and meaningful use Stage 3 regulations. So we are trying to all pull this
together.

The ACA also requires an independent standards and operating rules review
committee. I know we’ve had some informal discussions. This is under
development and will be a topic of discussion at a forthcoming NCVHS hearing.

Finally, in 2014 you can expect to see regulations addressing the NCPDP
prescription refill standard, adoption of an X12 errata, perhaps, clarifying
use of HPID, and an e prescribing prior authorization NCPDP scrip standard.

ICD-10. The date is the same. It’s not going to change. Let me put on my
broken record. It is still October 1, 2014. I can tell you as late as yesterday
afternoon Administrator Tavenner once again said, “The date is not
changing.” So we are continuing to work on this. We’ve been working on it
since 2009 internally. Our internal systems transition was completed last
October.

In March we are going to start some external testing, with acknowledgment
testing with providers, and some coordination-of-benefits testing is now taking
place through the end of May.

State Medicaid agencies are reporting to CMS on a quarterly basis their
assessments of their readiness. We in turn have been providing technical
assistance and training to those agencies needing it. They are also going to be
conducting their external testing through May of this year.

Let’s talk a little bit more about Medicare fee for service. We began
preparing, again, our fee-for-service systems in 2010 with the implementation
of ICD-10. All software changes to the system were complete as of last October,
so internally we are ready to go.

We do quarterly updates every year. CMS is confident it has very mature
testing methodology and implementation approach. It has a three-tiered,
time-sensitive testing methodology, alpha testing, beta testing, and testing
with our integration contractor, and then a final phase is performed by each
MAC for all 4 weeks.

But we are also sensitive to the concerns of industry. We hear you. We are
initiating first these Medicare testing weeks so that providers can determine
if their claims carrying ICD-10 codes can be accepted through the MAC door, so
to speak. So basically it is an acknowledgment testing. Put it through and get
an acknowledgment back saying yes, we received it. So that’s the first part of
the testing. This, again, is going to take place in early March.

Then yesterday at the Subcommittee on Standards hearing it was announced
that CMS would do a broader end-to-end testing that will take place this
summer. We are going to do a sampling of the broad industry segments. It is not
intended to give a provider back a specific reimbursement as a result of
putting through a claim with an ICD-10 code because, as I think we all know,
that is regulated and that regulation will not be coming out until the fall.
What they will get back is an ICD-9 reimbursement. Again, it is not going to be
an exact reimbursement, but at least it will show that that claim can go
through the front door, go through the system, and result in a reimbursement
coming back. So the whole idea is to see if it can go through the system and
flow, not to give you back a specific reimbursement. But we think that that is
very important.

CMS’ coordination of benefits contractor is testing now through May with at
least 30 percent of our over 270 commercial payers. If anybody else wants to
test voluntarily coordination of benefits, we are certainly willing to
entertain that. About one-third of the state Medicaid agencies have signed up
to test ICD-10 through this coordination of benefits process, and other will be
joining. Again, state Medicaid agencies are conducting end-to-end testing with
their systems through May.

This month we’ve established the ICD-10 physician portal. We are trying to
reach out to specialty physician practices to learn more about the
implementation and give them tools to help them plan, implement, and track
their progress.

We are redoubling our efforts with state Medicaid agencies, QIOs, RECs,
other federal agencies, payers, et cetera, cetera.

Finally, we are actually providing on-the-ground ICD-10 technical
assistance, deploying training teams to complement our ongoing national WebUp
and other sessions. In fact there is a national Webinar taking place right now
on ICD-10, and I think more than 5,000 people are online with that.

So as we draw closer, we are going to increase internal and external
planning. We are going to be participating with WEDI in a stakeholder
coalition, which is something similar to what we did for our 5010
implementation, where we gather intelligence on ICD-10 as we go through the
testing, and we use it to produce FAQs so that we can push information out and
continue to host national calls, Webinars, and develop our targeted material to
get provider needs met.

The other thing is I get the impression that a lot of people think that once
October 1 hits, that’s the end of it. It would be nice, but no. The work is
definitely not going to stop there. We are going to continue to collaborate
with stakeholder groups to address and monitor post-implementation issues and
continue our focus on getting providers paid.

That’s all I have for you today. Again, I will get the slides to the
committee this afternoon and would welcome your questions.

DR. GREEN: Thank you very much. If it’s okay, if you don’t have to leave,
could we do the other presentations and then everyone collect questions, and
we’ll get questions at the end? Can you stay? You don’t have anything going on.

(Laughter)

PARTICIPANT: Besides ICD-10.

MS. BUENNING: I probably will stay.

DR. GREEN: Is it Judy?

MS. MURPHY: Sure. I will start with the ONC update, and we, of course, don’t
care about encryption. We just care about health care.

(Laughter)

My slides worked. I don’t know.

I have 11 things I wanted to go through. What I will do is go through all
11, but the level of detail I will chop off.

Since the slides are going to be available, there are LAG links on some of
the slides, and so that will be particularly helpful for you.

I am going to run through adoption statistics, which of course are just
reemphasizing what was just said; talk a little bit about Stage 2, Stage 3;
then a bunch of other things that have been published since I was last here, so
SAFER guides and some information on patient-generated health data, talk about
the anti-kickback. So, again, just a review of some items.

These are the statistics visually that you just heard from CMS. On the
left-hand side, again, our denominator for eligible professionals is about
527,000, and the percentages that were talked about; those registered and those
who have been paid by either Medicare or Medicaid. Then on the right-hand side,
about 5,000 eligible hospitals for the meaningful use program, and again doing
very well there, 88 percent paid and 94 percent registered.

In terms of dollars, this is just month over month and the cumulative total
at $19.4 billion having been paid out since the beginning of the program.

I was interested in your 6,000 attestations because, of course, that is
stage 1, correct? Have we had any attestations at stage 2 yet? You don’t know.

MR. TAGALICOD: I don’t have the number, but I understand it is not as robust
as the 6,000. We are still looking at it.

MS. MURPHY: Yes. So I will talk briefly about some of that.

Now, we’ve been tracking some specialty populations as well, and one of the
ones we’ve been paying particular attention to is rural, because we’ve been
doing some interventions with rural and specifically sending out staff to sit
down with rural hospitals and not only make sure they know what to do for
meaningful use, but if they’re short on money, which they all are, some
mechanisms that they can go ahead and get money; for example, different kinds
of funding through FCC for broadband from USDA for assistance with some
building that might be required for housing servers and those kinds of things.

I am happy to report that these statistics are only through November, not
through December. Those previous ones were through December. So through
November we are holding with the professionals. Rural and overall are the same.
The critical access and rural hospitals are a bit behind, so they are at only
82 percent, whereas the overall is 94 percent. So again, really, it is the
critical access hospitals and rural hospitals, those less than 50 beds, that we
really have to continue to provide particular support. But we do track this
state by state and location by location.

This is a shameless advertisement about onhealthIT.gov. There is a
dashboard. It looks like this. You can hover over every state. You can actually
see the actual number. But the darker the blue, the better that particular
state is doing based on the percent of providers, or this is physicians, excuse
me — there is one for hospitals as well — but physicians or physician
assistants or nurse practitioners paid by the states. Then there are actually
maps and you can hover over every single one. So we know who they are and where
they are and whether they’ve attested or not.

This is actually data we get from CMS, so we just manipulate and put it in a
graphic. Again, very helpful information. If you haven’t spent quality time
with a dashboard, you might want to do that because there is really some good
information there if you are interested in a particular state or in particular
items within a state.

Moving then to Stage 2, so the 2014 addition of certification or certified
products is what was required for Stage 2. One of the early concerns was that
the products were not going to get certified in time. So we have been tracking
this very closely as well. Five hundred eighty-eight unique 2014 certified
products are out there.

If we look at products that were used for attestation at Stage 1 and then
look at these products that are certified at Stage 2, we’ve actually got about
90 percent coverage, meaning that those vendors that people have used for Stage
1 actually have gotten certified for Stage 2.

If you’ve been tracking this — and again that’s also available on
HealthIT.gov dashboard — there were 1,700 products or thereabouts. It
might even be 1,800 products at Stage 1 certification, but about 50 percent of
them have never been used for an attestation. So there was a proliferation in
the marketplace, but then, of course, not all of them actually got bought by
people and installed by people and used for attestation. So there is really a
dichotomy there. When you look at the numbers, it doesn’t tell the true story.

Moving to a new thing that we’re doing, and that is that ONC with CMS
actually has talked about the fact that we are not getting ahead of the
standards well enough, so that what happens is we put out the measures that are
required for attestation and the standards that go along with it. At times
people are surprised by the standards that are being used, and they have not
had time to react, or the vendors have not had time to work those standards
into their products.

In thinking about that, we are trying to get ahead of the game by actually
putting out rules in between the rules that are required for meaningful use to
give a signal as to what is coming and at times to tweak what went before.
There will be a notice of proposed rulemaking, the last bullet there,
forthcoming in the not-too-distant future. That will be some —
quote/unquote again — tweaks to that edition that was used for Stage 2 and
then some looking ahead to what is going to be required for the next version.

As you may recall — this is a graphic that has been used many times
over the last years since 2009 and the launch, if you will, of the meaningful
use program. The maturation of the staging of criteria was around Stage 1
looking at adoption and use and access, Stage 2 looking at health information
exchange and really getting that moving between providers and between patients
and providers, and then Stage 3 really being focused on improved outcomes.

We are at the stage now where — I shouldn’t use the word
“stage” because you’ll get confused — we are at the point where
the Stage 3 criteria are being discussed. They’ve been discussed probably for
about a year now, and we have the chair of that working group in our midst,
Paul Tang. The next four slides I shamelessly stole from him.

But the final recommendations from the working group to the policy committee
are going to be happening in March. So those of you who care about that might
want to sit in on the March meeting or listen to the tape, which I am sure is
very compelling. I will just build this out.

This is a slide that Paul actually used — I could let you speak to it,
but we don’t have time — thinking about how to take functional objectives
and relate them to the outcomes, because we are really focused on the outcomes.

I am not going to go through all the background on this, but it is basically
thinking about you’ve got a functional objective that is feeding a functional
goal. The functional objective is like functionality, like it’s an electronic
medication administration record, and it’s feeding a functional goal. In the
example I just gave, it’s the ability to document medications online. Then
looking at how that fits into the meaningful use priorities and how it’s
driving health outcomes through the electronic clinical quality measures.

What they did — I forgot that these were building out — thinking
about that related to the criteria, so again looking at functional objectives,
and there are some examples listed there — clinical decision support,
structured data for imaging and family history, thinking again about those
functional goals and what outcomes that is actually driving.

There has been some evolving of these particular items. I pulled these from
the last policy committee, and I know that the working group has been doing
some tweaking on these. These are meant to be exemplary and not final criteria
of any type. But again, how they’re looking at relating these to keep the focus
on outcomes and keeping the focus on goals. I give one example of care planning
and another one of that electronic medication administration record.

I should give you a moment. Is there anything really important that I did
not say?

DR. TANG: No. The point is to make the outcome goal the goal and work
backwards. Actually, at our call just yesterday, because we got our policy
committee to focus on four things: clinical decision support, care
coordination, patient engagement, and population and public health. In order to
focus on that means removing some others. We are on the way to recommending the
reduction of nine objectives in the program so that we can have focus.

MS. MURPHY: You heard it here first.

DR. TANG: But that is just the working group.

MS. MURPHY: It’s a signal, not for sure.

DR. TANG: It’s a signal.

MS. MURPHY: But the point being from 1 to 2 is additive. Okay, we didn’t
take anything away from 1 to 2. So now you’re saying they probably have it and
we might actually be looking at taking some things away, not meaning that
people won’t continue doing them but that we’ll stop measuring them.

DR. TANG: Yes.

MS. MURPHY: All right, these I am going to go real quickly. SAFER guides.
Again, I’ve got a link to it there. We’ve got some other guides about making
sure that if you’re using electronic health records and health information
technology that you’re thinking about all the infrastructure you should put in
place to make sure that they are safe.

There are six SAFER guides and then this additional how to identify and
address unsafe conditions associated with health IT, and they are all on our
Website.

Then we have started some safety-focused surveillance of certified
electronic health record technology. So those products that have been certified
and are now in use for meaningful use are being looked at and audited, if you
will, from the certification bodies that did their certification. So they,
meaning the accredited certified bodies, are responsible for doing a percent of
their certified products and looking at those products in use and making sure
that the spirit of the program is actually being exemplified in the way those
products are being used out in the field.

2014 edition EHR certification has also two new transparency requirements.
Those have been activated as of the beginning of this year. So if you went to
our CHPL Website, which is the product listing, you would be able to link to
the test results and you would be able to link to pricing.

Now, you will not actually see the pricing. You won’t see that it costs
$59,000. But what you will see is which things require separate or itemized
pricing on top of the electronic health record you bought. We are hearing a lot
from the industry that people are buying electronic health records and then
finding out there are all the additional things that they have to buy. So this
price transparency was to say are clinical quality measures automatically
included in the base price that I already paid, or is that an add-on? That’s
the kind of information you find on the price transparency on the product
listing Website. That is as of January.

We had a technical expert panel that gave us a final report on
patient-generated health data: What are some of the considerations when you’re
taking patient-generated data and consuming it into an electronic health
record, on what standards and those things? This is early work. There’s lots
more work being done on this over the next year.

The Stark exception anti-kickback safe harbor was extended. The original
deadline for that was it was being discontinued in December 2013. That is now
extended to December 2021.

The Governance Forum published a final report on things like identity
management and trust framework. These are things that have to do with, when we
exchange health data, how do we know that the data that we’re transferring is
good data and what standards should be followed?

There are some other issue briefs on medication adherence and putting the
patient and keeping the patient at the center of all that we do. Those are
published and on the Website, and the links are there.

Some things that are coming in the future, the Federal Health IT Strategic
Plan that you already addressed the overall plan, we are diving down now on
— it’s Goal 1, Objective F, I think — diving down and actually
looking at the specifics of that. There will be an opportunity for public
comment through our policy committee.

Patient Matching Final Report will be posted either today or tomorrow. This
is helping by describing some guidance in terms of the criteria that should be
used for patient matching, so that if everybody used the same, then we could
actually again trust each other’s patient matching because we would be doing it
the same.

Last but not least is Blue Button, and I’ll wrap up here. Blue Button is the
downloading information for patients. Hopefully, you’ve heard the term before.
I think I’ve talked about it here before. Very specifically, there has been a
big push through the federal agencies and out in the general public to get Blue
Button advanced.

So here are some fun statistics actually on our federal partners and how
they’re doing with the use of Blue Button. VA was the one who coined the term
and who started this whole thing, so they have, of course, got the most. It is
being spread now through DoD, and CMS allows access as well.

In addition to that, just last week, or maybe it was 2 weeks ago now —
time flies when you’re having fun — five of our large pharmacy networks
and providers of pharmaceuticals in our country announced that they were
signing on and will be using Blue Button, providing not only using the logo but
making sure that they are actually providing that information to their patients
and the customers who go there. So this is a super big deal because now this is
becoming more of a public commodity, as compared to something that is just a
unique little thing that some people are doing.

In addition to that, we will be launching next week something called the
Blue Button Connector. I will cautiously say this is the early-release version
of this. We think everything works. We think all the connections and links, and
it’s not going to go down because of volume or anything like that, but we are
doing what we call soft launch. We are not telling the world, we are telling
certain people.

The Blue Button Connector is a way of a patient being able to go and see if
they have the capability of getting Blue Button. So those providers, those
insurance companies, those holders of patient information, like CVS and
Walgreen’s, will be linked to from this Website, and you can see what type of
information that you are capable of getting from each of those.

It is also a place that we believe developers are going to go because the
mobile apps for patients and for just consumers in general for health are just
getting huge in our country. This is a way of kind of seeing what data is
available and their making connections to those people to see if they can put
apps on top of some of the data that’s available, particularly mobile apps.

That is my last slide. I think, again, we are doing questions at the end.

DR. GREEN: Wow! Who’s next?

MS. CATON-PETERS: Me.

DR. GREEN: Please introduce yourself. I am sorry.

MS. CATON-PETERS: I am Helen Caton-Peters. I work with the office of the
chief privacy officer. We are the group within ONC that does care about
encryption.

DR. MURPHY: I do work with her. I of course was just joking.

(Laughter)

MS. CATON-PETERS: I am also a late substitution to this meeting, so perhaps
I can make up some time, because I will glide through some of these slides and
I will defer to some of the experts in the room. Feel free to participate and
chime in if there is content that you would like to address within these
slides. I hope I can do Laura Roses, who typically presents here, some justice
in presenting our office update.

I would like to go through today just a few high-level updates on some
policy changes as well as the Office of Chief Privacy Officer project work that
we’ve been active on since the last update that we gave you, I believe in
November.

