[This Transcript is Unedited]

Department of Health and Human Services

Meeting of

Subcommittee on Privacy, Confidentiality and Security

February 28, 2013

Hubert H. Humphrey Building
200 Independence Ave., SW
Washington, D.C. 20201

Proceedings by:
CASET Associates, Ltd.
Fairfax, Virginia 22030
caset@caset.net

P R O C E E D I N G S (4:20 p.m.)

Agenda Item: Welcome

MS. KLOSS: Can we call the meeting of the Privacy, Confidentiality, and Security Subcommittee to order? I will begin. I am Linda Kloss, co-Chair of the Subcommittee, member of the Full Committee and no conflicts.

DR. GREEN: Larry Green, member of the Full Committee, no conflicts.

DR. BURKE: Jack Burke, member of the Full Committee, member of the Privacy, Confidentiality and Security Subcommittee, no conflicts.

MS. GOSS: Alex Koss, Pennsylvania State HIT Coordinator, Full Committee, Standard Subcommittee, no conflicts.

DR. COHEN: Bruce Cohen, member of the Full Committee, co-chair of the Population Health Subcommittee, on the Privacy committee, no conflicts.

DR. TANG: Paul Tang, member of the Full Committee and Privacy Committee, no conflicts.

DR. FRANCIS: Leslie Francis, member of the Full Committee, co-chair of this Subcommittee, and member of the Population Subcommittee and no conflicts.

DR. SUAREZ: I am Walter Suarez, member of the Subcommittee, and no conflicts.

DR. CORNELIUS: Llewellyn Cornelius, member of the Full Committee, no conflicts.

DR. STEAD: Bill Stead, member of the Full Committee, no conflicts.

DR. BLEWETT: Lyn Blewett, member of the Full Committee, no conflicts.

MS. KLOSS: We particularly welcome those of you who are members of the Full Committee but haven’t declared a subcommittee. I will reinforce Leslie’s invitation to join this sub-committee. Who do we have on the phone? I think we have Sally.

MS. MILAM: Hi, this is Sallie Milam, member of the Full Committee, member of the Privacy Subcommittee and co-chair of Populations.

MS. HORLICK: This is Gail Horlick, CDC, staff to this committee.

MS. CHAPPER: This is Amy Chapper, staff to the subcommittee.

MS. BERNSTEIN: Maya Bernstein, I am the privacy advocate of the Department and the lead staff to this Subcommittee.

(Introduction of Guests)

DR. FRANCIS: We welcome our audience. Maybe we will have a moment for them later on.

MS. KLOSS: I think we have two things we need to get done today. As a subcommittee, we need to think about the questions that we want included in the request for information to support the themes that Leslie reviewed with you earlier. There is a draft of these. We need to be prepared to make our recommendations on behalf of our sub-committee to the Populations sub-committee in the morning. Not that we can’t be collaborative and discuss the whole thing here today and continue that discussion in the morning. That is one task.

The second task that we had in mind for this meeting is just to review the draft agenda for the hearing, not, perhaps, so much to tweak the layout of the meeting, although, we will welcome those topics, but more to consider who needs to be — who do we think should be on the list to be invited?

I think in terms of proceeding, if we could just sort of take the first 15 minutes for the questions and kind of get your input on that. No wordsmithing, but are these on the right track? What are your suggestions? Then we will turn our attention towards the agenda so that we have recommendations to contribute to the joint meeting that will continue in the morning with Populations.

What is up is just the draft intro. I think we can scroll through the introduction that will set up this request for information. Can everyone see it? Is it large enough?

DR. COHEN: I guess, Linda, do you want to focus on the section — I guess there are four different sections. It might make sense to scroll down to the —

DR. FRANCIS: That is what we are trying to do.

DR. COHEN: Okay. We will discuss these other sections tomorrow around data access, tools, and then the third section focuses on privacy and stewardship.

DR. FRANCIS: Maybe we should say just right out, initially, I sent around a couple of suggestions to Bruce that, instead of using what is not actually the HIPAA definition of de-identified data, we should just ask them what types of data, give a list of types of data they collect, use, and allow release of. The types I could think of that it would be enormously helpful to get other ideas about would be fully anonymous data — whatever that means to people — HIPAA de-identified data, limited data sets, identifying information, and then whatever else.

