[This Transcript is Unedited]

Department of Health and Human Services

National Committee on Vital and Health Statistics

Full Committee

February 22, 2017

Hubert H. Humphrey Building
200 Independence Ave., SW
Washington, D.C.



Agenda Item: Welcome

DR. STEAD: Welcome. Should we go on and begin with roll call and introductions? Should I start?

Bill Stead from Vanderbilt University. Chair of the Full Committee. No conflicts.

MS. KLOSS: Linda Kloss from the Kloss Strategic Advisors. Member of the Full Committee, co-chair of the Privacy, Confidentiality and Security Subcommittee, members of the Standard Subcommittee. No conflicts.

DR. PHILLIPS: Bob Phillips with American Board of Family Medicine. Member of the Full Committee and co-chair of the Subcommittee on Population Health. No conflicts.

DR. RIPPEN: Helga Rippen, Allergy. A member of the Full Committee, Privacy, Work Group Data, Pop Health, and I have no conflicts.

DR. COHEN: Bruce Cohen. Member of the Full Committee, co-chair of Population Health Subcommittee, from Massachusetts. No conflicts.

MS. GOSS: Alix Goss with Imprado. I am a member of the Full Committee, co-chair of the Standards Subcommittee, the Review Committee, and I have no conflicts.

MR. COUSSOULE: Nick Coussoule, Blue Cross BlueShield of Tennessee. I am a member of the Full Committee, co-chair of the Standards Subcommittee, Privacy Subcommittee, and I have no conflicts.

MR. LANDEN: Rich Landen with Harris QuadraMed. Member of the Full Committee, Standards Subcommittee, Review Committee, and no conflicts.

MS. LOVE: Denise Love. National Association of Health Data Organizations. Standards Subcommittee, Populations Subcommittee. No conflicts.

DR. STEAD: Do we have any members on the phone? In particular, is Lee Cornelius on the phone?

DR. CORNELIUS: Yes, Lee Cornelius is on the phone. I am at the University of Georgia. A member of the Full Committee and the Population Health Subcommittee. I have no conflicts. Other than not having sleep – but that is all right.

DR. STEAD: Thank you. There are two more members that we expect that are not yet here, Dave Ross and Vickie Mays.

(Introductions of staff, and guests)

DR. STEAD: I think we are good. Rashida, would you like to take over?

Agenda Item: ASPE Welcome

DR. DORSEY: Good morning and welcome. This is our first Full Committee meeting of 2017. The committee has a rich agenda for this meeting and for this year and I am very pleased. The expertise that you provide and the products you develop are valued contributions that support the work of the department. I look forward to this meeting and I thank you for your service.

I just have a few announcements to share. First, we have a new secretary for the Department of Health and Human Services. Secretary Thomas Price was confirmed on February 10, 2017. Dr. Price sworn in as the 23rd secretary of Health and Human Services. He first served as an orthopedic surgeon for approximately 20 years. He later served as the US representative for the Georgia’s Sixth Congressional District. He held this office from 2005 to 2017 and earned a reputation amongst his colleagues for being a tireless problem solver and the go-to expert on health care matters.

He remains an advocate for a patient-centered health care system that adheres to six key principles: affordability, accessibility, quality, choices, innovation, and responsiveness. Again, we have a new secretary. His bio and his background are on the HHS website, but I did want to share that.

Within ASPE, we have a new deputy assistant secretary for science and data policy, Ms. Laina Bush. Laina holds the position that Jim Scanlon formerly held. At some point, she will be here to introduce herself to the committee, perhaps not at this meeting because she is unable to make it. But at a future meeting, she will certainly be here to introduce herself. She also is currently serving as the acting ASPE. We currently do not have a permanent ASPE so she is serving in that role as well.

Laina Bush has 20 years of experience in ASPE. She is able to participate in our meetings. She will –

The last thing I just wanted to share is we have three new members appointed to the committee: Jacki Monson, Debra Strickland, and Roland Thorpe. Jacki Monson is the vice president, chief privacy and information security officer at Sutter Health. Jacki Monson has extensive expertise in health care privacy and security – compliance. She recently was appointed vice president chief privacy and information security officer at Sutter Health in Sacramento, California where she administers and manages privacy and information security programs for Sutter Health and its affiliates. She provides advice and education to programs and constituents about HIPAA, HITECH and other information security and privacy laws and regulations. She also manages and oversees the privacy monitoring and audit program, cyber security operations and incident response. Prior to her position at Sutter, she served as chief privacy officer at the Mayo Clinic where she assesses privacy gaps in clinical enterprise.

Our next new member is Miss Debra Strickland. Debra Strickland is a nationally recognized health care executive with experience in corporate and insurance sector. In her current position as client service consultant at Xerox Government Health Care Services, she implements the HIPAA operating rules for Medicaid to ensure compliance. She brings extensive knowledge and expertise in working with HIPAA transaction and code sets and national health care standards development.

She has extensive experience developing and implementing health data standards and related HIPAA administrative simplification in diverse health care settings. As a result of her experience, she has developed a strong working knowledge of operational public policy considerations while implementing and complying with HIPAA administrative simplification regulations and diverse organizations.

Our last new member is Roland Thorpe. Dr. Thorpe is an accomplished researcher currently designing and conducting studies that examine how social determinants of health such as race, socioeconomic status and segregation affect health and functional outcomes among adults particularly among men across the life course. He is an associate professor in the Department of Health, Behavior, and Society at Johns Hopkins University. His program of research is on the understanding of etiology of race and social economic status related to disparities and functional and health status of adults. He also is the director of program for research on men’s health. He has a wide range of research projects –

Those are our new members. We are excited to have them on board.

DR. STEAD: Thank you. I know that that we have three subcommittees that are breathing a sigh of relief to see such key horse power coming on to the committee in places that we really need their expertise and help. I think this is unbelievably good news to start the meeting.

With that, let me provide an overview of how we are planning to tackle the day and then we will proceed with the CMS update.

We are going to start with a brief update from CMS. We will then spend a block of time working on the report to congress. I think it is in pretty good shape, but we really want to walk through and hear people’s questions, concerns, and suggestions because we want to bring it to closure either over the course of this meeting or in our April telephone meeting depending how close or how far people think we are.

We are then going to hear from Jon White who is going to call in for ONC from HIMSS.

Then we will spend an hour working through the De-ID letter trying to identify any changes we need to make with the goal being to allow those edits to be made over night so that we can hopefully take action on it in the morning if we are close enough to do that.

Then we are going to plan or listen to a proposal and talk about a hearing that is a new request from CMS to relook at Health Plan ID.

We will have the update we wanted from CMS about Social Security Number removal.

And then we will do a pop health block to we hope take action on the report from the last workshop and then close the day with a conversation with the Commission on Evidence-Based Policymaking.

In the morning, we are going to take a fairly long block to work through the report on healthdata.gov that Erica has been working with Vickie and the workgroup. Our goal is to get it into really get those recommendations close enough that we can then go back and do an edit pass and bring it back for action in April.

We are then going to try to take action on De-ID and the workshop report in the morning block and then go into more planning, predictability roadmap, the vitals hearing and then wrapping our heads around how we want to handle the April meeting. It will be our first telephone Full Committee meeting. We need to think through those logistics. And then I am hoping we will have time to think just a bit more about Beyond HIPAA and the Terminology and Vocabulary projects so we are setting the deck up for the next piece. This is going to be a busy couple of days. But I think the information is in pretty good form.

Do people have any questions or suggestions about the agenda or are we good to go?

Did someone join us on the phone? We heard a beep. Welcome Mildred. We have Vickie.

DR. MAYS: Good morning. Vickie Mays, University of California Los Angeles. I am a member of the Full Committee, Pop, the Workgroup, PCS and the Review. I have no conflicts.

Agenda Item: CMS Update

MS. TRACY: Thank you for inviting us. Cora Tracy. I am the director of the new Program Management and National Standards Group in the new office of Information Technology at CMS.

Many of you are familiar with the National Standards Group. We recently had a reorganization. We have both the Program Management group and the National Standards group are now one group. In this new organization, DNS, which is the Division of National Standards, will be collaborating with the Division of Program Management to work on exciting projects such as you will hear later today, the Social Security Number Removal from the Medicare cards, which is part of the Medicare Access and CHIP Reauthorization Act of 2015.

Another project that we currently are working on is the Quality Payment Program as well as the PECOS transition from a single purpose product to an enterprise resource and tracking various initiatives under the 21st Century Cures Act, which just passed last year.

The Division of Natural Standards will continue its good work with the review in adoption of standards and operating rules, its collaboration with NCVHS and its work with industry. It is my pleasure today to provide you with the CMS update specific to the National Standards Division and to respond to inquiries where possible.

First, I would like to provide an update on the status of ICD-10. As you all know, thanks to the unique display of industry collaboration and engagement, implementation of ICD-10 was an undeniable success. I want to thank everyone in this room, on the phone, throughout the health care community for the unprecedented collaboration that made this transition a success.

For the past two years, CMS has provided resources for industry to assist with ongoing implementation efforts. Recently with the transition of ICD-10 coding complete, we saw an opportunity to streamline our web resources, which means migrating all up-to-date content from our Road to 10 website to the CMS.gov, which is available at CMS.gov/ICD10.

Over the next few weeks, we will be transitioning the Road to 10 website and that should be complete by April 3. The merging of Road to 10 content with the CMS.gov content will streamline the public’s access to the most current resources, making it easier to get to information from one location.

The reason we are moving forward with this transition is because we have tracked the old site and there has been a sharp decline in viewership for the Road to 10 because of the successful roll out. In fact, most people have been choosing CMS.gov and not Road to 10. For example, at the end of last year, we saw that 75,000 visits went to CMS.gov/ICD10 site as compared to less than 14,000 at the Road to 10 website.

We will actively communicate this change to the industry to ensure that everyone has time to update their bookmarks and links to point to CMS.gov/ICD10. Our communication channels include emails and LISTSERVs from CMS, which combined is half a million subscribers, tweets at CMS.gov handle, notices on the CMS.gov website and a notice on the Road to 10 website.

For users to try to visit Roadto10.org after the transition is complete will provide an automatic redirect to the CMS.gov/ICD10 website.

The second item I would like to share with NCVHS is that our enforcement program. As a reminder, we have an updated enforcement website. Last year, our staff provided the NCVHS committee with information about our overall Administrative Simplification HIPAA website enhancements, which we made in response to your recommendations to make the site more user friendly and easier to navigate. I hope you have had a chance to visit our web page.

We also updated the HIPAA Enforcement website for covered entities. The new site is in full production. The site is called ASETT with two T’s because it stands for Administrative Simplification Enforcement and Testing Tool. We not only accept complaints through this system. We can also assist covered entities with testing of their transactions or with transactions from others that they receive to check compliance.

The ASETT system is an improvement from the old complaint system from its appearance to security to the ease of submitting and tracking complaints. Later this year, we hope to visit this committee again to provide more information about the Division of National Standards Enforcement Program. In the meantime, we hope you will share this important resource with covered entities that you know or visit it yourself. Our enforcement program is compliant based and we provide technical assistance to covered entities. We hope more people will take advantage of this program.

Finally, I just want to say that we are looking forward to this coming year with our new administration. There are many unknowns, but we are used to working within an environment of uncertainty where we use our resources to be creative and innovative. We are fully aware that the standards adopted under HIPAA are just one element in the roadmap that many of you are building that will lead to the future of interoperability at a more efficient system of health care. That is our priority.

As we see it, our work, the promotion of electronic transitions, the potential for adoption of the attachment standard must be done in concert with meaningful use, the quality payment program and alternative payment models. None of our work can be done in a vacuum.

I know that this committee has been talking for years about the convergence of clinical administrative information, how health care and payment information can be exchanged safely and in real time between health care entities.

The real value we obtain by working together is saving time and money. The potential for quality improvement is a mix. We share the same goal with you. That a better health care system will address the needs for providers, patients and payers because everybody has a role in making the system work.

In closing, we are committed to working with each one of you. It is early in the year and we look forward to coming back in an upcoming NCVHS meeting when we know more about the new administration’s priorities and we will have a good handle on the regulations in our pipeline.

Certainly, one message you can take away today is that we are engaged and interested in collaborating with you and with partners in the industry and want to be practical about the next steps forward. Please let me know if I can answer any questions today and if I cannot, I will definitely get back to you. Thank you.

DR. STEAD: Thank you. Questions? While people are thinking, you mentioned attachments. Where does that set in your priority thinking at this point? Because we had thought about that as one of the things we were going to be tackling. While tackling it from the perspective of the Review Committee in the parking lot until we understand more the direction that we are going to receive, it seems to me we need to know if our logic around attachments had been longstanding. Although it aligned with the Review Committee, it is an important problem in and of itself. I did not know where that fit and where you would like to see that in our work plan given where you are in the transition.

MS. TRACY: I appreciate that question. We are currently in the process of reviewing our regulations. We have not had a chance to discuss regulations or priorities with the new administration yet.

MS. LOVE: I do not know, Cora, if you are the right one to ask if I should wait until the whole presentation. But we are getting from the states a lot of inquiries about as we shift from volume payment, fee for service to bundled, global, alternate payment models, non-claims data. CMS has a huge stake in this as do the states. Where will those conversations come out of and how do we engage?

MS. TRACY: Again, we have not discussed with the new administration. Surely, you are open to engage with us.

MR. LANDEN: The new merged group from the National Standards Group that you talked of. Is their scope the same as the National Standards Group or are they expanding beyond more than just the HIPAA-related standards and code sets.

For example, coming out of the quality payment program areas, the electronic clinical quality measures, utilize some Health Level 7 standards. Is that going to be under the purview of the new group as well?

MS. TRACY: It should be. Our group has expanded our purview because of program management as a piece of our work. HL7 is definitely part of our purview.

MS. DOO: Rich, when you say HL7, are you referencing just the attachment-related HL7 standards? Are you going further like fire?

MR. LANDEN: I am going further. The example I used was just one example, but that example for the electronic SQMs uses QRDA files, the QRDA standard.

MS. GOSS: I think, Rich, that is a great question because it really does start to go back to the convergence topic.

MS. DOO: As we go further into some of the other committees and the HL7 structured documents and –

MR. LANDEN: Pop health and the whole gamut.

MS. KLOSS: Thank you for your report and congratulations on the great CMS leadership on the transition to ICD-10. It was really a remarkable level of collaboration.

My question concerns going forward in what your plans are for – what the metrics are for measuring the effectiveness of ICD-10 and PCS, including issues of data quality and productivity and usefulness of information.

My reason for asking the question is that our committee has on its roadmap to step back and look at vocabularies and classifications more broadly. I think that this would be an area for certainly collaboration with the department and also we will be looking for whatever data and insights you have about how effective these changes have been and most importantly on perhaps PCS because that was a huge change. We tend to focus a lot on the CM part, but the PCS part is of great interest too.

I think my question isn’t so much whether you can answer this off the cuff today, but it would be useful to explore more deeply what metrics you are getting in tracking and how you view this evolution and vocabularies and classifications because this is an area that we have identified as something that the committee could delve into that would hopefully be of benefit.

MS. TRACY: We will welcome that collaboration and definitely work with you on the information that we find out on the metrics and help move forward from there.

DR. STEAD: Other questions? Thank you. We appreciate the update and we will roll forward into the report to Congress.

Let me just introduce this because this is the first time we have been able to work through this with the Full Committee. We have worked through it with the Executive Committee and a couple of calls. What my thought would be is that we would have Rebecca try to summarize the feedback that we have so far so that we are aware of the kind of input that is coming in, not actually try to resolve that feedback as she is summarizing it, but just get it on our radar screen.

Then I thought without projecting it because my goal here is not wordsmithing, we would walk through it page by page, section by section and get people’s questions, comments and suggestions. We would actually try to come to some closure about them as we work through it if we could. That would be a time that you could also think through how to deal with some of the feedback. I am hoping this will be an iterative process. And then at the end of that process, we can stop and then say have we not dealt with of the feedback and we can come back and try to land any of the pieces that are outstanding. And then we will know how close or far we are and we can then figure out how to take the next steps. That is my approach to this. We will take a break at a natural time in the process. This is going to be I hope the ultimate of a working block that will hopefully move us in the right direction. Is that a process that is comfortable to people?

Did one more person call in?

MS. BERNSTEIN: It is Maya. I am feeling under the weather, but I am going to try to call in for some of the meeting today.

DR. STEAD: Take care of yourself.

Do you want to give us a brief report.

Agenda Item: NCVHS Report to Congress

MS. HINES: As Bill just summarized, the Executive Subcommittee has had two in-depth conversations about the report and Susan has been responding with follow-up drafts. I think we are on our third or fourth main version. She did speak with some of the committee members, Alix, in particular, and I think some of you others as well to help her. As you know, Susan does not normally write at this broad cross-cutting level. She normally focuses on population health. To help get herself educated, she did some due diligence there.

And then we got comments formally sent back to us from Centers for Medicare and Medicaid Services, CMS, thank you very much, from the Office of the National Coordinator, ONC, and Office of Civil Rights, OCR. Really the feedback from – the comments from CMS and OCR really provided nice refinements. Most of them were line edits and track changes, but things that definitely we want to get right such as – an example would be that HIPAA in the law did not define business associates. The definition was created in the HIPAA rule. Just making sure we got our facts right. Very helpful.

Susan has started to implement most of those – the draft that you have her has most of those line edits in. Very good refinements again for accuracy.

ONC provided more I would say conceptual feedback as well as some line edits. Just go through it and then when we go through the report as Bill outlined, we can decide how or whether we want to address them. Generally, the report is non-controversial from their vantage. I think we would all agree with that.

The main suggestion or thought imparted in the feedback was it did not come across as actionable in the sense that it did not seem like there were specific or detailed issues highlighted that we could address such as how to improve access or how to improve security. The suggestion was to consider adding more specificity to issues that might be hindering progress.

In the end of the report, again, interest in specific mention of priorities such as the Precision Medicine Initiative or Cancer Moonshot.

In the privacy security section, he was looking for a discourse on API-based access through the JASON Report and discussion around new mobile platforms such as apps.

In the discussion around use of standards, looking for more discussion around the challenges and need to have interoperability between administrative and clinical data sources.

In the pop health section, looking for some more specificity and examples like maybe the opioid crisis as a compelling use case.

And general, just looking for more specificity, things that might point to examples that are potentially actionable through these recommendations.

Those were the overall. There were also some line edits that I think we can definitely take from ONC as well.

But in general, I would say even in those comments, everything we got back was favorable. We are on the right track. It is just a question of how much level of specificity do you want to get into. I think, Bill, when you launched to this, you read all of the reports to Congress that this committee has ever produced and decided that this may not be the best venue for recommendations because we do that already in all of our products, but more of a reflection. That is where we are right now. Hopefully, you all had a chance on your airplane ride to review the report. You have a sense of the good shape that it already is in.

I think what we are talking about now is shaping, chiseling, refining where we are hopefully. If there are some major sections we need to look at, certainly – this morning is our big opportunity as a Full Committee to do that.

DR. STEAD: Thank you, Rebecca. Are there questions related to Rebecca’s summary?

MS. GOSS: Thank you, Rebecca. That was very helpful. I have been tracking pretty closely with the report and I think it is coming together. I think that the feedback received really speaks to some of the convergence and larger issues that we have been talking about in our strategic planning. I am excited that ONC has provided that feedback and know that we have a lot of collaboration opportunities with them as we move forward especially hearing Cora’s update. I wondered if maybe we did not share with them the lens in which we were drafting this. I want to be mindful that it was a good feedback, but I feel like it takes the report in a whole different avenue. It is probably good to get that resolved upfront before we try to vet any comments.

MS. HINES: Not only that, but state it clearly in the report so that the reader’s expectations. I know we added some language in the first paragraph to that end. We probably need to do it even a little more although I guess that was not there when ONC reviewed it.

MS. GOSS: Maybe that is why it seems so clear to me because I had read the latest version.

DR. STEAD: What I am hoping we will do is as – if we keep these comments in mind then as we go through it, we can identify places we might strengthen or clarify without in fact changing the lens. At this juncture as a committee, we really agreed on the lens in November and we have worked to achieve the lens. It needs to come through clearly.

MS. GOSS: Thinking about our predictability roadmap conversation that we are going to be having tomorrow, so many of those things that were in the ONC feedback really speaks to that longer strategy conversation.

DR. STEAD: And therefore they will be part of the 13th report to Congress.

DR. COHEN: This is just a continuation of what Alix was saying. Do we want to include specific examples or not? Do we need to make that decision before we review on a page-by-page basis?

DR. STEAD: We have included specific examples in several places. As I did my read last night, I found a few places I thought we could still do that. But they are at the level of a sentence. Linda summarizes in the privacy block or the toolkit. It is in a sentence. It gets all the principles effectively to what sentence. It is not abstract and yet it is not reproducing all the details. We need to have examples that are clear enough that people know what we are doing while keeping those examples at high enough levels that in fact that then points them to the link for the detail if they want it. That is, I think, the idea if that works.

MS. HINES: Maybe we need to add something in the intro, Susan, about each section has all of the reference recommendations and reports that are basically – I think you say that, but even say it more crisper or something.

MS. KLOSS: With regard to recommendations, I think this is an important thing for us to lay the ground rules. It seems to me that a rationale why we do not have recommendations is that this is a report to Congress. We are not suggesting that Congress takes action to change the HIPAA law. Most of the recommendations or all of the recommendations that we have generally made have been to the agencies to clarify guidance or implementation or enforcement. I think we decidedly don’t want to have recommendations because we really are asking Congress to support the work of the department, but not open HIPAA to changes. I do not think there is anything in here that suggests that we need a new section of HIPAA to do X, Y, or Z.

DR. STEAD: My understanding is that our mandate is to report to Congress on the status of the implementation. We are in essence summarizing where we are as a country and actually implementing the law.

MS. KLOSS: I would just take one more step. As we look beyond HIPAA, there may be something that emerges that could be a legislative agenda. But I think that is a different purpose than this is serving. I think the answer on recommendations is not our intent.

MR. LANDEN: In general, I am quite comfortable and pleased with the balance of the report. There is sufficient in there that is looking back and actually NCVHS taking credit for things that is done, particularly our predecessors. But the balance of the report then looks forward. I think that is proper and appropriate.

I would agree that especially since we state the opening paragraph that we are not including recommendations, I agree we should not put new recommendations in this report. However, we do say we expect to offer them in the future so there is nothing wrong with outlining. In fact, it would be good to outline the areas in which we are going to work without making specific conclusions at this time.

In looking over the detail of the language, there are some spots where I would think that we should be more as appropriate either action oriented or outcome oriented rather than just a general statement of we did this or that, but what did this or that accomplish or where appropriate, what did it fail to accomplish. What were we trying to do and how did we succeed or fail?

MS. LOVE: You may have said this and I just did not hear it. I am going to ask it. If there is just small wording or – as I read it on the plane, there are a couple of things that I would edit or revise. We do not have to go through them now.

DR. STEAD: Last night I went through and gave Susan a list of 13 suggestions, maybe a couple of which are big enough to rise to this conversation. Most are simply things that she will incorporate as the next —

MS. HINES: I would say when we get to the end of the conversation this morning, let’s see where we are. But right now, my hunch, Denise, is everyone if you saw something that needs to have some wording change, email it to Susan, Bill and myself and we will make sure it gets added in as appropriate.

MS. KANAAN: My first choice especially for line changes, you can give them to me in hard copy if you would like, but otherwise just send it to me. If you can use track changes then of course it is very obvious what you want and where you want it.

DR. STEAD: I had a little problem. I had a PDF.

MS. KANAAN: Special exceptions for Dr. Stead.

MS. HINES: I am going to send right now to the Full Committee the Word version. If you want to do edits, you can.

DR. STEAD: Having done the comments to De-ID and then doing it last night and then doing the report to Congress, I sent Rebecca a note to self. All future drafts in the E-agenda book should include line numbers like De-ID because it makes it a lot easier. We will try to remember that before the next E-agenda book.

Then my sense is we are level set. Let’s start going through. We get to celebrate the arrival of Ross. Would you like to read yourself in?

DR. ROSS: Good morning. Dave Ross. President and CEO of Task Force for Global Health, adjunct faculty to Emory University. I think I have no conflicts.

DR. STEAD: We are just getting ready to do a section-by-section review of the report to Congress. Let’s start with the introduction, page 1.

MS. KLOSS: I had one suggestion. I will indicate where I think it should go. In general, what we have, as Rich says, done a really good job of covering and recapping the NCVHS work. But the report also brings in work by Office of the National Coordinator, Office for Civil Rights throughout. I think we should acknowledge that more fully in this second paragraph in the introduction so that we are not just looking at the work of NCVHS, but we have certainly touched on initiatives relating to HIPAA that have been done elsewhere. A little less self-serving.

DR. STEAD: I think the thing we need to be careful of is we word it. We are not exhaustively reviewing the work of OCR or ONC or CMS related to HIPAA. We will need to make sure we do that in the right way.

MS. KLOSS: Another sentence after this report draws on these sources; in addition, we referenced work by OCR and ONC and other agencies as appropriate or something.

MS. GOSS: Linda, to your point, it is because we are highly collaborative and it is complex stuff. Maybe there is some linkage there. The overlap.

MS. KLOSS: But I think this is where we need to acknowledge work beyond our own work.

MS. KANAAN: Here we are.

DR. STEAD: We do not need to word it. Rebecca says she has it. Other comments on the introduction?

MS. HINES: I am just wondering just per our comments, Bill, earlier around Susan’s addition of the purpose of this report is not to offer any recommendations. Do we want to do a little bit something more with that?

DR. STEAD: I thought that sentence somehow needed to be strengthened. I want a stronger statement such as, we are trying to synthesize cross-cutting themes from past recommendations, summarize the status of implementation and suggest next steps. I think that would be a better flow after the “but” at the end of the first paragraph. That would strengthen that.

A couple of other things from my perch. On top of page 2, the many factors including access to data were evidence-based policymaking. It must come together to improve the health of Americans. It seemed a strange placement for evidence-based policymaking because our focus is more around population health, care, administrative. That is one thing, and I understand it is a current thing, but I think we will want to look at rebalancing that. We do not need to micro-manage it.

This is, I guess, philosophical. Right at the top of the second paragraph on page 2, about three sentences in. To provide context for – I will stay away from that. That is too micro.

Anything else on the introduction?

MS. KLOSS: I do not know how we do this, but it almost seems like given that we know our audiences, some new members of Congress and staff, if we do not need to once again, reinforce what is administrative simplification. Just that very basic. We start right out with it assuming that people understand it. I just think we need a sentence or two about what that is that could flow through.