This effort to address the accounting of disclosures transmittal has been an
ongoing effort by the HIT Policy Committee. I am giving you a very high-level
overview here. I understand Leslie Francis may be giving a deeper look at this
later on today.

Essentially, a transmittal was sent from the policy committee to provide
recommendations and address this implementation in a stepwise fashion, address
it in a staged way. So working to develop an initial pathway is the primary
objective of this transmittal. The focus is primarily going to be around the
patient’s right to receive a report of disclosures outside of the entity or
organized healthcare arrangement and the patient’s rights to an investigation
for inappropriate accesses within the organization itself.

Back in February of last year President Obama issued an executive order to
improve cybersecurity by enhancing security and resilience of the nation’s
critical infrastructure. A framework, which I will discuss in a little bit more
detail on the next slide, was developed by NIST. This is a voluntary framework
to address this issue.

OCPO has coordinated at HIMSS next week a listening session. This is
intended to provide an overview of why this was developed, what it involves.
NIST ASPE will be there. Joy Pritts from our office will be moderating and
facilitating that event. There will be announcements there of how that project
evolved and developed.

The cybersecurity framework that was developed by NIST was released last
week on the 12th. It was again in response to the President’s executive order.
It was a collaborative effort across many stakeholders and federal agencies
involving an RFI, request for information, and a series of open public
workshops, a 45-day public comment period, and then again culminated with the
release of the framework last week.

It is intended to increase sharing on cybersecurity incidents between the
public and private sector. It allows an opportunity for stakeholders to work
together in a continued collaborative fashion and reduce cyber risk, provides a
common language for cyber risk. It can be used to help identify and prioritize
actions for reducing risk.

It is not intended to supersede existing sector-specific security standards.
There is a methodology included with this that protects privacy and civil
liberties, so that was important to be included.

Essentially, this allows organizations — regardless of their size, the
degree of cyber risk they face, or their cyber sophistication — to apply
principles and best practices of risk management to improve security and
resilience of critical infrastructure. Of course, this is going to be an
ongoing effort. This is a first step. They consider this a living document, so
the federal agencies and stakeholders will continue to work to improve this
framework.

Big data and the future of privacy. In January the White House issued the
big data initiative. This initiative speaks to the ongoing revolution in the
way that health information about our purchases, our conversations, our social
networks and movements, and our physical identities are collected, stored, and
analyzed and used. This immense volume, diversity, and potential value of data
will have profound implications for privacy, the economy, and public policy.

There will be a working group developed to consider all of these issues and
specifically how to present the future stake of technologies in this area.

It essentially looks at three components: how big data will affect the way
the American people live and work; the relationship between government and
citizens; and how public and private sectors can spur innovation and maximize
opportunities while minimizing risks to privacy.

This does involve big data and health as an important issue, so Health and
Human Services is involved in collaborating on this effort as well.

The result of this project will be a report to the President that
anticipates future technological trends and will frame key questions that
collection, availability, and use of big data raise for the government and the
nation. It will serve as a foundation for a robust and forward-looking plan of
action.

On to our project updates. This is a slide with not a lot of data, but it is
a really big announcement and big news. The standards for data segmentation for
privacy have been approved by HL7 and IHE. This is a tremendously large effort
and it’s a big step to development of normative standards that have gone
through a rigorous development and testing and evaluation process. This is a
step on the road to electronically implementing existing law and policy.

Our hope is that these standards will see uptake now by the industry, the
vendors, the stakeholders, and the broader healthcare community to begin to
find ways in which to manage behavioral health and sensitive types of
information that we’ve struggled with up to this point. So exciting news.

We’ve had a collaborative effort ongoing with the Office of Civil Rights. I
don’t want to take too much away from your presentation today, but we’ve been
working to develop models of Notice of Privacy Practices. This is a requirement
in HIPAA to inform patients of their rights regarding access to their protected
health information.

Traditionally, these have been developed and designed by health plans and
health organizations. We have heard and seen that they often are quite
difficult to understand and to navigate. So this effort has been tremendous in
developing some model formats and templates for providers and health plans to
be able to use, so very clearly developed, and hopefully we will see a number
of opportunities there with people using those.

Yesterday a Spanish version was released, so that is very exciting news as
well.

The logical next step then would be to move to an electronic form of the
Notice of Privacy Practices. To that end we announced last week, again in
partnership with OCR, a digital challenge to innovators and developers,
designers, and patient privacy experts to come up with a creative way to deal
with this issue on an electronic format. Sorry, there we go. There’s your link.
I had a note to myself, “Click twice.”

There are number of different things that developers need to keep in mind
when they are doing this form. It requires accurate use of the content from the
paper version of our Notice of Privacy Practices; using best practices for
presenting Web content to the general public; having some visual appeal to it;
and having the capacity to customize, have it be customizable on an entity
level so that they can add their own customization to it, add links, content,
and so on.

Again, I think that this is going to be, hopefully, spurring some very
interesting submissions. The submission period is open now. It runs through
April 7. There will be a review panel determining the winning entries sometime
in May. There is a $15,000 winning prize for this, so that is a good incentive.
There will be some public review and comment on this as well, so the public
will have a say on how this looks.

Then, finally, coming very, very soon — we are so, so close — the
Security Risk Assessment Tool. This is phenomenal tool aimed at our smaller
providers in communities that maybe don’t have the bandwidth or the resources
to be able to pull in consultants to do security risk analysis and risk
assessment.

I have looked at this tool. I think it’s fantastic. There is a lot of good
content on there, a lot of direction providing whoever might potentially,
whether it’s the physician in the practice or the physician’s administrative
assistant in the practice, give them the tools that they need to be able to
carefully address each of the requirements of the HIPAA security rule with
respect to security within their practice.

We have to give credit to ODC and OCR for working diligently with us on this
as well, but I think you will see something in March. Yesterday we did clear
the apps store, so that is good news. We will also be releasing a Wiki page
with this tool to allow for, again, a more dynamic real-time growth and
development of the tool, so users, when they begin to develop and work with
them, can provide us with comment. We will revise it and design, within our
budgetary constraints, of course, but we will, hopefully, develop this tool to
work even better for our community.

That is it for me. Thank you.

DR. GREEN: Rachel, so nice to see you again.

MS. SEEGER: You, too. We’ve been busy. Is that okay for an update?

(Laughter)

PARTICIPANT: Sounds good!

MS. SEEGER: We have been doing a lot in terms of rulemaking. Just very
quickly, I think since the last time I saw you all we published a Notice of
Proposed Rulemaking on NICS. Again, this is a proposal to address perceived
barriers by states of reporting mental health prohibitors, individuals who are
prohibited from obtaining a firearm, so addressing an expressed permission so
that HIPAA is not a blockage but a flow of information by the states into the
FBI’s database. To come, we will have a final rule, but we are receiving
comments now.

I am excited to announce the final rule on CLIA. This is big news, a
patient’s right to access a copy of their laboratory results directly from the
lab. It’s a joint effort between CMS, CBC, OCR, with a lot of support from our
friends at ONC, and a lot of attention on this, especially from consumers. We
are hard at work at trying to push the word out about this important new right.
The effective date is in April, and then we move to the compliance date in
October.

Then to come from HITECH, of course, we have accounting for disclosures and
methods for sharing CMPs with harmed individuals.

We have made our announcement on the Spanish model Notices of Privacy
Practices. We have a lot of other guidances in the queue. Of note are some
guidances on mental health disclosures that are permitted. This is coming out
of recommendations from Congress that we follow up on a memo that we developed
on providers’ duty to warn again that HIPAA permits certain types of
disclosures concerning mental health. I think it will break down some perceived
barriers.

The challenge we’ve discussed.

The next slide is enforcement update. Around Christmas, we released an
announcement of a resolution agreement with Adult and Pediatric Dermatology out
of the Boston area. This is a small-to-midsize practice operating in
Massachusetts and in New Hampshire involving a breach of an unencrypted thumb
drive. We found that there was a lack of risk analysis but, more importantly,
this is the first announcement we’ve had on a lack of policies and procedures
related to breach notification.

I think there is a real important message here for the provider community as
well as health plans to ensure that they — covered entities and business
associates — to ensure that there are policies and procedures in place for
a breach. A $150,000 fine here, and more to come.

With respect to audit, there has been a lot of attention on this. We are
still committed to standing up a permanent audit program in 2014 and are
working now on revising the audit protocol that had been developed to reflect
modifications coming out of the omnibus rule and designing the program to
address business associates and looking at some other issues.

Our YouTube videos, still kicking. As of the end of January, we were at over
1.8 million views.

MS. MURPHY: I just have to say these are great, so when you’re spending
quality time with the dashboard, you want to do some here too.

(Laughter)

MS. SEEGER: So maybe this increase is you as a result of —

(Laughter)

But we had a nice healthy spike of 10,000 views of our videos, so it wasn’t
just all me.

(Laughter)

PARTICIPANT: These are unique, right?

MS. SEEGER: Yes.

PARTICIPANT: Do you get meaningful use credit for viewing these videos?

MS. SEEGER: Heck, yeah. I think 10 cents per view, something like that?

DR. GREEN: That was a fabulous tour de force. Thank you four women very
much.

Paul, you’ve got the first question.

DR. TANG: Really outstanding reports, starting out with Jim and the
agencies. It is just always a learning experience. I just wish there was a way
to get this information out more broadly to people who don’t even know they
could use this information and be informed in their viewpoint. So thank you,
really, very much.

I want to focus on a couple of privacy-related things, so this is something
you mentioned, Helen. One is HL7 and IHE on data segmentation. The one question
there is, how granular is the data segmented in those standards?

The second one — first of all, I want to make a comment about these
toolkits. I think it’s a great idea because that’s translating rules, regs,
guidance into something that even mere mortals could use. That is really a
wonderful idea.

Now, it is great to have the Notice of Privacy Practices, which applies to
us providers, just to try to make it more user-friendly and usable. A different
perspective might be to look at it from the consumer/patient point of view and
say, Could we give them a checklist? It’s almost you tell us how to tell
things, but what about a checklist for what to look for?

That particularly applies to the business associates, because you know many
people trust their providers, but there are other places as we’ve talked about
where the data goes, and then the whole mosaic things. I don’t know that
consumers know about the potential of mosaic. It is opportunity, but what is
its risk? Are there ways that — what I had in mind was a checklist of what
to look out for, what to ask, and what to look for in either the privacy notice
or the NPP. That could set us up for the expectation of what the standard
practice should be for many BAs, business associates, in handling your
information, identifiable or nearly identifiable, thinking of the mosaic. So
two questions.

MS. CATON-PETERS: First, to the consumer checklist idea, I think that’s a
wonderful way to capture the consumer viewpoint. I would absolutely be happy to
carry that information forward. I don’t know, Rachel, if you have any thoughts.

MS. SEEGER: I do want to add that one of our most popular videos is on
understanding the Notice of Privacy Practices. It’s just about a minute in
length. It’s my favorite of the 10 that we’ve done, very understandable.

We also developed, it’s not a checklist but it is a fact sheet, again on
understanding the HIPAA notice. It’s available in eight different languages on
our Website. We would love to do more to push this information out to
stakeholders, so they know it exists. We can look at working with our partners
at ONC on pushing that information out further.

MS. CATON-PETERS: And to the data segmentation, the granularity — this
is not my project, so I am not deeply informed — I understand it to be a
very basic level. The depth of granularity is not there.

MS. MURPHY: I do know the answer, only because I got an update on it
yesterday. It is at the document level, so it’s taking the whole CCDA and
segmenting that. It is not segmenting out meds or problems. It’s taking the
whole thing as a package. So the whole thing either goes or doesn’t go.

DR. TANG: Okay. So it doesn’t go, for example, to mental health or
pregnancy-related things?

MS. MURPHY: You would determine where it doesn’t go, but it either all goes
or nothing goes, is what I guess I am saying.

DR. SUAREZ: If I can jump in, I am actually a member of the HL7 work group
that developed that standard.

DR. GREEN: We’re so incestuous.

(Laughter)

MS. CATON-PETERS(?): I know, all of these guys show up everywhere.

DR. SUAREZ: It’s a risk to say that, actually.

(Laughter)

So, yes, the data segmentation is based actually on the CCDA. It builds on
top of the consolidated clinical document architecture structure. There are
three levels actually of segmentation: document level, segment or section
level, and then data element level. Right now the level at which it is being
done or is being promoted is at the document level, as you point out.

It interfaces several things. It uses codes for confidentiality developed
actually by HL7, a standard set of confidentiality codes, a standard set of
sensitivity codes, and it allows the users of this technology to determine
segmentation by various factors, including the purpose of the segmentation and
the recipient or the intended restricted recipient of the segmented data.

So it does allow to tailor, at the document level at least at this point,
the ability to say I am going to disclose or not disclose this document to
this, for this purpose.

MS. MURPHY: It doesn’t predetermine when it does or doesn’t go is what
Walter said. That’s part of the standard.

DR. TANG: When you send a CCD document, you can declare its set of
attributes. Then somehow the systems are supposed to act on that. That’s the
other side, though, I guess.

DR. SUAREZ: Not only the entity that controls the segmentation but the
restrictions on the document are carried as tags, so the recipient of the data
that is supposed to have segmentation has the tags that have been imposed in
the restriction, so they can, by policy, agree on if I send the segmented data
with tags, you as a recipient will agree to abide those tags as well. So there
is that.

DR. TANG: Since we did have a letter on this, it might be worth our getting
a more detailed update on this and then see how —

DR. GREEN: I think that’s a key point, exactly right.

Before we go to Sally, I want to give Linda Kloss an opportunity to see if
her hand is up about anything. Linda, are you still there?

MS. KLOSS: I am, and thank you for inviting me to ask a question. My
questions really were about the data segmentation, and they have been answered
well. I agree with Leslie that we should discuss that further in the
subcommittee this afternoon. Thank you.

DR. GREEN: Great. Sally.

MS. MILAM: Not surprisingly, my question is also about segmentation, and I
was also thinking about the letter that we wrote a couple of years ago talking
about different areas of specially protected information.

A lot of those protections come from state law. For example, you may have a
state law that requires mental health information be kept confidential.

I am wondering if these standards provide us with a crosswalk for figuring
out what that means. So if the standards speak to making a document or making
information confidential at the document level, how do you interpret that with
state law? If you have someone at present on admission has 20 diagnoses and
mental health is number 18, they are there for a heart attack, if it’s at the
document level, is that confidential mental health information because they
have a mental health diagnosis or is it not?

That is one of the challenges we’re running into, and I am wondering if the
standards go that far or if there was discussion around the interpretation of
the underlying legal requirements to the translation of doing it at the
document level.

DR. GREEN: Alix?

MS. GOSS: I want to hear the answer to that because my question builds on
that one, because it is exactly what we are dealing with in Pennsylvania and
the dynamics of also how this data segmentation, and not only within a CCDA,
happens, but how does it translate to the BPPC standard in IHE for expressing
the patient consent level?

I won’t go any more techie on you, because I am not a techie. But you’ve got
to think about it not only from the providers generating the document
perspective but then also the patient preferences that come into play and the
intersection with the complexities of state law and federal law and especially
around at least the super three.

DR. SUAREZ: All right. Lots of questions. I think it is fair to say that it
would be helpful to discuss this in more details, because there are a lot of
elements that interplay here, including qualification and code standards that
are used and having to define in the standard realm.

It is an interesting world when you have the standard development
organizations working on defining the actual standards to categorize and
classify data based on sensitivity, so sensitivity codes, and they are already
defined. There is a national standard — international, by the way, HL7,
and there’s an international standard for classifying confidentiality. We just
don’t know about it. I actually have a presentation if you want to do it now.
But it is an important topic that we all need to be aware of, that this is
already in place, this is already available.

I think the standard is there to start to be tested and piloted and used
more in the real world. There have been tests, of course, through the projects
done by S&I framework which would be also helpful to hear about, I think,
so that we understand.

To answer specifically your question, Sallie, the standard for the
organization that uses the standard to set the policies based on the internal
organizational policies, as well, of course, as the external laws and privacy
policies they have to comply with. So if the external policy is that you must
restrict the data based on this, mental health, then the standard allows you to
tag the database on that policy. If one of the diagnoses is that, and that
triggers the entire document to be tagged as segmented or segmentable because
of the policy, then you are able to do it.

Again, it is tailored to allow the organizations to bring together the
external laws and regulations, the internal privacy policies that they have,
and put it in place into an electronic system that allows for tagging and
segmenting.

Now, that is how it is supposed to do. How much it is successfully about to
do it or how complicated it is and how important it is for EHR systems to be
able to have that capability, those are the things that I think the work that
is going to be done now with the standard being approved are going to take us.

At this point the standard, as has been mentioned, HL7 has approved it and
it is an international standard. Of course, it has a U.S.-realm sort of
framework because it’s where we started, but other countries are actually
interested in this and are very, very much following what is going to happen
with it, with the expansion of the application of the standard into the real
world, into the HL world.