DR. COHEN: That is fine. It would be — does that mean you want to eliminate some questions or the response categories?

DR. FRANCIS: No. I just want which types of data do you currently — and then it could be collect, receive, or allow others access to? Then we would list the types of data and just have check boxes for each of those.

DR. COHEN: That is fine. How would that work in the context of —

DR. FRANCIS: So we would have two columns. Well, we would have columns and rows. I guess it would be three columns. It would be collect, receive, allow others to use. Then down on the side we would list anonymous data, HIPAA de-identified data, HIPAA limited data set.

MS. KLOSS: I think, though, that there are earlier questions under the category of data types. We have kind of structured this to be in four chunks. That sounds like it begins to integrate the chunks, which may be okay.

DR. FRANCIS: The reason for doing it that way is that — at least my reasoning and I would love to hear other’s views is that part of what we want to know is whether — what people are working with because that changes the stewardship questions.

MS. MILAM: I am having a little bit of trouble following. I want to give you a reaction. I am following a draft of questions that Bruce sent me earlier. I tried to get on the live webinar, but it is saying that NCVHS host hasn’t arrived so I can’t follow anything by webinar. I am looking at older questions, but I am wondering — and I missed a little of the discussion because of trying to get to the right version, but I am wondering for communities that receive data from state government, maybe the feds, and others that are not in the HIPAA category, sometimes we call it a research data set. We don’t use the HIPAA of limited data set.

We will give more granular data to researchers who meet certain requirements. We differentiate between like a public use file and a research data set. At least from where I am sitting, it might be helpful to understand which of those they are getting if it is from the state.

DR. FRANCIS: That would be very useful.

MS. BERNSTEIN: There is no webinar, first of all, for this meeting, which is why you can’t get on. We are on page four of a draft that was marked February 27th¬†that says Privacy Stewardship at the top of that page.

DR. COHEN: Sally, we are right before question 18a, right after the introduction of de-identifying data, the definition.

MS. MILAM: Thank you. I think I am in the right place then.

DR. COHEN: This has to do with Sally’s comment. I just don’t know how many community groups are going to understand what HIPAA de-identified means and HIPAA limited data set means. Anonymous, perhaps, but still that is not really clear. If there were terms that were more relevant like — you know, I think public use data is something that most communities would understand. I don’t know whether communities would understand research data. I am struggling — I think what you are trying to do is great, but I don’t know how to explain it so the communities understand it.

DR. FRANCIS: That is why we wanted to get a sense of what —

MR. BURKE: What if we translate it into English, those phrases, like HIPAA de-identified or limited data set and avoid the regulatory labeling and apply the English?

MS. MILAM: Or maybe ask them who gave them the data and what was the name of the document that they signed. We would have to do the crosswalk, but it would be easier for maybe the recipient of the survey.

PARTICIPANT: They may have experience with multiple types of data.

MS. BERNSTEIN: What is it we are trying to get out of this question? What are we trying to learn from this?

DR. FRANCIS: What I was trying to learn — we could talk more about this, but to find out the extent to which they have or allow others to use data that people might be identified from.

MS. BERNSTEIN: That might be identifiable in some way?

DR. FRANCIS: Yes.

DR. COHEN: So should we say, you know, data with no individual identifiers? I don’t know how we put — what is HIPAA de-identified — list the 18 specific — but they won’t understand what those 18 are unless we listed them specifically.

MS. BERNSTEIN: What you really want to know, perhaps, is are they obtaining data from a covered entity that is actually complying with HIPAA?

DR. COHEN: Good luck with that.

MS. BERNSTEIN: Right. Or you could say are you getting it from a healthcare provider or a plan? Basically, they are not going to be thinking about the third category — clearinghouses. They are unlikely to be getting anything from a clearinghouse.

MR. BURKE: The point is they may not be able to recognize what we want them to recognize. If you don’t recognize it, then that is the answer.

MS. KLOSS: So you are suggestion of putting it in English language and perhaps having fewer options and then giving people — I don’t know.

MR. BURKE: The most coarse options are data that allows you to identify a particular person or data that prevents you from re-identifying a particular person.