MS. HINES: Where are you thinking that goes?

MS. KLOSS: I kept looking back at it. I almost think it needs to go in the middle of the first paragraph before the report. Opportunities related to administrative simplification and protection of information, privacy, and security. Administration simplification is the cross-cutting initiative to streamline flow of information for payment – there must be a definition of it somewhere. I was thinking maybe that is the way to handle it. Just footnote a definition.

DR. STEAD: We have the sentence at the start of the admin simp in Section 3. The goal of admin simp is to enable electronic information exchange for an efficient and effective health care system. Should we basically pull that thought? Leave it where it is, but also pull it forward. Pull the thought from the goal statement at the top of page 7 forward into the middle of paragraph 3 while also leaving it where it is. I think Rebecca has that.

Then anything else in terms of the introduction other than micro, which we will send her back?

Let’s move to cross cutting themes. Comments on the intro to the cross-cutting themes? Top of page 3. While people are thinking, I thought that might be a good place to repeat what the purpose is. I thought we might go back and say, four themes emerge from NCVHS work to support implementations of the sections of HIPAA designed to achieve administrative simplification and protect information privacy, security and complementary efforts to approve the public good. I think that would be clearer.

Anything else on that first paragraph? Come down to then theme one, balance standardization and innovation to improve efficiencies.

DR. RIPPEN: I have something. In the third paragraph, the second line, it sounds like a recommendation. It is more nuanced wording. You want to put historical has always urged. It just sounds like a recommendation.

MS. KLOSS: We will wordsmith it.

MS. KANAAN: Helga, you are talking about to be most effective?

DR. RIPPEN: The paragraph starting with building on, the second line, NCHS urges. It sounds like we are making a recommendation.

MS. HINES: Or maybe continues to urge.

DR. RIPPEN: Because we said we were not going to do recommendations.

DR. STEAD: I get your point. Go to the paragraph above that. I like the way we talk about the Review Committee in the admin simp part of Section 3. It is clear there.

It seems to me referring to it here just makes it too complex. At the start of the second paragraph of the first theme, I thought you might could just say, thus NCVHS, and kill, Review Committee (described below). Because NCVHS issued the recommendation. And then we can talk about the Review Committee when we have time to explain it. Does that ruffle any feathers?

I thought that this was a place where after four lines into that paragraph, we probably ought to add a sentence that specifically, what some of those recommendations were, such as education enforcement.

MS. GOSS: Like especially the eight primary ones we did in the first letter.

DR. STEAD: It could be done in one sentence or two sentences. A simple statement so people will understand the nature of the recommendations related to the five transactions. I think that is a place that we could add a little more detail.

PARTICIPANT: Could you help us with that?

MS. GOSS: I am struggling because I heard five transactions, which says to me that you are focused on what really has been adopted and is ubiquitous compared to where I thought you were going initially was the eight recommendations, the concepts behind the eight recommendations that we initially put forward to the Secretary in the first letter, in contrast to the full report.

DR. STEAD: Several of those eight recommendations were related to getting consistent end-to-end use of the five transactions that are heavily implemented already. That is what we want to add here.

MS. KLOSS: And footnoted.

MS. GOSS: I will be happy to work with Susan offline to address that.

DR. STEAD: Anything else in Theme One?

Theme Two. Linda.

MS. KLOSS: It is funny how you can see things differently when you keep re-reading. I just wonder if we might lead off the first sentence a little bit differently. When I just read it now, I thought what is the health data discipline. It sounded like a professional discipline. That is not what we mean. We are talking about the discipline that health data stewardship is a discipline. I just think a little different lead off of that. I think it is a really important concept.

DR. COHEN: Practice rather than discipline? Is it the word discipline that bothers you?

MS. KLOSS: When I just read it, it sounded like –

DR. COHEN: Good health data stewardship or something like that.

PARTICIPANT: The practice of sound health data stewardship.

MS. KANAAN: We are using the term health data stewardship itself as a qualitative term. So to modify it implies that it is not in and of itself good. Practice of health data stewardship, which we do go on and define of course.

MR. COUSSOULE: I think you need to say effective health data stewardship. There has to be a positive —

MS. KANAAN: You want to modify it like that. Is that what you are saying, Nick?

MR. COUSSOULE: I wouldn’t necessarily say the practice of health data stewardship. I would say effective health data stewardship. I would just leave it at that.

MS. KLOSS: That is better.

DR. STEAD: Perfect, Nick. Anything else on Theme 2?

MR. LANDEN: The second last sentence there. These principles are designed both to protect the rights and privacy to persons whose data are involved and ensure quality and integrity. I would like to see in there a statement that we explicitly support the appropriate use of data, not just that the data is secure and privacy is maintained and quality and integrity are there, but we actively encourage appropriate use. Just adding something like adding another clause in there.

MS. KANAAN: Perhaps just before the word uses, if you add appropriate, does that work?

MR. LANDEN: No. The point is to encourage the use. Protect rights and privacy is the first thing. After the word involved whose data are involved, to encourage the appropriate use of the data and then continue on, and to ensure the quality and integrity.

DR. MAYS: Can I just comment? I get nervous about appropriate because part of what we keep trying to push also is the innovative use of data. I know what you are saying, but appropriate seems to put some bounds on it.

MS. HINES: Why don’t we just add appropriate and innovative?

DR. MAYS: I do not know if data stewardship is involved in innovation.

MS. HINES: We are not going to wordsmith, but let’s make the points and then see what we can do.

MR. LANDEN: On the clinical side, we talked about making the right data available at the right time at the right place. If we have data that is there and it is all good data, but it is not used, that is not achieving our purpose. It is to expand the use beyond our historical use of the data to take clinical advantage to benefit the patient of the data that is there within the constraints of privacy and security.

DR. RIPPEN: I guess I do not think that there is a conflict between appropriate, which always should be, and innovation.

MS. KANAAN: Are you saying we don’t need that phrase?

DR. STEAD: We have the idea.

MS. KLOSS: Can I take another angle on this idea though? I think that sentence is summarizing principles of fair information practice and stewardship. I think the next paragraph gets at all of the uses. I think my opinion would be not to change that sentence above because the next paragraph gets at the reasons we do this and the attention and all these critical uses. I think we have covered it.

DR. STEAD: The point I have in my list, my tickler list just to see if it is right is that we need to make sure – we are actually trying to encourage – your word is right. Appropriate use. And the next paragraph does not quite get at that. I think we have the concept. Let us take a crack at this. It will come back to you and you can help us wordsmith it. Let’s take a crack at it. I will star that so I know it is not simple.

DR. ROSS: The first sentence of that next paragraph. Openness/sharing. Is that the supposed to mean the same thing? Sharing is what it is about. It does not necessarily mean open or close. Does it? I do not know what we are saying.

DR. STEAD: Are you advocating we can drop the openness slash?

DR. ROSS: Openness. What does that mean?

PARTICIPANT: I like sharing alone better.

MS. KLOSS: Openness is the word that is used in the fair information principles. I do not think you need it here.

MS. KANAAN: Does it work to say, data sharing? It is less awkward. Does it mean the same thing to you between data sharing and individual privacy protection?

DR. STEAD: I think that is fine. Other concepts we need to capture on Theme 2?

MR. COUSSOULE: I just wanted to go back just for a second. I know the report is on administrative simplification. But if we are talking about practicing data stewardship, it is almost to also encourage creative use beyond this. I do not know if we weigh on that in this report. I know we have talked about it in other forums. Because this report is more focused on administrative simplification, which is covered in that paragraph where it talks about the tension. But do we indicate that the sheer volume of data and the availability of data now, we want to almost encourage expanded use. I know that conflicts with the privacy side a little bit. That message really is not in here. I do not know if we want to weigh on that here or not.

DR. STEAD: I thought that was an aspect of – I think we do need to capture that concept.

MR. COUSSOULE: My point is when we talk about appropriate use, which means more of almost a tightening as opposed to what I would look at as more of a pushing.

DR. STEAD: The concept I am taking away is we not only – we need to not only establish trust and – but part of stewardship is actually doing our part to make sure that data is being used where it should be. That is, I think, the concept you are getting at. It fits with the idea of balance. This is one we are not going to nail in this conversation. It is clearly important and it clearly is something that as a group we are going to want to get right.

MS. LOVE: Mine is pretty basic. The natural tension paragraph. I am just wondering if the goals of expanded data access should be moved to the first sentence and then the rest —

MS. HINES: We will look at that, but we are going to try to stay out of micro edits. We are looking at concepts. Does this get to concepts?

MS. KLOSS: My comment is to get this concept of innovative and appropriate use. Might you consider modifying the title of this theme because the theme relates to facilitate secure information exchange? We are talking about more than that.

MS. HINES: Both secure and innovative?

MS. KLOSS: Information use. It is not just the exchange.

MS. HINES: What do you all think? Something to actually broaden the theme.

MS. KLOSS: It is narrow as it is written.

MS. KANAAN: Linda, are you suggesting replacing or adding?

MS. KLOSS: I am suggesting broadening this.

MR. COUSSOULE: It went from being a protector to also being an enabler of —

DR. STEAD: This is really sticky. To facilitate information use. Drop both secure and exchange. That is big. Do people like that? This is not micro. We are dropping secure and replacing exchange with use.

MS. HINES: That is what we just decided.

DR. STEAD: Is everybody good? Vickie?

DR. MAYS: I am kind of in the same ballpark, but I was trying to see whether to put it in a different place. But I think I like that because I think what I am struggling with is that and it is more of what Nick is saying, is to me the appropriate is the bounding of it and instead we are trying to open it up. I think that the change probably is the best that way.

I think a big seller right now is about using data innovatively, not health data outside of health needs even. I think we need to have that in here.

DR. STEAD: Theme 3.

MS. LOVE: Do we need educate? Educate sort of confuses me. Take advantage of technology to support the multiplicity of health data uses and users.

MS. HINES: Education is a big part of what the committee has recommended. It is almost in all of the privacy and other – we have specific examples in here.

MR. LANDEN: I would just like to add the concept of wellness to that list of users and uses in the second sentence.

MS. KANAAN: How would you do that?

MR. LANDEN: Just add the term wellness in that string of commas and ands.

DR. STEAD: Where are you, Rich?

MR. LANDEN: The second sentence. Health information. The data has many users and uses across the realms of personal health management, health care – financing. Add wellness into that string.

MS. KANAAN: Is wellness sufficient? Is that a realm?

MR. LANDEN: It is sufficient. It is a realm —

DR. STEAD: Can I say personal health and wellness management or do you want it to have its own comma?

MR. LANDEN: The preference would be its own comma. The way I am reading this is all this is traditional in the terms of health care delivery and wellness is a concept that is separate in part from health care delivery.

DR. STEAD: I get that. For the purposes of being simple with Congress, would you be interested in replacing personal health management with just the word wellness?

MR. LANDEN: No, I think they are two distinct concepts. I would not delete.

DR. STEAD: You want to keep them both.

MS. GOSS: Is it also maybe part of the public and community health was individual wellness public and community —

MS. HINES: What about public and community health and wellness?

DR. STEAD: The word we have been using in the other report was community health and —

DR. ROSS: So the issue is about individual or the population?


DR. STEAD: Community health and well-being is both.

MS. KANAAN: Does that work?

MR. LANDEN: It works, not perfectly, but it works.

DR. STEAD: Let’s take the note and see if we can land it.

Other suggestions around Theme 3?

DR. MAYS: I want to go to the first paragraph. It says for these reasons, many NCVHS recommendations focus on providing education and optimizing. I think we do several other things that I think it is important to do. We provide guidance.

DR. STEAD: Where are you?

DR. MAYS: The last sentence, the first paragraph under three. I think we talk about guidance. This one I do not know and my colleagues – and standards and the issue of recommendations for standards to do this.

And then in paragraph two, I would also include in as examples since I now know where we are is the healthdata.gov document. I am assuming this stuff is all getting finished around the same time. Providing education. We actually do more. I think the guidance to me is the most important part of this.

MS. KANAAN: Do you have a specific edit, Vickie, to suggest?

DR. MAYS: For these reasons, many NCVHS recommendations focus on providing guidance.

DR. COHEN: How about education, guidance or education and guidance?

DR. MAYS: I was also going to see if we could put in and standards for optimizing interfaces and services to meet the needs of diverse users. I think the standards people should weigh in a little bit more.

MS. GOSS: I think we want to make sure where standards based.

MR. COUSSOULE: I think the guidance is the right one because it is really education and health.

DR. STEAD: I heard Vickie is trying to apply standards to the interfaces and services.

DR. MAYS: I would have to rely on them to know whether that is what they agree that they do that. It is needed.

MS. HINES: We have thumbs up over here.

DR. ROSS: Possibly too picky of a question. The complexity of available data and diversity of formats. Do you mean the complexity of access to the data? Diversity of formats is one issue associated with – talking about data complex. What do we mean by complexity of available data?

MS. HINES: It is probably of the interfaces and accessibility.

DR. STEAD: — the word available. I think – to say the complexity of data. Anything else on Theme 3?

Theme 4. While people are thinking, after – the last paragraph —

DR. RIPPEN: The one thing I think is missing, and again I do not know if this is the last theme is the best place for it. What about mitigating the risks? We are talking about data for everybody. We had this opportunity to use it. We have tools and education. But there is nothing that really provides the balance that I can read in these themes about how is privacy really addressed as more sensitive information is available especially when we start moving into the realm of determinants of health. How can risk be minimized even at the community level because there are some implications as far as providing access to communities that may or may not be focused on health care per se? I do not know really know the best way to add it. I think we tried to with appropriate or mitigating risks in the earlier suggestion by Richard. Just something there that says that there has to be some consideration also for exploring that as a topic.

PARTICIPANT: We have explored –

DR. RIPPEN: Yes, but these are the major themes. I know we have it in the privacy one, but just somehow —

DR. STEAD: I am not yet tracking so bear with me. What I am hearing I would have thought we were trying to address with Theme 2 with stewardship.

DR. RIPPEN: But if you look at the last sentences, what are the goals, who are the potential partners. In there, you could say – how are they addressing these issues? I will think a little bit more about what wording or what question.

DR. STEAD: I get where you are now. What we would love to probably do is somehow have something that ended with a question that links back to stewardship. You can bring that up.

My concern was in the same paragraph. Whether it will make it better or worse, I do not know.

When I read that paragraph, I sort of said is there an “ask” here. I know we are not trying to make recommendations. As I read the pop health report, shortly after I read this, I wondered whether what we are saying is we need to ensure that the federal government is at the table and that it is at the table across sectors. That is clearly in the report. I did not know if we could lift something from that language that we have already worked through, and we have all gotten pretty comfortable that the report is not recommendations. It is themes. The report is contrasted to the letter. And therefore, we might could cure this paragraph by somehow hooking that in. We may could do stewardship in the same way. I think we need to say – right now, it reads apple pie and motherhood to me.

MS. KANAAN: You are talking about the final paragraph directly addressing the role of government.

MR. COUSSOULE: Are you talking about adding something at the end of that paragraph that basically says not only what are the goals, what are the parts, et cetera, but then how do I make sure I am protecting people at the same time?

DR. STEAD: Yes. I think Helga’s point was we need to have the part, which I think would be the stewardship piece. But I think the other thing we need here is –

DR. COHEN: The federal government plays a critical role in these activities because of its experience and expertise.

MS. HINES: I think it is because of the experience and expertise.

DR. COHEN: It is a responsibility.

DR. STEAD: These are two statements from the report and they are not right. At the workshop, the committee clearly heard a well-defined need articulated for – creation of federal interagency and interdepartmental work group. Facilitate coordination within HHS across federal governments with non-governmental bodies in this area. Greater coordination of existing data development is needed both within HHS and across federal agencies. We need to somehow pull some language there that is not a recommendation. It does not tell somebody to create something that does not exist. But in essence, it says that the federal government needs to be actively at the table and working across sectors.

DR. MAYS: I am like Linda. The more you read, the more you see. That is kind of what I was thinking, but it was in the next paragraph with a sentence that ends with – that the health of citizens is affected by much more than medical care. And then it seems we do not really then bring in those other sectors. We do not talk about what some of those other things are. This was like something where it is the pop health stuff here as well.

PARTICIPANT: I cannot find where you are.

DR. MAYS: The paragraph that starts it is not surprising and then start at the line that says more than medical care. What I am saying is that we say health is affected by more than medical care. Before that, most of what we are talking about is health care issues. And then it seems to just drop. I was thinking that some other things particularly from pop health would fit.

DR. STEAD: Come to the bottom of the paragraph right above you, Vickie.

DR. MAYS: Yes, that is good, but then down here, we just end with the medical care. It seems like the examples that we give are not necessarily like the ones that is before. I am not sure whether to move something, but to me it falls flat on medical care. This is where I think the pop work that is intersectoral is important. And the emphasis on the partnerships that are intersectoral like some examples of those other than what we have. Health datapalooza is not that.

DR. STEAD: We have both those points.

MR. LANDEN: Same paragraph that Vickie was on before middle of page 6. We use the term NGO coordinating group. That is the first use of their NGO. Is that an acronym? If so, we should spell it out on first use. I tried Googling NGO Coordinating Group. I did not find any results that were our NGO.

DR. STEAD: Are we done with the four themes?

Let’s move into Section 3 and start with admin simp. Any comments on the overview to admin simp? We are going to end up – I think Lorraine is going to help. We are going to end up with the journey summarized as an appendix, carrying it forward, simplifying it I think from the tenth report. That actually may be what scratches this itch. As I read particularly in the case of operating rule, I wondered if we should say what it does. Something like provides a consistent way to implement standards, code sets and identifiers within a business process. I do not know if there needed to be a sentence. And then that then sort of said to me, if we do that sentence, do we need one for such a sentence for standards, code sets and identifiers.

I love the way this reads. My first thought was maybe we need a sentence about operating rules. And then I said does that mean we need four sentences. At that point, I said I am probably making this too hard, but I will just put it out there.

MS. HINES: I will just say that your average reader who does not know this world would probably appreciate it.

MS. GOSS: We can wordsmith this later, but conceptually are you looking for something as an addition under the one, two, three? Maybe where it says legislation to put what our operating rules behind it like at the end of that.

DR. STEAD: I was thinking of an addition to one in truth, making one longer. I do not know if that is good or bad.

PARTICIPANT: Can you do that or do you footnote it?

DR. STEAD: Or they could maybe be footnotes. That is a good idea.

MS. KANAAN: I would prefer a footnote, I think.

DR. STEAD: That is a good idea.

MS. HINES: For operating rules, standards, code sets and identifiers.

MS. GOSS: It started out being just operating rules. I want to clarify that concept first, that we can say what operating rules are.

DR. STEAD: After you have done that, you can decide would it be useful to do it for others or not.

MS. GOSS: I am too close to it. I would ask others that are not as close.

MS. HINES: I would say yes.

MS. GOSS: We end up having so many different audience types. I will be happy to work with Susan on that.

MS. HINES: I can go do the fresh eye look because I do not do standards. I can go does this make sense.

MS. KANAAN: We do define covered entities later, but we could move it.

MS. GOSS: They are two different things in my view and my concern is is that you could have a footnote that is half a page. We just have to be careful. We will find some or at least point people to something because —

DR. STEAD: I think the most important one to do is operating rules.

MS. KLOSS: I would further consider if you are going to do that as a footnote, that you do it actually on page 1 because that is where we first referenced operating rules.

MS. KANAAN: That is true. We should probably do it – and we can reference them.

MS. GOSS: We want to get some core concepts. We are starting to write a primer. And that is what the appendix is supposed to be.

DR. STEAD: This is why I say, the journey may be the place to secure it.

PARTICIPANT: I drafted that and sent it to Rebecca.

MR. COUSSOULE: I do think if we are assuming the audience is not as tied into this that some of us might be – I think it is really essential to provide some context. The structure of it obviously can be debated, but I think it is essential to provide some amount of high-level context to that.

MS. GOSS: And it may be that we want to provide the context of that appendix if it is not already in the beginning of the document so somebody can get that and reference information. That is maybe where we include that reference and then clarify it here for the operating rules.

MS. HINES: I have my own opinions and we will start to work on it and send out another draft. Everyone formats differently.

DR. STEAD: I think getting the appendix done will help with this a bit also. Anything else on the overview? Themes and findings? Number one. Those of you that are in detail, CAQH sent us a new set of information.

MS. GOSS: CAQH index? It is something they update regularly.

DR. STEAD: There was something that I get sent by email. Was that the new index? Are these numbers —

MS. GOSS: Good point, Bill. They can help update that section.

DR. STEAD: Let’s just update the numbers. I am sure they have gone up. This would then become the 216 instead of the 2014. Anything else on Theme 1?

MS. KANAAN: This says 2016.

DR. STEAD: You say, for example, a 214 CAQH index. It is at the bottom of page 7. You say 214. We may have new numbers.

MS. GOSS: CAQH core is here. They are willing to support us in that effort.

DR. STEAD: Anything else in Theme 1?

Theme 2?

Theme 3?

MS. LOVE: I have a dumb question. Under two on the very last sentence, expanding the definition of HIPAA-covered entities. Do we want to give an example? If I were a congressional staff person –

MS. GOSS: I thought we had an expanded content on that somewhere. Go to number five.

MS. LOVE: I am just trying to pretend I am a staffer.

MS. GOSS: But there is a series of recommendations because that is an important point – you are calling out. We thought it needed more content on its own. This theme was more global and then we get into the – entity as part of number five.

MS. LOVE: So do for example, see five below or something because it just left me hanging as I skimmed it if I were a congressional staffer reading it who probably is the one if they read it.

DR. STEAD: Good point. Just say see five below.

MS. GOSS: I think, Susan, when we go through some stuff, we can look at it because it may actually make sense to even make number five – move it up so it is following it immediately from a flow perspective or something like that.

MS. KLOSS: I have a really dumb question. I hesitate asking it. Did we make recommendations that – didn’t we recommend that property and casualty industry be covered entities? Isn’t that beyond what our recommendations were?

PARTICIPANT: It was a broad scope.

MS. KLOSS: This seems more do it then.

DR. STEAD: Back up. We recommended that – what we recommended was that all – we find a way for all participants in a transaction to need to be brought into the requirement. We said there were two options. One was to expand the definition which we assumed would not happen because that would be legislative. It is a report to Congress. And the other was for HHS to issue –

MS. HINES: OCR actually gave us that comment. That actually came from OCR.

DR. STEAD: Maybe what we want to do is look at whether we can actually pull forward the – in that case, maybe we ought to pull forward the language from the Review Committee.

MS. GOSS: I just double checked it. It is there. And the first letter. It was at least in the draft. The version I have for the letter to the Secretary in February. I am now doing a scan to check the final report.

MS. KLOSS: We address this issue in the 1179 letter, too. We did not go so far as to say financial banks and financial institutions would be covered entities because we understood that some of their work is simply paying a claim. It is a banking function.

MS. HINES: Linda, I am going to read to you because we got this. I am pretty sure that I recall this came straight out of OCR.

MS. GOSS: It is actually a Review Committee report. The Review Committee says under Section A, definition of covered entities, recommendation one. Consistent and broad implementation. Is it times challenged? Various organizations currently not included. But yet they are actively engaged in exchanging. They include employer’s worker’s comp – industry and other health care related organizations.

I think the concept here is that we are trying to say we need to take a look at this as a whole and have a better blanket around who is obligated. I know that OCR had an issue about even if they are not covered entities by extension of the business associate agreements because of the Omnibus expansion rule, they are de facto covered. But that is under a contractual relationship. I think what we were looking at is we should probably make it much more clearer in the covered entity definition.

DR. COHEN: I do not read this paragraph as making a recommendation that they are covered entities. Just that they work closely with the covered entities and we should be aware that they should play by the same rules whether they are covered entities or not. That was the way I read it. I do not see it as a recommendation.

MS. KLOSS: You are right.

DR. STEAD: It is time for us to take our break. Maybe before we come back from the break, we will try to really go back. I need to look back at that. Let’s take our break. We have a 15-minute break, which would be about two after by that clock.


DR. STEAD: Let’s regroup. Susan, did Nick email you what he emailed me?

MS. KANAAN: I believe he did.

DR. STEAD: Is there any way you can bring it up?

MS. KANAAN: I am on a different computer.

DR. STEAD: Do I just read it? I am advocating that we actually include almost all of the language from what we did in the Review Committee. I think this is important enough and this is something Congress could do something about. What we said was HHS should explore the feasibility of requesting that Congress amend the definition of a covered entity to include all entities that perform HIPAA-named transactions. As covered entities, they would then be required to comply with the adopted standards and operating rules. This would include, but not be limited to employers, workman’s comp, property casualty insurance, practice management systems and other vendors of relevant solutions.

Next sub-piece. In the absence of a statutory amendment to the definition of a covered entity, explore other regulatory and nonregulatory mechanisms, including federal procurement and contractual requirements to require that any entity that performs a HIPAA-named transaction specified in blah-blah comply with the standards including code sets, identifiers, and operating rules adopted for these transactions. In particular, that last block needs to be in here and I think really at this level of detail. We hammered this home hard and all agreed to that language.

What we would need to do is take advantage of Susan’s ability to turn what is almost a legal recommendation into text for the report to Congress. Unless people feel differently, I would advocate that we really pull this forward because there are two choices. We are not prescribing which to do. But we are just saying these are ways you could deal with this inconsistency.

Any disagreement with that? This would be a bolstering of number five.

MS. HINES: Do we agree to move number five up?

DR. STEAD: Alix would not give Susan editorial license.

MS. KANAAN: One thing that Linda and I were talking about earlier is that perhaps this then has implications for what you say in number two because the statement currently reads the recommendations include exploring the feasibility of expanding the definition of HIPAA-covered entities. Perhaps you want something a little more nuanced there as well. Expanding or adjusting.

DR. STEAD: What we are really talking about is to require that any entity that performs the HIPAA-named transaction comply with the standards. That is the core idea. There are two ways that can be done. Maybe you pull that core idea out. How you handle the writing is your job. That is the core idea. It is non-prescriptive. That could either be at the end of two or it could be the start of what will now be three. I am not smart enough to handle that. Are people good with that direction? Do we have the idea captured? Rich, you are really looking puzzled. Am I misreading your body language?

MR. LANDEN: No. Conceptually, I am on board with you. I would like to see how the language looks. Aspirationally, directionally, I am there. I would not like to go as far as suggesting that whoever makes a mandate, I think that is a half a step too far. But, yes, directionally, but whether it is a mandate or somehow incentives are provided is a different conversation, but that is in the writing.