MS. MILAM: I think it is going to be very important from a lot of different
perspectives to figure out how that works, because these laws were written 30,
40 years ago for a paper-based world, so we could end up with a large amount of
data getting tagged as mental health when it may not — some would argue it
should not be. So I think there needs to be some thinking around what is tagged
as sensitive and what is not, because many times when it’s tagged for
sensitive, it is aggregated at a very high level or sometimes totally
suppressed.

DR. SUAREZ: Very quickly, when we talked before, this is not just law. This
also goes into the patient expressing a preference for sensitivity of data.
What is sensitive to you is not to me, or vice versa, as a consumer, as a
patient, and regardless of the laws that allow me or not to declare and to
expect that certainly there will be sensitivity.

DR. GREEN: This is obviously an uninteresting conversion. I am kidding.
Let’s tag this for Debbie Jackson.

We are going to be back here. We are compelled to take a break here, and
before we go, I just want to thank you four women for just amazing
presentations that were obviously slightly provocative. We appreciate what you
just did for us very, very much.

We will do our best to — we will make our initial effort to reconvene
at 10 minutes after 11. I’ll huddle with Justine and we’ll figure out how to
manage ourselves until lunch.

(Brief recess)

DR. GREEN: For those of you on the phone, there is going to be a brief set
of slides used here to introduce our next topic, which were just created, so
apologies for their not being —

MS. KLOSS: We are seeing them. Thank you.

DR. GREEN: Okay, good.

Agenda Item: Letter from Working Group on Data Access
and Use

DR. GREEN: We going to our 10:45 item. Actually, we are doing better than we
usually do with the agenda at this point in time, if anyone is concerned about
that. What we will do is proceed apace with sending up this letter from the
Working on Data Access and Use. I think we will be able to initiate the
standards update before we break for lunch, at least initiate it, but we may
not be able to complete it, and we will come back to it after lunch if we need
to.

Justine Carr.

DR. CARR: Thank you very much.

What I am going to do right now is just briefly touch on what is the charge
of the work group, who is on the work group, what have we been doing for these
last 18 months, and how we came to the letter today. So I just want to tee that
up.

I think in the interest of time, basically — and we’ve talked about
this multiple times — the work group is charged with advising and
assisting HHS on recommendations to promote and expand access to and innovative
uses and applications of HHS data to improve health and health care,
specifically looking at the HHS portfolio, traditional and new information
dissemination technologies, the needs of data and information by major
participants in the health system.

The work group will monitor and identify issues and opportunity and make
recommendations to HHs on improving data access, innovative use, will also
advise HHS on promoting and facilitating communication to the public about HHS
data, et cetera.

I am going to skip the specific charge. It’s on the Website — and just
point out that the members — we have four members from the full committee,
Bruce — actually five — Leslie, Walter, Paul, and now Vickie. Then we
have wonderful representation from outside the committee with expertise in
communities. I saw Leah is here, Chris Gibbons, in development, Josh Rosenthal
and Moe, using the data well, Patrick Remington, Chris Fulcher and Bill
Davenhall, of course, on geocoding. So a very much group of innovators as well
as representatives of users of data. Lily and Susan Queen have been staff, and
Marietta has also, and Susan Kanaan has been the writer.

What you have in front of you is, I think, the best way I can put together
what we’ve been doing. I think it has been an interesting intersection of folks
that are from all different perspectives. I think part of what we’ve been doing
is sort of getting at a shared understanding and discussion and framework to
have our discussions.

As I thought about this this morning, I thought maybe representing it as
these four intersecting circles would be helpful. If you don’t have it, or for
those on the phone, on the left is data supply. Here we talked about the HHs
portfolio, in particular healthdata.gov, health indicators, health system
measurement project Jim referred to this morning. So the data supply and
actually the usability of that data.

On the opposite side is the data demand. What do people need? Who are the
users? In particular, we heard from communities at the roundtable. We’ve heard
from the members of the group, developers, we’ve heard from providers.

On the top circle I put the traditional applications. We’ve reviewed
surveillance, vital statistics, et cetera, and Bruce is a great representative
of that with his background in the department of public health.

Down at the bottom are innovative applications. I think you heard us talk
about why don’t have a “solvathon,” a “hackathon,” a
“codathon” — something to look at what are innovators doing to
help inform us. Interesting, as we looked, we found that there really aren’t
great solid examples of — we didn’t find what we were looking for to be
able to represent, but we’re still looking.

I think that we’ve been bouncing around these different areas of informing
ourselves on data supply and data demand, looking at traditional data and
innovation. But at the heart of all of this is protections, standards, quality,
and actually the reliability of the information that comes out of putting this
all together.

When we sat down to try to put this together, to tell the story, we had a
long list of things. As you can see on the left, we decided on three things:
timeliness of data, granularity of data, and metadata. On the right there was a
whole host of other things, including usability, uses, protections,
stewardship, broad awareness of the data, education about the data, partnership
with large entities, learning communities, and the data itself.

I have to say that I thought — Larry teed this up that this would be
disruptive, and then Jim talked about all that’s going on at ASPE. ASPE is
trying to get more granular data, trying to get more timely data. We are all
saying the same thing, and we are grappling with it, the tension on the
protections, and then Walter has continued to bring forward the importance of
standards and what does it mean to the reliability and the quality of the
information. So I put this in just now. Adaptivity is what Larry is asking us
to do.

I think the work of today is to show you the letter draft that we have. I
will put a few caveats in there, that it’s a work in progress. Ideas are
developing on each call. We don’t always have the same people on each call. But
we’re trying to build on the themes that have come out of our discussions.

I should point out that the work group has not held a hearing where there
was a formal question asked and a formal group of folks presenting. We have,
however, heard from representatives of HHS. We had the Optum lab folks speak to
us, Dwayne Spradlin from Health Data Consortium.

As I mentioned, the membership of this group represents richness and
diversity. So our learnings come from our discussions informed by some of the
outside presentations. That’s a little bit different, and I would have to say a
lot of learning is even happening over the course of these calls that we’ve
had.

What you will see today, what you have in front of you, is the letter that
talks about these three topics and tries to give an example. It has
observations. Here is what we are seeing. Here is what we think would be
helpful on each of these areas.

The challenge that we had moving many things to the right-hand column,
stewardship being one of them — obviously, it is important to talk about
the protection whenever we talk about this data because, as Jim and others
pointed out, it is just inherent that the more you have, the more the risk.

However, trying to append one more paragraph onto a letter does not do
justice to stewardship. Leslie and Linda have done a tremendous amount of work,
and we heard about that today, so that is work forthcoming.

In terms of usability, we began to do a deep dive on that, but the
population group is also going to talk about that. So we are trying to get that
space in between where things that perhaps were incorporated really into
everything we heard today, but we are just putting it to paper to say here are
three important things.

With that, let me ask if there are any questions.

DR. FRANCIS: Could I just point out that in the draft of the letter that was
circulated to the Executive Committee in an outline form and that was sent
around on Friday for the phone call on Tuesday that I was not able to be on,
there was a section on some of the specific stewardship questions that these
raised. It wasn’t fleshed out because there had not been time to work back and
forth with Lily on it. But this is a quite different concept than the one that
really had four aspects of it.

I just want people to be aware of that. This is the first I have actually
seen a draft where stewardship is now under “other.”

DR. CARR: Okay. As a former chair of this committee and obsessively focused
on following process, I am here to say that this followed none of the processes
that I had as chair.

(Laughter)

Luckily, I am not the chair.

But those processes are important to make sure that this group speaks with
one voice. As I have many times said, everybody, everybody on the full
committee has got to understand what this is saying, and we have to have one
voice, or at least a majority voice on what we’re going to say. So this has
been totally asynchronous. I likened it for the work group to the Patriots
coming back at 26 to nothing and winning.

To do that, we had weekly calls, and it was very fast turnaround, and it
broke all the rules in terms of the previous draft. So I am not here to
advocate for that. I think we are going to have some further discussions about
the challenges that are presented by that work group meeting after this meeting
closes.

So you are exactly right. We are looking at something for the first time.

DR. FRANCIS: Right, and I wasn’t really intending to make just a process
point. This is a major conceptual change in the structure of the letter that I
think requires some serious discussion.

DR. CARR: That is precisely what we are here to do today. And actually,
Leslie, I took — it was your guidance that said you can’t just have a
paragraph on this, but I took the language that you had given me.

I have no pride of ownership here. I am here about furthering the agenda of
the National Committee with insight from the work group. So this letter could
be completely different at the end of this hour or at the end of tomorrow.
There is no rush to get it out until we have it in proper NCVHS form.

But as I said, the timing — there are a lot of things that contribute
to the asynchrony that we are going to fix. But today’s work is to leverage the
expertise around the table looking at what we have so far.

DR. GREEN: Let’s get to the letter. Here is what I would suggest for use as
a guidepost. Remember what has happened so far this morning. Think about
continuing to discuss these three particular areas that the work group is
calling out now as being ready to say something about. And think about when
this information is useful, and do we want to wait until June or July to do
this? I would ask all of you to see if we can just determine if there is
something important to communicate to the Secretary around these three areas
that we’ve now got our arms around and can be said.

Also, is there something else we’ve got our arms around that ought to be
added to it? Or is there something we need to tee up for further work? Last
guidepost: This does not have to be the last letter from the working group.
There can be another one, there can be more.

I lied, not the last thing. The very last thing is we are not here to
produce an inadequate or inferior product. However, who knows how good a
product we might have by noon tomorrow?

Yes, Sallie.

MS. MILAM: What would help me think about this, since this letter is new to
me, is if someone could point me to the sentence in the letter that sets forth
what the letter wants to achieve. It would help me understand in my thought
process whether or not the letter could go forward without stewardship.

DR. GREEN: Justine, if you are agreeable, I am just going to ask you to now
go through the letter and manage the discussions and start with Sallie.

DR. CARR: I think the starting point is we’ve liberated lots and lots of
data, 998 data sets. Are we getting the bang for the buck? And if not, why not?
I think that’s pretty much what we’re trying to say.

While, as you saw on the list of potential things we could talk about,
Patrick Remington gave us very good advice. He said pick three things and tell
that story, and then in the next letter, whatever the next letters are. We have
ideas of what we would like to talk about, but we realize we also need to
synchronize, if Populations is moving forward — Bill is working on some
stuff, you’re working on some stuff, Leslie is working on stuff.

MS. MILAM: So it is more about the value of the data that we’re focusing on
in this letter?

DR. COHEN: Sallie, actually that is kind of addressed on page 5 in the
closing comment that talks about the importance of stewardship. I have been on
several of the calls, and I was having a crisis of faith because the more we
tried to chop, the more we ended up expanding because things weren’t covered
adequately.

I think Larry framed it really well. We saw this as an ability to address
several issues and tee up additional work that we would be doing and letters
that we would be writing around stewardship, around data usability, around the
frameworks that we will be discussing later.

I readily admit that we put this letter together pretty quickly. If, among
the three themes that we chose to start with, there are issues around
stewardship that need to be integrated, that would be helpful. At the same
time, I think we just tried to bite off more than we could chew when we
originally framed the letter. It was, what, nine pages long to start with?

DR. CARR: We had a call and we had lots of ideas, so I thought let’s start
with everything we heard and cut back.

DR. COHEN: Yes. I think that it was ultimately the decision, and we selected
these three to start with, probably because we knew there would be a lot more
work around stewardship issues, there would be a lot more work around data
usability, around community readiness. These are three of the areas that got
discussed a lot in the Data Work Group and observations that emerged from the
first 6 or 8 months of our activity.

MS. MILAM: I guess it would help me then, since this is new to me, in
understanding whether I would have a concern or not, would be to narrowly
define the scope. What are we trying to achieve, recognizing that there are
lots of other things that could or should be done? But if we define the scope,
and the scope doesn’t necessarily have to include stewardship or it’s for down
the road, that’s a different question.

MR. SCANLON: Could I help with the framing as well? What we are looking for
here, at least the Department, is we formed this work group to give us the best
advice from the external community, including members and the folks who
actually have to make use of the data. Again, it was not to reinvent the world.
It was to look at what we’ve done, what we’re planning to do, particularly in
the context of healthdata.gov, and there are discussions in the work group,
very helpful suggestions that, if HHS did them, some of them were quite simple
in terms of metadata and tagging and other things. Again, these are the folks
who take the data. This is not HHS folks. These are the folks who use it in the
external community.

We are just looking — I would almost view this as the first bite in
terms of very practical applications of how we would take this to
healthdata.gov and other data sets, dissemination mechanisms like that, in
terms of making it more useful.

You could cast the letter in terms of saying this is the first — this
is not the overall framework. These are very practical recommendations which
HHS has asked, and I think that is sort of what we’re looking for here. You
could certainly say that you will have other recommendations and there are a
number of other issues, but you wanted to get, after 18 months of deliberation,
we wanted to get the best thinking from this technology and data community. And
then leave it open to say we plan to have others.

DR. CARR: The initial framing was let’s talk about the utility of the data
and the usability of the data. Perhaps we should put that back in. We ended up
more getting into the utility of it. We took out part of that usability. So
it’s simply here is data; is it usable? The answer is — I was looking
today, Jim, on the measurement data. I will share this because I think it makes
the point brilliantly.

On the ASPE Website there is information about young adults with insurance
coverage between 2000 and 2004. There is information about office-based
physicians with an EHR between 2007 and 2012. I think that illustrates
perfectly what the issue is. 2000 to 2004 was a decade ago. That’s not helpful.
That’s what we’re trying to say in terms of timeliness. We have some
recommendations of how people can do it more timely, like getting Web entry
— exactly the things you were talking about today.

The next issue is granularity. We talked about San Bernardino has 500 ZIP
codes. It’s a county in California. County-level data is not going to be
helpful there to try to get at the local level.

DR. FRANCIS: Could I just say that I think that the three categories raise
seriously different issues, because questions about the timeliness of the data,
figuring out how to do it more quickly, are about usability. Questions about
whether you have a nice glossary, which is some of what’s involved in the
metadata discussion — there’s some more there — that’s also about
usability.

Questions about granularity are, unless I am wrong on this, they raise the
kinds of issues that Jim was talking about, about re-identification risks. It
was that section that really led me to want to say we needed to think a lot
more about bringing stewardship in in a different kind of way.

If we went one by one on those, I think if the scope is usability in the
sense of having the kind of data that are already being released be done so in
a way that people can have them in a user-friendly way, that’s very different
from changing the sorts of release that go on.

DR. CARR: So this is where, and I know we had discussions early on about the
role of this work group is to be disruptive, and anybody who has sat in on this
meeting has met some disruptive personalities that think differently, think
outside the box.

So it is absolutely disruptive to say we want more granular data precisely
because of the issues raised. But I think it is agnostic in a way. It’s to say
if this data is to be more useful, it has got to be more granular. It is also
true that we’ve got to figure out a safe way to do that and that we are going
to address that.

So it was not built on any — Leslie is right and I get your point. But
I want to go around the room and hear what folks say. But I think we are going
to have to decide, can this committee be comfortable with reporting out what
was said by the work group? So I will go around the room.

Paul.

DR. TANG: As Justine’s designated lumper, let me try to step back a little
bit.

If I were to hear Jim’s charge, one way to view it is to make data useful to
improve the health of the nation, access through communities of people. Those
words really describe something that NCVHS has more recently tackled.

To do that, we find that we have to be pertinent, usable, and timely, and
that’s why we focused on these themes. Pertinence we found is measured in
sub-county levels because it has to do with communities, and they normally live
in sub-counties.

It has to be usable, and that’s what we address. We use metadata as one of
the key factors, but how do you make data usable by others to derive
information?

Then timely has to do with, and how are you going to make some action out of
it? If it’s too late, there’s no if/then, there is no cause/effect. People
don’t engage.

So we found these three things to be absolutely essential to make these data
useful to improve the health of the nation’s access to communities of people.

DR. CARR: Thank you. Let’s go to Bill.

DR. STEAD: I am trying to come up to speed. It seems to me that we almost
need to come up one level and say for each type of data, or for each signal,
whatever we’re thinking of it as, there is a time frame for which that signal
has meaning.

In a claims world, if we try to get what our reimbursement is the day we’ve
submitted the claim, we will not get a very reliable signal. How reliable is it
at 30 days? How reliable is it at 45? How reliable is it at 90? Just to take a
simple non-medical example.

So I think the first recommendation almost needs to be that that quality of
the data, or that characteristic of the data — this is one of things I am
trying to get us to think about in the message — that characteristic needs
to be clear and it needs to be accessible. That is a methodological issue. If
we have that, then the metadata can then let you know how that characteristic
is being represented in the data set, so you will know, is it submit time, is
it pay time, is it whatever? You will be able to interpret it within the frame
of the purpose.