DR. CORNELIUS: Almost there. Plain English. It is beautiful that we are all talking. All of us are here. If we are going to the community, really plain English. We are getting there, but that is not going to work.

DR. BLEWETT: I am wondering if you could say what kind of data do you collect, like vaccination data, and at what level do you collect it at? At the individual? At the community level? At the state level? Then you would at least know if they have — it could be another example. You probably can’t get individual level data, but there might be another example where they could.

DR. COHEN: I apologize. Most of you haven’t seen the previous versions of this instrument. Before we get to this point, we ask about what data folks collect and what data folks use. We have a sense of whether they use state data or local government data or data that they get from the Feds. We have a general sense of the categories of data that they use. We ask them whether they collect data, themselves, directly, or whether they do focus groups and stuff like that.

This is trying to get, I think, more of a focus on some of the privacy related issues for the data. Again, I am struggling.

DR. GREEN: Again, for the new folks, it will be really helpful to review the stewardship framework report and the Communities as a Learning Health System report. The thing I really want to orient here is it is very important to not be presumptuous about the sophistication of the community. We heard from and we have written up examples of extraordinarily sophisticated people who are trying to get this done. They would understand all of these questions. We also heard from people that won’t understand these questions.

There is this variability and range of communities that this is relevant to. I just don’t think we should presume that these communities are not going to understand a lot of this stuff. Just as well as we should not presume that they automatically will.

DR. TANG: So maybe it is just being up front and asking them do you collect or store information that identifies an individual? Do you collect information that can be used to re-identify individuals and then put, e.g. data of birth, address, phone number, e-mail? We will start knowing whether they have identifiable or re-identifiable information. I think that is what you want. Right?

DR. MAYS: I think there is a version with this. That is why I guess I am being a little confused. There is stuff already in an earlier version because I remember writing it about — it defines what de-identified is. We put things in there. That is why I am confused because we made it very plain.

DR. COHEN: This is the latest version.

DR. FRANCIS: I think you may be referring to the question right before. I was concerned about the definition of de-identified. Basically, you are telling people that people couldn’t be identified. It sort of slants the question.

MS. BERNSTEIN: Could you just ask people are you aware of whether you collect HIPAA relevant data or non-HIPAA data and just branch from there? If somebody is aware that they know their data is covered, then that is something you know. Otherwise, you can explain it to them in some other way or you can — I don’t know.

MS. KLOSS: Let’s scroll down and let’s see what other questions are in this section.

DR. FRANCIS: The other question about all of this is that these are people who are not only collecting and using data, but they are also people who might allow others access to data. We need to try to get at that.

DR. SUAREZ: I have my card up for that point. I think really there is a collect/receive for internal use and then there — I mean use, in general — and then there is the disclosure or release of information. I am not sure where or how it is covered here. The question, page two at the tops say, the question about data access and use. It seems like this all applies to only data being captured, collected, received, or used.

Access could imply — this is where access becomes so confusing because access can mean access by internal staff and that is a use and then there is access from external entities or staff, people, and that would be a disclosure. It doesn’t matter if the entity is covered or not. It is simply a disclosure. It is releasing the data to —

MS. BERNSTEIN: Access is a bad word. I agree. We could use disclosure, attain from other sources, release, other words.

DR. SUAREZ: Then the next — in my mind, the next question would be can this be — can the question be really aligned to separate the two —

MS. KLOSS: Walter, which question are you on now?

DR. SUAREZ: I am looking at the overall document. Just conceptually, if the question can be tailored to use because question three and a number of other questions do use the word use. What data do you currently use? If there is some alignment of the question that deals with the use part and then there is a question that deals with the release, in the context of de-identification. That would be one suggestion I guess I have is really to align those.

DR. COHEN: Can I respond first? Thanks. This will be discussed tomorrow morning. Probably, we should have had that discussion before this discussion. The first sections of the questionnaire around data use and analytic tools is not focused on stewardship, but more to get a sense of what communities use and what the gaps are and if they do collect data, how they go about collecting it, and where do they think government can help them with getting data and resources and tools. Those are the first two sections that are on pages two to three.