DR. STEAD: We are trying to avoid being a specific recommendation so we ought to be able to handle that in the writing. What we want is consistent implementation.

MR. LANDEN: I think conceptually that anybody that does business function that is represented by a name transaction should use the standard.

DR. STEAD: Let’s see how we – we then manage to put that to bed.

We hope down to five. We have missed three and four. Three is the predictability roadmap. Are there any suggestions about that? We talk about it more in Section 4 and we point to it in Section 4.

MR. LANDEN: In the opening paragraph under three, I would like to – the language is a little bit awkward in that it does not really describe what it is that the industry is really concerned about and how we go about remedying that. I think we all understand that, but the target audience may not. I think the language that I would suggest is more around that the current adoption process does not meet industry needs for advanced planning. And that lack of advanced planning then causes the disruption that we describe there. I would like to see if we can rewrite that first whole sentence and focus on the predictability precludes planning. When planning is precluded then anything that is not is disruptive. It costs more than it should. And then institution of priorities gets out of whack because of last minute nature of a regulatory compliance.

DR. STEAD: Are you going to take a cut? I think that is something that we need to give Susan a draft of and maybe you would take a cut at it and loop in your standards colleagues and then flip something to Susan. I think what you are talking about would make it more approachable for people that do not live in this space.

MS. GOSS: I think it is there. It is just too tight. I think what we need to do is break it into smaller concepts and work the reader into – the big buckets.

MR. LANDEN: It is really a context for what the issues actually are today.

DR. STEAD: If you do a quick draft, flip it into those two back and forth and then we will land something over to Susan.

Theme 4. Comments on Theme 4. From my perch, the key sentence there is 2N. This growing need for integration among standards has significant implications for existing and planned administrative simplification. All around the coordination. Do we want to somehow strengthen that we are really talking about coordination of admin clinical payment standards? Of the things ONC commented on, the one that I thought was most important for us to really address was to be really explicit about what we need or what the thinking is around the alignment of clinical and administrative standards. It seems to me this is probably where we do that.

MS. KANAAN: Bill, you are suggesting expanding the point there, elaborating on it?

DR. STEAD: This growing need for integration among standards I believe is understating what we really think. It is not coming out and saying what I hear us planning to do. I think that was also one of the ONC concerns that were within the lens we are using.

MS. GOSS: It is not just a content of the paragraph. It is probably how we have labeled it as a theme.

MS. KLOSS: I think if you added a sentence after the “for example”, describing them – this requires a higher level of clinical and cost claims data integration than contemplated.

MR. LANDEN: I would flag this as well. The wording I was playing with in that first sentence is health care landscape continue to change. Increasing integration is needed among financial administrative and clinical information flows and their supporting standards.

MS. KANAAN: Will you provide that to me, Rich?

MR. LANDEN: Clinical information flows and their supporting standards.

MS. HINES: I got it Susan. What is the next thing, Nick?

MR. COUSSOULE: It says a growing need for integration among standards. It is a little broader than standards.

DR. STEAD: Given the fact that we are trying to limit our recommendations to things we have already recommended since this is the 2016 report and not the 2017 report, how will that alignment take place? Is it as simple as people being partners? I do not think so. I think this is one place where there could be – at the level of a sentence, not a paragraph, there could be more substance of what this alignment might involve.

MS. GOSS: That starts to speculate and that is where I get back to the intent of the report to provide a retrospective of what we have done for the last couple of years versus the larger things. I am trying to think of which part we are in right now. Themes and findings. This is progress and status. If I am hearing you correctly, you are talking more about our aspirations.

DR. STEAD: I will have to go back to my notes. I think we made recommendations.

MS. GOSS: At the high level. You were getting into how it is actually going to happen.

DR. STEAD: At the level of a sentence or so that would not be a recommendation. It would clarify the nature of how it might happen. At this juncture, I do not even know which lake we are in.

PARTICIPANT: The cynical part of me says it needs identifiers, but we do not want to go there.

MS. GOSS: Is there a particular part of this paragraph, Bill, which you were thinking we could add?

DR. STEAD: What is an example of a near term alignment of a clinical standard and an administrative standard?

MS. GOSS: Attachments. We have been talking about this for ten years or longer.

DR. STEAD: Then let’s have the four examples be that.

MS. GOSS: I am feeling like we are going to have another marathon call.

DR. STEAD: Attachments would be a perfect example. It is within what we are all talking about and we have written letters about. This is within scope.

MS. GOSS: What we will do is we will look to add an attachments example that really speaks to the convergence aspect. I think, Nick, to get to your point about the example sentence or this growing need for convergence and integration, I think we can wordsmith those all at the same time. You can add Nick to that list to work with.

MS. LOVE: This is where I am even debating whether I should even utter any comment at all. The sentence one example. There is a trend in health care towards using clinical data to inform system delivery care reform efforts. I am trying to wrap my brain and think of where that is happening on a widespread basis because it is not. That is aspirational.

MS. GOSS: It is aspirational, but you live in APCD land and that is part of what they are talking about. You get the claims data. We need to start to add clinical data to it, but nobody is doing it.

MS. LOVE: But I do not see it happening at the reform effort. In theory, I can portray. I even have graphs that show how it could happen.

DR. COHEN: Is it a potential use rather than a trend?

MS. LOVE: If I am a congressional staffer, I will say so what is the problem. It is happening. They are reforming the health care system with clinical data.

MS. KLOSS: But there are a lot of health systems doing that.

MS. LOVE: Health systems, but not across health systems for health reform.

MS. KLOSS: But it is a trend.

MS. KANAAN: Emerging trend?

MS. LOVE: I just do not want to give the impression that this is happening across enterprises on a macro level for health reform.

DR. STEAD: Let me try something. We have Beyond HIPAA, as a future thing and it is one of our things that is in the next steps block. Should we take this section and make it much more concrete almost around attachments?

MS. GOSS: I think the concept of this section was about the larger need for the information standards and regulatory process, et cetera to be responsive to the changing landscape. We could make it just about attachments.

DR. STEAD: To what degree is that? Attachment is here and now in my way of thinking. We may not have done it, but it is here and now. The larger lens. To what degree is that part of Beyond HIPAA?

MS. KANAAN: I think the attempt here was indeed to point to the next step section. At least to foreshadow it.

DR. STEAD: This is easier because this item is now going to be the last one in this section.

MS. KANAAN: We are switching four and five, right?

DR. STEAD: We are bringing four up.

MS. GOSS: But keep in mind, we are in the themes and findings section. We are talking about broad stuff that we heard that is the need that does then go to Beyond HIPAA and the CIO Roundtable and stuff to get adopted. It is part of the predictability. It is sort of like let me schedule, but also let me innovate flexibility. I think it goes here, but maybe to your point if it is at the end.

MS. HINES: What if we, at the risk of wordsmithing, just say instead of is the trend, say one example of a potential opportunity in health care using clinical data to inform system delivery and care.

MS. LOVE: Or you could say systems are now beginning a trend to use clinical data to inform delivery system, but it is not a cross system.

MS. KANAAN: Does the modifier emerging take care of – modify it a little?

MS. LOVE: I just did not want to give the impression that —

MR. LANDEN: I think it is a little stronger than the emerging. I personally do not have an issue with trend. But I think what the real background is HITECH, which was 2009, and actually set information flow and interoperability as a policy decision. It is more than a trend. It is more than emerging, but we haven’t gotten there yet. And yet the history underneath administrative simplification is the processes and computer capabilities and telecommunications capabilities that were in place in the late ’80s and early ’90s. HITECH has moved us beyond that, but we have not arrived in our destination yet.

DR. STEAD: Does anybody see a path out of this particular walk through the woods?

DR. COHEN: I think Denise could craft a sentence.

MS. LOVE: I think it is just a few words. As I read it, I just flagged that. That is not happening.

DR. STEAD: Can you try to fix that and flip something? If we can in some way then link this to a next step because it will be the end.

MS. KANAAN: Add a reference probably at the end.

DR. STEAD: Then privacy and security. The overview paragraph.

MS. KANAAN: I think I am going to remove the quotation marks from around “covered entities and business associates” because we have already discussed covered entities a couple of times. Agreed?

DR. STEAD: In the very first sentence, I said to replace purpose with goals so that we match the other sections. Everybody good with the overview?

Theme 1.

DR. RIPPEN: I have a comment as it relates to the 75 percent. If you at it, it is implying – they are concerned, but it does not matter because they are going to give you the information anyway. As we all know, there are several health care systems that if you do not sign, you cannot be treated by them. It is not like if they are going to be treated, they have a choice. I think that to allude, which the sentence does, the fact that they are concerned, but they are okay with it may be somewhat misleading. I do not understand the purpose of that. I would just say that if you want to highlight concern, you should highlight the concern, but to imply anything else might not be —

MS. KLOSS: Go back to the survey findings. We were paraphrasing the results of the survey. Let’s just look and make sure we are not overstating what they say. That was ONC survey.

DR. RIPPEN: I understand. It just implied certain things and I do not know why.

MS. KLOSS: There were two findings. One was what is your concern and then will you allow your information to be used. Maybe we just put that.

DR. MAYS: Let me just comment on the same thing because there are – and I pulled them up because I remember seeing them when I was working on healthdata.gov. There were two other surveys that are actually talking about the same thing. They actually said that people’s concern is such that they do not go to the website and all this other stuff. I am not sure. Pew has one and then – let me see who this other one was.

MS. HINES: When you say they do not go to the website, what are you referring?

DR. MAYS: They are so concerned about their data privacy that – you know how you sign up and you get all your health information and there are some people that they will not go do things because they feel like every click, everything is being monitored. I can give you the two surveys to look at.

MS. KLOSS: I think we were trying to use an ONC survey. I do not know. There are a lot of surveys on consumer attitudes.

DR. MAYS: A lot of people know about the Pew one. If we go to your point, I think it really is – even if we take the 75 percent, it is after that what do we do. In these surveys, they give you an idea of – when people have a concern, here are the behaviors. I will just send you the link and then you can use it.

DR. STEAD: We have already talked a little about stewardship, but that was a cross cutting theme. A consumer engagement and trust can be advanced through greater access to information so certainly engagement. Trust takes more than access. We do need to think that one through a bit even at the level of how we have worded the theme. The 2016. That all is about access. The two sentences are not connected and the top is not. We have picked up something.

Then move on to two.

PARTICIPANT: What did we conclude – and there is engagement and there is a separate issue of –

MS. KANAAN: Do you want to just remove trust?

DR. STEAD: No, we are going to need to deal with the two explicitly.

MS. KLOSS: Stewardship, engagement through access and stewardship to develop trust. I will rewrite that.

DR. MAYS: Can I just ask a question here as well? Are we going to say anything about cyber security? We have not done it, but should we –

DR. STEAD: We talk about that in Beyond HIPAA.

DR. MAYS: I was thinking about it as linking it to stewardship. That is what part of this was.

DR. STEAD: We are trying to keep this with what we have done. Section 3 is what we have done. Section 4 is next steps. We are just trying to parse it that way.

Theme 2. This was another place where I thought at the end of that paragraph we might add a sentence that provided a little bit of detail about the recommendations just to make the example clearer. Anything else on Theme 2?

Theme 3.

Theme 4. While people are thinking, when I read the paragraph under Theme 4, in essence what came across to me is we are doing good things. It did not somehow pick up the conversations we have had and some of the questions I think OCR has asked us around the sum of what we are seeing in the breaches show a mismatch between the rate and pace at which the industry is learning how to implement these practices and the rate and pace at which the threats are increasing. It seemed to me we need to capture this. We need to capture that because that is something we have all said we have to figure out how to deal with. I do not think we know how to deal with it. We do not need to get in there, but I think we ought to – we have clearly identified the issue.

PARTICIPANT: Why not open the paragraph with that –

MS. HINES: It is a great sentence. A mismatch between the rate and pace industry is learning how to implement the security practices or whatever they are, not keeping up with the rate and pace that the threats are increasing.

MS. KLOSS: Or add it as the third sentence after we have referenced cyber risks, ransom, and the continuing breaches.

PARTICIPANT: It is broader than just the –

MS. KLOSS: They are not keeping pace.

DR. STEAD: Somehow we are going to have to say we need to do more without saying what more is.

Let’s roll into pop health.

MS. GOSS: On this, I feel like we need to be very careful in how we craft this language because the market is – people are trying. They really are. Things are happening. I really do not want to make it that people aren’t keeping pace because they are running hard and fast.

MS. KLOSS: Some aren’t.

MS. GOSS: Some aren’t. That is fair. There is a large universe out there. We always have the front runners and we have the – I think we need to balance the language.

DR. STEAD: Maybe what we do is – some of the basic things we have noted and discussed that we are seeing a pattern of both large and small organizations that are not yet doing security assessments. Some of those are pretty concrete examples.

DR. MAYS: One of the things that often came up in the hearing and this is kind of getting to Alix’s point is the issue of education and how much that was not there. I feel like that is what is missing. It is kind of like we are saying there are some bad people, but we also need – OCR has been good at trying to push education out. But we need the industry. We need others to also engage in this education process. I thought that was something that we were pushing. I think it would help to give balance in this area if we talked about the need for more education. I thought at one point – it was either continuing education or standards or something about people keeping up with the changes and the time and having to be knowledgeable.

MS. KLOSS: I think what we have said is it is a whole range of approaches because there is a lot of education out there. You are taking advantage of it.

DR. STEAD: But all we can do at this time is I think maybe do a little better at summarizing the pattern of what we have seen because my guess is we really need to come back and maybe have a hearing around security, around what is the state in the industry of security risk assessment.

MS. KLOSS: I think perhaps the other thing I was thinking we need to look at is reference the ONC cyber security work that came out. I think it was in 2016. I think we should —

DR. STEAD: Will you take a cut at this?

Pop health.

MS. HINES: Bob sent us some comments.

DR. STEAD: We have about six minutes. I am just trying to handle it. We have about six minutes before – Jon White is going to call in. We will need to stop and deal with that. We may be able to capture some time in the morning if we need more. I think we have answered my question that we are not going to get this to action before the end of the meeting. That is okay since our official plan was to get to action by April. Let’s just go on and start and continue to work through this, knowing that we will have to stop and we will pick it up.

Do you want to comment, Bob?

DR. PHILLIPS: Section 2 at the very end and I sent this to everyone in the last word graph I had – it calls out the federal government with its expertise and data collection initiatives. I wanted to add a couple of initiatives there that are CDC’s specifically. Social vulnerability index and the 500 Cities Project I thought were both important initiatives that reflect the kind of data we need for the framework. I had suggested that those get inserted.

My next comments were under Section 4.

DR. COHEN: I guess the question is do we want to add more specific examples anywhere in this section. I can think of lots of them if people feel that that would be helpful.

MS. HINES: I think it would because for people who do not live in this space – just as I do not live in standards, standards people do not live in this.

DR. PHILLIPS: Bruce, my goal here was to name items that actually are linked to the agencies there. We are probably looking to help solve this problem.

DR. COHEN: I can develop some specific examples related to data systems like using mortality to identify opioid deaths or black infant mortality or clusters of suicide, using sentinel ED systems to identify emerging respiratory disease clusters, using the BRFSS, NHANES and HIS to track increases in obesity and adult onset diabetes. Using the YRBS to look at increases in substance abuse among teens. States are developing prescription monitoring systems to look at fentanyl-related opioid deaths. I could go on forever. I am not exactly sure where to insert them, but I can send them if you have an idea of where they might fit. I will just develop some of these kinds of examples.

MS. HINES: Let’s look at what Bob emailed around and we can blend it together.

DR. COHEN: I will try to use some specific federal data sources, but I think also some state and local data sources. I think at the state and local level, linking mortality data with medical examiner data to see that it is fentanyl that is driving the emerging opioid crisis or prescription monitoring, which is not happening at the federal level, but really is helping states in addition to the national systems that are identifying broader trends that can be useful at community levels. I will put together something on that.

MS. HINES: I think a number of people are going to need time to send these line edits that we have been talking about. I would say, Susan, when you feel like you have a sense for that, let us know that date and then we will get all this to you and then we will send out another draft to the whole committee for another round.

DR. STEAD: I think we would like the line edits. I am thinking of the line edits as being developed while we are here and while we are going home and – to Susan so that she can assemble what we have plus them into a clean draft that can come out to us and we can all make a wordsmithing set of pieces of input and get another clean draft that we would have probably for an executive call for the Full Committee.

MS. HINES: The next Executive Subcommittee call is March 29. We have a month.

MS. KANAAN: Presumably, we will be well ahead of that.

DR. STEAD: I think it would be nice to have the second draft just in advance of that call.

MS. GOSS: Susan, will you send out your working document because I do not have the detailed notes like you do? I do not know what my assignments are.

PARTICIPANT: I have been taking notes.

MS. GOSS: I just meant – mark it up and send it out so I know what my assignments are so I know what to collaborate with her on.

MS. KANAAN: I have been able to insert at least a note of just about everything we have talked about. We can use that as the master. I think if I had your line edits maybe by the end of next week or a little sooner than I can integrate them. Is that soon enough from your point of view?

DR. STEAD: I think at the level of editing we are talking about, it will be done better if people go on and do it either while we are here or while they are going home. I would say mid next week at the latest; otherwise, we will get lost.

MS. LOVE: Just back to number one. Right in the middle it says lack the specific knowledge. I will send Susan something if I could. I do not think it is knowledge – I know what you are saying, but it sounds like the local groups – they do not lack the specific knowledge – as the information.

MS. HINES: You are right. Knowledge would be derived from having access, but you would have to know that.

MS. LOVE: Or understanding. But still they lack the needed data or information.

MS. KANAAN: Can we just replace knowledge with information –

PARTICIPANT: Isn’t information specific to their locale?

MS. LOVE: We get into a lot of minutia here. They just do not have the granular information to gain the knowledge. I think it is data to be honest.

DR. COHEN: It is lack of access to specific data.

MS. LOVE: It is data because data then goes to information goes to understanding and all that. There is just no data under a lot of these neighborhoods.

MS. HINES: We did not use the words sub-county. We referred to local, but maybe we should use the term.

MS. LOVE: Well, to be honest, just instead of lack the specific knowledge is they lack the specific data.

MS. KANAAN: Because then you go onto say ver precisely, data about what.

MS. HINES: Do you want to say granular data?

DR. MAYS: I have the same problem with the title and using the word better data. I do not want to cast aspersion of the data. It is not even just access. It is almost like relevant, meaningful, and useful. I am on the title. States and communities need better data. I am trying to say – it just keeps bothering me when we say better because the quality of the data is fine.

DR. STEAD: Process point, let me just pause and see if Jon dialed in because I heard a beep. Jon White, are you on the phone? Let’s pause this conversation.


DR. COHEN: Can we just finish off this point? This might be the last one in this section.

DR. MAYS: I said meaningful, relevant, granular, and useful. Any of those words.

MS. HINES: I think granular is the point. We have all kinds of data, but it is not granular enough. That is the whole problem. We have all these wonderful national estimates.

DR. STEAD: Granular is not a term to report to Congress. Let’s not try to nail this in a large group. We know we have a challenge. Let’s see if we can change topics to talk with Jon White who is now our national coordinator.

MR. WHITE: This is Jon. I am back. I do not know if you guys can hear that busy tone, but that was loud in my ears.

DR. STEAD: Welcome. We appreciate you breaking out of the world at HIMSS to share your thinking with us.

Agenda Item: Office of the National Coordinator (ONC) Update

MR. WHITE: I am incredibly grateful to let me discuss how things are going. Thank you so much. Hello everybody. I know many of you. Greetings to my colleagues. For those of you who I do not know, I am Jon White. I am currently the acting National Coordinator for Health IT. My day job is that I am the Deputy National Coordinator for Health IT, previous to the last two years when I have been at ONC. I was at the Agency for Healthcare Research and Quality for 11 years. I got to work with a lot of folks including our colleagues at NCVHS. Long time history stemming back to the ePrescribing standards. Thank you very much for having me here.

This slide should say agenda. Basically, I am going to talk to you a little bit about ONC’s interoperability and precision medicine initiative efforts as well as spend a little bit of time talking about the 21st Century Cures Act, which is as they say a big deal for us. And hopefully, I am going to leave plenty of time for questions and answers or for you to dismiss me and go on with your regular conversation.

This slide should say the big picture: the federal health IT strategic plan. Just to step back, I am sure most of you probably know. ONC is one of the staff divisions of Health and Human Services. Everybody is familiar with operating divisions, things like the FDA and NIH, CMS. Staff divisions are divisions that report directly to the secretary and are included in the Office of the Secretary. This is – evaluation – colleagues – is one example. ONC is another –

We were originally created in 2004 by an executive order under President George W. Bush. We were an authorized statute in 2009 by the HITECH Act. We spent the past several years working hard both with our regulatory authority to regulate health IT as well as our goal as coordinator, coordinating health IT activities, not just across the department, but across the entire executive branch as well as the private sector.

One of the things that helps guide us that I have up here on the slide and I do not want you to read all the tiny words is the federal health IT strategic plan. It is a strategic document that is not particularly long by federal standards. It is about 30 pages. It is really there to indicate to you that we have established a mission and a vision. The one that I have up here is I think the third iteration – health IT strategic plan. We have to update every five years. I anticipate we will probably want to – although we put our most recent update out two years ago, we may want to update it sooner than that. We will have to see.

Again, this is a slide with some pretty pictures and a lot of words. Don’t focus too much on the words. This should be the shared nationwide interoperability roadmap. Something that is a real priority for us. I will talk about our priorities for the coming year when I get to 21st Century Cures.

Something that is a real priority for us is proving the interoperability of our health information systems. By interoperability, when I talk about that, I mean the exchange and use of health information between information systems. There are two components to that. They have to be able to send it – and exchange it. They have to be able to use it. It should not require special effort on the part of the user as well.

Interoperability is complex. There are a lot of layers to that particular onion. The roadmap that we have here is a fairly lengthy dive in interoperability, and what we think we need to do to be able to improve it. The big thing I want you to take away from this is that there are things that drive interoperability for – interoperability and those are things like incentives, regulations and things like that.

The middle talks about some of the things you have to do to get to better interoperability and those include both policy and technical components. Finally, you do not do interoperability just to say – interoperability. You do it to get better outcomes so people live longer and suffer less. That is the main – that is how the roadmap is actually structured. Again, I will encourage you if you want to take a deeper dive into that at some point if you want to know more about interoperability and what ONC has been doing to improve it.

I will share with you overarching goals, recognizing that this is not likely all to happen at once. We have staked out – we have the roadmap out in 2016. We staked out dates. We thought by the end of 2017 by this year that the health care system ought to be able to send, receive, find, and use priority data domains and use those to improve health care quality and outcomes. Reporting on the ground for HIMSS, I can tell you there is some amazing technology and technology development is happening out there. I am pleased to be able to say that some of it is based on stuff that we have been working on at ONC in terms of standards and maybe some public/private challenges related to technology development. But a lot of it is happening in the private sector and a lot of it is being done by the fine folks who have to implement this technology and using their health care delivery. Bill knows all about that actually.

We also think that as we go further along, I will not bore you with specific dates and specific details, but ultimately what you are not trying to get at is a screen on every doctor’s desktop. What you are trying to get at is a learning health system. This health system that not only delivers great care, but improves as you go along. We are using our information systems to do that. That is what we are aiming for.

This one should be labeled interoperability standards advisory. ONC has – I like to describe it as a hard super power and soft super power. A hard super power is our regulatory authority. ONC regulates certification of health IT that is used in many federal programs as well as programs in the private sector. Federal programs of course you are all likely familiar with the EHR incentive program affectionately known as the meaningful use program. What you may or may not be familiar with is that certified health IT use is also baked into MACRA. In order to replace – rate for Medicare physicians – MACRA – forgive me for not remembering the acronym, but the A is an Act. I do not want to call it the MACRA Act because that would be the MACRA Act Act. It is baked into that both for the – incentive payment system as well as alternative payment models – certified health IT is required for this. That is the hard super power that ONC has.

The soft super power that we have is our coordination role. We are very fond of our federal colleagues. I work with an amazing cohort of folks, not just all the different parts of HHS, but you would be amazed that we interact with the Federal Trade Commission and with NASA and with the Justice Department. It is really astonishing to me how many really good people work with us in the administration.

One of the other soft powers that we have is the power to provide non-regulatory guidance and particular around things like standards. A couple of years ago, our Standards Committee – it was an advisory committee like NCVHS made a very good recommendation to us – you do not have to bake all this stuff into your regulation especially standards, which change with some frequency.

Why don’t you on an annual basis provide nonregulatory guidance about what is the best standards that we ought to be using. We have done exactly that. We have iterated on it for a couple of years. It is called the Interoperability Standards Advisory. I will not read to you what it is up here. But I will say it is online and you ought to look at it. Healthit.gov/isa. That is something that has gotten better over time. I am very pleased to say.

Patient matching efforts. I understand you all may be interested in this. This is something we are keenly interested in as well. Of course, you all know for a long period of time, that we could not do a whole lot in this area because of some appropriations, restrictions that we had from Congress. Recently, that has loosened up a bit.

I can tell you that our primary focus area at ONC on patient matching efforts include technical, policy and workflow. On the technical side, we work on things like harmonization of interfaces, alignment of health data from different sources, common algorithm test data sets, optimization of reconciliation tools. We have had a really interesting dialogue recently with the US Postal Service, and working with them in some of the resources they have at their disposal, using address validation for patient lookup.

On the policy side, of course, EHRs get tested and certified for operability from data entry to exchange. We have made recent revisions to our certification rules that improve EHR and health information exchange algorithm transparency. You can find a lot more information about how they are doing, what they are doing on our CHPL, Certified Health IT Product List.

In our programmatic role, we have had a strong focus on safety, patient safety as well as the safety of health IT. We have been partnering with colleagues at CHIME, College of Healthcare Information Management Executives. They have had a very robust effort trying to drive towards a national patient identifier. We have been paying very close attention to that. And of course, our minimum dataset that we require in our regulation is part of this.

In terms of workflow, we have significant programs doing outreach to providers. We provide staff training, workflow optimization, and patient demographic data quality, training education that can help with patient –

This one should say empowering individuals through interoperable medication lists. I told you up top that I am the acting National Coordinator. I am not a political appointee. I am a career guy. Our previous National Coordinator, Vindell Washington, became the National Coordinator over the summer last year. He recognized that he was going to be a limited period of time to be coordinator. He said what should we do. We said whatever you do, pick something, focus on it, and work hard on it and pick something that is going to make a difference. Medication lists are a big deal. He is an emergency room physician. He recognized that in terms of the data you can get that makes a difference, the medication list is a big deal.