Then the timeliness of the release could become instantaneous because the
clear method of how the data either increases — the signal either
increases with time for a while or decays with time — is clear in the
first part. I don’t know if I am making any sense. And then the metadata lets
you know how to apply the numbers, and then actually your tools could give you
an intelligent view.

Now, that would be a long time from now. To have those three things together
will take us some time, I believe.

So I think where we’ve got to be a little careful is how can we frame a call
for metadata and for timeliness that isn’t somehow wrapped in that initial
framing of increased value/decreased value in a way that somehow we could do
soon, not 30 years from now? I don’t know the answer to that.

PARTICIPANT: The value is a function of it.

DR. STEAD: In both ways.

DR. CARR: I skipped Ob.

MR. SOONTHORNSIMA: Thank you. I get a sense that I think those are the right
three elements — timeliness, metadata, and granularity, because there is a
sense of urgency here in this letter.

I would almost frame it in the reverse order. First of all, when you talked
about the metadata, this is about whether this is understandable, intuitive,
whether it is intuitive. I think that’s why metadata is there, and if you look
at the recommendation, it oozes — look, is this understandable? Is
something that intuitive?

That would go to the next point about granularity. When you look at
granularity, we are really talking about usability. I think somebody said it
earlier.

And the last point is timeliness. I would even look at the recommendations
— and these are good recommendations, but I would frame it up in your
timeliness. I didn’t have time to read the rest. In your timeliness there are
almost like two points there that talk about how can we improve existing
capabilities already in HHS. Apparently there seem to be two new capabilities
that we’re trying to frame up.

For example, the last recommendation around provide guidance on how user
— it is almost like that guidance is not there already or at least visibly
there. The second one that is a new capability is, it seems like the
collaboration with key stakeholders. Again, I am not sure these are accessing
practices or capabilities.

So I would reverse the order of those recommendations and make it really
intuitive for readers. And it is actionable.

DR. CARR: Yes, that is great. But I like how Bill has that decay value,
increasing value —

DR. STEAD: Increases or decreases.

DR. CARR: — or decreasing value, because I think you are capturing what
we were trying to say, because not every data set needs to be as timely. So
that is extremely useful.

Let’s see, who else do we have here? Lynn.

DR. BLEWETT: Thank you. I will give a lot of credit to the subgroup. I think
the issues that this committee deals with are so huge and so complex, and to
get something on paper I think is a great accomplishment.

Just from an overview of what I’ve been able to get through, the metadata
recommendations are really spot-on and I think should be uncontroversial. They
are very important that we make the next iteration of improvements to data.gov,
and those seem to be good.

Timeliness of data I think is also very critical and to me not
controversial.

I think the granularity of the data probably could have a little more
discussion, and I think the recommendation to develop toolkits for communities
to do small-area estimates might be a little bit too optimistic in the ability
of communities, having done some small-area estimates and knowing the level of
methods required to do them well, that that might not be a good use of
community resources.

So to the granularity issue, I think the recommendation that we should think
more, and in the context of what Jim said that ASPE is already doing with
Hawaiian and Pacific Asians, it is kind of supporting that work to look at
subpopulations that are vulnerable and of interest and then doing the best
method.

I feel like the federal government has the statisticians and the people to
do that. I just don’t think communities — so, in general, I support those
other two.

DR. CARR: I think that is great. Listening to Jim, I was taking notes, we
need to update this, and in here we thought we would be disruptive. We are
already behind you at HHS.

So we need to synchronize, because I think we can pull from that the things
that you’ve pointed to today as examples. I think we struggled with trying to
get the exact examples, because it was more calling upon this and that.

I think, also, back to thing of the timeliness, we talked about what CMS has
done with the data for the ACOs. Again, I am coming — I am not a member of
the committee now on this work group, I am an ACO representative — and it
has been transforming to be able to suddenly look at your population, and
that’s a community, and there are lots of ZIP codes. But getting incomplete
data, 80 percent, is directionally okay. I think these are some of the
learnings that we’ve had.

James.

DR. WALKER: Thank you, Justine.

Two comments. One, I think we don’t distinguish usability and usefulness
clearly and unambiguously in the letter. As a communication reality, I think
that is important to do. I think it would be possible also to split the letter
on that divide and have two much more powerful and actionable messages.

I just reinforce the comments about granularity. It seems to me that whereas
saying, look, we’re releasing information and there’s a bunch of things you
think could be done to make more usable, that is pretty straightforward. It’s a
matter of use of Synergen Engineering and all, but it’s a fairly
straightforward proposition.

Granularity I think has much more depth in it. For one thing, there is no
evaluative framework. Do we recommend that somebody measures benefit and cost
as we work on granularity? I think there is just a lot more in granularity. If
we split it and said we are going to try to make this information more useful
by making it more granular, that would be a separate discussion and we could
get part of this out the door now and say the other part is coming as soon as
we get our heads around it.

DR. CARR: Maybe I am going to write it down and repeat it back. What you’re
saying — so really a key point for us to get clarified here in our
remaining time is what to do about granularity. I guess, clearly, there is no
dispute about the fact that once you get more granular, you have risk.

So question number one is do you mention it at all or not? I am hearing
around the room that folks think it is important to mention.

I am not sure I understand how you’re separating that out again. Would you
repeat that? So if we include granularity, what should be in and what should
not?

DR. WALKER: If we focus on usability and say, look, these 998 are out there,
the question is, have we done everything we can do to make them usable for
people, there is very little downside to that. They are already out there.

When we say we want to release more granular information, then there are all
kinds of downsides and stewardship questions and a whole bunch of — it’s
much more complex. And if we just said that’s a separate issue — it’s
really about usefulness, not usability. I mean you can define anything the way
you want to, but I think, generally speaking, that would be usefulness, which
is just a conceptual way — we don’t have to use language particularly.

But the one is these are out there, let’s make them usable. This other is we
think if we release this information in different forms, it could be usable.
But in terms of communication, that’s a separate message. Both letters could be
shorter and also give the committee time to address what I get from around the
table are serious issues about how would we make sure we — if we spend a
lot of money and make it more granular, how are we going to know, do the people
that we think will want to use the more granular information, will they be able
to use it? Will it actually have an effect?

I think an evaluative framework, being careful about stewardship, being
careful about trying to project adverse risks and do what we can to
pre-mitigate are all things that are relevant to granularity but don’t have any
relevance at all to the usability question.

DR. CARR: I am wondering if a way to bridge that would be to say that the
cut of the data takes us to a certain point, but it can’t answer everything. An
observation is the pilot that is being done on the Pacific Hawaiian groups is a
great example of learning both things. One is how do you do it and how much
value does it bring, because I think you are right, this is a theme. We are
saying that having more granular data adds value, and we heard from communities
certainly, that they want information at the level of their community.

So there is a perception and a sense of that. But what you are saying is
because the stakes are so high, we had better have a commitment to do it
because the value is equally high.

DR. WALKER: And I think because the potential risks are higher, then the bar
we have to jump over is higher and the potential value would need to be higher.

DR. CARR: Yes. So we could soften, we have heard that communities are unable
to use the data because they can’t cull out their community, and with that, we
observe that HHS is beginning to look at this, and a key question is what is
the value. So before we go there, understand the value and, of course, all of
the attention about protections.

What we do is we go by who went up next. So it will be Bruce and Bill, Lynn,
and Sallie. So, Bruce.

DR. COHEN: This is really a sweet spot, I think, for us, thinking about
granularity of data. I am going to talk about it when I report on the
conversations with the Data Council. Clearly, all federal agencies are
concerned about granularity of their data.

Jim brought up a great point: What is the federal responsibility and
commitment to providing data, or is it the states’ responsibility at some
level? Plus the stewardship issue. A lot of the Population Subcommittee work
we’re doing and the community as a learning system has been focused on this.

I think it might make sense for us to integrate into our work plan as a
committee holding a workshop and/or hearings exploring the specific issues
related to small-area data, granularity of data, and generating data for
subpopulations.

If I were going to suggest one actionable movement for us, it would be to
focus on this issue and bring together an enormous number of players.

DR. CARR: Great. Bill.

DR. STEAD: Let me sort of try to hook these two sets of comments together
around the granularity question, because the granularity you need depends on
how you want to use the data, and it depends on population size. So trying to
get a very fine-grained view of ethnicity, country of origin, and other kinds
of things so that I can identify a population of critical mass across a very
large community when it’s a small population, then in that case I really need
granular data, but I am going to aggregate it on such a large scale, I do not
in fact increase risk if I use the correct techniques.

The value comes in being able to pick these granules out of a very large
population and then create another population that is still sufficiently large
that it is significant, and yet I am not introducing individual risk for being
a member of that population.

So you’ve actually got to put together that population size with the
granularity. That is another slant on value, and it really comes back at how we
are going to use it. So just to add that dimension.

DR. CARR: Lynn and Sallie and Ob and Walter and then back to the chair.

DR. BLEWETT: In terms of granularity, I spent, along with Lee, some time on
the Scientific Advisory Board at the National Center for Health Statistics. One
of the things that I was kind of a broken record on was we should have
state-level data for the NHIS, which we don’t. We have, I think, 32, unless

MR. SCANLON: Yes, over 30 states.

DR. BLEWETT: Yes, over 30 states that they do NHIS on, which if we funded,
if we decided to fund that, we could get 50 state estimates on health insurance
coverage, behavior and risk, and it’s the largest and most important health
survey that the federal government does. We don’t have state information.

So to talk about granularity, we should maybe start a little bit higher.

(Laughter)

Which is recommending we have state data from the National Health Interview
Survey. There are a lot of reasons why, but one of them is it’s not fully
funded and making tough choices, but to talk about communities when we don’t
have states, I think I would want to make that point. I will be a broken record
here, too.

MR. SCANLON: Just a friendly comment here. I think maybe the observation
here is — because granularity in communities can be any group you want. It
could be geographic. It could be a subpopulation. It can be common interest.
There are a lot of things that define a community or a group that you might be
interested in.

But I think the first step here is to observe, describe, when you look at
healthdata.gov, what are you seeing? You are basically seeing national data
— if it’s survey or research, it is national data probably, maybe
regional. If it’s administrative data, it can be more localized. But I think if
the first step were simply to say granularity encompasses all these dimensions
— it is geographic detail, it is population detail, it is
community-of-interest detail, and so on, much as folks have said, and currently
among the 900 or so, I think you could almost characterize that as, if it’s
statistical survey data, it’s probably national. So you are just going to
describe the variations in the granularities you see now.

Then you might want to say you want to look at this more systematically,
that in general there’s a desire for state-level and sub-state-level data,
there is clearly a desire for subpopulation data in terms of population groups,
and that HHS should continue — because what you have on healthdata.gov is
what we have and what we had. So basically making that more useful is the first
step, and characterizing it in terms of its pluses and minuses, the first step,
and then going forward, maybe a more systematic study.

But again, the way this works is not that you ask the users and then you do
a survey. You develop a robust survey where you’re using administrative data
that was meant for claims or other purposes, and now you’re trying to make it
available because it’s a good idea for other uses and analysis as well.

So you are always going to have the sort of design it the best way, do a
fair amount of consultation in terms of the needs and uses, and get it out. You
will never satisfy — this is really, you’re never there in the sense of
their insatiable demands. People want things that it’s impossible to get.

But I think if you characterize — the granularity discussion I think is
a good one because there is not one idea of it, and probably the federal
government will never be able to provide, unless resources come from somewhere,
almost no survey or research program could ever get too much of the sub-state
data.

We are sort of raising these issues that these are the various concepts and
desires that folks have and what’s on there now, and then maybe a
recommendation about the future, that HHS should, where possible, develop
sub-state data.

DR. CARR: One of the framing things was we said the communities want this
and that. But as you say, it is insatiable. So if you look at the ASPE thing,
there are answers to questions that everybody would really like to know, but
it’s not what the communities want. So we may want to rethink, do we want to
take it out of what do communities want? Maybe, maybe not.

We are not going to get this letter done today or tomorrow.

MR. SCANLON: I think these are useful discussion points.

DR. CARR: These are great points.

The second thing is I learned a lot this morning. The Census Bureau helped
you figure out the 4,000. ONC took CMS’s attestation data and has these heat
maps. So there is a great story of we have it but we should be focusing on who
has what and how we put it together.

All right, on to Sallie.

MS. MILAM: Looking at the letter and the charge of the work group of
promoting and extending access to HHS data, I am wondering, are we talking
about data only being made available on its Website or through custom research
data disclosure requests? Access to all data — so if it’s all data, when
you think about it, you need to think about the recipient and the mode in which
data is shared.

For example, if you think about — whenever you have a data set, you
look at it from at least two different perspectives to understand how you’re
going to release that data. You look at it from a technical standpoint, the
data itself. How can you technically de-identify it? How can you apply the
appropriate statistical disclosure limitation techniques to it to get it to the
appropriate level of de identification for the recipient to meet the needs of
the data request, for the environment.

Then you also look at governance. Based on the person wanting the data, what
is available to you? What does your organization have? What does your law
require? What is effective in this situation?

So you look at it. If it’s an organization, do they have training? Do you
make them sign a data use agreement? Do you require a certificate of
destruction at the end of it? So you can have in place a lot of different
controls from a governance perspective that would allow you to release much
more granular data because you’re relying on the governance controls to
mitigate the increased specificity within the data set.

When you release data on the Internet, you have none of the governance
controls available to you. You have to assume high risk. You have to assume
that everybody will access the data and use it for whatever purposes they deem
appropriate. You can define appropriate uses of data in your data use
agreement. You cannot on the Internet. So you have to rely completely on
technical de-identification. No governance is available to you.

When we talk about granularity, we need to be thinking about the modes of
delivery and how we need to approach risk differently based on the recipient of
the data. So I am thinking that can help define, when we’re talking about
— if we’re only talking about data delivery over the Web or custom
research requests — who wants what data, because it’s part of your
process. If it’s a custom request, you can analyze the request. You can look at
it and do a minimum necessary evaluation and say, is this data really necessary
to achieve their purpose? You give them the level of data that meets their need
if it’s appropriate from a policy and legal standpoint.

So even if communities may not need the data but others do, should it be
available at that granular level? Maybe, and have staff analyze whether the
communities can really use it. If the community is partnering with a researcher
and that researcher has the capacity and the need and can show that the project
needs it, there may be a reason to disclose that level of data. But you also
want to have appropriate governance to support that disclosure.

DR. CARR: I think it strongly underscores the fact that we need to take it
up to a higher altitude, and if and when the committee is ready to address
granularity, there is that whole other piece that has to go with it. So thank
you.

MR. SCANLON: I think the impetus for this, again, in terms of what I think
the Department asked, was — Sallie is right. I would almost argue that
healthdata.gov is the tip of the iceberg in terms of data available. But I
think that is what we are being pressured to do, to send everything — not
everything but to make maximum use. That’s what all the open data and health
data concepts are.

So if you had to focus on one, I would focus on the Web access. You can
mention that HHS also has a variety of other restricted access that are the
subject of a later letter, and as Sallie said, it is more customized, you have
data use agreements, and it is one to one basically. This is one to many.

So here, these are the things that are sort of at that first bite. I think
that is what the Department is looking for. What would we do differently on
healthdata.gov, for example, to make it better in the next iteration or make it
more helpful?

So if you had to focus on one, I would acknowledge the whole world of
restricted data access and data use agreements, but that this focus, as an
initial step, is on healthdata.gov and similar — so it does tend to, it
sort of removes some of those other risks in the tailored ways we have.

DR. CARR: Thanks, Jim. This is hugely helpful. I need a time check from
Larry.

DR. GREEN: Keep going.

DR. CARR: I want to keep going. I think what I foresee is just taking this
back. As I said, the work group will begin when this group adjourns. So we’ll
take it back and welcome participation by any and all and we will continue to
develop this and, depending on where we are, we’ll see what happens next.

MS. MILAM: Just a quick, quick follow-up. I think that workshop that HHS is
going to be holding in April and May on big data will really inform delivery of
this data on the Website and will probably help to answer some of these
questions, especially since you’re looking at a risk-based approach.

MR. SCANLON: Yes, whatever big data, whatever it is. I think we’ve been
doing big data for a long time. Again, I think we do need a first installment
of what we’ve done already on healthdata.gov, even it’s improving the
usability. Even metadata. The group had a lot of very practical suggestions
about metadata, so that the folks that are coming in and who often use this
data, they don’t look at it the way researchers and epidemiologists and health
services researchers look at it, and you’re sort of missing that whole crew if
you don’t meet them halfway. We are very practical in that way.

MR. SOONTHORNSIMA: I would go back to the focus of the letter, which I still
believe is really to instill a sense of urgency with some actionable
recommendations. That is why I want to stick to those three items without
getting too much in the weeds, especially after we’ve spent so much time
already, the work group. I think there is really good, good information, good
actionable recommendations here.