Then, in four, we try to hone in on issues around privacy. If we try to integrate — we had several other versions where we tried to do it all at once. It just became too confusing for an online data feedback form. We tried to make the questions simpler and more straight forward.

DR. SUAREZ: It sounds — now that I understand that, it sounds good. Then the part that I guess I might be missing from not the privacy side, but the use and analytic part is data that is being released or disclosed to the community.

DR. COHEN: That is a good point. We don’t ask whether we can add a question. You can bring that up tomorrow morning. But add a question that says do you provide data to others? If so, then how? That is something we didn’t consider. I think that is a great addition.

MS. KLOSS: So back to question — back to page four, we are going to rearrange that initial question and use —

MS. MILAM: Linda, this is Sally. Can I suggest another idea?

MS. KLOSS: Of course.

MS. MILAM: I am wondering, since some of these folks may not be aware of the — they might be aware of the concepts, but not the specific controls that we would use to identify a mature stewardship program or even a light weight one. I am wondering if we could just pull out a few of the absolute controls — I am thinking of security controls — that would — we can ask folks’ familiarity about them or how they identify and how they would address them so that we could get a feel for where they might need guidance. They might not even be familiar with the term.

DR. FRANCIS: Are you thinking — this is Leslie. Are you thinking, for example, the question do you encrypt data?

MS. MILAM: Yes. I was thinking about encryption of data at rest. They probably are not emailing this stuff. Well, maybe motion is relevant, too, but I am also thinking of document destruction. What do they do when a project is done? How do they destroy it in a secure manner? Do they have any role-based access? Can any researcher access? You know, just kind of going through the basic controls that would need to be in place regardless of the data and kind of almost regardless of who they are.

DR. FRANCIS: So we were — when Linda and I were talking earlier, we were talking — this was partly stimulated by some suggestions from Nancy Breen — that we might want to ask about do you have certain kinds of processes? Do you have a process for establishing data use agreements? Do you have — we could list maybe five or six things we would be interested in.

MS. KLOSS: I think our idea was not to be exhaustive across all elements of the stewardship framework, but select out and focus on those four as good indicators.

MS. MILAM: Yes. Take their temperature.

MS. KLOSS: Yes. I think that would be a very straight forward way to do it. Let’s just look at question 19. Again, we will have to plug in the same terms here. Is that all right if we use the same terms that we would be using in 18?

DR. FRANCIS: I think it should be parallel for the data you get from other sources, the data you collect, and the data you let others have access to. Release was the term Jack liked.

MS. KLOSS: And then it seems to me that questions 20, 21, and 22, we could replace with this short list of processes. Do you have processes in place for — and that is it. That is the bundle of privacy.

DR. BLEWETT: I just have a question. If they are giving their name and organization and there is some type of HIPAA or privacy violation, do you have some kind of duty to report? I would be very cautious about —

MS. BERNSTEIN: So what are the chances that we are actually getting responses from an entity that is a covered entity? It would have to be a provider or a plan, probably not. It is possible they are a public health entity, which is also a covered provider, but probably not. These are probably entities that are obtaining data from other covered entities. Are they going to be business associates? Maybe, but probably not. If they were, they would probably know.

DR. MAYS: I am not quite sure why we would have the burden of reporting that. What Marjorie said is that — I thought we were kind of sending this out in our day jobs, not NCVHS.

MS. BERNSTEIN: If someone from the Office for Civil Rights should get a hold of the data, they might have an obligation to investigate anything that they thought might be a violation. I don’t work in that office, but there are people who sit on the Committee as liaisons who do sit in those offices and have that work.

The Department is a regulator. It is going to come to the Department somehow even though it has been collected by this committee. The Committee is going to use it if someone at the Department were to come across data like that.

DR. COHEN: I don’t think we are going to be collecting the data in the new format that would be able for us to positively say that it is a HIPAA violation. I don’t think that is going to be an issue.

MS. KLOSS: We will look at the final draft, though, from that perspective.

DR. COHEN: We should.

DR. FRANCIS: We also have to make sure that it is not human subjects research.

DR. COHEN: This is an evaluation. This is feedback. This is not research. I thought we were clear on that.

DR. FRANCIS: I was just making sure.

DR. BLEWETT: But for the entities who fill this out that might be doing research. I have been in university where it has been so pounded in my — HIPAA and IRB.