Now that a lot of our health information is digital in this nation, we should be able to pull from the different sources of truth about what they are taking, what they have been prescribed, what they have picked up from the pharmacy and pull that together in one place, not just for people. It could be on top of the meds they are taking, but also for the folks that are providing care for them, working with them and their family or people who are directly providing clinical care to them.

ONC works with stakeholders to identify initiatives already underway – we have been accelerating consumer access to interoperable medical lists with data from multiple sources. We had a great demonstration at the end of the year, showing on a – basis from some of the major health IT developers out there that they can pull from their disparate data systems into a fire-enabled app to display what people have been prescribed. We are working on also getting pharmacy data into that as well as pharmacy payer data. There is a lot of couple of different sources of truth on people’s medicines.

With a transition in administration, we had the opportunity to say we will declare success and move on. I actually – privately was approached by – whose name you recognize out there in the private sector who had been involved with it and said are you going to continue doing that. I said do you want me to continue doing it. They said yes. The – that these provides and developers were getting out of it was us not regulating to them, but convening them and letting them work together with a virtuous goal in mind. They felt like they were making real progress. We are going to keep moving with that. We think that it is good.

Another thing that has been happening at ONC is data sharing challenges and funding opportunities. One of the things we have been increasingly able to use to move things along and make sure that people in this country have access to information and the best care they possibly can has been challenging – I have a whole system up there – Move Health Data Forward Challenge. Two FHIR-based app challenges. Our HIP awards. Our SEA awards. I am not going to get too deep into these. ADT notification services.

But the bottom line is that there is a lot of really interesting, intriguing ways we can use the infrastructure that we have now and encourage people to move data and to do it for purposes that people care about. My patient was admitted to the hospital. My patient has been discharged to the hospital. I can get my son’s information or I can get my wife’s information or I can get my parents’ information or I can get my information. Again, without digging too deep into it. The data sharing challenge has been good for us. We have made a lot of progress and it has been a great way for us to engage with the developer community.

I have been very heavily involved over the past two years with the Precision Medicine Initiative – research program. Bill’s colleagues at Vanderbilt have also been absolute national leaders in precision medicine. I have been really grateful to be able to work with them through time.

What has been neat about it was – I do not know how much you know about precision medicine. It is the idea that – genesis in the brain of Francis Collins who after he had finished sequencing the human genome said what next and came up with the nucleus of this idea really back in 2004 – launched as an administration initiative in 2015 and really culminated with the significant part of the 21st Cures Act, which passed – strongly by partisan basis by Congress – funding for the next ten years for this initiative.

It started out with saying we need to get a million-people’s genomic information. We need to be able to do analysis across that. Very quickly the conversation expanded to include people’s health care data, which you get from certified health IT now and other types of data including – lifestyle or environmental exposures from mobile technology or other data sources, social determinants of health. Again, something that I know Bill cares tremendously about and I do to. All that information is really relevant to understanding people’s health and how that interacts with lots of other things including their genomic information. The thing I want to leave you with is this. Health IT is foundational to precision medicine and that we have been deeply engaged with it.

We play a very specific role in it. In addition to being friends of PMI, I have the pleasure on serving on the advisory board as an ex officio fed for the – research program. ONC’s role is to do these three things. I will read these to you. Accelerate innovative collaboration around pilots and testing of standards that support health IT interoperability for research. Adopt policies and standards to support privacy and security of cohort participant data. And advance standards that support a participant-driven approach to patient data contribution.

We have launched several very specific pilots. There is the Sync for Science pilot. It has been a great developed led by Josh Mandel, formerly at Harvard, now at Verily. And a number of our certified health IT developers out there who voluntarily have been working on Sync for Science and using a fire-based approach to pull data appropriately from – and send it to the data for the precision medicine initiative.

Privacy and security is a big deal for this data, as you might very well imagine – we have a companion Sync for Science privacy and security effort that takes a look at the privacy and security measures that are being associated with exchanging this information.

I will actually jump down past Sync for Genes for a second. We just published a precision medicine security implementation guide. It is based on principles that the administration put out last year. It is in collaboration with NIST. One of our computer scientists at ONC who had security experience in the private sector with certified health IT put together a really great implementation guide. If you are interested, I really encourage you to go to healthit.gov/pmiguide and take a look at that.

Finally, jumping up, we started with a defined core set of data that we said we are going to make work to exchange with Sync for Science, recognizing that there are other data types that you were eventually going to need to be able to get to. We are very pleased that we have started Sync for Genes pilot. It is the next wave of how we are doing this. It is also fire based. Gil Alterovitz from Harvard is leading the charge for us, but working very closely with a number of folks from Intermountain, from Vanderbilt and the FDA. There are other companies – private sector whose names I cannot say to you now. But if you care about the – yes, I know them that are going to be participating in these pilots. We are really excited to see that move forward. There is a website for that as well.

Am I doing okay with time?

DR. STEAD: We have about 20 minutes, but we would like to have some of that for Q&A if we can.

MR. WHITE: Here is what we will do. I think most of the rest of my slides are 21st Century Cures. I am going to leave them up there. At some point, you should leaf through the slides. If you want me to talk about any of them specifically. 21st Century Cures. Let me give you some background and then give you the salient points about it.

21st Century Cures encompasses a lot of different things. There are significant provisions for NIH and how it does its research. I mentioned that the precision medicine initiative is supported now – basis by this law. There are significant changes to the FDA and their approval process. There are actually a lot of other things that are going on there.

It is for us and there is a big proportion that is on health IT that I will talk about in a second. It is the culmination of really a year and a half to two years of pretty frank, robust dialogue with our colleagues on the Hill and a lot of private sector stakeholders. Bill will probably remember. In 2015, when we came down to Vanderbilt for one of the precision medicine workshops, Senator Alexander was there. We took a side trip to a conference room there at Vanderbilt and talked with some of the health IT executive leadership there about what was going well and what was not. The health committee had several hearings about health IT that were quite good. Actually, you may have noticed, but Vindell Washington who was our National Coordinator actually testified at those hearings in his private sector role previous to this – Louisiana. That was one of the ways that we got Vindell.

At the end of the day, like I said, a lot of good discussion both with the legislative staff as well as private stakeholders culminated in this law passed very strongly by partisan basis. It builds upon and amends the Public Health Service Act, the HITECH Act, the Social Security Act, and a bunch of other existing laws.

We will talk a bit about the health IT components. The provisions and Title IV of the act and there is a bunch of different sections. I am not going to read them to you verbatim. The provisions cover a number of areas. They are meant to advance interoperability and trusted exchange of electronic health information. They prohibit information blocking and other harmful business practices. They expand the availability and use of certified health IT and enhance transparency and the usability, accessibility, and privacy and security of heath IT.

There is also a top-line provision there that says the secretary shall assist doctors and hospitals, improving the quality of care for patients by reducing the burden of documentation and the burden of use of health IT – without sacrificing the quality gains that they get from using those. That is the big picture.

Here is what I will say. Implementation of 21st Century Cures and its provisions is a top priority for us at ONC for this coming year. It is also a top priority for the new administration. Believe me. I am not looking to surprise anybody. I had a pretty robust discussion about this over the past month with our new political leadership. They are on the same page. It is a top priority for them as well.

There are some provisions in this title that say ONC shall. Those of you who do law know that those are things that are very specifically – that is given to that particular agency.

There are a lot of things that say the secretary shall. Some of those things appear to be – some of those things are things that we share with other agencies like CMS, with the Office of Civil Rights, with the FDA, with NIH.

The other factor that is playing into how we are going about implementing this right now is that currently we are under a continuing resolution. 21st Century Cures authorizes many things and that is what this is. There is another branch of law, which is appropriations law. Basically, when you are on a continuing resolution, one of the stipulations with it is that you can work on things for which you had authority in the previous year when the budget was passed, which is continuing. That is the continuing resolution part of it.

But new authorities that you may have gained since that budget passed for which funds are not yet appropriated, you cannot work on. The bottom line for that is we are working very closely with our general counsel to delineate what we can work on now and what we have to wait for a new appropriation to pass because you can work on those.

We definitely know we have authority to undergo an orderly and timely transition to our new advisory committee, the HITECH. Currently, we have two advisory committees and we are going to have one. That is something we are working on.

We have authority to convene stakeholders to develop a trust agreement framework so that on a national basis, we have a policy framework under which people agree to trust each other and share health information. We are working on some of the other provisions as well as coordinating with our colleague across the department. That is part of the normal process of working through implementation of any of these laws. You have to do that as you go along. We are working like little beavers. There is not a huge amount to announce right now to you, but you should know that that is something that we are working pretty intensely on.

Like I said, I am not going to read all the specific provisions, but if you want to ask me questions about them.

I really appreciate your attention. Again, thank you for letting me call in to do this. It is not always easy to listen to these things over the phone. It is a lot easier when you are eyeball to eyeball. But I appreciate your attention and I will entertain any questions or discussion you would like.

DR. STEAD: Thank you very much, Jon. That is awesome. And the first tent that is up is Bob Phillips. Bob, lead off.

DR. PHILLIPS: Thank you. Jon, thanks so much for making the time to do this today. I serve on an advisory committee for the evidence now practice transformation experiment under AHRQ for their evaluator. I am also a grantee under TCPI. I would suggest talking to the evaluators of both of those programs and the data managers to see if you can gain some insight into which of your certified EHRs might be in violation of the 21st Century Cures Act. They are a handful. They might give you some very specific information.

As a grantee, I do not face a problem with these so I am not conflicted here. But I do see the discussions about those.

MR. WHITE: So noted. I am going to make sure that my folks get back to the TCPI folks. Are you talking about the folks at CMS or the specific grantees?

DR. PHILLIPS: Either one.

MR. WHITE: I appreciate you bringing that up and I will make sure that the right connections get made. Thanks Bob.

MS. GOSS: Hi Jon. It is Alix. Thanks for dialing in today. I am curious to hear your thoughts on how NCVHS can play in support the 21st Century Cure Act work that you are leading especially from a federal advisory committee perspective.

MR. WHITE: Thank you. I will go back to what I said at the top, which is that I have been privileged to have a longstanding experience working with NCVHS. A lot of treasured colleagues have been on the committee, including some of you who are there now. I am not going to embarrass any of you by naming you. You all have deep expertise in a lot of this stuff that we are talking about.

I think what I am looking forward to is, A, continuing a robust dialogue about what we are doing, but coordination, I think, between our current policy committees and our new ones. We are in that kind of transitional period, but also with you all.

I know that you all have been working on your report to Congress coming up. I thank you for the opportunity to provide comments on that. I hope you felt like we provided salient feedback to you.

I think that as we get down into here is who doing what and as we develop plans that we will certainly look forward to not just working with our colleagues at ASPE and the other agencies that participate in NCVHS but you all as well. I am hoping that we can come back to you in the near future and say we are working on these certification criteria or we are working on information block, something that might be shared between us and the inspector general and OCR and be able to bring those back to you for advice. We will try not to ask both you and the other advisory committee the same questions, but I am looking to you as a resource for advice. I have to be very careful about how I use that word because of FACA.

MS. GOSS: Let me pivot the conversation a little bit, Jon. As you know, we are working on predictability and roadmap and trying to look at the larger landscape and how the development, the adoption, implementation, evaluation of the HIPAA standards can be rolled out more effectively. We see you as a fellow partner in that dialogue that we will be pursuing over the next six months. But I think that there are a lot of similarities between the HIPAA and the HITECH world. We have to be thinking about advancing interoperability within both the frameworks. I am eager for that collaboration.

MR. WHITE: Agree completely. I guess I will just add one other – to the conversation. We have a chief privacy officer. Lucia, I know in the past has come and spent serious time with you all, which – very good reasons.

It is not unintentional that I asked Deven McGraw to be our Acting Chief Privacy Officer until we get new political appointees. You all know Deven, Deputy Director at OCR. He continues to be the Deputy Director at OCR – graciously sharing Deven with us because she is such a nexus of those things.

We also recognize that this is all shared responsibility. I am not particularly protective of my cabbage patch. I just want to make sure that we have all the right people at the table, which includes you all.

MS. KLOSS: Hi Jon. Linda Kloss. I was actually going to ask the question about the chief privacy officer position and when you might expect that appointment would be made. What a great plan in this interim to ensure close coordination – brilliant move.

One question. Could you elaborate just a little bit on the development of this trust document that you were describing and how that work is getting done and whether you have some kind of timeline? I would think it might be relevant to some of the work of our committee. As we look forward, we are going to tackle this question of Beyond HIPAA. That seems like highly relevant work.

MR. WHITE: I am going to – for just a bit while my computer is waking up because I want to be able to pull up that particular provision and read it to you. For a while at ONC, we have been talking about governance and governments of information exchange and interoperability. Like I said, there are a lot of layers to the onion. Some of these are organization to organization. Some of these are community-wide expectations. Some of these are state-wide expectations. Some of these are national expectations.

I guess what I am getting at here is that there is a lot of stuff beyond technical. We had been taking the opportunity to – when Congress is like why the heck don’t these things talk to one another like they should. The short answer is it is complex. The longer answer is you have to be able to have a process where people can come together. This is recognized for a while. This is not new under the sun.

One of the provisions that – I think it is Section 4005 Cures – my computer is not working as fast as it should here. Basically, there is a provision that asks ONC in six months after passage of the Act to convene stakeholders to discuss a trust agreement framework. You can take that to mean a lot of different things. I do not want to inappropriately commit myself exactly what that means without my lawyers here. But then in the year or two after that basically come down to a finalization and promulgation and the federal government saying this is the framework we expect everybody to adhere to. You can trust one another when you are exchanging information. It starts with convening folks and then there is some policy work that happens after that. If I say more than that, I will probably go out of my —

MS. KLOSS: But it is fast tracking.

MR. WHITE: Yes. What I will tell you is that because of the delays associated both with the continuing resolution issue that I raised to you as well as – honestly, just catching folks in a transition — it turns out that HHS – there is a lot of stuff that they need to learn. We are catching them up on stuff. We may wind up being a little bit behind on convening folks – prepared for that. It is not for lack of intent or will or anything like that. It is more just – sometimes it is hard to get this stuff – it is relatively fast tracked.

MR. LANDEN: Hi Jon. It is Rich Landen. It feels a little strange. Twenty-four hours ago, I was in Orlando, face to face in a room with you, and now here I am 800 miles away using some standards-based interoperability technology called a telephone and we continue our conversation.

First off, I want to call out some kudos because in your slides, you used the term their learning health system. I have not heard that concept talked about much in the last few years. I am very happy to hear that it is alive and well if not exactly thriving because that is certainly a goal that in many forums we have been in over the years is one of the objectives for the culture of the country and in my own interest personally, in a culture of safety around health information technology.

A question for you though. I am concerned with the policies and the rules that have been promulgated that are pushing for the ubiquitous interoperability before we really have a solution to the patient identity matching. The question is under Cures and what you were talking about, what ONC can and cannot do under the continuing resolution is that patient matching system equation something you are able to work on currently, or is that have to wait until we get a new budget approved.

MR. WHITE: That is a good question. My understanding is that we can work on it. I will qualify this, Rich, by saying I do not want to speak specifically about Cures because like I said, it is an ongoing discussion at this point both with our general counsel, who helps us interpret appropriation law. I forgot everything I learned in my appropriations law class – but also with political leadership in trying to figure out – a lot of this says, the Secretary shall.

Backing up at the bigger level and looking at patient matching, previously under the Paul rider(?) that was associated with the appropriations bill a long time, really the interpretation was that we really should not even be talking about patient matching inasmuch as – although I tried to deliver value for each word, every word that I speak is supported by public funds.

So we are allowed to talk about it. We are allowed to think about it, and even work on some solutions. We are not allowed to implement anything or finalizing anything without coming back to Congress and talking about it first. I do feel like we have latitude to be able to do that.

I will say that I share some of your angst. I do not know if I share all of it. What I will say is this is a big shift. There are a lot of different parts of it. Some parts of it are necessarily going to use before other parts do. I will completely agree with you that patient – is really important. I think it is fundamental to getting interoperability right. I am happy to be pointing at the private sector. I think there is great stuff going on there in general. I am delighted to be able to do trust and verify a lot of what is going on. It is something that we think is important that we are going to work into our efforts.

DR. STEAD: Thank you, Jon. We really appreciate the time and we have reached the witching hour. We will turn you free to go back to HIMSS.

MR. WHITE: Thank you so much. Take care. And I look forward to seeing you in person the next time.

DR. STEAD: Team, I think we have reached the appointed hour for a lunch break. We should be back together in an hour.

(Luncheon recess.)

Afternoon Session

Agenda Item: Action – Letter: Recommendations on De-Identification of Protected Health Information under HIPAA

DR. STEAD: Colleagues, thank you for reassembling so promptly so that we can continue to move into de-identification.

Okay, Linda, do you want to take over?

MS. KLOSS: Yes, happy to.

DR. STEAD: Do you want Rachel to join?

MS. KLOSS: Yes, please. She is our subject matter expert for the privacy confidentiality and security subcommittee, and on the phone is Maya Bernstein, and of course subcommittee members at the table.

So we are looking at essentially draft five with a few embellishments, some recommendations that came from Nick and from Bill, after this letter was included in the e-book. So that’s why we’re going to ask that you follow along on the screen. Although the changes aren’t many, they do kind of throw off some of the line numbers. So if we can look back and forth, that would be helpful.

I think the best way to approach it would be to look at this in chunks. We will first look at the opening five paragraphs. The opening paragraphs to the executive summary will skip over the recommendations there, because they are covered more fully at the end of the letter.

We have 42 minutes to get through this. So we are going to pace, if you’ll give us a five-minute warning.

So I think the last time we talked about the subject as a full committee was to look at a set of themes and how they have evolved, as you expect when you start delving into the writing. So we have five.

We have, as I say, five introductory paragraphs. We tried to keep that short and sweet, and stating where de-identification falls, where it comes from, from the rules, and introducing our hearing. Are there any suggestions or comments on those opening paragraphs that, again, we tried to keep brief?

Hearing none, we have a few opening paragraphs to the executive summary, and we put those under a subhead major findings, because earlier versions of this that many saw, there were kind of pithy findings throughout the letter that it was felt would be helpful if they were sort of pulled out and highlighted in this executive summary.

One was added since the version that you saw, and that is shown in blue. We pulled this forward from — you know, with a little bit of editing from later in the discussion, because I think this was Bill’s suggestion, that this is kind of a good kind of recap of what the issues are that once de-identified PHI is transformed into data and no longer subject to provisions. So that was added in there, feeling it was a good backgrounding piece.

And then really the rest of this narrative sort of sets up the way we have organized the letter, which is to address all of the complex issues under four subheads: the science and practice of de-identification, assessing and minimizing the risk of re-identification, lifecycle management, and stewardship of de-identified data and mitigating harmful re-identification, use, or re-disclosure.

And those subheads or ways of organizing a complex discussion seem to have stood the test of time over multiple iterations of this. Also in green, you’ll see a change that was made from the version in your e-book of just flipping this definition so that expert determination is defined before safe harbor so it aligns with the way things are sequenced in the first sentence of that paragraph.

So let me stop and see if there are any comments, suggestions, under this major findings section. If you’ll just scroll down a little bit more, we pointedly said at this time the committee is not recommending that the current standard for de-identification be revised, but it has identified a number of actions that HHS can take to improve the way the current standard is applied.

The next several pages just list the recommendations. So as I say, we’ll just skip over that for now and look at them at the end of the letter.

Any comments on that summary of findings?

Okay, then we go into kind of a backgrounding piece, de-identification and HIPAA, what the rules are and how the rules have been maintained and advanced by HHS over time. So that’s kind of what the current environment is, and it sort of leads us to the conclusion that things are working okay, but there’s just a lot of change in the ecosystem that haven’t necessarily been addressed through guidance and other mechanisms.

So let’s just go through this, because this gets into the meat. Any comments on pages — well, I don’t know what page it is in the book. I’m working from a separate Word document. So I apologize for that.

But any comments under current state of de-identification?

At the end of that, science and practice?

DR. ROSS: This may be a minor point, but I am looking at line 215, 16, in there, according to Office of Civil Rights, data de-identification is not a frequent basis for privacy related complaints. Yeah, that’s not surprising. But it doesn’t really say anything. I would be shocked if it was. So why do we say it?

MS. KLOSS: You raise something that has come up several times by others with that same point. So maybe that sentence just should be cut, because it stopped —

DR. ROSS: It implies that therefore people don’t really complain about it. Well, in fact, they have no idea to know to complain. Makes a wrong inference.

MS. KLOSS: Should we delete that sentence because it kind of is in there and it doesn’t necessarily go anywhere? You got that, Maya? Terrific, because we have had discussion about that, and the reason we even looked at it was that it was one of the references that we looked to in the minimum necessary letter, and so we looked at it here and there wasn’t any meat and we should have just dropped it. So thanks for raising that.

Anything else in this? We know it’s that troubling sentence that we have discussed a few times.

Okay, now current state and science and practice. I’m scrolled down now to assessing and minimizing the risk of re-identification, any comments, questions, concerns? And I’ll continue to lifecycle management of de-identified data. And mitigating harmful re-identification use or re-disclosure.

So now we are to recommendations. We have a comment, so now we are at the kind of lead-in paragraphs to the recommendations themselves, and there’s a comment that Nick offered that I wasn’t sure how we might change this. So I thought I’d ask him to explain what we you might — right there. De-identification standard is too often executed with inadequate attention to the unique characteristics of the dataset to which it is applied and its intended uses.

Your comment, Nick, was that this paragraph covers significant risks, might want to intro the paragraph to say this before listing them. So it goes into what the risks are. Data subjects have little information about how their information are used or about the risk of re-identification. The overemphasis on de-identification ignores the management, governance, and other practices. So I think you were suggesting that we add sort of an intro sentence.

MR. COUSSOULE: Just to explain kind of what these are, because it just lists a bunch of issues.

MS. KLOSS: Do you have a thought about how we might do that?

DR. STEAD: Are what you are asking for examples of characteristics of the data set?

MR. COUSSOULE: This lists some issues. There’s not a lead-in that sets the context, so then when you show the issues it shows how you might actually recommend a change.

MS. KLOSS: Okay, so I guess what we were doing was jumping from, all right, there are unique characteristics of the dataset that need to be taken into account, and when they are not taken into account, then this, this, and this can be the consequence. So we just need something that transitions. Okay. I think I can write that. We’ll work on the wordsmithing later.

DR. COHEN: I’m trying to understand what you think of a specific example. Are you talking about trimming outliers or unique cases that aren’t part of the safe harbor, or is it the content of the data, or is it something else, when you talk about unique characteristics of the dataset?

MS. KLOSS: What we heard in testimony — well, when an expert comes in to do the de-identification process, they are examining the unique characteristics of the dataset and determining what statistical methods are going to be used to de-identify, both because of the characteristics of the data and its intended use. When you apply the safe harbor, you extract the 18 and it’s more formulaic, not adjusting it —

DR. COHEN: Yeah, safe harbor doesn’t address trimming outliers, for example.

MS. KLOSS: Well, or considering what the uses might be and suggesting that, well, for this particular dataset, then in order to de-identify we need to look at age at discharge, something that —

DR. COHEN: Trimming outliers and unique combinations within the dataset.

MS. KLOSS: Anticipating those unique combinations or points of vulnerability, given the dataset and how it is going to be used.

DR. COHEN: So that is a flaw in using safe harbor rather than expert.

MS. KLOSS: Yes. It is a reality. I don’t know, you know, it’s a weakness of having that method.

MS. BERNSTEIN: Do we need to — this is Maya. Do we need to change the language to specifically reference the safe harbor method rather than the expert method here? This talks about the de-identification standard, which refers to both.

DR. COHEN: I think if that is the point you’re trying to make, you should. Are there flaws in using —

MS. KLOSS: We don’t know — we don’t also have — we made the point earlier that there aren’t really standards for the expert method. So because it’s the expert method doesn’t mean it’s done properly. So I wouldn’t — I guess I wouldn’t want to narrow it, because that would assume then that if you are using an expert determination method, it’s always going to be done the best way, and we don’t believe that’s true.

DR. COHEN: Although the language says the de-identification standard is too often executed with inadequate attention. So you are implying that experts often do not pay attention to this combination.

MS. KLOSS: Maybe we change it to maybe executed with inadequate attention. Maybe we not infer that we know how often that is the case, because we don’t. But it’s a risk. It’s a risk.

MS. LOVE: I don’t see we will ever have one size fits all either. We don’t want that to come through.

MS. KLOSS: Correct. That is not the implication. The implication is we need to be more sophisticated in how we look at the datasets and their intended use.

MR. COUSSOULE: I think to Bruce’s point, I think the implication or the point is that even using that method, if you don’t look further than that, it may not be sufficient.

DR. COHEN: I think the point is well taken. I think it’s just wordsmithing to clarify it.

MS. LOVE: Because it’s just removing the uniques from the dataset to a certain number, right?

DR. COHEN: But if you are using safe harbor, I mean, there’s a distinction between the limitations of safe harbor —

MS. LOVE: I am saying statistical expert. I mean, the goal is to remove all the uniques.

DR. COHEN: No, not necessarily. I don’t think it is. Uniques, I guess if there’s a case of one, then probably removing uniques, but that’s not the only —

MS. LOVE: As long as there is flexibility, I think I’m fine.

MS. KLOSS: We are not suggesting a one size fits all. We’re suggesting more analytic approach and not assuming if we apply a one size fits all solution it will be adequate.

MS. BERNSTEIN: Could we draw our attention back to Nick’s comment was, which was that each of the sentences in this paragraph indicates a particular risk. They are not necessarily related to each other, and that maybe an introductory sentence, there are multiple significant risks in the de-identification standard; one is inadequate attention to unique characteristics. Another is that data subjects have little information. A third is overemphasis on D-ID and not management and so forth. So that maybe that sentence that ties it in together.

DR. STEAD: There were a lot of shaking heads, Maya. Can you capture that and get it into the — I think if that’s what we see when we are getting ready to vote, that will scratch the itch.

MS. KLOSS: We kind of had an overview of the recommendations and how they cluster and Bill pointed out that we started with describing recommendation two and not one. So I added a sentence that recommendation one reiterates the importance of the de-identification standard as an integral part of the HIPAA privacy rule. I was able then to just delete that sentence from the start of recommendation number one, because as Nick had properly pointed out, that recommendation didn’t lead off with an action sentence. It had that little descriptor. So I killed two birds with one stone by moving that sentence and satisfying both of your very good comments.