But to Bill’s point earlier, actually Jim’s point earlier, that this thing
is going to get into more, and I think the recommendation needs to acknowledge
that in order to get to all these solutions, we cannot solve all the problems,
and that there are effective ways for us to measure or provide some indicators
that these recommendations are actionable and that they can be followed, and we
can expect course correction along the way, considering the vast amount of data
and data that has yet to come together across the Department, for example.

I think that sort of guidance around some sort of indicators, that saying
that we are on the right track, and if not we have to course-correct, if that
makes sense, that should be perhaps an element in the letter that suggests this
thing is continuously moving.

DR. CARR: Yes. I should have brought the original letter.

MR. SOONTHORNSIMA: But you don’t want to make it too —

DR. CARR: We covered that and then we cut it.

MR. SOONTHORNSIMA: Yes, we were instructed to shorten it.

DR. CARR: But I saved it. But, yes, I agree with that.

So what I am hearing is that we’ve got this data out. We’ve got some very
concrete things that could be done today before you get to what else should we
do. With what we have today, what can we do to make it better? So let me hear
it.

DR. SUAREZ: I think my comments are really more about the other — a lot
has been said about granularity, and I think that is where a lot of the bigger
issues, perhaps, and concerns exist around framing recommendations without
perhaps having a good sense of stewardship and the implications of,
quote/unquote, opening the floodgate for the disclosure or the release of
granular data that doesn’t have a good framework.

DR. CARR: I think we all agree on that.

DR. SUAREZ: So I want to focus on the other two elements and maybe another
one that I did not see specifically addressed in the letter.

The first one is the metadata. Actually, I think, wearing my standards hat,
there are actually standards about metadata for the release of information. ISO
as well as others have developed standard metadata that categorizes and defines
the specific type of information that is being called for to be included in
such metadata for releases. So it would be worth talking about or pointing to
standards that can be used rather than asking to develop some —

DR. CARR: Right. If you can get that to us, that would be helpful.

DR. SUAREZ: So that is one area.

The other one is on the timeliness. I was trying to figure out if we were
saying that — and it seems like we are saying that — there can be
more timely releases of some data, is what it seems like we are saying,
identifying high-demand, high-value data sets whose timely release is critical.

I wonder if we can provide a few examples perhaps. I know that we provide
examples of when disclosing some of the data in an accelerated way helped, but
we don’t seem to have necessarily a good couple of examples about data sets
that are high demand, high value, that are not released in a timely manner.

DR. CARR: Actually, on the ASPE Website, young adults with insurance
coverage is a decade old. Employers offering health insurance by firm size,
2005 to 2008. So those would be examples. You are right, it is hard to troll
through, and Lily did some work on going through everything that’s in there.
When you look at that whole thing — did I say that wrong?

DR. QUEEN: I think what you are referring to are reports versus the data.

MR. SCANLON: Yes, it’s not raw data. It’s like a publication.

DR. SUAREZ: Exactly.

(Simultaneous comments)

DR. CARR: I went on ASPE as you were talking, and I looked at a grant, and
it showed me 2000 to 2004. Maybe I got it wrong, but we’ll get that
information. The point being we need things to point to.

DR. SUAREZ: We need to provide a couple of examples that —

DR. CARR: Compelling examples.

DR. SUAREZ: Then the last comment is about the quality and reliability
perhaps of the data. I didn’t really see much about that particular topic in
the letter. Presumably, one expects that the 998 HHS data sets, a certain level
of quality and reliability in terms of the actual data content. But we didn’t
address that in the letter, and I wonder if it might be —

DR. CARR: I think a way we can do it, though, would be kind of putting it in
what Bill was saying, because a lot of the data is there and it is sufficient
quality for some things but not for others. Another piece is the integrity of
the data. But you’re right, we didn’t go to that. That got cut. I don’t think
you got on the call.

DR. SUAREZ: Quality, reliability, and integrity, all those are elements,
exactly.

DR. CARR: Yes. I think we can reinforce that. Thinking this morning about
the four circles and what goes in the middle, those are the fundamental things.

Really, if you look at our initial thing on stewardship, it’s not just
protection of privacy, it’s integrity of the data, et cetera.

DR. SUAREZ: As we move down into, if we go down the granularity slope,
clearly the reliability, integrity, and quality of the data begins to degrade
progressively.

DR. CARR: I think what Jim said is stick to what is on healthdata.gov, what
could be done, how should we think about it, how do we make what’s there a
little bit better.

DR. SUAREZ: Exactly.

DR. STEAD: First, I think this is awesome, so don’t misinterpret what I said
before. I actually would like us to see if we could get our heads around how to
actually get a letter out. So I wouldn’t give up on doing that.

DR. CARR: Okay.

DR. STEAD: Even by tomorrow, personally. I am still a newbie in this
operation.

DR. CARR: Good. That’s the Patriots’ way.

(Laughter)

DR. STEAD: I think simply the observation, and I think the section on
metadata issues, and I think the fact that we’ve got metadata standards issues,
and I think you can link them together and say right now, today, I believe
without any argument we could start asking people to add that metadata and make
it available. That is going to be a necessary step to be able to act on any of
the other stuff.

So I think you could actually put together a letter like that which we, I
would hope, could all buy off on. It could then, as Larry had said, tee up the
fact that we are going to need to do work on — then with that, more timely
— how you know when it can be released, what granularity, et cetera. Maybe
there is way to —

DR. CARR: I like your spirit. I believe. If you believe, I believe. Thank
you.

DR. FRANCIS: Justine, I have a title for that letter: Improving the
usability of the data on healthdata.gov.

DR. CARR: That was the original title.

DR. FRANCIS: Well, but that’s not what —

DR. CARR: But I am saying it began very expansive on utility and usability
and who are the users. But that’s okay. I mean that’s how we develop it.

Vickie.

DR. MAYS: Having grown up in Chicago with the Cubs and the White Sox, I
never give up. Never give up. We always hope.

(Laughter)

Anyway, I agree, and I am actually going to say some very similar things. I
think that what is in this letter has a timeliness in terms of being in the
midst of a discussion within HHS. So I would like to see us not necessarily
give up.

What I think we can do is shrink the scope. I agree, I think the metadata is
the most ready to go, the most acceptable. I think it is important, though, to
talk about the timeliness maybe in a different way, and that is to talk about
timeliness in terms of what the data sets are like.

For example — and I think maybe it was an email and Bruce was bringing
it up — it’s like you can have data that’s in 2009 and that’s the most
current. Again, there was one of the IOM committees that was tasked by the
White House to look at the HIV data. They went through and did a wonderful
thing in which they showed, here’s why we have difficulty sometimes tracking
our results, because we only have data from, and they would give examples of
the years. They said, we really need to accelerate. They could be specific
about what they needed to accelerate.

I think we may not be ready to do that, because that took a lot of staff
work to pull it together, but I think to start setting the case that data
releases are not always what people think they are, which is sometimes they are
2 and 3 years behind, and to begin to say that this is an important issue that
this group will take up as some of our next steps.

DR. CORNELIUS: Probably a quick item so as not to reinvent the wheel around
the discussion about reliability of data and indicators, as I recall from the
Board of Scientific Counselors, there were meetings we had with what was
called, if I recall, the Health Indicators Work Group, where basically the
charge was to look at data elements and their reliability and so on. So we
don’t need to go out to the universe. We need to do a quick check as we’re
working on this as a point of reference, so to speak.

MR. SCANLON: Just a friendly amendment. Before anything goes on
healthdata.gov, there is a process where the agency has to review the quality,
the adequacy, the confidentiality, and so on, before it is even considered.

So I don’t think you have to assume that it has never been thought about. So
what you’re thinking about, I think you just acknowledge that there is a
process for doing that. But again, once it’s there, I think the usability is a
question. There are very specific ideas about how to make it a little
friendlier and more usable.

DR. WALKER: A quick specific suggestion on the letter. We recommend HHS
should identify opportunities where release of more granular data can enhance
public law. We could recommend that HHS — or we just put it on our work
list — we could recommend that somebody identify the current state of
what’s available to states and then propose a policy framework, an evaluative
framework, in which the release of more granular information could be talked
about or executed.

I think that’s something maybe that we could do, or really somebody needs to
do it.

DR. CARR: Yes, and that is part of the strategic plan, the gaps — isn’t
that what you talked about, gaps in data?

DR. WALKER: Just a framework. The kinds of things Sallie was talking about
— it is stewardship, yes. Say it that way. Before we encourage HHS to look
for opportunities to do it, I think we could recommend that they make sure that
there’s a framework within which to look for opportunities.

DR. CARR: Dr. Tang, lump us up.

DR. TANG: No, no. Just do it. Bill said tomorrow we can start working on
getting the metadata about the data we have. That’s one thing. The other thing
we can do is very common, obviously, in many organizations, that ties in on the
timeliness and in the process to look at the granularity.

The time you’re just like going down into each of these data sets looking at
the — what’s the current work stream? Can’t we do this a little
differently? You might even find some granularity that actually gets discarded.
Do you see what I’m saying? So those are things you could do tomorrow and be
improved, looking at tomorrow’s work plan.

DR. CARR: Susan. Bruce.

DR. COHEN: I am talking for Dr. Queens. But it is a comment that I have, and
it sort of builds on what Paul has just said.

Healthdata.gov and a lot of the federal data are really reliant on the
states to provide the source information. So the feds are really just a data
compiler rather than a data generator. The role of the federal government in
promoting the jurisdictions to examine their processes to try to speed them up
is an incredibly robust recommendation. In fact the example we have in the
letter of NCHS working with the jurisdictions around the vitals I think is
ultimately going to prove a phenomenal success.

That is one point around timeliness. And I think understanding, like Paul
said, what the processes are. In Massachusetts a town clerk has 6 months to
send a death certificate to the state before we review it, and then it needs to
be coded and it needs to be sent to NCHS, and then they essentially code the
death part while the state is coding the demographics. So the processes need to
be clearly understood.

The other issue that we’re beginning to discuss — I know many health
departments are — around the timeliness of data release has to do with
it’s important to have complete, final data files, but for lots of the activity
that we do, the preliminary or provisional data serve the purpose as well. What
would strategies look like to provide data that is not final data for planning
and for surveillance?

So I think not only understanding the processes but defining what the
purpose of the data is might help us reorient ourselves in our thinking about
timeliness.

DR. CARR: Great. Thank you.

Vickie.

DR. MAYS: Bruce brought up the notion of having a meeting. I am trying to
think if it’s too much for the letter or not, but one of the things you started
to do was to make a case about partnerships in terms of the one with the
Census, the one that CMS did.

Part of what is really necessary for us, particularly when HHS talks about
these vulnerable populations, is we actually need data that’s linked to other
sources. The one thing I don’t want us to lose sight of is that HHS data will
benefit from linkages to non-HHS data, like thinking about things like the
Census, thinking about things like Transportation, Education, et cetera.

I don’t know if we’re ready for that in the letter, but we should do that in
the hearing.

DR. CARR: That was one of the presentations that Josh Rosenthal made early
on. You take Google — what is it called? —

DR. MAYS: Google Analytics?

DR. CARR: Public data explorers, something like that, and you can pull in
different things and tell a story in that way. We didn’t put that in the
letter, but maybe we should.

DR. TANG: I just want to piggyback — let’s see, I think it was on Bruce
quoting Susan — I want to quote — Mark knows a little bit about this
— he just last week at the NQF meeting had a great idea. It’s the same
thing that Bruce said. Look, there’s a lot of data that gets staged, could get
staged before it gets staged, and then it goes to the federal government where
it gets staged again.

His idea to improve the timeliness is just get it out from the source and
then have it audited in the back end. You could apply that in so many places,
but all of a sudden it was just a novel idea, that it takes so many months out
of the pathway.

DR. CARR: That is what we were trying to say in some of this, and we will
amplify that in the timeliness.

MS. GOSS: There has been a tremendous set of comments today which I really
have to applaud and agree that we’re going in the right direction, but I feel
like we’re being a little potentially disconnected from the conversation that
we’re having in the community learning network ideas. I think that there’s an
opportunity to maybe link the good work in this discussion with the larger
— it’s one thing to have good data; it’s another thing for people to know
how to use it and how we provide a framework and a safety net for people to be
able to operate in this brave new world of ours, and it is a lot of the work
that we’ve been working on separately.

So I feel like somewhere in the agenda we must be getting to that topic and
that there is a linkage here. So I think that this conversation is probably
going to evolve even further before tomorrow, and I really do hope we get a
letter out, because I think it’s the ability to set some foundational framework
that launches into some other work that we’ve been trying to evolve.

DR. CARR: I hear what you are saying, and that was also a direction in one
of our earlier versions. But as I listened to Jim, I think what I am hearing is
we’ve got this stuff; what will make it work?

I think the conversation with the communities is what took us to we need
community, granular, and so on, and I think we’re going to leave that to the
population group to follow up on that because you had so much testimony, and I
think it’s going to preempt our ability to get something out.

MS. GOSS: I think so. I agree with you, and the conversation here is really
informing the next level of conversation, and so we can really bifurcate it and
get to —

DR. CARR: Yes, right. We talk all the time.

Debbie.

MS. JACKSON: Absolutely. I will help try to tie some of the threads
together, because considering what you heard this morning all together, the
dynamics for that material and all the way through, it almost could not be
scripted better.

What you’re feeling, Alix, I am feeling as well, is how we pull the agenda
together when everyone is all together. The breakouts that we used to have,
that we might go back to, depending on the topics and the work, would not work
in a time like this where everyone really needs to be in the room crunching out
these issues.

The letter, from where it started, you can tell the complexity, how much is
embedded, how much is enfolded. There is just amazing stuff in here. I just
wanted to honor that and affirm that and work through the logistics to make all
that happen in a quality item from the committee.

DR. CARR: So does this mean I don’t get to go to dinner?

I think this has been great. What has been hard about this is sort of a
fragmentation of good ideas that we are not all in the same room to build upon,
tweak, revisit. So this has been hugely rich, and it builds upon a rich series
of discussions that led up to this.

I think what we’ll try to do is now kind of reframe what we heard today,
taking some of this, perhaps amplifying, getting a couple of different examples
maybe, and come back tomorrow — well, we’ll see what we have.

DR. GREEN: Let me take a shot at this, Justine, and just see how much the
traffic will bear.

I heard really important stuff happen really fast, and I wish to express
appreciation for that. The reframing of the letter is central to reworking it.
It seems to me that the very key notions are — there are two perspectives
that come out that produced this letter. One was the special character of the
working group. These are not your usual suspects. These are people that are
actually looking at healthdata.gov and trying to do something with it, and they
say, “Oops,” “ouch,” “wow,” “how
about…” and this sort of stuff. That is a particular feature of this
letter than must be called out. It is why the working group was formed.

A second key framing is this is also fueled by what we have learned in
listening to communities who are trying to use data. When you narrow that down
to say — for example, they just tried to go to healthdata.gov and use it.
Here are the observations remaining from these — it is sort of like two
user groups, sort of two normal — well, I would never call people on the
working group normal. I’m sorry, no offense to anyone. They are very amazing
individuals, special people.

PARTICIPANT: Gifted and talented.

DR. GREEN: But then we also are 2 or 3 years in to working with real
localities, people on the ground at particular places that are trying to use
data and improve their health.

These are converging on this letter. If that is brought out in the setup,
after that’s done, then we can make a transition in this letter to saying we’ve
observed a lot of complicated things that we want to expose here, but we only
are prepared to make particular recommendations fairly narrowly here.

DR. CARR: I think that’s right. Version 1, subset A, of this letter was
about usability and utility to two groups, the content groups and the
technologic experts. I still think that’s true, and maybe we go back to that,
that what we heard — Josh can tell us how to put 27 things together, but
he doesn’t know what they are. The communities can say, I need to know about
XYZ, but they don’t know how it goes. So we can introduce, bring that back into
the letter.

I think Leslie’s title of the letter is a good one.

DR. GREEN: I think I wrote it down. Can the title be “Improving the
usability of HHS data on data.gov”?

DR. FRANCIS: “Of the data on healthdata.gov.”

DR. CARR: That is perfect and that is exactly what we want to do.

MS. JACKSON: We want to see if Linda Kloss has any — if she was still
on.

DR. GREEN: Oh, yes. Linda, are you there?

MS. KLOSS: I am there. Thank you very much. A little plug for this
afternoon’s Privacy, Confidentiality, and Security Subcommittee. Actually, we
will have some new information on substantive issues in community health data
that I think will be enlightening, and we can revisit the suggestion that
another hearing might be order. I guess what we’re learning is that it’s
probably time to do what is being suggested here: dig in, develop the models,
recommendations, advance stewardship, because I think we have kind of passed
what are models that already exist. But you will learn more about that this
afternoon.