MS. BERNSTEIN: But as a respondent to a study. They are not conducting a study.

DR. BLEWETT: They might be reporting on research they do that they don’t have institutional review for.

MS. BERNSTEIN: We are not asking them that. Are we? We are not going to ask about that. It is okay.

DR. COHEN: It is a reasonable question to ask. We should review this to make sure there is nothing that we are — information that we obtained is not information that we feel is actionable in any other way. I think we can craft this so that is the case.

MS. KLOSS: Okay. That was our task one — to give input on this cluster of questions. Task two is to talk about who we would invite to the hearing and in what capacity? I think it would be helpful if you pulled up the draft agenda.

DR. COHEN: Could you make sure that — Tammara has been keeping our final version. She is going to put it into —

MS. BERNSTEIN: I saved a new file with a new name there.

DR. COHEN: Just make sure that Debbie and Tammara have that.

DR. FRANCIS: Maybe it would be helpful to think about this in terms of topic areas and going back to the set of questions — the last four stewardship issues in the slide that we presented a little while ago. The first one of those was transparency and choice.

I don’t know if we have thoughts about who might be useful participants to discuss the questions about how community groups make known to folks about what data collection activities they are engaged in, but it is not revealing the actual data, but revealing what are some practices about how you let the community know what data collection and use activities are going on so people don’t feel blindsided and loose trust in the way, for example, they did about newborn blood spot data uses and retention in states like Texas and Minnesota?

MS. KLOSS: Let’s just take a couple minutes just to do a quick review of the agenda so you get a sense for the framework of the meeting. Then we will return to the question of critical invitees.

We start day one and do quite a brief overview of the community report and the stewardship letter, the most recent committee work on this topic. Then we movie to framing the major issues, the major themes of the meeting.

DR. FRANCIS: Before the brief review of the issues, that is where we would raise the more general stewardship issues and the ones that we are focusing on, which you heard in that slide.

MS. KLOSS: And then framing the issues — how do communities collect and compile data? How do communities use data and incorporate them into priority setting and decision making? How do we promote information enabled, community driven change?

DR. GREEN: Those strike me as being excellent questions that basically frame the letter you are going to write.

MS. KLOSS: Probably.

DR. FRANCIS: They frame the use side of it, but they don’t frame the stewardship side of it. The way I was seeing those first two, if you go back to — basically, the 9:50 is framing the privacy issues and the next one is framing the data use needs.

MS. KLOSS: Well I don’t think that is the way we structured in the agenda. We thought 9:30-9:50 was the high level summary of the Community as a Learning Health System report. 9:50-10:10 was the stewardship framework letter. The two major work products would be briefed.

Framing the issues — and maybe that needs to be tweaked. I know these issues have been through a few iterations. That really sets up the rest of the meeting because we create the breakouts around those major themes. I think number three got a little broader. How do we promote information enabled, community driven change? I think in an earlier iteration, we had one of these kind of focusing more on privacy. Then we re-thought, no, privacy issues need to come out under each of them. We don’t want one of the three questions zeroing in on privacy. It will be threaded in if that makes sense.

DR. COHEN: I totally agree. If you scroll down, each of these three questions has a set of sub-questions to guide the discussion in more detail. I think here is where, if we are missing any focus on privacy and stewardship and confidentiality, we should add those to the list of sub-questions that help direct the discussion.

MS. KLOSS: So just to finish the overview, we would go from that background, framing the major themes, and then tee up with speakers who would address some of the major issues for theme one. Then, immediately after lunch on day one, we would go into breakout number one. We would ask the breakout group, then, to discuss the sub-questions. Does that make sense?

We report out. We follow that same process. We have a theme level presentation and then break out. We do that three times.

DR. SUAREZ: Are there any parameters for breaking out the group in terms of the attendees?

MS. KLOSS: Our thinking was that those groups should be very much interdisciplinary or represent —

MS. BERNSTEIN: We talked about assigning people to different groups.

MS. KLOSS: Pre-assigning.

DR. SUAREZ: Either pre-assign or — I assume that people that are being broken down into different groups are the presenters, the testifiers?

MS. GREENBERG: Some of them.