So recommendation number one does, then — let’s go to the recommendations now if there aren’t any other comments on the lead-in. We are calling on HHS to reinforce the current standard with sub-regulatory guidance and other actions outlined in these recommendations, as these will inform possible future revisions to the rules. So we aren’t recommending a revision to the rule, but we believe that there is some work that needs to be done in order to inform how it needs to change in the future.

That’s what the couple paragraphs following that are all about.

Okay, recommendation two calls on HHS to develop guidance to illustrate and reinforce how the range of mechanisms in the privacy rule such as data sharing agreements, business associate agreements, consent and authorization practices, encryption, security, breach detection, are used to bolster the management of de-identified data in the protection of privacy.

And specifically particular attention should be directed to the way in which business associate agreements should address obligations regarding de-identification and the management of de-identified datasets. Our point is that this isn’t a standalone process, that we need to knowledgeably leverage all of the controls, that the de-identification standard by itself can’t do the whole job if you’re not leveraging the other tools.

Any comments, questions? We’re okay with that?

Recommendation three is that we are calling for an information clearinghouse of de-identification best practices. There’s a lot to be learned from one another.

Recommendation four should develop a written competency guide with educational resources for covered entity practitioners responsible for de-identification process, and we made this clearly directed at covered entity practitioners, not PhD expert methods people. This is those whose job includes getting the dataset and calling out the 18 items.

DR. ROSS: Is the written competency guide the same as a competency-based curriculum?

MS. KLOSS: Well, we wrestled with that, and stopped short of a curriculum because we don’t think there’s sort of any mechanism to insist on these folks going to school for this, but —

DR. ROSS: But if there was a competency-based curriculum, then there could be ultimately a certification in effect one could get, right? Is there a reason we don’t go that far?

MS. KLOSS: We just stopped short. We talked about it. It’s a good issue.

DR. STEAD: What I am trying to get us to have a discipline to only make recommendations that we think are actionable in the current 18-month to 3-year period. Things beyond that, we are trying to put in future or research so that we don’t overreach.

MS. KLOSS: Having a guide would be a good step, yes. I think that’s where we were at. That can lead to somebody creating a self-assessment tool and then if that’s attached to resources, I think folks will develop the educational curriculum around it.

DR. RIPPEN: Under 12, it’s more future for future research to assess the practicality of certification or explore options for ensuring consistent —

MS. KLOSS: What is the committee’s thought? Most of what’s in 12 is more related to methods research rather than research about people and competencies, but we could add a sentence in 3 in the narrative or in 4 that having a competency guide could be a first step to consideration of — let’s put it there.

Did you get that, Maya, in four? I think we add it to the narrative, that having a written competency guide could be a first step toward defining competencies that could lead to voluntary certification or something.

Okay, recommendation five then, should provide guidance on policies and practices for management and disclosure of de-identified data for assessing the risk of re-identification and for understanding the implications of risks to individuals and vulnerable populations.

MS. LOVE: Again, adjust this for where I’m coming from. Today, as I understand it, when I work with states and federal agencies, the de-identification standards are quite different. I mean, federal agencies tend to have a higher standard than states. So do we want to define that would be applicable both to local or community and federal, because AHRQ for years has had the suppression policy of 30, which would totally wipe out any state measurement and assessment since we don’t follow that.

DR. COHEN: Those de-identification standards I think apply mainly to noncovered entities, because most of those datasets are noncovered entities, I think.

MS. LOVE: So when I work with states, there’s a federal and there’s a state specific suppression policy. So I just didn’t know if one blanket statement under 5 fit both.

DR. STEAD: Point of clarification. Are you referring to PHI as being de-identified, or are you referring to whether the data from a hospital can — whether you can identify the hospital?

MS. LOVE: Oh, I’m not worried about that. This is when you are releasing a hospital dataset. So states typically will say suppression, no uniques less than five. Federal datasets, similar ones, will often say none less than 30, because they have a different standard. So I just didn’t know how to —

DR. COHEN: It was my understanding that the hospital, de-identified hospital discharge datasets that states have aren’t considered covered entities. I know in Massachusetts that’s the case.

MS. LOVE: Not if they have state law, but if it’s a voluntary, it would be.

MS. BERNSTEIN: The de-identification standard only applies to covered entities but elsewhere in the privacy rule you’ll recall that there’s — Rachel will correct me about this — but that there is the standard that says that a state may have — that the rule has a floor, that a state may have more stringent rules that protect privacy. So I think they work together.

MS. KLOSS: I think that that would — those policies would relate to release of data or reporting of data rather than the de-identification practice, which is what this is addressing.

DR. COHEN: Although I think Denise raises a really good issue, because lots of noncovered entities or mixed entities like state and local health departments rely on these rules in evaluating their privacy policies. So I’m not sure where it fits into this, but it would be nice to have a sentence or two, because this is really focused on covered entities, just to complete the context of these are valuable for mixed or noncovered entities as well, somewhere to indicate that the impact of HIPAA goes far beyond just the designated covered entities.

MS. LOVE: That is what drove my question is there are hospital associations that act like states, but they operate under a voluntary nonlegal authority.

MS. KLOSS: But they are not covered entities. They are working under a data use agreement or something.

MS. LOVE: They are. Usually business associate agreement.

DR. STEAD: My gut is that we are into something that is tangential actually. I’m just trying to manage time.

MS. KLOSS: I think the new guidance from NIST is right on to this de-identification as it is applied by governmental entities, whether federal or state, and we did reference that and review it to make sure that anything we were recommending was in line with that and taking the thinking, but that guidance is essentially laying out the HIPAA de-identification methods, because that’s the only thing we have, no matter what type of organization.

We may have talked about this somewhere in the letter, but —

MS. BERNSTEIN: I couldn’t remember if we did, but if the committee wanted to note out loud that other entities that are not covered entities look at the standard, we could do that somewhere in the body without —

MS. KLOSS: I like the idea of doing that somewhere.

DR. STEAD: I just want to caution, I think we will get more from this letter if we can keep it simple than if we add things to it. It’s already a lot. My big concern is whether it’s too much.

MR. COUSSOULE: To Bill’s point, we have already got other places where we will address covered entities/noncovered entities.

DR. STEAD: I would be careful to really try to keep this to the core.

DR. COHEN: I respectfully disagree. I think the impact of HIPAA is felt far beyond covered entities, and I think just acknowledging that context doesn’t change the recommendations themselves, but might help strengthen and broaden the audience that pays attention to this. I don’t think it has to be a lot, and I think that language probably exists in previous discussions as Maya said, but I think it would add in the introduction.

MS. KLOSS: We will look at how we might add a sentence.

Recommendation 6 is HHS should define a minimal set of skills and competencies to be considered an expert capable of de-identifying data using the expert determination method. There the dialogue we got, certainly the discussion from testimony, was that this would help in the university programs and others who teach experts in statistical and other methods.

So recommendation 7, HHS should require that covered entities and business associates, whether they use the safe harbor or expert determination method of de-identification maintain a description of the method used for de-identification. The assumptions used in re-disclosure risk assessment, and the results of the risk assessment, because all this is kind of a parallel to what you do when you do a security audit. You’ve done an analysis and you maintain some record of what your conclusions were.

Eight, HHS should use the vehicle of model, of model notice of privacy practices to inform patients about de-identification, how it protects PHI, and the range of downstream uses for de-identified data. While that hasn’t been required, we heard that as a best practice by organizations that are really trying to help patients understand how all their data is being used.

Any comments on that? Yes, Rich?

MR. LANDEN: Is the model privacy model notice of privacy practices, does that feed into the notice of privacy practices that requires covered entities to give to their patients? I’m not quite sure I’m familiar with the model notice of privacy.

MS. SEEGER: So, OCR offers a model notice of privacy practices on our website that covered entities can use as a template for building their notice of privacy practices.

MR. LANDEN: My concern goes to — my assumption is that if this information education about de-identification goes on to the notice of privacy practice that each physician office and each hospital gives to the patients, that’s probably not a good vehicle. The solution I would propose is that the model might contain a one sentence about de-identification and a URL to a website such as we have talked about previously that will have CMS or OCR educational language around de-identification and things patients should know.

I think the burden of shifting this onto the provider community and the risk that they won’t get it right or it won’t be done effectively is a counterproductive use of the time and resources, nor do I think that a waiting room is really a place that would be — I think patients have other concerns when they are there. So I just don’t think that putting this in the notice of privacy practices benefits anybody very well. I would suggest the website approach.

DR. RIPPEN: Just to make sure I understand. So, is it notice about who you are sharing de-identified information with? Is that what the focus is? Or just —

MS. KLOSS: No, that our organization removes, de-identifies data and makes it available for purposes of research and so forth. Some statement that discloses that that there are secondary uses made of health information, PHI, but they go through a de-identification process. And just starting to raise that level of understanding of —

DR. RIPPEN: I would actually say that organizations, it would be on their website, who are actually de-identifying and providing it to whom for what. So I think actually it is about the organization, not the link to a site that says here’s de-identification.

MS. KLOSS: The later recommendation is recommending that when — if my information is released in de-identified form that a record of that be maintained as part of the disclosure, accounting for disclosures, and that’s again as a steward of your information I should tell you not only who I release a copy of your record to, but with your authorization, but also when I’m disclosing it to the university or whoever is doing research in de-identified form, but if we are going to take that step, then the notice of privacy practice should say we do this, and I think we were just looking at how do we step up our dialogue with patients about these uses of data and what we heard in testimony was patients want to know about how their data is being used and what the practices are, and they are happy to have their data be used, but they want to be part of that. They want to know.

So we are not calling for an opt-in/opt-out. We are just calling for expanding the kind of notice and the kind of accounting from a stewardship standpoint. So I think those two kind of go hand in hand. I don’t think it would make sense to do an accounting of disclosure if we hadn’t somewhere notified patients that, yeah, we do.

MR. LANDEN: I think my concern goes more to the language in here in the conclusions I subsequently draw about having it as an education vehicle about de-identification. That’s the part that I don’t see a good fit and I see some downsides in all sorts of possibilities of bad stuff. If one thinks about it in the terms of included in the privacy practices of the hospital or the clinic or whoever it is, essentially a statement that, yes, we do release de-identified data, no, we don’t, or wherever in between that particular process is the policy and practice of that group. That’s fine, because yes, that is important for the patient to know.

But I draw the line between that and trying to use the notice of privacy practices as an educational tool, because to me the primary purpose of the notice of privacy practices is, a, if I’m a patient I don’t agree with those privacy practices, I go elsewhere, and the basic education about what de-identification is, what it does, how it works, is not part of that.

MS. KLOSS: Right, no, and that wasn’t our intent. We are saying the notice is used to inform patients, not educate.

MS. SEEGER: Create transparency rather than inform, because the intent is not to educate about what de-identification is, but it’s to create greater transparency so that the patient understands that their information may be used for such purposes as research or third party.

MS. KLOSS: That really is the purpose of the notice of privacy practices.

Good. Recommendation 9, HHS should define and promulgate the responsibilities of de-identification data holders, and this kind of gets into our stewardship framework stuff, but what are the responsibilities of data holders? We stop short of talking about penalties and so on and so forth, but we saw this as an important step.

Any comments? Okay?

MR. LANDEN: In reading through this, I was not quite sure what a de-identification data holder is. As I think this through and what we are trying to accomplish, it’s just not clear to me is it the entity that sent, that produced the de-identified data? You said the recipients of de-identified data? Is it secondary recipients downstream?

PARTICIPANT: I think if you say recipients you get at whether that’s primary or secondary.

MS. KLOSS: That’s our intent, recipient.

DR. STEAD: Should we change that to recipients? Does that solve the problem?

MS. KLOSS: You hit something else that we struggled with, what the right phrase was. Happy to change that. But our intent was anybody who receives a de-identified dataset.

Ten, HHS should establish a reporting process for use by the public to express concerns about when re-identification threatens harm to individuals, protected groups, or establishments. This is intended to begin again if we are really consumer centered, consumers need some way of expressing concerns. We didn’t want this to be a complaint process, but we wanted it to be a way that OCR could begin to collect information from patients that wouldn’t necessarily require that they all be investigated or be cases that had to be closed out, but a stream of information to monitor concerns and changing circumstances.

And 11, HHS should require covered entities and business associates to track disclosures of de-identified datasets and limited datasets to provide information in response to a data subject’s request for an accounting of disclosures. This is what we talked about earlier. Disclosure obligations should include at minimum a summary of the de-identified datasets that include the requester’s PHI.

Our discussion on this raised a broader question, and that is that at present the accounting for disclosure guidance is lacking and so the timing is good to think about that accounting for disclosure kind of more broadly and how it needs to be done going forward.

MR. LANDEN: Two comments. First is the language in there that says does not reflect recent changes to HIPAA, I suggest that we just be a little bit more specific about which changes we are talking about, just kind of as a general principle rather than vague allusions that the reader may not understand.

A more substantive comment, though, is that do we really — have we looked at the implications of this recommendation? Is this a — my sense is this is going to be a huge compliance issue with software developers. It’s not going to be a simple matter, and as we are talking about de-identified datasets that may or may not — I mean, a dataset may or may not be limited to a single patient, may not be drawn out of the EHR itself, I just get — flags go up without really understanding why as to how much work this entails. So my question is have we looked at that, because this may not be simple.

MS. KLOSS: It probably isn’t simple.

PARTICIPANT: Weren’t there a whole bunch of conversations around accounting for disclosures? I don’t think we ever got any final —

MS. KLOSS: The current accounting for disclosures guidance is dated 2002. It is part of a bigger issue, and it prompted our subcommittee to think about, well, is this an area that we need to tackle more broadly? But it seemed to our subcommittee that it is logical to have some process of accounting to patients as stewards and how their information is being used, whether it’s in PHI fashion or de-identified fashion.

MS. BERNSTEIN: I didn’t know who was asking the question, but I wasn’t sure what he meant by de-identified datasets that are not derived from the EHR.

MR. LANDEN: It’s Rich Landen. My current employer is an EHR developer and I have had occasion to go in and talk with our developers about how the EHR tracks information about disclosures within an individual patient’s record. So I don’t know how all the EHR developers’ products work. They may work similar to ours. They may not. But it’s a very technical and coding intensive data storage, data tagging process.

So if someone goes into an EHR and requests information, that’s easily trackable. An EHR user goes in, we are set up to track that, but if we are talking about datasets from an EHR may be stored more centrally, and when it’s pulled out, put into a set, it may not be a tag back directly to the patient about whom these data elements belong. It’s a whole different process and approach.

So I’m not sure the technical feasibility, given current database design for at least some of the products on the market. So what I’m suggesting here is maybe we need to think a little bit about that, but obviously we are not the ones to do that, and we can’t do it in this timeframe. So let me suggest that we change the recommendation from a should require to something a little bit more that would enable — we would make the recommendation, get our point across, but make it clear that HHS should investigate feasibility without going into all that detail. So something like HHS should investigate requiring.

DR. STEAD: What’s wrong with saying HHS should investigate feasibility of requiring?

DR. RIPPEN: There could be kind of an intermediate step, too, because with regard to an individual knowing exactly which datasets they were part of, and the requirement in general if you are going to actually get someone de-identified, you usually have a process, a review process, so listing of all of the de-identified datasets that were released. So a patient may or may not be in, but they could have access to here are all the datasets that were shared, as kind of the thing that should be done perhaps now.

The question of linking it, to your point, is it is more challenging.

DR. STEAD: My assumption is, once this emerged, is that this would actually have nothing to do with the tracking mechanism that is built into the EHRs today, and it would actually tie to the fact we are asking people to in previous recommendations keep track of how they de-identified the dataset, how they knew it was de-identified, et cetera. I presume such a process would allow them to keep track of who had gone into it and somehow record it from that, not from —

MR. COUSSOULE: This requirement wouldn’t be in my mind an application-driven requirement. It would be more of a dataset driven.

MR. LANDEN: In which case, it would not really be accounting for disclosure in the HIPAA sense.

MS. KLOSS: But not access. It wouldn’t be — I mean, I think we have distinguished between access and disclosure to external disclosure, if you will, and this falls in the external disclosure, not internal access to the EHR for a PPO.

MS. GOSS: And it trips into a whole bunch of technical issues with data provenance. There’s a lot behind this. From a health information exchange perspective, forget research, I mean just the whole accounting for disclosures, it’s got a lot of legs to it.

MS. KLOSS: Accounting for disclosures has a lot of legs to it.

DR. STEAD: But do we cure all of this quite appropriate concern? We have got two approaches. One is we can delete the recommendation, because we are not going to do more work on it now. We will come back and do it with research. Second is we can take Nick’s suggestion as saying HHS should investigate the feasibility of requiring, which would get the concept on the table, but the feasibility investigation would let all that happen. I’m seeing a lot of shaking heads.

MS. KLOSS: I’ll just point out also one of the footnotes is missing here, but our subcommittee felt strongly that the last sentence here is important. Greater transparency of these practices is aligned with the growing public expectation that individuals are informed of how their data is being used, and it’s consistent with the way the new common rule is written, and that is a requirement.

DR. STEAD: I am trying to manage to agenda, and we are on time by my clock, but we are almost done. Can we — will people be comfortable if we bring it back with that change?

PARTICIPANT: Feasibility? Yes. Investigating the feasibility.

MS. KLOSS: Then the last recommendation is HHS should support a research agenda on de-identification methods and on re-identification, and I think Helga, you had a comment on that.

DR. RIPPEN: Just a simple one just for clarification. For the investigation, the last bullet, investigation of technology standards, for de-identification and re-importation and linking, I guess are we meaning that we are talking about the best approach for providing a key, you know, where you are really looking to wanting to link back because you found something, or are we looking at a technology to reverse our ability — to go from de-identification to re-identification which has a bunch of other challenges. So I just want clarification on which way we are going.

MS. KLOSS: This issue emerged from testimony that said that right now the processing of de-identified data and relinking it to the electronic record was near impossible, and so it’s a technology consideration, as technical standards get developed over time.

DR. RIPPEN: Yeah, because I would say that I don’t know if people would be comfortable of using an algorithm to re-identify to add information back into the EHR that you couldn’t be 100 percent certain really belonged to the patient, and if you could actually break the de-identification process back to re-identification, then you have basically annulled your process of de-identification, right? So because anyone could use the same tool.

So it might be going back to the finesse of the wording maybe that it’s really about those standard processes for providing keys to data that you have de-identified so that you can incorporate it back in. But again, I’ll defer to the committee.

DR. STEAD: My gut is to delete this clause.

PARTICIPANT: Delete the whole bullet?

DR. STEAD: Yes. It’s a bridge too far. We will have more letters.


DR. PHILLIPS: Do you mind if I weigh in on another bridge potentially too far? It won’t take long, I promise. Simson Garfinkel from NIST when he talked to us had a couple of slides about data, synthetic data, and how Census is using that, and I just wonder if that’s something HHS should also pursue around health data is moving from de-identified completely to synthetic to preserve the value but to actually completely prevent the idea of re-identification.

MS. KLOSS: I think we had that in mind, and maybe this doesn’t go far enough in that second bullet, study the value of applying statistical disclosure limitation techniques in concert with safe harbor. Different?

DR. STEAD: That is, as you know, it’s a space I live in all the time, it’s a really important space, but it’s a bridge too far.

MS. LOVE: And we have found it depends on the purpose for which the data are being used. So that’s just one tool in the toolkit.

DR. STEAD: If we can bring this back edited tomorrow morning, can we walk through just the edits, take a clean version of what we came in here, then we can approve? Awesome. Linda and subcommittee, you have done an unbelievable job. I just had to say that.

DR. COHEN: It is a really well written letter.


DR. STEAD: The combination of this and minimum use are going to move the bar.


DR. STEAD: Okay, we want to move on to the proposed hearing on health plan ID initiative. So this is a new hot topic, not part of our prior work.

Can we go on and start, because this is a time limited topic, while it’s being pulled up, Alix are you going to drive this? Nick is going to drive this. Since we now entering the standard box, I think we should say that there are gifts from heaven sometime, and this time we have a gift from CMS. We are all very pleased to have Lorraine back on the team.


Agenda Item: Proposed Hearing on Health Plan ID Initiative

MR. COUSSOULE: Let me frame this up a little bit. We have been asked by HHS to revisit the health plan identifier, and for context setting for those of you in the room, the original HIPAA legislation in the Affordable Care Act required the implementation of a unique health plan identifier. The final rule was published in September 2012. However, health plans and other entities were required to obtain the identifiers by November 2014. So other entities really meaning self-insured plans, people that did self-insured, et cetera.

But however, since the final rule was published there were lots of concerns expressed by stakeholders that it was confusing, inconsistent with administrative simplification, may create some inconsistencies or inefficiencies, et cetera. There was a hearing held on the rule back in 2013 by NCVHS, way before my time. So those of you who were here can comment on that if you’d like, and more information solicited from HHS, but the nut of it was there was enforcement discretion applied to really not enforce the rules at that point in time, and so the request now is to revisit and try to get an understanding from the industry in regards to health plan identifier what value could be derived, what are the challenges and issues and opportunities with its implementation, really to revisit the efficacy of the rule and to make a recommendation in regards to what should happen next.

Pretty simple from that standpoint. So the approach would be to have a public hearing, gather input from the various and sundry stakeholders, pretty typical of what we do here, to learn about that and then to provide recommendations based on information that comes out of that back to HHS in regards to what should happen with the health plan identifier, as part of that exercise. Now it does not — would not address any of the other identifiers. It would be very specific to the health plan identifier. So not the NPI or anything like that, the other identifiers that were covered into the legislation.

Why don’t I stop there first and see what kind of questions or comments?

DR. STEAD: Let me add a little bit of color commentary to your general points from my notes. The kind of problems that came up in the original, at least the first thing I was involved with, because our 2014 letter basically said that we confirmed a lack of a clear business need for the health plan identifier that the industry had implemented a standardized national payer identifier based on the NAC identifier. It’s now widely used and integrated into all provider, payer, and clearinghouse systems, recommended HHS should rectify in rulemaking that all covered entities will not use the HPID in administrative transactions and that the current payer ID will not be replaced with the HPID.

So and HHS should further clarify in the certification of compliance final rule when and how the HPID would be used in health plan compliance certification, and if there’ll be a connection to the federally mandated marketplace.

So we concluded and took a pretty clear position. So people need just to have that context as we’re coming into thinking about how to set this hearing up to give CMS a current lens into where we are, I think is what they’re asking. But I thought that this coming back from my notes.

MS. HINES: Is there anything that has changed?

MS. LOVE: The only thing that I can think of that has changed is, to follow on the call we had, the business case may be changing for the health plan ID.

MS. GOSS: I think that’s a good core question is what is the business case? Why do we need it? Because we started out some conversation — this goes back 21 years. I think this is a great request for us to reengage with the industry and let them come give us some clarity about where we’re at.

MS. LOVE: The business case for whom? For the industry, if you’re a payer, I can argue maybe it has not. But are we also arguing the business case for, say, regulators and consumers? We talk about healthcare reform, and perhaps selling across state lines. We talk about high-deductible plans, low-deductible plans. This is a big deal in my world, but of course my world doesn’t always translate into other worlds. But it’s a big deal.

MS. GOSS: As someone said to me, it’s called health plan, but maybe it should be health payer, or who is paying the claim?

MR. LANDEN: This to me sounds like a great opportunity to go back, and get a do-over. I don’t think any of the parties both in the industry side and the regulator side did a good job of understanding the reasons we just listed in 30 seconds, what we were really trying to do. Some of us thought we were dealing with a claims routing system. Some of us thought we were dealing with an employer policy identification system. And many of us thought we were somewhere in the middle.

As I look at this, I’m delighted to see this back on the table, so that we can go back, now in 20/20 hindsight, get a list of what are the questions we asked, and really nail down on a very practical basis, what is this number, what do we want it to do for us?

DR. STEAD: We need to know how you want to manage this conversation, because from my perch, I am delighted that CMS is engaging in basically saying we want input on this.

MR. COUSSOULE: I guess there’s really a couple of questions. One is, is this something we want to take up? And it’s clearly something we took up before, and made some recommendations. It’s been somewhat on hold for a while, from an enforcement perspective, and a value perspective. I think it’d be good to revisit and get some clarity, to either kind of go or don’t go.

MS. HINES: Is there anyone who disagrees with that?

DR. STEAD: The question is is that a belief of the rest of the committee?

MS. HINES: I don’t see anyone disagreeing.

DR. STEAD: Then this is flagged as something that we would be doing in April?

MR. COUSSOULE: I think we have to — that’s a discussion point, right?

DR. STEAD: From CMS, what is the reason that April was picked? Because we need to know is that feasible. We need to know what the parameters are for how we can work this.

MS. GOSS: So, I think there was some request that was made to us in the CMS kind of interaction that they’d like us to have it sooner than later. Get this moving. So I think April emerged from some of those discussions. Do you want to add to that?

MR. ANNADATA: We would like to get feedback on that issue by April, so we were thinking it would be good to have that conversation during the NCVHS meeting in April.

DR. STEAD: I see that as a bridge too far. The NCVHS is a full committee, it’s a virtual, full-committee virtual meeting, and what I’m hearing here is a full-scale hearing to bring the right people — one, look at what we did before, look at what the experts know about what might have changed since then, design a full-scale hearing, have the hearing, and then we can answer that. But I don’t see a way all that can happen in a way that would have a meaningful discussion at the full committee level for you in April. So we need to think how to align —

MS. GOSS: I think we were talking about the possibility of the Standards Subcommittee having a hearing in April. So I think, Nick, you kind of stopped to make sure it was okay, but you didn’t get to the process.

DR. COHEN: I would like to hear; do you think something could meaningfully happen in April?

MR. COUSSOULE: I think that’s a pretty tight timeframe.

DR. COHEN: What do you think is more realistic? When I look at the number of people and the number of groups that just surfaced in terms of the need to get input, it sounds like lining up the appropriate questions and the appropriate testifiers is a longer —

MS. HINES: Sorry, we were just saying that in terms of working out details, I don’t think the full committee necessarily needs to —

DR. STEAD: We don’t need to cook it at the full committee. That said, the plan would need to come to the executive committee. The plan first —

MS. GOSS: Okay, so I think we kind of get the cart before the horse in the sense of we were just trying to make sure we understood the issue, then we would talk about what our proposed approach was. And let’s paint the full picture. I’m not sure everyone had a chance to read this that Nick was going over.

DR. STEAD: So how would you like to proceed? Do you have what input you need?

MR. COUSSOULE: From a high-level perspective, the input from the committee today is, do we believe this is the right thing for us to undertake, and do we want to do this?