Thank you. Great discussion, and I certainly agree with narrowing the scope.

DR. GREEN: I am amazed at your durability.

One other thing about the letter. Setting expectations for tomorrow: What
are we going to do tomorrow now? Do you guys want to bring — what would
you like to bring back for discussion?

DR. CARR: I think what we can bring back is certainly a framework with
examples. It may go back to that sort of outline format, which was helpful, to
say here are the key points that we know we need to make; here is how we are
probably going to say them.

I think, giving respect to the work group that meets tomorrow, I would not
want to pass something that is so different before they’ve had a chance to
weigh in on it and amplify it.

Depending on where we are, we can finalize something and send it along to
the Executive Subcommittee. What the timing is thereafter, I will defer to you.
I think a big piece of what we’ll need to decide tomorrow is if this direction
is stated in a way that everybody agrees with and we’ve walked away from the
sensitive parts and we’ve embraced the framing parts and we really have
consensus that this is the voice of the committee and the work group. Then you
can decide, if we’re that far along, how to proceed.

If we find that we didn’t get it right, we’ll just keep working on it.

DR. GREEN: Okay, so a reframe of the letter tomorrow?

DR. CARR: Yes.

DR. GREEN: Let me ask — feel free to say no — would you be able to
articulate recommendations based on the reframing that you could present
tomorrow?

DR. CARR: Yes.

DR. GREEN: Where we could hone in on possible recommendations for the
letter?

DR. CARR: Absolutely.

DR. GREEN: We’ve done this historically where we’ve tried to come in —
now we’ve got our framing, now we’ve got our observations. What is it we really
want to recommend?

DR. CARR: I think we actually will have something. This conversation has
been one of great convergence and integration, and I think all boats rise. It’s
great. Everybody’s input was fabulous.

DR. GREEN: Okay, that is what we’ll aim for tomorrow morning as our first
item, unless there is dissent.

One last quick observation. I ask your indulgence about this. Sometimes I
think that I’ve gotten lost in my own world and head, but I think the
conversation we’ve just had is about the eighteenth conversation I’ve heard
with this committee that keeps begging the question, whose job is it to see
that data are used properly for public good?

One of the conclusions Susan wrote, and I’ve brought up two or three times
— you may be getting tired of my saying this — but is that we are
missing an infrastructure that allows users to meet data properly so that they
actually can use it, and that the old way this was done, by testing the data
forever, putting it in a box and having to hire experts that know everything
about statistics and data and its nature — you go hire them to tell you
what the data mean — that is not the world we already live in, and we’re
missing an infrastructure. It just doesn’t exist out there, and to drive this
down to the locality.

The Population Subcommittee work continues to reinforce that if we are
really interested in the triple aim, we want to improve health of individuals
and populations, we have no choice but to move to the locality. Drive it down
to the community level, because it is at the community that health is won and
lost.

We are in this space, and I’m just beating it to death. One of these days we
might want to make a suggestion that actually someone create a new work force
floating in some sort of space in some type of infrastructure that focuses on
this area. I don’t think we’ve got it. I don’t think the CDC has it. I don’t
think it exists anywhere. We have some large health plans that have created
their own research groups, et cetera, that use their own data for this reason.

I will hush.

PARTICIPANT: Lynn knows some of them.

PARTICIPANT: It sounds like, Larry, you need a datamatch.com.

(Laughter)

DR. GREEN: So, Paul, from now on, instead of making a speech, I’ll say
“Just remember datamatch.com.”

Let’s go to lunch now. Let’s say we will be back at 1:30. Let’s start at
1:30. What we will do is we’ll start at 1:30 with the standards update. I think
that is going to take us probably till 2:30. Yesterday was pretty much another
unbelievable fire hydrant going on.

Then we will go to the Data Council thing with Bruce at that point.

DR. COHEN: That will just be a quick —

DR. FRANCIS: We have someone calling in at 2:45 for Privacy.

DR. GREEN: And so then we will just forget a full membership strategic
discussion.

MS. JACKSON: That’s right. This was it.

DR. GREEN: I think we just had it. Then we will arrive at 2:45 turning the
meeting over to Leslie and Linda.

(Discussion about dinner plans)

DR. GREEN: Thank you. See you at 1:30.

(Lunch recess)


AFTERNOON SESSION (1:32 p.m.)

DR. GREEN: Welcome back, everyone, to the afternoon session. We are going to
take up what on the official agenda was the 11:45 a.m. item.

For anyone who is new on the phone, after the Standards update, then we will
do what was labeled the 1:45 thing, the briefing of the Data Council with Dr.
Cohen. We’ve already done the 2 o’clock item. So we will be managing our time
from now till 2:30 or 2:45-ish to get two things done.

Walter, you’re on.

Agenda Item: Standards Update

DR. SUAREZ: Thank you. Very quickly, this is the topic we’re going to cover
in our report. Ob and I are going to do sort of a tag team here presenting
this.

We are going to be very quick on most of this, because this is really status
reporting and updating. There are a couple of areas where we want some feedback
from the committee and some discussion. I will point to those in a minute. But
we are going to go over the work plan, talk about the HIPAA report, the hearing
that we had in November of last year on the Public Health Data Standards, and
then some preliminary themes from yesterday’s hearing that we’ll talk about in
a minute.

Very quickly, the work plan of the subcommittee. For this quarter we are
focusing primarily on the topic that we covered yesterday during the hearing:
prior authorizations related to prescriber pharmacy operations, the status of
operating rules. These are the topics that we covered in yesterday’s hearings.

The hearings, roundtables, workshop activities, so yesterday’s hearing was
the main activity. I have here a line about collaborating this year later, not
necessarily this quarter certainly, but with the Population Health on a future
second hearing on public health standards.

Then with respect to the letters and reports, we’re bringing up an update on
the letter from the public health hearing last year and from the HIPAA report
update.

For quarter two, very quickly, we have an ehealth vision and roadmap
discussion that we’re going to continue. We had a roundtable last year, some of
you recall, a second roundtable on this topic.

We will continue to monitor the operating rules development, claim
attachment regulations. I am not sure that they will be really out or coming
out in quarter two, but we will be monitoring that.

The review committee of ACA, we are working on a plan with CMS, and then
some more work around convergence in population health, privacy, and standards,
continue to work on that.

With respect to hearings, we expect to have a June hearing on administrative
simplification, our regular annual hearing on the status of activities,
actually sort of building on yesterday’s hearing and really heading into some
major deadlines, of course ICD-10 being the main one, later this year.

Then we expect really in June, in quarter two, to come back to the full
committee with a letter of recommendations on the Public Health Data Standards
hearing, the actual HIPAA report to Congress to be reviewed and acted on, and
then a letter coming out of yesterday’s hearing with whatever recommendations
are appropriate.

Then lastly, the second part of the year, I think we are going to continue
to really take advantage of the time to focus a lot more on the ehealth vision
and roadmap and focus on coming with some concrete recommendations about that.

There are a lot of things that are expected to happen later this year, so
we’ll be monitoring those as well.

In terms of hearings, we don’t have yet a defined hearing in the second part
of the year. We have a possible hearing on Public Health Data Standards and a
possible roundtable, a third roundtable, on ehealth vision and standards
roadmap.

And then in terms of letters, I expect that out of the June hearing we would
have some recommendations coming back to the committee for action.

That’s our work plan. I am going to shift gears to talk about the HIPAA
report to Congress.

As you all know, we embarked on this activity sometime in the later part of
last year. The idea was to update Congress on the status of HIPAA activities
that cover the period October of 2011, which is when we last reported to
Congress, through the end of last year. We were going to present originally
some report to the committee in November, but due to a number of issues that
occurred toward the last part of last year, including the federal government
shutdown and some other factors, we decided to pursue the completion of this,
move it to February of this year. We were going to try to bring it up today.
But there have been a lot of other issues around particularly the beginning
part of this year that really did not let us complete that.

We are very close. We have about 80 percent of the report completed. But we
decided to take until June of this year to complete the report, work with
Privacy and Security Subcommittee on finalizing their respective section, and
the Population Health Subcommittee, finalizing their sections. As you can see,
we are hoping to complete a final draft for vetting with the full committee in
March-April time frame and then finalize and review with the Executive
Committee in May and bring it forward to the full committee in June for action.
So that’s our new timeline for the HIPAA report.

We did want to talk a little bit about a section of the report very briefly.
I know this is very small. We haven’t changed the general section, so you can
see we have an executive summary and some introduction, and then we have three
main sections: the administrative simplification advancements in 2012 and 2013,
which covers all the things that have happened with the transactions, the
operating rules, the codes and identifiers, compliance and enforcement.

Then we have a section around advancements on HIPAA privacy and security
policies. So we have a series of topics there. Then we have a section reserved
for the relationship to standards and population health. We had a couple
sections there about the community health data initiatives as a highlight in
the report and the Public Health Data Standards activities.

Then the last section we reserved to discuss a vision for the future of
administrative simplification and ehealth in health care. We have these six
sections, and these are the ones I want to just maybe talk a little more about.

The section 6 is really intended to be — well, the other sections I
think there has not been much concern or issues or questions about it. I think
we have about 80 of those if not more completed, really. They are cataloguing
the many things that have happened in the last couple of years. Section 6 is
really the visions of the future, where we think things are going.

We have divided this into six areas or six topics that we wanted to cover.
One is a section talking about the transformative changes in health care,
including, of course, health reform and high tech and others, the data
stewardship area, convergence of clinical and administrative standards, roadmap
for ehealth standards and adoption and implementation. This is basically the
concept that we need to map into the future in a more consistent way, sort of a
progression of how a standard gets adopted and implemented sequentially and
concurrently and how they play together.

Then the opportunities for aligning ehealth standards, policies, and
programs, really looking at the challenges of having multiple regulations cover
the same topics. I will give you an example that we talked about yesterday with
respect to the pharmacy and eprescribing. We have three major regulations that
have something to do with eprescribing. We have, of course, MMA that defines
the prescribing, we have meaningful use, and we have HIPAA. The three of them
are playing some effort and some effect in eprescribing. We are going to look
at some of the alignment there.

Then another subsection on ehealth standards and health reform. Really, what
are the new things that are brought by health reform into the world of
standards?

Then the last part of this vision is a measuring of success, really the need
to do a better job of measuring how we’re doing in terms of outcomes and in
terms of measurable activities and, ultimately, measurable fulfillment of the
goals and the purpose of administrative simplification.

This is the section that we just had a few questions we wanted to talk about
with the subcommittee. In the discussion, we actually identified a series of
principles that we wanted to share with the committee. As we were discussing
during the roundtables we had last year on ehealth, we identified a series of
principles to consider when evaluating the adoption of new standards.

These are the ones that we came up with: aligning with the triple aim; being
actionable by the Secretary and the healthcare industry; suitable to improve
data and processing for structure; able to ensure the privacy, confidentiality,
and security of personally identifiable health information not being done
elsewhere and requiring NCVHS action to implement; have an identifiable
audience; be directional and strategic with respect to the overall standards
rollout; be consistent with the intended scope, and be appropriately scaled;
and then likely to have a measurable impact after implementation; and be
inclusive of a commitment and a plan dissemination in terms of how we
ultimately achieve the adoption.

So these were ten principles that we thought would be helpful as we move
into the future. We continue to be a committee that evaluates and recommends
the adoption of standards, which is a major role that we have.

In any case, the question that we had about this section, briefly, very
basically, is this section on the vision and future a necessary section to be
included in the report? We believe it is a valuable way of looking at the
future, but we wanted to make sure that this is reflective of the interests of
the national committee.

And then is the current layout in this section appropriate? The subsections
that I mentioned, what might not have been included, what might be missing out
of this section?

Then in the content being proposed, within each of the components, what are
things that might be important to add or include that we might be missing? Let
me put back the six subsections here so that you have a better sense. I know,
of course, you don’t have the benefit of seeing all the details inside the
sections, but we wanted to make sure that this is still something that the
committee believes is important to include in the national report on HIPAA.

That’s the first talk that I want to make here.

DR. GREEN: Let me ask Linda, did you get the six categories?

MS. KLOSS: Yes, I have the slide deck from several days ago. Thank you.

DR. SUAREZ: Any reactions?

DR. FRANCIS: Just so you know, the first few minutes of the Privacy
Subcommittee is going to be on our section of it, and there is a draft. It
concludes with kind of where we come from, what remains undone with respect to
HIPAA. For example, some of the required HITECH Act rules have yet to be
issued.

We might want to think about having this section 6 include what you have
here but be a little bit more where is HIPAA now, what more might be needed.
Are there any changes we think might be a good idea? Standards are, of course,
a major piece of that, but they are not the only piece.

DR. SUAREZ: Great point, yes. I think that is a great idea to frame this
section.

Any other comments from people?

DR. GREEN: Around transformative changes in health care related to the
roadmap, I want to nominate for consideration in that the steady, progressive,
hopefully relentless reunion of public health and medical care. It could be
anchored in the IOM report about integrating primary care and public health, a
number of things, but this is a recurring, permeating thing that we’re seeing
that may not be totally clear.

Similarly, the existence of such a thing as mental health is now in
question. There is just health. This division of the healthcare delivery into
this system that takes care of people with so-called mental health problems
from those with so-called physical health problems is collapsing. That’s a
transformative change that affects data stewardship, standards, transactions,
and all sorts of operating rules. I think it would be important to call those
two out.

DR. SUAREZ: Great.

DR. FRANCIS: Could I just ask you a question about that, because I think it
would be really helpful, if what this report is is a report on HIPAA, it would
be really important, rather than just a more general report, to have some way
of thinking about how that plays into what’s going on or could go on with
respect to HIPAA. So any thoughts you have along that line would be phenomenal.

Obviously, there are some privacy issues, whatever.

DR. SUAREZ: It is always very important to frame this within the context of
being a HIPAA report update, but HIPAA now attaches so many different elements,
not anymore just simple transactions.

DR. MAYS: I just want to make sure we don’t go too far in the comment that
you made about the transformation, because I think what is happening in
integrated care is that, indeed, people do les around some of the behavioral
aspects, but in terms of real mental health disorders, those may be still kind
of farmed out in terms of some specialty care, not always still within the
primary care setting.

I think some of the emotional well-being and behavioral issues are kind of
— that division isn’t there. So I don’t want you to go too far, because I
think this is a discipline many disagree with.

DR. GREEN: Let me respond to that. The way I am thinking about it is
directly related to HIPAA. The data standards, the definitions and the
requirements and what is legal to share, what is not legal to share with
whomever, it is a complete mess when you just try to take care of people,
because there are parallel real systems for mental and physical health, and
then these vary, at a state level.

In terms of administrative simplification, it’s dead center in what HIPAA is
created to do. It is a substantial barrier to progress on transformative
changes in the healthcare delivery system. So from my perspective, it doesn’t
go far afield from HIPAA at all. It goes straight to the stated goals of HIPAA
and is neglected.

So in a HIPAA report like this at this point in history, 18 years later, a
section intended to share our vision of the future of health care, where it may
go, I think it gets right in there.

DR. MAYS: I think that is true. I think where there is still the barrier is
really in the substance abuse part of it.

DR. GREEN: Substance abuse is in this.

DR. MAYS: Yes, less in terms of the mental health is integrated, but there
are still laws around — was it CFR 42? — there are still laws around
substance abuse. So again, I think we just want to make some distinctions.

MS. GOSS: Adding on to that conversation, getting back to the data
segmentation issues earlier and the data needs of our communities, this is not
just a HIPAA issue; this is a HITECH, this is a meaningful use, this is the way
we do business and care for people, from the provider-patient interaction all
the way forward to everything else we want to do for the common good.

I am with Larry that this needs to be addressed, because focused in the
health information exchange lens, right now the super three — mental
health, substance abuse, and HIV — for Pennsylvania is a huge issue. The
policy reference that you made, Vickie, is part of the issue, and then the
state variability on top of it. We are not going to really help taking care of
the patient if we don’t get our arms around this.

DR. SUAREZ: Bruce.

DR. COHEN: Thanks, Alix. You took one of my two comments, so I only have to
do one.

It has to do with state health departments and non-covered entities. I
apologize, it just might be my ignorance, when HIPAA first came into being,
there was enormous confusion — I am sure Sallie and Leslie know more about
this — about health departments, are they covered, are they not covered,
do they have to abide by HIPAA rules and regulations? What kinds of alternative
privacy concerns exist if in fact HIPAA doesn’t apply?

I haven’t seen any update on whether there is a balance achieved now with
respect to HIPAA and more acceptance of what’s covered and not covered. Does
HIPAA essentially have a chilling effect on health departments still with
respect to providing data to communities that in fact it wasn’t intended to? I
don’t know if there has been an update around this issue, and I think that
would be very valuable for us to comment on.