DR. SUAREZ: Some of them are and then who else?

DR. COHEN: The attendees. The invitees.

DR. SUAREZ: Okay. This is not just testifiers. This is a roundtable.

MS. BERNSTEIN: As I understand, we would assign a facilitator for each of those breakouts. We would hand pick from among the people that we know are attending, as you say, an interdisciplinary group of people for each breakout so we would get different perspectives in each room.

DR. SUAREZ: That is what I was talking about.

MS. BERNSTEIN: Smaller groups would —

MS. KLOSS: Ensure that everybody had a chance to contribute even though we are going to have three groups discussing the same set of questions and then come back together.

MS. GREENBERG: One thing I don’t know if you have thought about or if we have discussed is since, of course, this is going to be an open meeting and those whom we didn’t specifically recruit or invite will — hopefully, there will be others who attend. I assume they can participate in the breakouts. We haven’t really done that before except for maybe at an Executive Sub-committee meeting. It is going to be interesting.

MS. BERNSTEIN: Did you mean participate or observe, Marjorie? Normally, the people who are not specifically invited can be observers and we leave an open time for them to talk during the meeting.

MS. GREENBERG: That is the question.

DR. COHEN: Our thought was this is a workshop and not a hearing. The idea is whoever shows up gets to participate as fully — as fully as everyone else.

MS. GREENBERG: I think we have to work on the ground rules for the facilitators. We wouldn’t want somebody who really wasn’t — God knows why reason is there, but to dominate. That is what a facilitator does is make sure that everybody gets —

MS. BERNSTEIN: Marjorie, can you just correct me if I am wrong about this, but as I understand it, the Sub-committee meetings, even though we choose to open those meetings are not required under FACA to be open. Is that correct?

MS. GREENBERG: We have always opened sub-committee meetings. I will say I know there are new rules being considered from CDC that would — the sub-committees used to all be covered by all the FACA rules, then they weren’t. They may be again. I don’t know at what time that will happen. We have always done so. It gives us a little more flexibility if we don’t have a quorum or something.

MS. KLOSS: I think that we should take this part of facilitator guidelines and think about how that gets managed in a way that taps anybody who wants to sit through two and half days of this particular meeting. If they have something pressing to say, I would be interested to hear it.

MS. BERNSTEIN: Also, we are not actually making any decisions for the Committee at this point.

MS. GREENBERG: No. Everything is just reported back to the Full Committee.

MS. KLOSS: All right, let’s go back to the question. If you were to — this is theme one — who should be invited? This is an invitational roundtable.

DR. TANG: Is the main difference between this workshop and what we did before —

MS. BERNSTEIN: Could you talk into the mic, Paul, so Sally can hear you on the phone?

DR. TANG: Is the main difference between the hearing that we had before with Boone County, et cetera, and this that we are casting a wider net and having a workshop-like experience? Is that it?

DR. FRANCIS: I thought we were also going to try to specifically identify some exemplary cases. If you go back to the recommendations that we made in the stewardship letter, the recommendations included figuring out what were some good examples, use cases, addressing specific stewardship issues.

The stewardship issues that we had agreed to focus on were the transparency and openness one, the issues about data use agreements and how they are used and enforced. Are there follow up mechanisms? Are they effective? Are they in widespread use? Because if data then get released, are there protections in place so that they don’t get used in ways that would be problematic?

We were also going to be looking at what we might be able to find out that could be helpful to communities that face the issues of small groups or data mash up re-identification risks. We pulled that list from the elements of the stewardship framework. For example, at least my own suggestions that I came — there was also the accountability point. Sally has made some suggestions about people who might be very useful security experts who could try to help communities figure out what they should be doing or need to be doing depending on what kind of data they have about security.

There are some very good people about re-identification questions depending on what sorts of data are included. We heard, for example, at the last Full Committee meeting from Collette. Somebody of that ilk — he would be wonderful if he is available. That is just some starters.

DR. COHEN: To answer your question, yes. I see this as a logical next step. I wasn’t involved in that initial hearing. Times have changed somewhat, but this is to drill down more deeply and to develop, I think, more actionable recommendations about the space we can be in, in terms of recommendations from this committee to the Secretary and creating these general models of how communities are doing things well.