DR. STEAD: I think in essence we’ve elected to park the things we were planning to work in June until we get more guidance from the administration. The other things we will be working are the longer-term pieces toward the predictability roadmap, for example. So we do have white space, and I think the committee’s comfortable with the subcommittee figuring out how they would like to tackle this in conjunction with CMS, is what I’m hearing. Do you need more guidance at this level?

MR. COUSSOULE: I don’t believe so. I don’t want to speak for my subcommittee and chair here, but I think that the only other question I would have is to make sure that the committee here understood the general scope of what we would want to talk about. It’s not an hour kind of discussion. It’s substantive. There are lots of players in there. And so, again, if we agree to all that then we can come up with a recommendation to the executive committee in regards to how to proceed.

DR. STEAD: And unless we did something that sort of said, quickly, nothing’s changed, if in fact something has changed, we’re talking about putting together the evidence base that would shift a committee judgment that was very far in one direction. If there was going to be some change. Because the last report was pretty clear.

MS. GOSS: I’m not sure I just understood what you just said.

MR. COUSSOULE: How do you make the determination of whether anything substantively has changed or not, to warrant the conducting —

DR. STEAD: Whatever process we put in place needs to recognize that we had come to a conclusion, and so we could either rather quickly re-conclude the same thing, or if we’re going to conclude something different, we’ll have to have the evidence-base to justify that. That may take some work to pull together.

MR. COUSSOULE: So if we agree at the top level that it’s worth revisiting, then the subcommittee can make a recommendation to the executive committee about that process.

DR. STEAD: Perfect.

MS. HINES: I’m sorry, because I wasn’t here in 2014. I didn’t think the committee made a recommendation other than to say hold.

MS. GOSS: And that was based on industry feedback.

MS. HINES: Right. So the committee didn’t say we need an HPID, the committee said hold, and now it seems like it’s been an indefinite hold. So what more information is needed for that particular rule to either go forward or not?

MS. GOSS: I’d like to clarify. We didn’t say hold, we said there’s a lot of confusion. There’s a lot of clarity that needs to be brought forward, and through that, I believe then CMS made the decision to exercise their right to enforcement discretion.

MS. HINES: So this seems like the logical next step.

MS. KLOSS: Do you remember what letter it was in?

DR. STEAD: 2014.

Ms. GOSS: It was a combination of — it was actually in a larger letter, it was a bunch of different topics, EFT and other things in that letter as well, and I have the full letter here if anybody wants to see it. May 15, 2014, it talked about prior auth and HPID and EFT, RA, and operating —

MR. COHEN: I think what has changed is CMS has made a direct request to us to pursue this, to evaluate pursuing this.

MS. GOSS: Direct request for us to engage the industry to get that feedback, so that we can then –

DR. COHEN: That is what has changed.

MR. LANDEN: I think we just said what I was worried about, is that this is not a question about has anything changed or not. This is a question about the basic concept – did not succeed. It’s kind of starting the discussion off, the 1998 discussion off, fresh again, and starting from scratch.

MS. KLOSS: So we punted it to HHS and they’re giving it back.

MS. LOVE: My question on the original hearing was who it included, because in the second go-round, as we pursue or evaluate or whatever term, would we broaden the audience to include states and others?

MS. GOSS: I hear that request. It sounds to me like we need to know who came and testified back then, and make sure we include them on any list that we —

DR. STEAD: We’ve agreed on the right process. The subcommittee is blessed to proceed with developing a plan to respond to CMS and pass that plan by the executive committee and we move ahead.

DR. RIPPEN: Just a quick question. Recommendation three was CMS focus, right? This recommendation, was it done? Did CMS do all these things?

MS. GOSS: They elected to put enforcement discretion. So they’re not —

DR. RIPPEN: Right. But the questions were, what’s the guidance on HPID specifically, clarify the definition. Because that still doesn’t change — I mean, these are core —

MS. GOSS: I am not sure that they did.

PARTICIPANT: I know it’s not all happened. Some of it might have, but it’s not all happened.

DR. RIPPEN: So I guess the only nuance is if part of the challenge was clarification and none was provided, then that wouldn’t change. So you may want to nuance it.

DR. STEAD: I think we’ve done what we’re going to do here, and we’ve earned a break. We will regroup in 15 minutes.

(Brief recess.)

Agenda Item: SSN Removal Initiative

DR. STEAD: Let’s regroup so that we can get updated on the change in the social security number on the card. Want to lead off for us?

MS. SERIO: Good afternoon, everybody. Thank you for inviting me here. My name is Lois Serio, and I’m part of the team in CMS that’s responsible for working within CMS and all of our external stakeholders to remove the social security number from the health insurance claim, from the Medicare card.

As all of you probably know, the Health Insurance Claim Number is a Medicare beneficiary’s identification number, and it’s used for paying the claims and determining eligibility for services across multiple entities, not only CMS but Social Security, Railroad Retirement Board, states, providers, and health plans.

Just list April of 2015, the Medicare Access and CHIP Reauthorization Act, MACRA, mandated the removal of the social security number-based HICN from Medicare cards to address the current risk of beneficiary medical identity theft. The legislation requires that CMS mail out new Medicare cards with a new Medicare beneficiary identifier, now known as the MBI, a new acronym for everyone, by April of 2019.

Our primary goal of course is to decrease the vulnerability to the Medicare beneficiary from identity theft by removing the social security number-based HICN. In order to achieve this goal, we are trying to minimize the burden for beneficiaries, minimize burdens for providers, we want to minimize any disruption to Medicare operations, provide a solution to our other business partners that allow usage of HICN and/or MBI for business-critical data exchanges, manage the cost, the scope, and the schedule for the project.

Along with our partners, we are looking at all the different complex system changes for over 75 systems. We have to conduct extensive outreach and education activities, and we are analyzing all the changes that will be needed to systems and business processes. Not only are CMS systems affected, but federal partners, as I said, Social Security, Railroad Board, the states, beneficiaries, providers, and plans.

Also, other stakeholders such as the billing agencies for the providers, advocacy groups, the data warehouses, the registries. The list goes on and on. The more you peel that onion back, the more we find that has the HICN in it. We have been working closely with our partners and stakeholders to implement this initiative.

A little bit about the actual implementation and where we’ve been, and where we are going. First of all, we have to generate this new MBI, new Medicare Beneficiary Identifier, for all the beneficiaries, so that’s including not only the existing but as well as the deceased and any new beneficiaries aging into the system.

We also need to issue new and redesigned Medicare cards. The new cards will contain the MBI and will be mailed to existing and new beneficiaries. We also, as I said before, need to modify all the systems and business processes. So we are really trying to look at all the systems, business processes where a HICN today is currently received, stored, transferred, and then how is that going to affect, and how do we make those systems able to accept the MBI?

We will generate and use and create an MBI generator to assign 150 million MBIs in the initial enumeration — that’s 60 million active and 90 million deceased — and generate a unique MBI for each new Medicare beneficiary. We will also be able to generate a new MBI for any Medicare beneficiary whose identity has been compromised.

The new Medicare Beneficiary Identifier will have the following characteristics. It’s going to be the same number of characters as the current HICN, 11, but it’s going to be visibly distinguishable from the HICN. We wanted to make sure that when a beneficiary sees this number or a provider, it’s going to be very — you’ll realize right away that it’s not the current HICN.

It’s going to contain uppercase alphabetic and numeric characters throughout the 11-digit identifier. It’s going to occupy the same field as the HICN on transactions, and it’s going to be unique to each beneficiary. So a husband and a wife will each have their own MBI. Today, sometimes the wife and/or the husband may have the — you know, whoever the main eligible beneficiary is will have their social security number. This will be unique.

It will be easy to read and limit the possibility of letters being interpreted as numbers. Alphabetic characters are upper case only and will exclude S, L, O, I, B, and Z. It’s not going to contain any embedded intelligence or special characters. So you’re not going to be able to find out who the actual Medicare beneficiary is and where they’re getting their entitlement from, be it the husband or the wife.

It’s not going to contain any inappropriate combinations of numbers or strings that may be offensive. We anticipate that the MBI will not be changed for an individual unless the MBI again is compromised. We are currently working and reviewing what those scenarios would be, and some more to come on that.

This slide gives you sort of a visual of how it’s going to look compared to the current. So you’ll see the SSA HICN currently is someone’s social security number and it has the Beneficiary Identification Code, the BIC, on the back end. The MBI, if you notice, is random and it is non-intelligent. It has the 11 bytes, and key positions two, five, eight, and nine will always be alphabetic. So as you can see from here, you will be able to tell the difference.

I’m going to skip to 10 now and talk a little bit about our transition period. We will complete the system and process updates to be ready to accept and return the MBI as of April 1, 2018. Also, not only do our systems have to be ready, but all of the external stakeholders who also submit and receive the HICN must modify their processes and their systems and be ready to receive the MBI by April 1, 2018 as well.

Stakeholders will be able to submit either the MBI or the HICN during a transition period. We will accept use for processing and return to stakeholders either the MBI or the HICN throughout a transition period in order to make sure that we give people time to adjust to the MBI number.

In addition, beginning in October 2018 through the end of the transition period, when a HICN is submitted on a Medicare fee-for-service claim, both the HICN and the MBI will be returned on the remittance advice. So the transition period is set up to run from April 2018 through December 31, 2019.

I’m just going to go back and we have a timeline to better help visualize. So starting in January of 2018 we are going to activate the MBI generator and we will start giving the MBI numbers to the beneficiaries from the system’s perspective. Starting in April 2018, we will start mailing the cards, and that’s when our systems as well as our external stakeholders will have to be ready, because once a beneficiary receives their new card, they will need to be able to use that.

As you can see, there’s quite a long time, about 21, 22 months, period wherein they are going to be able to accept — all the systems and the providers will be able to accept either the HICN and/or the MBI, from April 2018 through December 2019.

MR. COUSSOULE: Sorry, just for clarification, you say will be able to accept, or must be able to accept?

MS. SERIO: Starting the transition period, either/or will be accepted. When you start in January of 2020, only the MBI will be accepted from external stakeholders, so providers, beneficiaries. All of that they will need to have will start needing to have the MBI. The HICN will no longer be accepted from the providers, systems, from CMS. So that period of time, though, that we will accept either or, from April 2018 through December 2019.

DR. STEAD: If I understand, individuals — since you’re phasing in the card issuance, some individuals will still have their original card until April 2019. So during that period of time, it would sound to me like the clinician offices, et cetera, would in fact have to be able to accept both because people would have both.

MS. SERIO: Correct. They will be able to accept both through December 2019. Keep in mind, we’re going to be phasing in and mailing out the cards starting in April. Our goal is to get those cards mailed out as soon as possible. We are currently working on the length of time that mailing will occur. Everyone should have their card in hand prior to December 2019.

MS. GOSS: I noticed that in the January 2020, the HIC numbers are no longer exchanged, with an asterisk that said limited exceptions. Could you talk about that? And I’m particularly interested in the coordination of benefits sort of catch — like is it the whole kit and caboodle of all the transactions, or is there any staggering?

MS. SERIO: Certain transactions will be accepted — for instance, appeals or a span of date. If an individual is going into a SNF before the transition period and only has a HICN. So certain, we have about four different transactions, appeals, adjustments, where it will be accepted. And again, this is beneficiaries and providers. The coordination of benefits, that will be accepting both HICN and MBI in limited circumstances, again, the appeals, the adjustments, after 2020, and I can look up a little bit more.

MS. GOSS: I have one other question about that related to sort of on the COB aspect. If you think about the usage of the SSN or the HIC number as it relates even to the payer of last resort Medicaid, how are those being coordinated with the states? Is there any coordination?

MS. SERIO: Good question. We can find out; if you want, I can find out more after this, or you can send in a question to our email box and we send it, or I can get your information and we could share it with the group. I know we are coordinating very closely with the Medicaid agencies and ensuring that they are going to — the states are our internal partners. So there will be some systems that continue to receive HICN even after this date.

So states, Social Security, Railroad Board, the interchange between them from internal systems, many of the systems will continue to receive HICN and MBI. Downstream, when you go to the providers, the plans, and the beneficiary, the MBI will start to be used. I don’t know if I’m confusing you, or —

MS. GOSS: No, I think you are helping. So what I’m hearing is that you may do things as far as data exchanging coordination with a variety of partners, but as far as the public-facing world, after January 2020, it’s really only going to be about the MBI. Non-HIPAA claim transaction type things are sort of exempted out of this migration.

MS. SERIO: Correct.

DR. STEAD: Do you want to take a couple more questions here? Vickie, and then Linda.

DR. MAYS: Thank you for being here, this is very helpful. Let me ask something on the people side, the actual people that are getting this. How does it get rolled out to them in terms of when I think about this coming out, and then you mail a card out, some people are going to have to worry about cards being taken and things like that, so is there like, a campaign? And when will you talk to the providers so that they can start to reengineer what they need to do, because in these fairly qualified health centers, that’s what I really worry about.

MS. SERIO: That is sort of two answers to that. For right now we are doing outreach from an operational perspective. So we are reaching out and informing all of you here. We are reaching out to providers and plans, and we are trying to do that through their normal communication channels because they also have to be ready to accept. From a business process standpoint, they need to know now so they can be ready.

We are getting the word out, and we have sort of an operational campaign, so to speak. The beneficiary, we are trying and we are actually developing an outreach plan for the beneficiary and caregivers and the providers from the beneficiary perspective. We are waiting until 2018 to start that. We don’t want to alarm or alert the Medicare beneficiary too early. We also don’t want to alert any fraudsters earlier than necessary as well. The first notice that we will really be rolling out to the beneficiary will be in the 2018 Medicare Handbook.

DR. MAYS: Is there any funding for the providers, though, to help them to get prepared to do this? Because that’s going to be a problem for some of the small clinics and what have you.

MS. SERIO: Right. There’s not — we are certainly trying to help them with their messaging and would share any of that, but I don’t think there is any funding that’s available.

DR. MAYS: Thank you.

MS. SERIO: So as we were talking about the cards —

MS. KLOSS: I had one other question if you don’t mind. What is the rationale of issuing numbers to all of the deceased beneficiaries? Why wouldn’t you have kind of cut a date or something?

MS. SERIO: There are quite a lot of research that is done with our Medicare beneficiaries and that’s really the reason, so that we still have that ability. So we are doing it with the MBIs.

MS. KLOSS: So you go all the way back?


DR. COHEN: I have a question as well — is that all right, if we can — can we take questions?

DR. STEAD: Why don’t we take these two and then we’ll let her catch up with her presentation, and then we’ll do more.

DR. COHEN: Is the MBI a truly random number with the exception of key positions two, five, eight, and nine being alphabetic? And if that’s the case, is there any way to determine whether the MBI is valid or not?

MS. SERIO: It is truly a random number. I think that’s a good systems question. I apologize, I’m not the IT person in the room, but there are certain numbers depending on — I guess if a fraudster was to get all of what we do and have the different alpha codes and what we accept and if they put in the right positions — I think we have done systems checks, but I could find out. I would assure — it is totally random, but I don’t — I would assume they would be able to find out, and that I can find out for you.

DR. COHEN: Thank you.

DR. STEAD: Denise.

MS. LOVE: I deal with a lot of non-Medicare healthcare data at the state level, and so goes Medicare, so goes the rest of the world. So what is the impact on vital statistics, hospital discharge data, all payer claims databases, and cancer registries, just to name a few, who rely very heavily on social security number for year-to-year longitudinal statistical tracking?

MS. SERIO: The social security number isn’t going away. And that kind of — you know, there is the social security number, if people currently using the social security number for tracking data, for hospital — that’s not changing. The social security-based HICN for Medicare is. That number is, and that’s what part of this process is, is going out to the hospitals, going out to the providers, making sure they are aware of this change so they can change their systems —

MS. LOVE: So should part of the education be that they should not scrub the collection of social security from their practices or systems altogether, or we lose three quarters or I don’t know how much of our data infrastructure.

MS. SERIO: As we go out and we do certainly talk to people and FAQs, and I work closely with the states, and we continually alert them that the social security number is not going away, and the social security administration is still dealing with that, and that is not — they can continue to use that. So that is sort of —

MS. LOVE: So I would advise states to have reporting regulations or rules to retain that field as a required field. I can just hear providers say, well, Medicare doesn’t require it, so we can’t report it, but we’ll just have to be very clear on our messaging that other data systems do capture that and they will continue to do so, I guess.

DR. RIPPEN: Can I respond? I just want to make a quick comment. In the end, the social security numbers in theory were captured for billing. It was more on the financial side. So it’s a different part of the record. So how people use it, it’s a different question with regards to identification because they’ve done the same thing in the military, too, with Tricare, can’t have an ID with a social security number. It’s a different issue.

DR. STEAD: It is now increasingly standard practice that if you want to have the social security number as an identifier, fine, but you should not use it for transactions unrelated to its actual purpose. This is actually helping with that.

MS. LOVE: I understand. I’m just thinking through what states need to be told, that they can continue to collect.

MS. SERIO: We do tell them regularly. We do think that’s a separate distinction, that this is just the social security taken, and not the social security number.

DR. STEAD: So you can tell you’ve got our interest. Proceed with your presentation.


MS. SERIO: As we said, we’re going to be issuing new Medicare cards for the existing beneficiary after the initial numeration of MBIs, roughly 60 million. We also are redesigning the Medicare card. We’ve done focus groups with beneficiaries, providers, caregivers. We are trying to keep it as similar as possible so that the beneficiaries want to want to see that it’s from the government. They want to have that trust that this the right card. We are removing the gender and signature line.

We are also working with the Railroad Retirement Board. They’re going to issue their new cards to the RRB beneficiaries using the new MBI. We are working with the states. There are a few states that include HICN on Medicaid cards, just a few, so we are working with them to help them replace it either with the MBI or just take it off altogether.

We are, as I said, conducting intensive education and outreach. We have focus groups on the cards, on the meaning of this whole change for the beneficiary, as well as how it’s affecting the providers’ data warehouse, the plans.

So more on the education and outreach, as I said, I’m sort of leading the state charge. We also have set up a website at CMS.gov and I’ll have that for you in the next slide. Again, we are directing this from an operational perspective, and this is our main place to try to reach out to the provider community.

So we have actual talk about the initiative, talk about what they need to do to make themselves ready. That’s a really great website that we are directing them to go to and we continue to update it. We will be updating it probably, hopefully, in the next few weeks. So it is key to make sure that the providers go to that site.

We also have the health plans tab, reaching out to stakeholders, vendors. We work with the states and actually have a private website that we’re sharing a whole lot of information with them because it’s much more technical, so to ensure that they are on board. So again, we are trying as well to go through existing vehicles for communication. We want to make sure we reach people and with the way they are comfortable and used to getting information from us. The website is http://go.cms.gov/ssnri. So if you go on CMS.gov and just type in under a search SSNRI, it will come up, and you will see that’s where we really, from an operational perspective, are pointing everyone to for now.

As we start getting into the beneficiary outreach, we will start putting information on Medicare.gov starting in 2018. We will also be doing mailings prior to the card to alert beneficiaries that it’s coming. We will be explaining to them what they need to do with their old card, how to manage the new card. So we are also doing a lot of focus groups to find out what resonates with beneficiaries and caregivers and how to move forward.

We do have this mailbox, our team, and we are very good at responding. So any more technical questions that I unfortunately was not able to explain fully or clearly enough, and I apologize for that, you can send it to this and we get a team together and we get all the experts in the room on a regular basis and we respond back. So feel free to reach out.

Are there any other questions? It’s a complicated task. The more you get into it, the more you realize what needs to be done.

DR. STEAD: Can you share what you’re going to do to do some end-to-end testing with internal partners and providers so that we have sort of a way we had for ICD 10, knowing how the system works as a whole?

MS. SERIO: So you bring up ICD 10 and that’s one of the — we’re trying to sort of mimic what we did in ICD 10 for this initiative as well. We found that it was very successful, especially on the state side, that’s how we’re doing it in regular meetings. We are currently, right now, working through the testing scenarios. We have, just an example from the state perspective, and that’s what I know the most, we’ve developed sort of critical readiness factors that they need to have ready. They’re reporting to us on dashboards starting actually this month, and from that, we are going to be doing testing scenarios based on the critical readiness factors are. What are the critical success factors?

So we are working and moving toward that diligently. We don’t have a final plan set up, but we are working on, at least right now, looking at the system exchanges that we know of, the 75 system exchanges, and talking about the regression testing that we need, and just testing that we’re going to need to do between our systems and our partners’ systems.

MR. LANDEN: The current card is low-tech paper. Will the new card have any technology, like a magstripe for swiping or an embedded strip?

MS. SERIO: Unfortunately not. It’s a funding resource issue. For the 150 or 60 million that we have to send out, it will continue to be paper, and I know much to the chagrin to probably most of the beneficiaries.

DR. STEAD: Vickie and then Bob, I believe.

DR. MAYS: Well, it is kind of a follow-up, because I was going to ask the question why still use cards? There is all this different technology that can be used that helps you to prevent fraud.

MS. SERIO: I think one thing we have to remember is we still have a large part of our population are not technologically savvy. I know the caregivers are, but it really, I mean, most people, it is their parent, it is their caregivers we hear that are doing it, or their children, and that we still have quite a lot who don’t get online.

We track versus our mailing versus our website hits, I mean, you can tell the difference on who — again, as generations age in, of course we are headed in that direction and we certainly will be doing stuff online, but we struggle with that. The beneficiary will need their card. A lot of them need help. We hear that from the providers, don’t go tech. We’ve heard that from many providers, please don’t go too high-tech because the beneficiaries that come into their offices don’t even know what cards, they put the cards on the table and they have to pick which ones it is.

So we hear a multitude of things, but right now we are going to go out with the paper card, and hopefully as we go down, as the new age comes in, we’ll able to get higher tech.

DR. PHILLIPS: I’ve got to say, first, your acronym looks like a second-generation antidepressant. It’s almost appropriate.


My real question is, on the research side and on the data connection side, people who have legacy datasets with the original social security number or working across HIEs trying to connect the beneficiaries’ datasets, are they going to have access to those keys or the data going to be matched? Do we have to go back to the data warehouse to get a corrected set? What happens?

MS. SERIO: That one I may have to relegate and get back. I know that the HICN isn’t going away in all of our systems. So it is there and it will be linked to the MBI. So that ID link is still there, it’s not changing, and the HICN is going to be used in a lot of the different data sharing sets, it’s just from the external standpoint.

If you’re talking about SSN, though, or are you talking about the SSN HICN? Okay, so again, it’s not going away, it’s still in our system. It’s still linked to the MBI and we’re doing everything we can and that’s part of what we’re doing now, is looking at every single dataset, and where does it go, and who is it incoming and where is it outgoing? Where does it go, and where does it go downstream?

Is it good enough that we can continue to share the HICN with this whomever we’re sharing it with, or does it go downstream and it has to be blocked because it needs to be the MBI? So we are looking at every single system currently and making those determinations now.

MS. GOSS: Will there be a crosswalk available for researchers and other entities so that who’s done the historical work maybe already has data use agreements, is a part of a covered entity, kind of business associate, but it will be challenging for those who are not facing the patient to understand how those numbers are changing.

MS. SERIO: We are working through that now. So we are looking at that, determining is a crosswalk viable for these entities, and which ones can have them and which ones can’t. So we are looking at that. I don’t have, nothing has been formally decided, but we are aware of that and we are diligently taking diagrams, and where does this go, and who does it go to, and is this research, is it data sharing? So we are in the process of doing that.

DR. STEAD: From my perch, I think it would be helpful if you would consider sort of taking back to your team that’s thinking through this, that the testing scenarios actually involve the same kind of end-to-end testing we did with ICD 10, because I get that that will happen with the internal systems that are relatively few in number. And the testing scenarios didn’t get us there with ICD 10. They sort of showed us we needed to do the end-to-end testing.

MS. GOSS: It actually is more than what we did in ICD 10 because there are so many more partners that use this by extension. I would actually say that that would be the minimal consideration, especially if you think about some of the comments that Denise and Bob were making.

MS. SERIO: Thank you for that, and as I said, we are. I think I go sit in testing meetings more than —

DR. STEAD: Yeah, so I think there are three things that we would like feedback on when it’s appropriate within your process. I’m not talking about a short-term question, but one would be the test plan.

The second would be, in essence, whether there is a check digit concept built into this number. I think that’s really what Bruce was talking about. That’s hard for me to believe somebody hadn’t thought about this, but that would be an important part of a number like this, and that doesn’t prohibit a random number. I mean, there are ways to do this within what you’re trying to do.

MS. SERIO: So then you are saying it’s a random number, but you’re aware whether it’s —

DR. STEAD: There is a way to computationally tell whether it’s valid. You can’t tell whether it’s a valid number for this person, but you can tell it whether it’s a valid combination of numbers, and that gets around all sorts of problems with key errors, et cetera, independent of fraud creation. It’s a very practical part. My guess is it’s in there.

MS. SERIO: I can go find that one out.

DR. STEAD: Well, yeah, and then the third is this idea of the viability of a crosswalk under careful management from a security access and data use point of view, because if that is viable, that solves a lot of downstream problems from things like the research part. In essence, it’s a little bit like saying you’re going to go back and reissue all the way back. It’s the same principle for eliminating a number of system-like problems.

MR. COUSSOULE: Even just longitudinal records, right? Somebody shows up the next day with a new card and all of a sudden they’re a new person.

DR. STEAD: So like those would be three pieces that I think are, in particular, we would be interested in and we would be glad to provide advice to the degree that would be helpful to you.

MS. SERIO: Great. I will make sure we take this back and the next time we come and meet with you, we’ll be able to present and give you updated information.

DR. STEAD: Maybe, then, let Rebecca know when it would be useful because we need to know where a visit, we know you’ve got lots to do, so we need to know where a visit back would actually fit within the lifecycle of this project, with you now knowing the places we bring a special instant, if that’s helpful.

MS. SERIO: Sounds great. Any other questions? Again, I will take this back. If you think of anything, please send it to that mailbox. We are really happy to answer any questions we can.

DR. STEAD: Thank you very much.

Okay, team, I think we will go ahead and transition into pop health if that’s okay, Bruce, Bob, and I think you and Rebecca may have huddled a little bit about how to deal with sequencing and so forth.

Do you want to share if the agenda has jiggled some? If it has, is it internal, is the current agenda adequate?

Agenda Item: NCVHS Measurement Framework for Community Health and Well-Being

DR. COHEN: Yes. What we will do, I don’t know if Soma is on the line yet, probably not since she isn’t scheduled until a little later.

What I will do is lead us very briefly through the discussion of the report and perhaps we can get through that this afternoon and actually vote on the report as our first order of business, depending on the kind of feedback we get. Then we’re going to get an update from Soma Stout on where the transition and the handoff of the framework activity is, and what she’s been doing, and then I will loop back and provide a more detailed presentation on the framework for those of you who haven’t been on the full journey with us. That will be hopefully around 4:30 when Lucas can join us.