MS. MILAM: I would like to echo Bruce’s concern and idea. It was sort of
rolling around in my head too. What I’ve seen with the breach rules that have
come out of HITECH as well as enhanced enforcement, organizations fearing
disclosure of data to public health and others, and if public health has a
breach, having it come back on the hospital.

So trying to give better education to the community, and providers
particularly, about what HIPAA covers, what it doesn’t cover, what is a
required-by-law disclosure — and when you look at OCR’s Website and you
talk with them, there isn’t really a discrete document you can point to that
says, okay, here it is, here is what is required by law. Here it’s clear that
breach doesn’t apply to you if you’re not a HIPAA-covered entity.

It lends itself to confusion. An organization does submit data to public
health in some instances because they fear that if public health has an
incident, it will be their incident.

DR. SUAREZ: Great point, exactly. I think there are two issues. One is if
providers and other suppliers of data to public health are concerned about
HIPAA effects. And then your question about public health agencies, how HIPAA
applies to them in terms of disclosing data out, I think that’s another very
important point.

I think that second one has been less of an ongoing issue. Most public
health agencies, depending on how they are organized and how much they do,
whether they are a Medicaid agency in the state or not or whether they do
delivery of care services, direct or not, they are either a non-covered entity,
a fully covered entity, or something called a hybrid, which is a combination.

That still seems to be the underplaying structure. I think with the breach
regulation is where a lot of questions have come up more about where does it
end and where does it go.

MS. MILAM: And it tends to arise when state public health wants to collect
additional data elements or introduces new data-collection programs. They
forget the whole exercise they went through 10 years ago of learning this, and
it becomes a barrier all over again. It would be wonderful to have something
concrete to point to.

DR. SUAREZ: So sort of an update. I think that’s a great suggestion.

DR. VAUGHAN: Hi, Walter, and thanks for the usual excellent report.

One of the areas in which it often arises in Silicon Valley and around
emergency health tech companies is two-sided. One is does it apply and the
other is if it applies, how can we get around it?

DR. SUAREZ: We didn’t hear that.

DR. VAUGHAN: I think clarity not just for local governments and hospitals
and providers but anticipating these other emerging data streams that are very
specific to individual patients, and how can we create an environment for
consensus and education as more people enter into this space would be
extraordinarily helpful.

DR. SUAREZ: Thank you. I think we are hearing there is a need to look at
more refined and specialized guidance on specific topics. That would be
helpful.

DR. GREEN: Have any of you read the February issue of Health Affairs? I
nominate it for your consideration. They are trying to get rid of the word
“telemedicine” and replacing it with the words “connecting
health.” There are about seven or eight really thoughtful articles in here
about what care at a distance is becoming, and particularly its implications
for isolated populations and for the restratification of medical specialties
and the way different medical specialties actually execute their work,
particularly, for example, pathologists and radiologists, the issues that track
to state licensure issues and restrictions of interstate commerce. It goes a
long way toward laying the issues out in a way that could be used to identify
— this is actually, of course, a revisitation of — I don’t remember
the year, but sometime in the 1920s the Journal of the American Medical
Association published “the end of medicine” because of the connected
technology of the telephone, and that this was going to end medicine, et
cetera. So this is a conversation that is 100 years old.

But in June of 2014, this is exploding, and the redesign of health care, a
lot of it having to do with ACO creation — personally, I nominate that for
another possibility.

DR. SUAREZ: So they are replacing telehealth with connected health?

DR. GREEN: Yes, privacy and security risks in connected health, which of
course the subtext of that is current health care is not connected.

DR. SUAREZ: Yes, exactly.

Leslie?

DR. FRANCIS: One other thing we might want to just not lose sight of is
there is still ongoing activity attempting to get HIPAA and the common rule in
some kind of sync, which they remain not. I don’t know whether that will be
resolved by the issue of an NPRN, but if we are trying to keep things in the
eye of what remains a source of significant friction and unresolved, that is
another biggie.

DR. SUAREZ: Thank you for the feedback. We will incorporate all those points
and again work towards a goal of trying to finish the report between now and
June, have it brought back to the full committee in June for review, and we
will go through the process of working with the subcommittees and the executive
committee.

Let me switch to the public health standards hearing that we had in
November. This was the very first hearing, I believe, that the national
committee held on the topic of Public Health Data Standards and public health
standards.

We had a number of questions during the hearing, and I don’t think we want
to go through all of them. It really was about what is the current state of
standards being used in public health exchanges. We had a distinction between
the data content per se of the public health data with respect to the messaging
exchange and other standards related to the electronic movement of data.

We talked about what are the incentives, drivers, what are some of the
issues around standards. It was an incredible hearing. We had representation
from pretty much the entire spectrum of representatives on public health. All
the public health major associations and large agencies were involved.

Here are some of the themes that we heard:

Public health is a critical part of health, and health care will benefit
from adoption and use of electronic standards. So not unlike all the other
components in health, public health is one that benefits from the use of
electronic standards, including messaging standards, transport coding, and
classification standards, security standards, others.

There are already basic policies and regulations on standardization that
cover part of the public health; for example, state reporting regulations,
meaningful use now that has some requirements around public health reporting.

There are a number of areas in public health where national standards exist
and are well recognized and adopted and being used, like immunization data
exchange, laboratory reporting, public health labs, vital records in a number
of states. At the state level there is electronic vital record collection.

There are a number of opportunities in areas where public health standards
at the national level do not exist or are under development, like public health
reports, the reporting of conditions or specific public health events, registry
reporting, environmental health reporting. So there are a number of areas and
opportunities for public health data standards.

Another major theme came through, which was a public health information
infrastructure at the national, state, and local level needs significant
attention and important investment to keep it at par with the development and
adoption of the EHR system. So here we have a major investment that this
country did in the EHR adoption, yet the public health information
infrastructure has seen actually shrinking of funding and resources. So there
is a risk there for not keeping up.

Challenges continue for state and local public health agencies, including
shrinking funding, limited resources, limited trained work force, like
informaticians and others.

The other important theme was that replicating the infrastructure and data
analytic capabilities across all 3,000-plus public health local, state, and
federal agencies will require significant investments. It might not be
necessarily realistic to really replicate every possible capability across all
these settings. Rather, consideration should be given to identify and optimize
common capabilities, pursue shared services and resources, and better leverage
limited funding. So there is really an opportunity to look at how multiple
state and local agencies can converge in identifying common capability needs
and then share resources. There are actually efforts already under way to
facilitate that.

The maturity, adoptability, and implementability of standards must be
considered before adopting them and requiring their use. So clearly there is a
question about the level of maturity of some of the standards that are being
considered for adoption in public health.

Public healths have limited participation in standards-relevant
organizations, which tells of only limited, really, involvement from public
health experts in the standard-development process.

Consideration should be given to establishing the proper incentives for the
adoption and implementation of public health standards. So what are the right
processes for adopting and implementing, what are the right incentives that can
be aligned?

Public health information exchanges should be bidirectional. Here is an
important concept, really, that right now most of the exchanges are really
unidirectional. There is a lot of expectation of an increased number of
communications back from public health to healthcare providers and others;
specifically, for example, the expectation of receiving more actionable
real-time information from public health that ultimately would help providers
deliver Medicare at the point of care. So the patient is at this site visiting
with the physician, and data from public health is needed in real time about
specific areas that are important for the care of that patient.

Standards and technology are means to an end, not really an end in itself.
Sometimes we lose sight of the fact that, really, standards and technology are
just a way of achieving some of these goals but are not really ultimately the
goal.

Need to continue emphasizing refining, building the business case for public
health data standards. That seems to be an area.

So some of the possible areas of recommendations that we came up with were
these ones. Really, the bigger one was the opportunity to pursue what some
people refer to as a health statistics systems improvement act, really pursue
the recommendation to seek something like this from Congress that helps
modernize and advance and improve the information, infrastructure, and systems,
including strong support for public health informatics workforce development.

Another area is the opportunity to establish what some people recommended to
be a public health information infrastructure trust fund, a dedicated funding
source to support enhancement of information for structuring a public health
arena.

Also, work towards the harmonization of demographics across all public
health databases, something that we heard already today and talked about.

Establishing pilots that demonstrate the importance of having bidirectional
information exchanges between public health and clinical care.

Supporting a core group of public health professionals to actively be
engaged and participating in standards development.

Expand the efforts to bring public health, population health, community
health, and clinical care closer, so in a more converging, totally integrated
way.

Create an opportunity for advancing population health management tools and
resources. It is something actually I mentioned earlier, really the opportunity
of advancing population health management as an area to focus on.

Making the case for public health case reporting using standards. That was
one specific area of recommendation.

And then, finally, leveraging other public programs such as the meaningful
use program to align incentives and foster collaboration between the public
health and private sector in adopting and using public health data standards,
and ensuring that public health data requirements are incorporated into
clinical systems.

It was important to know that people really felt that opportunities such as
meaningful use are one vehicle. A lot of things and hopes have been pinned into
the meaningful use program as it moves into the next stages of development. But
as we heard, there are some issues and recommendations about the next phases of
meaningful use that are going to be somewhat different. Public health might not
be necessarily at a highest level in their priorities for implementation. It is
just one of the elements, but there are a number of other policy programs that
can help.

Then establishing a national public health standard collaboration initiative
to move standards forward for public health programs. I can mention that at the
standards-development level there is already work to formulate a collaboration
between standard-development organizations, ISO, HL7, IHE, others, to work
towards coordinating the development of public health standards. That is very
consistent with these recommendations.

Anyway, I think that is basically — oh, there’s a couple more.

Developing a new value proposition for the public health agenda that
includes identification of use cases and leverages of other program activities
such as meaningful use. I think this is related to the previous one.

And then provide educational assistance to stimulate the market and increase
the number of skilled workers to address the needs of the public health work
force.

I think we have a really amazing opportunity to bring public health at the
forefront of the interest of standards and the advancement, really, of the
public health information infrastructure in this country. I think there is
really an opportunity to move through some of these recommendations that the
national committee can make.

Let me stop there. I know there are already some questions. Bruce.

DR. COHEN: I need to understand better, and I think it would be very
important to clarify what we mean by public health here. It could be incredibly
broad or you could be focusing on the transactional standards. Are you focusing
on standards for the collection of smoking data at the community level or at
the individual level? I need to understand the nature of what is the context of
how you’re using, or how were you going to use, public health more broadly.
That’s one comment.

The other is I think this is a phenomenal set of potential recommendations,
and they are certainly consistent, I think, with activities that are going on
in other groups of the national committee. I am just wondering whether we want
to put them all into the standards letter at this time or wait until — for
instance, we’re going to be spending a lot of time in the Population Health
Subcommittee talking about the federal work force and reinvigorating that. Does
it make sense to wait until we have all of this work done?

DR. SUAREZ: Good questions. The first, the context of the definition of
public health within the context of our recommendations, is really primarily
public health agencies and the public health information infrastructure and
standards with respect to messaging and transactional standards of electronic
exchanges between public health and external trading partners. So that is the
context.

We are not talking about the definition of specific elements, as we have
talked with population health before. We are not in that space with respect to
this. We are trying to really constrain ourselves to the elements around
information technology and its applicability to public health and standards
around health IT.

To your second point, this is really not a standards letter. This is really
a letter of the national committee. As we all recall, this was a hearing that
was actually a joint hearing from Population Health and Privacy and Security
and the standards group. We are presenting it as the lead subcommittee, but at
the end, this is one of the first cases where we are really working across all
subcommittees in reflecting the opportunity.

So in my mind I think this is a perfect setup for a stepping-stone series of
next recommendations. We are creating sort of a larger framework of
recommendations around the idea of an improvement initiative and a public
health information infrastructures trust fund. These concepts are building
blocks to other building blocks that would come in future recommendations.

So my suggestion will be to still pursue these this way but really as a
building block. Again, this is truly a national committee recommendation set.

DR. FRANCIS: This is just a question about whether you had any more specific
discussion about meaningful use and public health reporting. I have in mind
questions like whether or not a mandatory — you know, there are the core
standards and the optionals, and how all that is going.

DR. SUAREZ: We heard actually several times a reference to that. We didn’t
get into those specifically because certainly there are other bodies that are
responsible for that activity and those types of recommendations.

What we did here was that programs like meaningful use are an opportunity to
pursue certain enhancements of exchange of health information with public
health, although they might not be the only vehicle or the only type of
incentive. In fact, as we heard from the recommendations — and Paul is
here and he can talk more about it — but from the recommendations from the
meaningful use work group to the policy committee, in meaningful use stage 3 or
future stages, really, the public health type of expectations of reporting
might not be at a top priority within all the other activities.

There are a number of questions and concerns. Our point about it, of course,
is there are some things that are clearly happening or will continue to happen
— immunization exchanges reporting. All the public health reporting that
is done is done because of certainly expectations and requirements that public
health has. At the state, local, and national level there are requirements and
laws that require those. So that is going to continue to happen.

The expectation that they will be part of a meaningful use requirement into
the future is less certain, and that is why — actually, not that why, but
it was one of the comments that happened during the hearing, was that while at
some point people were thinking meaningful use is the one place where we can
put all the things into the basket and try to push it forward, people are just
now saying we should be cautious and not just put all our eggs into that basket
and try to make sure that that is one of the vehicles, but there are
potentially other vehicles. But that is the extent to which we talking about it
in this.

DR. FRANCIS: I guess I was asking whether there was any sentiment for saying
something stronger, for thinking that what’s going on with phase 3 is actually
a missed opportunity.

DR. SUAREZ: Back in those times, we didn’t know what we know today about the
new directions of meaningful use, so we didn’t have really — but it was
even perceived or seen at least even at that point that of course meaningful
use has coverage of everything about the exchange of health information between
many entities, and public health is just a little component of it, so it is not
to be expected that everything about meaningful use is going to be in public
health, or everything that public health needs has to be put into meaningful
use. I think that’s how to put it.

DR. BLEWETT: I generally like these recommendations and your discussion, and
of course it’s very thorough. I might be a little bit off, so I risk saying
this, but it seems like the intersection between the ACOs and population health
is maybe more data linkages as opposed to putting it all into a meaningful use
kind of health information exchange. And I don’t know if that fits in here or
that goes in another bucket, but if you have your data registries and your
disease registries, that is going to be more of a data-linkage issue, as
opposed to dumping it into an exchange.

DR. SUAREZ: That is a great point too. I guess there are at least two ways
of thinking about how things would evolve into the future. Whereas there will
be continued expansions of registries in a centralized data set, like cancer
registries and other things, versus more distributed, federated approaches of
data that will create a virtual data system but is residing in different places
and is connected, is I think is what you were pointing to.

DR. BLEWETT: Yeah, and if you are going to get at that cumulative of
population health monitoring that includes both traditional public health
surveillance indicators and sort of health, there is going to have to be some
linkage somewhere.

DR. SUAREZ: Some linkage, yes. That is a great point and I think it is an
element that it is important to consider, that this is not purely only
exchanging data with public health and sending data and receiving it. There are
a number of other linkages that support population health. That’s a great
point. Thank you.

MR. TAGALICOD: Thank you, Walter.

Actually, it was a great segue as Lynn answered, and I would like to just
expand on that. So the question becomes what are the policy vehicles as well as
the programmatic vehicles, whether across HHS or other places, in order to
incent or support the population health effort we are talking about. You
mentioned the ACOs, and yes, there is a population health element to that, as
well as other programs that we’re looking at.

So the question begs — and I am not making any statement here or any
announcement, so I just want to put a caveat — it is for the discussion as
to what are those vehicles; and then also anticipate some of the things, bills
that are being now considered or at least vetted, not even considered to a
level of like we’re going to bring it on the floor, but like the SGR fix, all
the stuff that’s embedded in there in terms of interoperability.

But then the question becomes, so what else can be put into it, because to
put everything on EHR meaningful use when we know — and here’s the real
intelligence — we have a lot of things, ehealth, HIT, that could be
perceived as, and are perceived as, burdensome.

So the question is, if you put everything in the EHR, we may risk losing
what the original intent was. It was to get us over the hump of adoption, and
so now we’re getting to meaningful use, but to overburden it at this point in
time can be a dangerous thing. We keep our eye on the goal. The eye on the
goal, at least for meaningful use, is outcomes.

But again, yes, the question begs, doesn’t that include public health? But
again, look at the other vehicles.

MR. SOONTHORNSIMA: I think there is a venue for that, to your point. We’ve
been working on this ehealth roadmap, and there are a lot of different streams
— meaningful use, admin simp, and so forth. There is a lot of — I
hate to use that word again — convergence. But there are some capabilities
that are not overlapped but complementing capabilities.

So to your point, the connecting of those capabilities, I think we just have
to tease them out as we formalize the roadmap conversation.