I think, to some extent, this is a follow up on what we are doing. We will also have communities and I think we are going to have folks who provide data to communities, too, to get their perspective. The net is slightly different, but it is really building, I think, on the work from the CLS report.

DR. TANG: A couple of suggestions. One is beacon communities. They were picked and know that they need to share their information. Another one is Rochester, New York, which is quite a close — they are a really good example of a partnership between employers and healthcare providers, including a real bit on how to improve the health of a community. They distributed pedometers to the entire — they do a lot of things. They obviously have data that they have to track. Those are a couple of suggestions.

DR. COHEN: If anybody has specific communities, whom you think we should invite to participate, that would be incredibly helpful. If any of you have names of specific speakers, who you feel will help energize these discussions, that would be incredibly helpful as well.

DR. SUAREZ: I believe I sent you a list.

MS. BERNSTEIN: If you sent it, I got it. I am collecting a group of them. It has been a while since I looked at it.

DR. COHEN: I don’t know if I have seen it if you could send it to me or report it to me.

MS. BERNSTEIN: We have to compile that list. People have been sending various things in.

DR. GREEN: That was a two part question. I have a response to both parts. This is probably redundant. The 14 communities that we highlighted in the previous report, your judgment about those that seemed to be in a position where you would like to know what is happening in the last couple of years or so, that is likely to be a really high yield part of the community. Find one or two of those.

My other one is related to the second part of the question about people who are working with communities to do this. There is a web-based, publicly available mapping tool developed by the Cincinnati Health Foundation in partnership with several people. This is an online tool that I know is being used by multiple communities. An expert with that actually lives in Washington would not require traveling. His name is Andrew Bazemore.

I just checked their purposes and everything. It aligns with a lot of the stuff that has been on the screen. I will give you the details of that. That is a person who could advise about how to mash up data and express it in a way communities can understand and can use it either to define a problem or to track a problem.

MS. BERNSTEIN: We like DC people, although, we want to look through the whole country. If people are from DC and we don’t have to travel them or in close area on the East Coast, it is not as if we don’t want to have the West Coast people come. We have had people, obviously, from out West before.

DR. KLOSS: Any other suggestions?

DR. STEAD: Would you be interested in one of the people that run the community boards for one of the Clinical and Translational Science Award sites? CTSA, Clinical and Translational Science Awards, they have — at least, ours has a quite robust community board that actually drives a lot of interaction between the more health services research part and the community. I think it is an important thing to link into this probably, even though it is more research based.

MS. BERNSTEIN: In fact, I think what we ran into in the April hearing was there was a meeting of these translational science folks at the same time in Washington, DC, that we were having our meeting and we couldn’t get any of them to come. Only one or two could come.

DR. FRANCIS: And they were terrific. We got some folks from — in April, we had some folks from the various programs, one of them at Vanderbilt, one of them at the University of Washington, one of them at the Mayo Clinic, that are involved in trying to figure out bio banking and how to engage communities in bio banking policies.

DR. STEAD: What I am thinking about is actually the community leader of one of these things, not, in our case, the Vanderbilt person.

MS. BERNSTEIN: That would be great. We tried to get a couple of those and for various reasons we had trouble, but that is exactly, I think, the kind of person we would like to get. If you have particular suggestions of dynamic and interesting people of that sort —

DR. STEAD: I know how to get that.

DR. COHEN: Actually, what would be good — you know, we want these people in attendance for their input. We are also trying to come up with a list of speakers. If you have names of organizations or people you want involved, if you could indicate that you think they would be good as a participant, overall, in the discussion, or as one of the eight experts that will help frame the discussions. That would be great if you could let us know.

MS. BERNSTEIN: Often what we will do if we have names of organizations is we will just go and have them give us whoever their representative is that is representing their organization. That works, too.

MS. KLOSS: Other suggestion? We have a list that you have been accumulating. With that compiled, add these suggestions to it and then we will merge it with the Population Health invitee list. We will probably need to have — we really need to get this done. The invitations need to be going out. Can we do the compilation?