So if you’re following along, we’re on page 74 of the agenda book, and moving forward to the report. I’m not going to go through the report on a page by page basis. I think we’ve all had plenty of time to review a variety of versions. I do need to thank Susan Kaanan who did a phenomenal job of rendering the diffuse conversations into a really wonderful document.


I also have to certainly acknowledge my co-chair, Bill Stead, on this activity, and certainly the support we got from Rebecca and later on from Kate, who really was a seminal visionary on a lot of framework activities. So this has been a really wonderful team effort.

Let me just focus now really on the workshop report first before I spin off into those other areas. The workshop report I think is a really wonderful, accurate recounting of the discussions and presentations that we had.

The workshop was individual presentations, panel discussions, facilitated discussions, large group discussions. So there were a variety of activities that created the work that you see in front of you. The focus started out on the framework, but the overarching goal was community health and wellbeing, and a key in that was what the federal role is in this space.

The real value of the workshop was defined by the extraordinary talent in attendance. We had the experts who have been playing in the sandbox for years and it really showed. We had an enormous breadth of federal representatives, researchers, community folks helping us out.

Does anybody have any feedback on the contents before the next steps? I was really going to focus on the next steps, but I am open to feedback on the body of the report before that.

MR. LANDEN: I have got a couple of wordsmithing nits. I presume you want those by email.

DR. STEAD: Actually, if you have them now, because we really want to move action on this today if we can. Do they change the meaning on anything?

MR. LANDEN: They are more a stylistic consistency, like dates.

DR. STEAD: Okay, then we can have a motion to approve the report subject to editorial correction.

DR. COHEN: Great. So I am going to go to page 18 of the report, or page 93 of the — actually, I can even move further. Key workshop outcomes, page 95 of the agenda book and page 20 of the report. This is the generative discussion at the end where we really talked about where we go from here. We ended up with four essential ideas that will be repeated once we get a chance to talk about the recommendation letter, which we aren’t discussing.

We decided not to put in recommendations in this report, but just present the overarching themes that emerge. Essentially, those four themes are creating an intra-department focus on community level data within HHS, and then across department work groups to connect all the community level data activities in the federal government.

Soma, hi, is that you? This is Bruce and I’m just going through, before I turn it over to you, our point of business here is reviewing the workshop report and hopefully approving that as a committee and then I’ll turn it over to you to update us on what’s going on with the framework.

The third key element which emerged was we need to connect the federal data enterprise to the enormous ongoing nonfederal data activities that have been really mining the space around community health data needs and supporting communities. There really needs to be more of that connection.

And essentially, the fourth recommendation and outcome was turning over the framework to an NGO group, a nongovernment organization group, that Soma volunteered to lead, and she can describe that activity in a minute.

A couple other key points, the appendices of this workshop report are incredibly valuable. They lay out the framework in detail. Not only do they talk about the traditional things that are in appendices, but they sort of take us through the journey and chronology of the community health data work that we’ve been doing for the last ten years, page 110. Also, in the appendices of the framework, there are detailed examples of potential indicators to populate the framework.

As I’ll talk about a little later when I do my framework presentation, the focus of our framework development was to create the structure and not populate it with measures, and hopefully Soma will update us about those activities. There is a list of potential data sources that can be used to populate the space in the framework.

One other thing I just want to pull together, the workshop was four legs of the chair of population health that we built. This report represents one of the legs. The environmental scan that Parrish did, which is already published on our website, is an enormously important work that synthesizes and reviews efforts to create these kinds of frameworks, not only in the immediate health sector, but from a variety of other approaches. The third activity is the framework activity, which we’ll talk about more, and the fourth is the recommendations to the Secretary that we’ve been working on and hopefully will be able to vote on at our April meeting.

So I see this report as one of the key contributors in the culmination of the journey that has actually been going on since around 2002 for the National Committee of Vital Health Statistics, working in community health data. That’s really all I wanted to say and I just wanted to open it up for any feedback that folks have on the report.

MS. LOVE: Page 129, in my version, there is a highlight on a paragraph — so that’s not significant for us to deal with?

DR. COHEN: Anybody have any comments? We will include Rich’s editorial modifications.

MS. KLOSS: I have just a question, if I may. I think before we talked about including the toolkit as one of the work products in that appendix.

DR. COHEN: The toolkit is an appendix?

MS. KLOSS: No, not as an appendix, in the list of work products from this time period, the letter to the Secretary on the stewardship framework and the toolkit.

DR. COHEN: So it’s not in appendix 3. We will add it to appendix 3. Thanks. Vickie?

DR. MAYS: A couple of things. I think throughout, sometimes it’s called the measurement framework, sometimes it’s called the NCVHS framework or measurement framework. I think it would be great to coin it and brand it so that it’s the NCVHS measurement framework. Because we have other frameworks that we work on, so if throughout, you could just call it that, I think that would be great.

At the end, you have, it’s listed as endnotes. Aren’t these references? Aren’t they, you’re citing work? Page 97 of 138, and it’s page 22 of the document, and it says endnotes. Right, so that’s what I think your citations or your references, one of those two things?

Okay, and then the last thing, and this is just a standard, but I always try and give people their just due. So all the names that you have, you don’t have any degrees or anything. Do you want to leave it as that casual or do you want to, when you bring people’s names in, give them degrees? Like, as an example, page 92, well, Bob, we know what yours are, but anyway, I’m actually talking about some of these community people and stuff, but there are lots of people in here. There’s Mike and there’s Roxanne. I guess I like being a little more formal.

MS. KANAAN: They’re listed in the back with what their full titles are. I will go with whatever the committee wants. I did do that intentionally and with an eye to what I’ve seen in some other things, because some people have a doctor before his or her name, and some don’t, and this way, I kind of leveled the playing field by just using first and last name.

DR. MAYS: Some community people feel like their titles, they worked hard to get it, but again, we’re talking stylistic now.

MR. LANDEN: I picked up on the same thing. I think some instances are more than stylistic and some places we tell the reader who this person is, what his or her role is, and sometimes or not what their titles are. Other places, like the first reference to Gib Parrish, it’s just Gib Parrish, well, what’s his role? Who is he? And you’ve got to read deep into the text.

So I think when we highlight a name like that, we should have sufficient information for the reader to put some context around who this person is and what his or her role is.

DR. COHEN: Thanks. We will review that. I’m not exactly — do folks need to see how we resolve it or can we take that as a friendly amendment for before we vote?

DR. STEAD: Not seeing any other signs, do we have a motion to approve the report subject to the editorial cleanups that have been discussed?

(So moved.)

MS. KLOSS: I’ll second it.

DR. STEAD: All in favor? Need discussion, we already did it. All in favor?


Any opposed? Any abstain? Congratulations, Dr. Cohen.


DR. COHEN: And to you, Dr. Stead, and to all of us. Great, thanks. Okay, so Soma, having taken care of that bit of business, we are all here and we’d love to hear an update about what’s going on with the framework. Well, pardon me, with the NCVHS — well, I guess it’s —

MS. STOUT: Yeah, I was going to say I would consider calling it the NCVHS wellbeing or population health framework because measurement framework is very broad. Perhaps the next phase could be a branding process where we test and look.

So, hi everybody, I’m Soma Stout. I’m the executive lead for the 100 Million Healthier Lives Initiative. In full disclosure, I think several members, during that day when we were all together in that final retreat, I’d been nudged by several people in the room to volunteer, and then found that we were going to be helping to coordinate this next part.

At first, I looked at all those people right afterwards and said, what did you do? I thought you were all going to volunteer too. And they said, no, no.

One of the things that we see as a real opportunity in this, just to really think about places that represent networks of networks that bring people together who connect across federal and nonfederal spaces, and that really connect people who are working at the front line of community wellbeing all the way to people who are working at the federal level.

Because 100 Million Healthier Lives Initiative, for those of you who don’t know it, is both deeply grounded in thinking about measurement for population health and applying a wellbeing framework to the measurement for population health at the community level, and because it represents a collaboration of over hundreds of partner organizations. I think that was why I was strongly encouraged to volunteer and we are deeply honored to be playing this role.

We see our role as stewarding the process moving forward that you have already begun and in leading at NCVHS to get the framework to this point. Of course, we saw another round of edits come in and what we’re going to be doing in the next phase with this, the biggest thing that — we’ve been collecting and looking at what are all those edits that have come in so that we have them, and the biggest thing I’ve been working on is identifying the key people that might be part of the sort of federal, nonfederal partnership on this going forward.

As you can imagine, the last two months have been a time of some turbulence on the federal level and have, I think, Bob, you said what could be a moment when people are ready to do something different because they’re waiting, they don’t have clear instructions. What I’ve been experiencing as I’ve reached out with our key contacts is they more just feel like the house is in chaos and it’s challenging to know how to be able to engage right at this moment in time.

So I concentrated on where we’ve been able to get some of those partnerships and if you have recommendations, I think you’re incredibly well-positioned to do that.

From all the people that we have sort of rallied to the cause, there’s Alonzo Plough who of course wouldn’t do it himself but would designate someone from the Robert Wood Johnson Foundation, National Academies, so George Isham, and also David Kindig, have expressed interest.

People from the Community Indicators Consortium and Community Commons, so Monte Roulier and colleagues, Denise Koo, Eugene Garcia, John Auerbach, though he’s going through a transition at this moment so he is likely to designate someone from his team.

A number of people within the Veterans Administration who have actually begun to adopt some of these measures of wellbeing and are very interested and there are multiple names there. And then in the nonfederal side, people like Paul — I realize I’ve given you a mix already, but Paul Terry, who is looking at employer-based measures of wellbeing and how employers can begin to measure that for their employees.

Kathy Bosse, also representing employers, and Michael Thompson doing the same, who represent the Alliance of Healthcare Purchasers, looking at how at least some of these domains of wellbeing can be integrated into private metric collections basis. Matt Steeple at Kaiser Permanente, Brita Roy, Carly Riley, who represents the 100 Million Lives metrics team. County Health Rankings and Roadmaps, the DASH initiative with Peter Eckart and Clare Tanner at the Michigan Public Health Institute, Allison Ryan at Academy Health, Brendan Buff at APDU, and then Steven Assink and Megan Juelfs at Thriving Cities, Bob Lloyd at IHI, and of course Kate and Rebecca and Vickie Mays have agreed to step forward.

The other groups within the CDC, the Million Hearts Initiative, and then the Surgeon General’s office have also expressed some interest, but just wanted to give you a sense of who we’ve reached, been in contact with so far, who’s expressed an interest in being part of the stewardship group for the process.

In terms of the process itself, our thought was to let the dust settle from the election if we want to have inclusion of that group as a whole to integrate into a session about this, a gathering about this, in April related to the meeting that’s already planned to see if that might be a time that works for people. But also to really get your guidance on within the federal space, if you have ideas or contacts that you might recommend across agencies, I think, that you know are more able to participate at this time. I think that would be very helpful to us.

DR. COHEN: Great. It sounds like you’ve done a lot of work already. Fantastic. Anyone have any questions or thoughts for Soma? Vickie?

DR. MAYS: Hi, Soma. Thanks for all the effort that you’ve put in. This is great. This is just like a cascade of people joining. Can you talk a little bit about going forward, like how you’ll keep people connected? Is there like, an email list, listserv, blog?

MS. STOUT: Yes. The other thing that I’ve been putting together in the meantime is sort of the staffing around it on our end to be able to help support it. So we will have a listserv for people that people can respond to. We’re looking at creating a community forum on one of our peer to peer platforms to connect different organizations. So those are two ways. Then, again, we will probably have two or three convenings in person that we will be inviting people to.

MS. HINES: Soma, I am sure you already know this, this is Rebecca, you of course are always welcome to use the NCVHS listserv because we have a whole group of people who have been with us, I think for a year and a half now, on two different workshops that we can get information out to. Just keep that in mind as you’re developing your list or if you need help pushing out any updates.

DR. STEAD: This is Bill. I think that’s actually the best way at the moment to continue to keep this on the radar screen of the federal participants that were at the workshop. So it would keep them aware of the evolving effort while they are coming up to speed with what the new administration wants people to do.

I think if we could use that participant list, which is used to being communicated to every few months, to keep them in the loop, I think that would be helpful, and then as people get their bearings, then there might be an opportunity to do something more formal. Bob?

DR. PHILLIPS: Soma, thanks so much. This is a heavy lift and we really appreciate it. And Claire Wang said the two of you had met as well to look at how this lines up with NAM’s work. I also wondered, I know what you mean about the chaos and lack of interest in engaging just yet, but I wonder if the article in New England Journal earlier this month by Patrick Conway and Kate Goodrich about the report to Congress on adjusting payments using social determinants gives us an opening to have that conversation with them since it’s not public.

MS. STOUT: That’s a great idea. Of course, we know that they wrote that probably a while ago, but yes.

DR. COHEN: Soma, we will let you know when the final report of the workshop is published on our website, and this will be good for folks. I think it will provide them a wonderful context of some of our more recent discussions for those who you said are going to be involved but who weren’t in attendance at that workshop.

MS. HINES: Yeah, in fact, Soma, we should work with you and Kate on the message that that goes out to everyone who participated in a recent workshop. If there is any message you want to include in that, we could certainly use that email that goes out with the link to the report.

MS. STOUT: That would be terrific. I think anything that we can do, and I think you have been doing a great job of signaling to that, and I do really appreciate the frank invitation to take advantage of that NCVHS listserv. I think you are the trusted convener that people have led this entire effort to date, and I think the more clearly people see the next step is deeply aligned and is in continuity with that, the better, as far as I’m concerned.

So what would be great is to think through, if you have timelines around when you think that would be, then we can look at what might be a piece of message that we put in there, any dates that we might want to invite people to, or anything like that.

DR. COHEN: Two weeks, the final version will be ready to be posted. So over the next couple of weeks, we should talk via email or you can talk directly to Kate and Rebecca to try to refine the messaging that would help support your activity as we move forward when we email everybody on our listserv with the release of the report.

MS. STOUT: That sounds terrific. I hope this goes without saying, but if any of you would like to be personally a part of a smaller strategy group around this, we would welcome that. So, Bob, the kind of strategic comments that you’ve made would be very well-facilitated there.

DR. RIPPEN: This is Helga Rippen. I’d be willing to volunteer if you need more help.

DR. COHEN: Soma, do you have an official name of the group? I keep calling you the NGO group. Is there a name that you would like us to use when we talk about the transition to your activity?

MS. STOUT: Sure. The convening NGO is the Institute for Healthcare Improvement and the initiative that this would be under is 100 Million Healthier Lives, which basically adopts the framework.

DR. COHEN: Could you email that to us so that we can, when we clearly identify to whom we’ve transferred this project?

MS. STOUT: Certainly, happy to do that.

DR. STEAD: This is Bill. If it’s under the 100 Million Healthcare Lives Initiative, will it have a label or tag within that initiative or will it simply be part of that initiative?

MS. HINES: We couldn’t quite hear the whole thing.

MS. STOUT: Sure. So one of the goals, I think we should think about this together, one of our goals in 100 Million Healthier Lives is to integrate framework for measurement of wellbeing and social determinants into federal, state, and community level standards.

So we would see this, and any initiative in 100 Million Healthier Lives is co-sponsored by multiple agencies and organizations, so there is, I can’t think of one that’s just done by one. So one of the things that we could think about is that this is under 100 Million Healthier Lives and is co-stewarded by NCVHS and the 100 Million Healthier Lives, if that makes sense to you.

I also respect that you’re going through a transition and there are things that you can say officially or not, so please guide me about that.

DR. STEAD: Our mental model, Bruce can correct me if I’m wrong, is that, as a FACA, we are not co-sponsoring in some way. As individuals, we are participating in the convening activity, and as NCVHS, we’re going to continue to pay attention to doing the right things to have the federal perspective appropriately linked in.

So I think one of the questions you’ll just need to think through, or your steering group will need to think through, when we’re talking to people about how to bring together, for example, other initiatives such as some of the work at the National Academies, with this, it would be very useful to have a name for what this is. I don’t think going forward that name should be the NCVHS measurement framework for community health and wellbeing, which is the name of version four that we’re handing over.

So the steering committee might work through what an appropriate name would be that would just help us all talk about, when we talk to different groups about trying to interest them, a way to talk about it that reduces confusion and increases alignment.

DR. COHEN: So you had mentioned the term stewardship. Maybe we could call you the stewardship group in the interim in the report if that’s okay.

MS. STOUT: That is perfect. You could do stewarded by 100 Million Healthier Lives.

DR. MAYS: I was just going to suggest that we just voted in the report about you changing the name and then I saw in the appendix, you actually have the name. Maybe that’s the name instead of the other.

DR. COHEN: That is our name, but it might be rebranded. You’ll see in the first presentation in the next slide, it’s called the NCVHS community health and wellbeing measurement framework. That’s the official name.

MS. HINES: If you go to the NCVHS website, it is all there and then there’s a note on the cover saying we’ve turned it over so that people can see. They’ll be able to figure it out if they were that interested.

DR. MAYS: No, I am just saying that we said the other name, so I’m saying use this one now.

MS. STOUT: Yeah, and I think we would describe it as sort of a wellbeing framework and I think we might just call it the community health and wellbeing framework and have as whatever the introductory page of any document around it, so referencing to the NCVHS report.

DR. COHEN: This is great. Thanks, Soma. That’s wonderful. We’re going to be doing a presentation about the framework in a minute after Lucas has a chance to talk with us about the commission on evidence-based policy.

DR. STEAD: Welcome, Lucas, and the floor is yours.

Agenda Item: Commission on Evidence-Based Policymaking

MR. HITT: Thank you so much for having me and I know from when my own agency hosts our advisory committees, that the last panel of the day is a place of great honor, so we’re very happy to be here with you this afternoon. As the slide behind me says, my name is Lucas Hitt. I’m currently serving as the deputy executive director of the Commission of Evidence-Based Policymaking.

When I’m not doing this, I also serve as the head of communications and policy at the Bureau of Economic Analysis, so I do come from a background of a statistical agency and economic data rather than health data. In some ways, a lot of the challenges are similar.

I’m going to just talk to you really briefly about the commission, where we are, where we’re going, and at least our plans on how we’re going to get there. For those who are not particularly familiar with this, the commission was a result of conversations over the budget resolution several years ago between Senator Patty Murray and Speaker Paul Ryan.

They, among the many things that come out of those discussions, were a conclusion that it would be better to try to focus policymaking more on evidence and evidence-based programs. Largely, this was designed to figure out how can we improve access to data? How can we improve access to evidence-building apparatus and then ultimately embed evaluation, the evaluation lifecycle?

There are 15 commissioners, bipartisan commission appointed by the President, Speaker, majority leader, and minority leader of both chambers. I’ll note, we do currently have one vacancy. The statute requires that one member of the commission is from OMB. That was Allison Orris from OIRA, but upon her departure from OMB, she also departed from the commission. So we are currently one down and are awaiting a new appointment hopefully in the near future.

We are about 170 days out from issuing our report, so every day I go in and we pull another thing off the pin and it gets lower and lower. So hopefully we get another commissioner soon. One of the things that I want to note while I have this slide up, though, is when the commission was created, you’ll note there are 5 commissioners specifically appointed from the privacy community, one from each of the appointees.

So this was obviously done intentionally. We also have a statuary requirement for a three fourths agreement for any recommendation. So in essence, the privacy community has a very loud voice, and a very influential voice in the commission’s recommendations.

Where are we timeline-wise? So we go away and cease to exist as of September 30, so at the end of the fiscal year. Our final report is targeted for September 7, more or less based on law. We were given X number of days from a quorum and that’s where that happens to fall on the calendar. Somewhere in the early first week of September is when we expect to publish. What we’ve been doing since then is primarily an information gathering phase. We’ve held, so far, as of Friday, we’ll have our sixth public meeting.

We’ve also been holding public hearings. The difference is that meetings are maybe more akin to what you’re doing here, where the staff arrange for witnesses to come in, we take testimony in open session on specific topics and that have sort of been planned and our homework has been done in advance, and then the commission will meet in closed session for most of the afternoon to sort of digest and deliberate on what they’ve heard.

Our public hearings, however, are sort of a city hall style. We’ve held them around the country and we basically invited anyone who had something they’d like to say to come and speak to the commission for five minutes. These have been, frankly, I viewed these originally as an opportunity to make sure we were hearing from the people we didn’t necessarily know to ask to hear from because there are always people who have something of note to say, but unless you’re familiar with them, unless you know their work, how do you know to ask? And these have been quite successful on both ends of the spectrum from really interesting things and you can imagine some of the other things we’ve heard.

What are we working on? Ultimately, what we’re working on is try to, again, how to identify data, research, and evaluation, how to get these things more embedded into federal programs, and consider how we overall improve the evidence, what we refer to the evidence-building apparatus in the government.

Our key areas of focus are data and infrastructure, incorporation of data and program evaluation, integration of survey and administrative data, and this, of course I’m not telling you anything you don’t know, is one of the more interesting and challenging dynamics here.

Then also, the statute specifically calls for us to consider if a federal, you’ll note the language in the statute says a federal clearinghouse for data and evaluation. We’ve sort of chosen in our minds to think about this more as a quote unquote facility because we don’t want to ordain what it may be and the clearinghouse has more of a connotation to it.

As I mentioned, privacy is a major part of what we’re doing. Five members of our 15-member commission are coming from the privacy community. I can tell you, in closed deliberations, they are very vigorous advocates for the privacy community, and not to say that the other commissioners are not, but certainly these five very much are.

We spent our entire September 9 meeting focused on the questions of privacy and then of course, coming from a fiscal agency, and in my mind I immediately think, okay, privacy is here, confidentiality is here, these are sort of two different concepts that we often sort of ball together, so how do we pull all those things together? Privacy is going to play a central role throughout what we’re doing, as will evaluation. We’ve been hearing extensively from the evaluation community.

Our November 9 meeting was focused exclusively on evaluation. There are a number of folks on the commission as well as on the commission staff who are coming from the evaluation agencies and community, and so we have heard pretty specifically from this community and this will continue to be an area that we’re going to focus on. I will say also, I don’t have a slide on this, but we are also focused very much on the data community. As many of you may know, the federal statistical system identifies 13 principles of — the statistical agencies and 120 other agencies that are part of the broader system.

We also see it really is critical that the statistical system along with the evaluation system sort of are — that we look for the things that both areas need to try to improve what they do because the statistical system is in many cases the foundation for the evidence community.

Data models, obviously we’re looking at a lifecycle. I’ve looked at some of the materials that Rebecca had sent me ahead of time and I know some of the data lifecycles and things like that are some of the things that you all have spoken about as well. This is sort of the model that we’ve got in our mind as it applies in the context of program evaluation, acquisition, curation, linkage, archiving, and destruction. These are obviously at a very high level, but this is sort of where we’re thinking about it.

A couple of things we’re hearing. We focused a fair amount of various federal models. Obviously, some of the vital health statistics is a particularly good example of a federal and state model. We’ve certainly heard from plenty of people who maybe quibble with my use of the word good there, but it certainly is an effective one. That’s certainly one we focused on. BLS QCEW being another on sort of an administrative records side.

So we’ve looked at a number of these. We’ve also looked at what some states are doing. We’ve heard from a number of data folks in various states that are — it’s remarkably fascinating to me, how some states are really far along on this path, and others are just identifying that there is a path here to be on. Of course, it’s also interesting, it doesn’t seem to follow any particular pattern. Sometimes I learn about states that are quite far.

I’m originally from South Carolina so I can kind of say that I’m not used to my home state being one that’s front of the line for much. I was delighted to find out this is actually an area where South Carolina is moving along quite well.

We’ve also spent a fair amount of time studying how other countries have handled this. Needless to say, other countries have consolidated and centralized statistical offices as a starting point, which is just sort of huge. I don’t know if it’s an advantage or not, but it’s certainly a very different place to start this question from, versus our decentralized system in the United States.

One of the things that we’ve noticed a lot is there is this consistent notion, and there’s some literature around, in Europe and particularly with the ADR Network in the UK, sort of this notion of the five safes, the principles of the five safes, which is one I think we’ll continue to focus on.

We’ve also focused a fair amount on how some of the other countries’ models work on cost recovery. The statute does also require us to sort of speak to, ideally, this being this something that could budget-neutral, although I’m not sure how effective that could be. And of course, we’re ready and willing to continue learning more and learn from you all. I will say just as a quick note on where we are, we’ve had a fairly large effort to try to get folks to bring information in and to sort of digest information.

We had a request for comments that we had out for about 90 days. We received about 450 comments, which about 200 were pretty substantive. We also did a survey of federal agencies. One of the nice things about being able to work OMB is we’re able to sort of survey with a little bit on a faster turnaround.

So that will be closed and we’re doing non-response follow-ups this week, so that will be closing later this week. That’s helped bring a lot of insight into what are the actual sort of on the ground challenges that agencies across the evidence community are confronting in their day-to-day work? Then we’ve also obviously taken lots of testimony.

So we also wrote into our by-laws sort of an open window for federal agencies and in particular for FACA committees to submit any written material to the commission that they’d like the commission to consider. So I’ll lay that offer on the table.

I’ll conclude by letting you know we are currently, we’ve been working on our list and we will be presenting some of this to the commissioners on Friday. Their next meeting is this coming Friday. We are currently up to a list of about 160 line items, if you will, on our working list of recommendations. We have identified that into groupings of about 36 bundles of line items that are related to each other.

The process moving forward will be, from a staff perspective, an arduous one of producing decision MOs around each of these and then scheduling deliberation meetings for each of these. While on the one hand, we welcome any additional input or resources, at the same time, there is a pretty long list of things there already that if we can accomplish a quarter of, I think it will have made the effort worthwhile. I’m happy to take any questions or anything else I can offer.

DR. STEAD: Lucas, thank you. That is a very helpful briefing. What we thought we would do, if this works for people, is we would take about ten minutes and have Bruce summarize the NCVHS community health and wellbeing measurement framework, which we’ve been working on making sure we knew what the name was, which is why I smiled. Because we think it is an example of an approach to supporting both federal and community approach to decision making, and it’s multi-sectoral. Health is a piece, but it’s not health.

Then the other is the stewardship toolkit that the privacy and security subcommittee helped us develop, which the principles have nothing to do with health. They have to do with how you support accountability and trust. So we thought those two might let us expose you to some of the kind of thinking that might or might not be applicable, and then we could have a conversation about how if there are ways we might be able to help you. Is that good with people?