MR. TAGALICOD: Just one last thing is because we’re going to launch it in
— although I think it’s already there — launch to HIMSS, is an
interactive frame of all the kinds of things that we’re doing, the quality
programs, the pay-for-performance, the EHR meaningful use, the administrative
simplification, all those things, and you can touch it and say, “Okay, I
want to see all of them vis-à-vis each other,” or “I just want
to see one of those things.”

So I think part of it is in the kinds of questions that the committee is
going to ask, is look at that and saying okay, these are — and this is not
the entire universe, but I think it is to see them in context with the others.

DR. SUAREZ: What booth is that?

(Laughter)

Where are you, in the field?

MR. TAGALICOD: It was the big pavilion.

I will send it to the entire committee, where we are at EM6.0.

DR. SUAREZ: We’ll look for you.

MR. TAGALICOD: I’m counting on it.

DR. GREEN: Walter, a quick time check here.

DR. SUAREZ: Yes. We are now in the last part. This will take, I think —
I was going to turn to Ob for the review of the hearing from yesterday.

DR. GREEN: Where absolutely nothing happened?

DR. SUAREZ: No, no. We have about 25 slides to go through.

(Laughter)

MR. SOONTHORNSIMA: I am going to go through this very quickly.

The purpose of our hearing yesterday is to review and reflect on the
progress and status of administrative simplification activities in 2014. You
can read that on your own, but there are five key topics that we wanted to
review.

One is what is going on with operating rules development for the remaining
transactions. You heard about some of that this morning from Denise.

Second, EFT and ERA operating rules rollout. That happened on 1/1 of this
year.

Review and discuss where we are with ICD-10 transition.

Then talk about ICD-10 implications on other non-covered entities, which
are, namely, worker’s comp, the property and casualty industry.

Then review health plan ID.

Lastly, we reviewed DSMO recommendations or requests to modify a previous
recommendation around pri-auth for pharmacy benefits.

So let’s jump right in.

Again, we can go through this very quickly. You don’t have to — I
didn’t do this yet.

DR. SUAREZ: Oh, sorry.

(Laughter)

MR. SOONTHORNSIMA: Yes, we do them analog.

I will clap my hand, okay?

For EFT/ERA and development, we are just going to summarize everything into
one slide here, but by and large, what we’ve heard, electronic funds transfer
has been leveraged by the industry for some time now, and there was increasing
volume that the industry saw last year. We expect that that volume will
continue to grow.

Success to having effective EFT — oh, by the way, EFT, you know that’s
funds transfer, and of course remittance advice — but the success of this
is to have adoption for the providers, especially smaller providers, to adopt
the usage of EFT. Enrollment is a critical factor here. The industry continues
to look for ways to reduce inconsistency, because health plans apparently do
enrollment into this EFT program different ways. So continue to look for ways
to reduce the variations across all plans.

Trace number. This is re-association number. When you send out a payment,
you want to re-associate the payment back to the remittance advice. That is an
area where we expect to see significant improvement in efficiency, because
right now providers are having to do a lot of these manually or depending on
their PMS, practice management system, to do the work.

One thing that came up yesterday that drew an interesting, actually
dominated the conversation, was this concept of virtual cards. These are
basically credit cards that started to emerge over the past year. There were
some concerns about, okay, gosh, this is a 3-to-5 percent fee that providers
are paying. So the folks really raised that as a potential issue and a red flag
that we need to keep an eye on.

DR. SUAREZ: This is the virtual credit cards that health plans give
providers to pay them. So it is a health plan payment to the provider. There is
a concern that it sort of conflicts with EFT itself, because this is another
vehicle to give to the provider the payment. But the problem is the provider is
paying like 3 to 5 percent.

MR. SOONTHORNSIMA: Three to five percent. So for a $100 reimbursement, you
might collect $95.

DR. SUAREZ: Literally, they estimated it yesterday. I think it was like,
when they aggregated everything to a year, it was $16.5 billion of fees.

MR. SOONTHORNSIMA: So that is something for us to just ponder a little bit.

Then we heard from CORE about the operating rules. As you know, we have five
remaining transactions. Denise gave that status this morning. Obviously, there
is a consideration around aligning the meaningful use, all the marketplace
exchanges. How do we align some of those potential operating rules based on the
development of those areas?

And evaluation of the criteria based upon ROI and whether or not industry is
ready to actually implement those things based on constraints of all the
competing priorities and so forth. There is some rationale being used.

Of course, Denise talked about this this morning. Public forum feedback
through CORE is very critical.

Let’s jump into some of the considerations.

We reflected on the concept of these virtual cards. First of all, we are not
sure whether that is a widespread use as of yet. It may require further review
and clarification, because if this is an outlier, maybe this is something that
the industry can solve for itself.

That leads to the second bullet point where we think that we really have to
balance our perspectives as to whether or not we should be policing or
adjusting these rules to mitigate these possible abuses, or we should just
balance that against, you know, look, innovation is going to happen, and let
the industry course-correct some of these things. We can provide some guidance
around what are the parameters for these things. Otherwise, you have to chase
every single rule, and I am not sure that is really an effective use of this
committee. It might stifle innovation.

Again, Bruce has brought up Bitcoin. That’s exactly what we were joking
about. Who knows, Bitcoin could be used.

Next one: Operating rules development. Currently completing market analysis.
Basically, that’s what the CORE group is working on.

Also, the thing about operating rules, we reflected on that a little bit
too, and we agree with CORE in that we really need to balance making sure that
when we’re talking about acknowledgment, when we’re talking about transactions,
make sure that we’re leveraging practical and pragmatic industry-driven
approaches or practices and not try to be over the top — this is my word
— on policy. So those are some balancing acts that we need to be concerned
about. It is similar to the point we made earlier about let innovation some of
these advances.

A question?

DR. CARR: It seems only yesterday when we were holding the hearings for
these — it was more than yesterday — but it was very impressive the
amount of dollars at risk and the opportunity. Maybe you said this already, but
are we going to be able to quantify what was the financial impact of
implementing especially EFT?

DR. SUAREZ: First of all, I think, as it was said during the hearing, if
there is one transaction and one area where true administrative simplification
and effective ROI can be seen, it is the adoption of EFT and ERA.

Yes, as we heard also, there are still a lot of providers not moving into
EFT. We had a number of conversations about how providers still want to see the
check coming to their mailbox, opening the envelope, and then going to deposit
the check.

Interestingly enough, as I was pointing out, I am sure those same providers
are receiving their IRS refund this year electronically into their check
through an EFT. But the reality is many providers still depend on that check.

So finding better ways to entice and to help move everybody into EFT —
if we had everybody in EFT, the savings and the benefits will be immense in
terms of volume.

DR. CARR: I remember when this first came up, of all the things, this would
have a huge financial benefit. Then we had it in the 10-year letter to Congress
on administrative simplification.

It seems like it should not be acceptable that we have any variation. I
don’t know what it takes to get full enforcement, but at a time when we’re
cutting costs in so many places, this seems like simple revenue that we ought
to be able to capture.

MR. SOONTHORNSIMA: I think enforcement is an interesting word, because you
cannot really enforce the providers to use this. This is really imposed on the
payers. So that’s why publishing or tracking, to your point, the progress
— let’s say we improve the enrollment process. Now that we have the trace
number to associate the ERA back to the payment, that in itself should help
solve a lot of problems in an office, and, hopefully, that is probably enough
for them to start using this more consistently.

DR. SUAREZ: I think what Ob is pointing to is really the reality that HIPAA
is a requirement for health plans. It is only a requirement for providers if
they choose to do the transactions electronically. But they still have the
ability to say no, I don’t want an EFT, or I don’t want an ERA, electronic
remittance. I want to see that piece of paper that explains the benefit or the
payment in the paper. So they still have the ability to say that.

DR. CARR: I suppose there are incentives and penalties, I suppose, for
— it’s like if you pump your own gas, it’s cheaper.

DR. SUAREZ: Payers are incentivizing them. In fact in some cases payers like
Medicare are saying, as part of our policy, everybody is going to have to do
this this way.

MR. SOONTHORNSIMA: Or you can just use the virtual card and get a 5 percent
reduction.

DR. CARR: Really.

DR. GREEN: Ob, you’ve got about 5 minutes.

MR. SOONTHORNSIMA: Thank you.

Let’s talk about some things that are applied to both health plans and
providers. ICD-10. Let’s talk about that. You heard loud and clear, stay the
course, right? Stay the course. There have been a lot of discussions and a lot
of concerns. But what we wanted to find out, let’s reduce the ambiguity and the
noise level. What can we say? What we heard loud and clear yesterday at CMS is
we are staying the course.

When we’re talking about dual processing, that means there is no dual
processing of ICD-9 and ICD-10 beyond October 1, rather than runout. What that
means is if you have date of service before 10/1, of course you can process
those things. But beyond that, any new procedures, new transactions beyond 10/1
would be processed ICD-10.

Lastly, also, the intention is to minimize impact to the patients. That is
also a very clear message.

The good news is, remember, back in June of last year we heard that while we
got almost 100 percent compliance on 5010, close to 20 percent of the providers
were using crosswalk service to upcode 4010 to 5010.

We noted immediately, well, that’s not acceptable because you cannot send
ICD-10 through. So the good news is a pretty good percentage now, close to 100
percent, are using true 5010. So that’s good news. With 7 or 8 months down the
road, at least they are using 5010.

Testing is not possible until software is in place. We all knew that. Not
all vendors are ready. There is risk impacting the testing, the end-to-end
testing and all these things.

Another thing that we heard loud and clear, because last time we met in
June, the message didn’t come across too well, clearinghouse is not your
solution. At the end of the day, the providers are the ones who have to —
clearinghouses are just a conduit. I don’t want to oversimplify, but they are
simply passing those transactions through using 5010. But they are not going to
do anything with the ICD-9 to ICD-10. That has to be done at the practice, at
the provider level.

Testing remains a challenge. Many vendors have yet to deliver ICD-10
solutions. Health plans have yet to begin testing directly with their providers
in earnest, not to say that they’re not doing it, but they’re not doing it
broadly across yet.

CMS fee-for-service also has a test plan, you heard this morning, starting
in March and, hopefully, through June as well.

Small providers are aware of the change. They know what ICD-10 is, so that’s
not the problem. But they will likely not be ready.

Lastly, there will be pre- and post-implementation support needs. There will
be plenty of calls on your call centers and so forth. Those were the messages
we heard.

Here are some of the take-aways from us. One, we believe that providing
awareness and training is great. But at this stage, you really have to target
because you know a lot of people, we don’t know how many, are not going to be
ready. So how do you target to those provider types, practices, based on their
coding patterns and what not, that really need to be targeted?

Similarly, when you’re talking about comprehensive testing, that will not be
possible either, kind of along the same line, for every provider and health
plan. So let’s prioritize the most impacted codes for those specific providers.
Let’s really target not only the awareness and training but also your testing,
because you’re not going to test comprehensively end-to-end across the board.

Lastly, there is some guidance that could be provided in order to start
doing true contingency plans based the second bullet point that says these are
the procedures that we do, these are diagnostic codes that we use, so what is
our contingency plan around that?

Think of two paths that you would take: one, if your system is not ready, so
what’s my contingency plan? Your system is ready, what’s my contingency plan?
Does that make sense? So let’s come up with some practical guidance on that.

The last point, and this is really between CMS, continuing the dialogue
around traditional Medicare advance payment. This is some of the conversations
that I think the providers are having with Medicare.

Let’s move on to the next topic, implementation beyond covered entities. By
and large, P&C and worker’s comps are pretty much subject to state law
— actually not by and large, all of them. They are all subject to state
law, state regulations, and state departments of insurance.

What is happening is that only 19 states out of 50 states actually have
embraced ICD-10 and really started doing some alignment with CMS and other
entities to do ICD 10 planning.

Unfortunately, the remainder, the 31, have not decided or are still in the
process of deciding, and that has caused some major concerns for the industry,
particularly for those payers, because if the provider is going to be using
ICD-10 and they’re not able to use it, one of the concerns is that these
P&C and worker’s comp payers, especially the larger ones, are going to pull
out of those states. States should assess the impact and really work very
closely with HHS.

Let’s go through our observations. Definitely there will be a need to do
ICD-9. Clearly, there is no way for these states to be able to be transitioned
to ICD-10 before 10/1. We think that all the states will likely move to do
ICD-10 because we heard that the fees, reimbursement rates, and all that are
driven largely by Medicare rates anyway. So if Medicare is going to do ICD-10,
you are going to have to move there. So fee schedules and all of that are going
to be based on Medicare fees.

Lastly, the point that we want to find out is, is this a show-stopper for
ICD-10? This is not a show-stopper.

Let’s go on to the next topic. We’ve got 2 minutes.

The is the pri-auth, a letter from DSMO to our subcommittee requesting that
we refine our language around pri-auth standards. Just to give you the context,
some years back HIPAA X12 278 was deemed as a pri-auth referral transaction.
That’s a standard. However, around the same period, NCPDP has developed the
standard to do the electronic prescribing, and they also came up with pri-auth
standards for scrips. So that’s the scrip standard they use for eprescribing.

Basically, what DSMO is looking for us to do is to refine our recommendation
and give OESS some ability to explore so this scrip standard could be used and
they would still be deemed compliant with HIPAA law, because the HIPAA law
simply says that you have to use X12, in a nutshell.

Walter, did I do a good job of explaining that?

DR. SUAREZ: Yes, absolutely. No question.

MR. SOONTHORNSIMA: Thank you.

Let’s go to our recommendations.

Basically, we listened and we tend to agree with the rationale for this
recommendation, but we think that we have to understand why would we accept
something like this. That’s a third bullet point, by the way.

If you think about the goal of administrative simplification, it is really
to continuously evolve and improve the efficiency and effectiveness of
healthcare processes. So any technology advancement, any innovations that are
evolving rapidly in healthcare processes, they all intend to improve the
efficiency and effectiveness in health care.

So the last point is HIPAA, along with other standards, do complement one
another or they help facilitate achievement of these goals, and therefore, if
you follow those rationales, so you’re not stuck again on, oh, it’s defined by
HIPAA, therefore let’s debate on how we’re going to make HIPAA work, why not
harmonize all these policies so that we can truly advance these capabilities?
Again, very similar themes that we talked about earlier around let the market
drive innovation. We just have to make sure that policies make sense.

Next, health plan ID. This is one of those sessions where we go,
“Duh.” A lot of questions around, all right, how do you define a
health plan? Let me step back. What is a reg? The reg really requires two
things: one, enumeration of health plan ID, and two, usage of health plan ID in
transactions.

In a nutshell — Denise, I might butcher this, but forgive me — so
there is the definition of when and where HIPAA health plan ID is used or not
used. It really is a decision, we believe, of the SDOs, standards development
organizations.

We have some challenges. I think the whole industry is still struggling with
what the definitions are for health plans, let alone payers, and then OEID,
other entity IDs — that is another convoluted conversation.

The long and short of it is that while health plan ID was conceived as part
of HIPAA regulation, that’s almost 20 years ago. Industry has evolved and saw
some of the problems that perhaps health plan ID was intended to solve many,
many years ago. Furthermore, the feedback was if there is not going to be
access to this health plan ID database, and if there is not enough information
in there, what use would it have?

Let’s go through our observations.

MS. GOSS: Can I do a clarification?

MR. SOONTHORNSIMA: Sure.

MS. GOSS: In regard to the first bullet, we have a slight tweakage that we
need to make, and I just had to double-check myself here. The SDOs wanted to be
able to say, when the policy says you’ve got to use it, this is how you use it.
The SDOs don’t want to touch the policy realm at all. They understand business
purpose. They want to meet the business purpose, but they don’t try to be
policy setters. So it’s not when and where. It’s just when it says you have to
use it, they’ll tell you how to do it.

MR. SOONTHORNSIMA: Thank you for that clarification. It’s almost like nobody
wants to touch this. That’s my comment.

Observations: Much work remains, we believe, in terms of defining why do we
do this, what’s the real value? Then there are potential downstream impacts,
and you think about the X12 work, that the staff have to look at all the
transactions and if a decision is to be made that you go forward, how it is
going to be used. Then how it’s going to be used will open up another complex
conversation on how it is going to be implemented.

Lastly, the historic context of this standard has been lost given the lapse
of time, so again going back and redefining the purpose.

Next, it was another tremendous hearing. We had five panels and 35
testifiers. I am not going to read through all these, but we made it through
the day, and it was a really rich, rich conversation, good dialogue. Of course
we ran overtime, but at the end of the day, we made it through another
standards marathon.

DR. GREEN: Okay. We are going to have to suspend all the zillion questions
that no doubt stimulated. I think I just heard someone join. We were expecting
someone to join us at 2:45.

Leslie and Linda, I will turn this over to you. I suspect we should stand up
and stretch for about 3 or 4 minutes, but not much longer than that. Then
Leslie will reconvene us very quickly.

(Whereupon, the Full Committee adjourned.)