DR. COHEN: So I apologize to some of you who have heard this before, but I’m going to give a really quick overview describing the community health measurement framework. The core of our work really began in 2002 with the seminal development of our vision for 21st Century Health statistics. Essentially, at the core of this is population health in the context of a multi-sectoral approach, recognizing the influences, the vast influence on health.

Clearly, the influences on individual and community health, this slide really reflects the mismatch in what’s been going on in terms of healthcare spending versus the factors that influence health, where clinical issues are only around 20 percent of the factors that truly influence health. So this has led us in the National Committee to focus on how we can address this imbalance.

Our journey has led us to think of goals where NCVHS can be helpful. That’s really, our first priority is really expanding the worldview of measurement towards a multi-sectoral approach to health, and then thinking about how HHS and other federal agencies can move in this direction.

More specifically, we focused on developing the measurement framework for community health and wellbeing, which is a way to identify domains subdomains that are good markers for community health and wellbeing that can be translated, for which serves as a framework to organize metrics. This has sort of led us to complementary goals. We want to develop this framework in a way that’s broad enough so that all communities could see themselves in this framework and address whatever their priorities are.

Simultaneously, we want this framework to enable the development of a parsimonious set of indicators that would be useful for policy development at federal and state levels. Underlying our thinking is there’s been amazing work in a variety of other agencies beyond HHS and we want to see all of these other federal executive agencies, we want them to see themselves, in the breadth of the goals of this framework. So that was our task.

Over the last three years, we’ve been developing this framework. The activities that we’ve undertaken are, first, development of the first version of the framework. That was done by the Office of the Assistant Secretary. Then we had a workshop to discuss that, which led to this environmental scan, which is a really wonderful document, Lucas, that we’ll send you references to, that lays out about 100 different frameworks that been developed for these kinds of purposes.

Then our next activity was having another workshop, really to hone in and refine what we learned from the first workshop, and develop the framework in its current status.

So our proposed measurement framework has a set of eight to ten domains. Historically, we started out thinking about a set of eight to twelve domains. This was the first framework which was initially proposed and we realized the consensus of the workshop was that this was a good place to start, but the domains were various levels of granularity, and they didn’t really build on the multi-sectoral approach that we needed to build on,

So we moved to have the scan and the next workshop. This is just a reference to the scan, which is a really wonderful compendium of work up to this point.

The current measurement framework creates a structure of domains and subdomains. There are 10 domains and 30 subdomains that reflect our dual goals of being relevant for community data, as well as for national policy level data. Sort of the worldview that we took is this framework not only had to be relevant in terms of data, but really needed to work from the perspectives of determinants of health, equity, and life course.

The next two slides present in alphabetical order the domains and the subdomains that we have worked on to achieve a consensus towards this approach. Initially, when you came in, we were discussing what are the next steps for the framework, and we’ve given this framework to a non-government organization to continue this activity to develop measures for the framework.

In the framework document, we suggest some measures, some of which data are available at the local and community level, and some of which data aren’t available yet, and we discuss ways and approaches where those data might be generated.

So essentially, we’re at the point where everyone is comfortable with this framework and it achieves the goals that we want of allowing for the two complementary objectives, both a flexible set of multi-sectoral indicators that work from the community level and also we hope will help unify and drive federal thinking, not only within HHS, but across agencies to allow a multi-sectoral work that really brings us all together.

One of the things that we discovered are there are isolated silos of people doing this work in HHS and among the different agencies. We’re hoping that this framework will allow folks to maybe achieve a consensus approach around data available, not only from the feds, but data that are collected locally and from nonfederal data collection organizations.

This is just, we’ve turned the frame development over, and we’re at the point now where we’re developing recommendations for the Secretary about where we think HHS can be moving in this area. I think that’s it. Thanks.

DR. STEAD: The idea plays into what you were talking about of non-centralized approaches, if we’re hoping the framework and function as a convening framework in which different metrics could be docked in a way that gives a common way for conversations about data to occur locally or federally and any way up and down that chain is in essence the idea.

DR. MAYS: We’re happy you’re here. Thank you. One of the things that we are trying to do, it matches what, at least I understand what you’re doing structurally, which is you want to develop a clearinghouse and you want to be able to have different types of data. Not just health, but IRS, Census, et cetera.

Part of what using this framework would help to do is to really drive people who aren’t in kind of that space, who aren’t studying necessarily social determinants, to realize and to start innovatively thinking about what it is that they’re going to use. Like if you go to the Bureau of Labor Statistics and that’s where you always go, and you say, well, I have one more thing that I’ll do, that’s still within the economic realm.

But maybe by having this framework, they’ll look at it and start thinking, well, I can actually look at how much it costs in terms of residential segregation, in terms of health, negative health outcomes. So you’re starting off in a totally different area, but by thinking about this framework, it makes you think you can answer other questions that even we, in terms of in the health field, haven’t thought about because you know this other data.

So it would really hopefully have people start thinking differently, get bigger bang for your buck, and then, I don’t know exactly how you’re going to create this, but if there are either logs or something where people come back and say, look what I’ve done with this data, and that they could even deposit their code.

A lot of people are using R and what have you, and they’re very open to leaving that code. So if you could actually have that alongside of it and a blog where somebody could connect with that person, I think that it would just be fantastic.

MS. HINES: I think one of the things that I’ve found really innovative in some ways about this framework is it shows what we don’t have, but need. So it’s multi-sector and it points out that communities, many of them need data in all of those domains and they are not available at the sub-county level, and so in some ways it shows where we need to go and aren’t there yet. I think it would be great if the commission could see this is the ideal set, if you will, of types of data we need across these ten domains and it’s just not there.

DR. ROSS: I don’t know so much, at least in the county project we’re doing, we haven’t yet determined that the data aren’t there. What we have determined is they’re darn hard to get your hands on. So for all practical purposes, they’re not available, but if it could be made much, much easier for community groups to get their arms around, to get their hands on the data, then it changes the picture. But right now, it is a major deal.

MS. HINES: I would love to send you Dave’s really concise story of one large county and what they’ve been going through and their response to having a framework like this. It’s a nice pithy like —

MR. HITT: I was just about to say I would love to know some more specific examples.

MS. HINES: He’s written it up. It’s a very nice one and a half page. I can send that to you.

DR. ROSS: The story is real simple. Actually, it is the authority of this group, or could be of other federal agencies, but where you’re able to say, an expert body has looked at all the evidence scientifically, and it says to you, the community, you ought to look at this. This will tell you something important. That’s what moves it along. Then you have to get access to the data and that’s the hard part.

DR. RIPPEN: From a federal perspective and when you have different agencies that are collecting data for specific purposes that are within their scope, the framework actually helps provide a way of being able to look across agencies to things that might be relevant. So you can see where different initiatives, as far as effectiveness, are accelerants or not, and actually a way to maybe streamline to some of the data collection opportunities. I think it serves a lot of different purposes and I know these are probably things that you’re grappling with anyway.

MS. KLOSS: I think as a little side journey on this framework project, we took up the issue of advancing the trust and stewardship of data as your commission is doing, as I’ve noted on recaps of your agenda, you’ve been hearing from experts on issues of data quality and trust and hearing from the education community and others who really fundamentally know that the value of the product depends on whether anybody trusts and uses the data.

So we, I think, gosh, this goes back to 2011, but our privacy security and confidentiality subcommittee held a hearing with community groups to learn more about what their trust mechanisms were for data. Out of that came a stewardship framework for a use of community health data and the first iteration of that framework was a letter to the Secretary.

We picked out some of the principles of their Fair Information Practice Principles that were most relevant for this application and suggested to the Secretary that it would be good to adopt a stewardship for all these uses of data that really are outside of beyond the scope of HIPAA. Then we took it a step further and actually did a toolkit and the cover of the toolkit is up here, but we did that because one of the hearings that we had, one of the roundtables, actually, the first roundtable, the community said, just give us some practical guidance. We’re not data management experts. We need to either collect new data or we’re going to repurpose data and we really are uncertain about what to do or where to get help, and even what the fundamental language of this whole data management challenge is.

So what we built this on was the same principles that were in the letter to the Secretary on the stewardship framework, and we advanced them by illustrating case studies that were relevant, doing little checklists, everything that we thought would bring this to life and make it useful.

We built it around these, again, FIPPs, the Fair Information Practice Principles, and I’ll say, in all the work we’ve been doing over the years, we keep coming back to these, and I’m sure that’s the advice you’ve gotten, because we can’t go to the law. The law doesn’t really cover this in the way we’re working it. So these were the areas that we focused on. Accountability, openness, trust, choice, blah, blah, blah, and I’ll just scroll through a few of the how we touched on it briefly.

But the whole toolkit is there and it might be something you will want to look at or distribute to the commission members and we can talk in more detail. We did lay out, and started it by saying, you’ve got to start by taking kind of a lifecycle. You may be working just with the de-identified data that somebody has released you, but this data, even de-identified data, has a lifecycle.

The next slide was the way we kind of helped people think about, well, you’re either collecting it or you’re merging it or you’re somehow getting it and you’re doing something with it, and you’re de-identifying it, and then at some point, you’ve got to put it in a file cabinet, lock it, you’ve got to destroy it. You’ve got to repurpose it.

So we spent a couple pages just discussing that lifestyle as a really important undergirding process. Then we drilled down into each of the seven elements in some detail, giving examples where we could and giving tools and checklists where we could. I think as we went through it, the premium was on practical and helping people understand the application of tools like data use agreements, notice, and authorization.

What we learned from all of our discussions was how important it was to continue that dialogue with any of the stakeholders, to bring them into it, and help them define purpose and specification, and that each community or each user was going to figure out their own way of setting an accountability mechanism in place, but they needed one, however they put it in place. So I don’t know that we need to take time to go through the detail, but we laid out the principles. We also focused on kind of the data management science.

You have touched on, in your work, the data quality issue, security, and as simple as locking that file cabinet, and several pages on de-identification. I know you’ve been probing on that. I must say, earlier today, we just considered a letter on de-identification and HIPAA that we hopefully will approve tomorrow and fire that off to the Secretary, again relating to HIPAA.

But our investigation or exploration, that was really triggered by the issues of big data and how much of the assumption we made in de-identification in 1996 is being stretched to the absolute limit, and how do we take the laws we have and extend them and be smarter? So hopefully that toolkit will be a resource that could give your group some new ideas.

MR. HITT: Absolutely. It’s interesting, your point about sort of the hazards of re-identification later down the road that you made — Latanya Sweeney from Harvard is one of our commissioners, and needless to say, on a regular basis, every time we think we have something figured out, she has a magical ability to prove to us that we’ve done nothing.

MS. KLOSS: We just make this assumption that once it’s de-identified, it’s de-identified, and we had a hearing; there’s some excellent papers from that hearing on our website, and that was in last May. But I think we really covered the waterfront of current understanding of that and the more we explored it, the more anxious I think we all were because it’s very much a work in progress. We’ll look forward to what you’re learning.

DR. STEAD: With that brief introduction to samples of how our head works, do you have question for us, or what would be the best conversation around how we might be helpful?

MR. HITT: I do have a couple of specific questions from one of the things I heard and I just want to make sure I’m understanding right, and then maybe there’s a question I’d like to pose back that might be substantive. One is, I noticed in the framework and in the presentation, you on multiple occasions referred to the sub-county level. I saw in the documentation a definition to that, but that’s also, from a federal statistical perspective, that’s not a definition that’s familiar to me, so I am curious. Were others considered in like census tract or some of those other sort of things? How did we land on sub-county?

DR. COHEN: Pretty much at every meeting, we talk about what community means. I don’t have it tattooed on my wrist, but we do have actually a big poster. So first of all, we define community, and when we say, which is a group of people who work together who have common interests together, but for our purposes, sub-county means any small, geographic, actionable unit.

In rural areas, the actionable unit might be contiguous, sparsely populated counties. In urban areas, the actionable unit I think is probably the neighborhood. So the idea is to be flexible depending upon where you are, but that’s — sub-county we use as just shorthand for that concept of data that’s actionable for the particular group using the data.

DR. STEAD: In essence what we found that is unbelievably valuable is for communities to be able to compare local hot spots and cold spots that are within their sphere of influence and shift resources around within their sphere of influence to begin to deal with them. So that’s why the key is — I like Bruce’s actionable unit.

MS. KLOSS: Also, create what kind of community engagement participation and stewardship mechanisms work at that level.

MR. LANDEN: Part of the other side of that coin is in the discussions, there is data available at higher levels at census tract, state, federal, whatnot, but those data do not necessarily represent what we’re getting at with the sub-county data. So the data actually don’t inform decision making at those smaller geographic or sub levels.

MR. HITT: It’s interesting. On one hand, that makes total sense to me, certainly from a perspective of economics. We’re sitting right now in a city that really exists in about five different political jurisdictions and the economy doesn’t recognize any of those. But it’s also an interesting challenge from a data collection perspective, that you either need to be able to identify blocks of information, ideally at a smaller level that you can then assemble and build up. It’s interesting.

DR. STEAD: This is to a degree where we got at this bifurcation, that on one hand we need a parsimonious set that in fact will do what you said, and the measures are designed to mean something and to be benchmark-able and to allow policy decisions at a higher level. At the county lever or the sub-county level, they actually don’t need that. It’s useful context, but it’s beyond what they can influence.

So we actually are trying to be able to permit these two to work together within one framework for organizing so people can see the conversations without trying to get one metric to be used for both purposes, but it ends up in the same bucket.

MS. HINES: Believe me, and I’ll share this with you if you haven’t seen it, the crosswalk of version one, two, three, four, I mean, it’s incredible, the evolution and maturation of our thinking in going out and getting stakeholders and experts to come back and inform our development of those to just to Bill’s point, that the domain can hold metrics that are quite valuable for national purposes, state purposes, policymaking purposes, and useful so that when Dave’s community is trying to figure out they’ve only got $5 million, how in the world are we going to spend that, because they can’t do everything.

So it really does meet that test on a conceptual level and now that there’s this convening the stewarding group on the outside of the federal government with federal input, we’ll see where this goes because then there’s, okay, how do you find all of these data sources?

MR. HITT: Sticking on this topic for a second, to your point, that looking for both something that worked going upward and allowing evaluation and policy and innovation and so forth, but also sort of, it strikes me, unless I’m seeing this wrong, that there was sort of a priority put more to the local community as opposed to sort of a —

DR. COHEN: Yes. I think so, but again, we are a federal FACA and we need to pay attention to the value at the highest level and our perspective is the feds have enormous expertise and experience in designing surveys and collecting data, and now is the opportunity to expand that world view and use all of that expertise to drill down further, although historically large policy issues have been pretty much the sole focus of the federal government.

I should, one other point, data are collectable at the lowest actionable geographic level, but that doesn’t mean you can’t use regional or national data sources to estimate data that’s valuable to smaller geographic or other defined populations. Using those federal resources to complete that data picture is an area that I think hasn’t been tapped nearly well enough. It just needs to be more of a focus and priority. Maybe that would be wonderful if the commission would put that forward as a priority objective.

DR. RIPPEN: I guess I’d like to just add a nuance to that because again it goes back to if the federal government has data, it actually can provide more value by sharing that data to the communities. So in that regard, from a community perspective, that’s one angle. The other is if you have a common framework and you’re talking about things in a consistent way, the federal government can also benefit because if the community starts collecting data, then it can go up to the policy level.

So I would say there are some biases maybe with the community focus because ultimately, it’s where you actually implement the policy anyway, right? But what we’re talking about is providing an opportunity to align both so that way there isn’t redundancy, and different data standards and things like that. In that way, it’s agnostic.

DR. MAYS: I just want to add another component, and we haven’t quite discussed it yet in terms of the healthdata.gov, but that’s thinking about your platform and making the platform so that communities will actually be able to do things like social tagging so that they can find different data. Part of what you want to do in terms of thinking about your platform are ways in which you’re going to drive the non-traditional user to be able to find things.

One of the things we’re working on now is actually explicating those things around healthdata.gov because you can have it, but if, just the researchers, it’s easy for us to go get it, instead it’s thinking about all these other things that if you would just do this or that, you can actually increase your users and make it easier for your users to be able to use it for evidence-based policy making. So we’re working on that as well.

MR. HITT: So following up on that point a little further and sort of getting to my next one, I will say upfront, and let me just say it also, this is a great dialogue, please don’t read anything I’m going to ask you about because frankly the commission is still very much at a deliberative point and my role obviously will be to help lead the team that provides objective input and not come to conclusions.

But I hate to frame it this way, at the end of the day, at some point it comes down to a question between privacy versus access, and while we’re getting at you can de-identify all day long, but if there is one thing we’ve learned from Dr. Sweeney, it’s that there is always this risk. There is also quite frankly the threat of sort of ancillary information and that more information is always going to become available and you can’t really protect against what you don’t yet know.

The traditional model has of course been you come to an RDC, you come to this enclosed facility, and you only let certain people in, and only under certain procedures, and you’re only allowed to do research if it’s for a certain outcome. I mean, as you may do tax data, largely inaccessible unless you’re doing something that would benefit tax administration. Same with Census data, same with — much of it was viewed to stay within a certain silo.

So it does actually largely restrict access except to researchers because, a, no one else is really going to go through the effort of gaining physical access, or b, I think it could be difficult when you’re not — you are researching, you’re working towards something that you haven’t quite yet fully even able to say what the value, this creates a situation where the value proposition has to be raised ahead of time before the research, and that’s often counterproductive.

So where in this notion do you see — I wish I had a different framework other than sort of a scale between access and privacy, and I think there is maybe some sort of a third piece there that the technology maybe will allow us to overcome some of the de-identification issues. Where would you, to implement this framework as I see it would require a lot of access by a lot, we’d be going way over on that direction. Where would you see —

DR. PHILLIPS: Well, you may on the data collection side, but what we’re proposing is not that much different from what CDC has done with 500 cities or with the social vulnerability index, we have census tract level measures that aren’t about any individual, but they provide data that the community may need in order to make assessments about where to most efficiently put resources to improve health.

So I think there are definitely ways to do this that really have very little threat to people, given the value that they have, and I think the agencies can take the real risky data and translate it into geographically representative data that has value.

MR. HITT: So when I look through some of the example indicators and so forth in the framework, I should be looking at those primarily as sort of an aggregation and not at all looking at —

DR. COHEN: Yeah, not individual-level data. From our experience, I don’t think communities want individual-level data. They want a picture of what’s going on.

MR. HITT: So in that vein, in this process, did you tackle at all issues of sort of — the classic issue with aggregation at that level is going to be suppression requirements and so forth.

DR. COHEN: We have not. Our focus was on developing the domains and subdomains and moving forward the measures we’ll have to address those issues.

MS. KLOSS: I think this get back to needing at the front end a stewardship mechanism, somebody who has to set that policy, and then at the back end, some consequence when they’re crossing the line.

DR. STEAD: It also means enabling certain things that are going to be aggregated and rolled up and having the stewardship framework and the measurement framework and the methods and approaches that actually allow local augmentation under an appropriate set of stewardship agreements around what’s the purpose, why are we doing this, so that we can get at what would otherwise be gaps, but by reproducible ways of working locally in which everything is tuned to the purpose and clear to the participants.

So it’s a real reason we need to be able to work at this with methods that allow both — top-down, aggregative — and bottom build-out, in ways that may never roll up, but actually let you get at the level of granularity and specifically needed to go another mile, and being able to work these in a coordinated way, is where gold is.

DR. MAYS: Let me just add two things to that. Because I think the other thing is that you all can be very helpful about trying to get best practices on doing this. Because Census does this quite a bit. So their group — NCHS does it. So gathering that would be good. But the second thing, and we’ve talked about this in this group quite a bit, is the funding just evaporated for the development of methods.

It’s very hard at the federal level to get, you know — and I’m sure you’re well aware of this — to get moneys to actually study statistical methods and approaches. But it’s a great time in terms of having all this data to actually start funding people to come up with thinking about the issues of privacy as well as suppression as well as an approach.

DR. RIPPEN: We mentioned the penalty or the teeth, but there also has to be a more proactive surveillance. You know, we don’t know what the unintended consequences are. We can have these kind of tracks to say, oh here’s an area, but now from an economic development, you can’t sell your house. So again, it’s hey, okay, I did my due diligence and that’s it, you have to think about a framework that actually evolves as issues evolve, just like — all this big data and the implications of re-identification require different strategies as far as de-identification. So you also have to think about that too as it evolves.

MR. HITT: Let me ask an alternative version or a similar question. One of the things we’ve been focused on a lot, and of course coming at this from the perspective of one of our principal charges is to understand how to further embed evaluation and evidence into program administration. Acknowledging someone said, a lot of program administration doesn’t happen at the federal level, it happens at the state and local level, but it’s sort of paid for and sort of structured at the federal level, and then there are all sorts of examples of, either very directive, you shall do it exactly this way, to far less directive means of programs.

And of course they also have a lot of variation in what requirements and burdens are placed on states and local communities in terms of data collection or they’re collecting it, but are they required to pass it back so that it can be aggregated and available at a higher level?

One of the things, though, as we look at this, we recognize a question and probable problem of capacity at the state and local level to engage in the kind of analysis and evaluation, certainly within state and local agencies. I’m not saying the federal government — I come from a relatively small statistical agency and it’s still larger than probably most state agencies, period. And then you go to something like the Census Bureau, where there are several hundred people working just on some of these R&D issues within a constellation of 6,000 to 7,000 people outside of a decennial year.

So obviously there’s a great deal of resources and intellectual capital and so forth that’s available at the federal level, but most of the actual work is being done at the state and local level. So one of the things we’ve really been trying to figure out is, how do we bridge that?

One of the ideas, certainly, that’s out there is, do you create in this data faciality, clearinghouse-type model, is it a full-service entity of some sort? So it’s not just simply somewhere one would go to access and use data, but it may also be somewhere you simply go and say, here’s the question, I’m county administrator so-and-so-forth, here’s some of the questions that I need, and I’m just turning over my questions and maybe certain data inputs to you, and I want a report every month, or I want a dashboard.

There’s a huge spectrum here, would something just be a collection, would it be virtual, or could it be something that would be full-service, maybe enabling some of what you’re talking about here in the framework, but in a rural county or something like that they’re probably never going to have a data scientist and so forth like that available to them.

Thoughts on that?

DR. ROSS: Well, yeah. My experience is, a, at the local level, county level, even in big metro areas, like where I am in Atlanta, they have nothing. So rural have even less hope than nothing. So nothing’s going to happen without somebody giving them the structure and helping them in accessing the data. So some kind of facility might be helpful.

What Vickie said, about best practices even, if a project we’re working on really takes hold, there will be a locally-based NGO created that does this on an on-going basis, convening the multiple sectors, working with the health agency, with the county government, but what are the practices they should follow? What standards should they be held to? After they aggregate local crime data, for example, what do they do with it?

There are lots of questions, and there are no guidelines. So we’ll do whatever we do. They’re looking to us. My group is just sort of giving them the guide, the expertise, some local university people. But it’s a free-for-all. And I think some structure around practices, some — this is where I think government really gets very helpful, if there is that both the framework, maybe even for datasets that are available and usable at a sub-county level, that then you in effect are putting some boundaries, best-practice boundaries in how you make that data available.

DR. STEAD: Offering a different kind of scar tissue to this question — I’m responsible for strategy for a large academic medical center, and the operational leaders and the CEOs think that they should be able to ask a question and get a useful answer. And you can’t. You’ve got to engage in a dialogue of how are you going to use this answer, and then work back to what the right method might be, what the right dataset might be, you know this.

So we need to use the larger-scale resources to, one, work out the methods, work out what data can in fact be aggregated in a way that allows it to be used at different granularities, and then we’ve got to have some way of getting the methods out where something like a local agricultural agency can actually engage in the dialogue with the farmer while they’re asking the question. So they’re actually — it takes both sort of in tandem, if we’re going to make this an organic competency of this country.

DR. MAYS: I will give you an example of what the Census does. The Census has what it calls community census groups. So we have one at UCLA, and they are tasked with specifically taking the census data, and they focus specifically on the Asian and other Pacific Islander groups. So what they do is, they produce reports, the community will come to them with questions. The problem is they have very little resources, so they can’t do everything, but it’s a model where that group is able to get access at no cost, and produce things for the community.

MR. HITT: It’s a model we’re very familiar with, certainly one that’s being considered.

DR. STEAD: Well, I want to be respectful of your time; we’ve about reached the witching hour. I think you can tell that you’ve clearly engaged our interest, this is not an end-of-the-day crowd you’re that working with, and so we’ll be glad to keep it that way.

MS. LOVE: I was going to echo what Vickie said, but I also think in other evaluation projects and programs that I’ve been involved with — let me say where I’m coming from. I’ve worked with state datasets and state data for decades. States collect quite a bit of data. But a lot of the projects sometimes that are federally funded, or whatnot, come out with new measures without utilizing the existing data that states have invested in for decades. So whatever evaluation programs should take into account what states have already invested in and the data they already sort of cultivate, and build on those, because adding new measures that can’t be populated just adds cost and confusion and doesn’t mean anything because it’s not comparable.

DR. STEAD: Are we ready to bring this conversation to closure? Anything else from your perch would help or are we good for the day?

MR. HITT: No, I mean, obviously we’re going to continue this conversation.


There are so many other — but no, I think this has really been very helpful, I’ve got the toolkit and the framework, I will enter those into the record so they’ll kind of become part of our analytical compendium, and certainly an open invitation if there are other thoughts, or any of sort of conversation here, particularly I think this issue of the sort of the relationship between the various levels of government and how do you best structure an evaluation that’s taking into account the various data assets that might be available across 50 states, I suspect we’d find more than 50 variations of that.

So how do we — what means — I think the other thing of course is, as you know, as a statistician yourself, is we’re probably going to aim for some things that are explicit, and can be specifically actionable; probably also going to try to aim for some things that are more aspirational and that try to serve a little bit as a North Star because there are going to be lots of things that are simply not achievable just yet, for various policy, political, funding, technology all sorts of various reasons.

So I think that if anyone has further ideas or anything like that, we’d welcome, Rick knows how to get in touch with me, or I’m happy to give anyone else my contact information. Obviously, there’s at least one HHS alum on the commission, Jerry, who’s also brought some of these issues to the table, but I really appreciate your having me over to hear about what you all are working on. The door’s open, at least for about another month and a half or so, until we have to shut the door so we can get the work done.

DR. STEAD: Thank you very much.


MS. HINES: Just to remind you, you have a wonderful form at your place that you need to fill out around your financial disclosure, and make sure you give that to Marietta before you leave tomorrow.

(Whereupon, at 5:35 p.m., the meeting was ended.)