DR. JACKSON: I know Maya is usually the stickler on trying to get information as early as possible because, as you know, in putting these things together — and Standards does it in its sleep — you go through a whole first layer of people you really, really want, and then you go to your really want, and then you want, and then get what you can get. Now that you have lines of participation, people in the audience that you want to hear from, they are at a different level of participation than your speakers. It adds a whole — more complexity.

As far as support, people who are in the nearby area, it would be great to get them because there is a limit to support. There are a lot of factors to consider. As soon as you can get your list of who you really, really, really want, then we can start going from there.

DR. COHEN: I also see Bill sitting quietly in the back. I want some folks from the Data Workgroup, too. I think this is a space that they will want to be in as well. Maybe we can talk about that tomorrow afternoon.

DR. FRANCIS: I want to make sure we bring back up — if it is okay with people — that list of issues we wanted to be highlighting, just to think about whether we know of people who might be particularly useful to remind ourselves of those. One of them was transparency and accountability. I, myself, don’t know what communities are doing to publicize their work with data.

MS. KLOSS: Perhaps we can look at the list of individuals who have participated in some of the HIE governance work.

DR. FRANCIS: Go to the last slide on that. I just wanted to bring that up for people because what I was hoping was that that would trigger particular names or groups. Somebody who might be particularly experienced in the use of data use agreements by communities. Somebody who might be — that is somebody who could be an expert.

MS. KLOSS: Well I think we go to the HIE world.

DR. COHEN: There might be a couple people I can think of.

MS. KLOSS: The data use agreements, we thought that maybe one of the avenues to find some expert there are the HIE Governance.

MS. GOSS: The whole topic of DRSAs is pretty important issue when you think about the volume of federated data exchange that is going to be happening. I know from the Commonwealth of Pennsylvania perspective, we have done tremendous work to create harmonization across our organizations. We would have a standardized form and we have tried to leverage the federal DRSA efforts.

MS. KLOSS: So if you were to say who are the top two or three experts in that area in the country, who would be top of mind?

MS. GOSS: I am thinking very Pennsylvania specific, John Houston.

DR. KLOSS: We have never heard of that guy. We don’t know that guy. That is funny.

DR. FRANCIS: John would be good. John would be very good on security issues, too.

MS. GOSS: What about calling somebody at HealtheWay and asking them how they are trying to leverage the CONNECT infrastructure with FHA and what they are going to do as a non-profit and how to get them into the conversation because they are going to have to get a lot of people from an interstate perspective to play nicely on that topic.

DR. SUAREZ: I was going to ask if you have considered — maybe it is a name that has been mentioned before, but community based participatory research organizations. Community based participatory research, I think in several states where they operate, I think they are the kind of organizations that have this, conceptually, this idea of openness and transparency and community driven direction.

Community based participatory research is the name of the category of organizations. There is a whole bunch of them. There is a group that is out there that would be very valuable to bring in.

MS. BERNSTEIN: We heard from some of them at the last hearing.

MS. KLOSS: I think we should look back at the list of the last April hearing.

DR. COHEN: Elmer Freeman, he is at CCHERS, Center for Community Health — CCHERS. It is a participatory research center at Northeastern University.

MS. BERNSTEIN: We talked to him. He was here, right?

DR. COHEN: I put you in touch with him, but he wasn’t available. I think he would be — he is really good in that area. The other person I remember I hooked you up with, I think, was — did I hook you up with Susan Cashman? She is at UMASS. I know the other commonwealth.

MS. BERNSTEIN: She got us two people from Maine because she couldn’t be there, as I recall.

DR. COHEN: She would be another person who has a really nice overview of how this all fits together.

(Side talks)

DR. COHEN: Who is compiling these lists?

MS. BERNSTEIN: I am.

DR. COHEN: Is Kasee or Tammara compiling as well? I don’t know how we are doing this, Debbie, since this is joint.

DR. JACKSON: It is kind of joint. We will work it off line.

MS. BERNSTEIN: The two of us will coordinate.

DR. JACKSON: I think for now, Maya is the go-to.

MS. KLOSS: Any other suggestions?

MR. SOONTHORNSIMA: Over the years, lots and lots of communities received AHRQ grants. I am not sure they would be a good source looking at large and small communities because that is a grass root level you are trying to get to, not the huge, huge research. Just a thought. For example, in New Orleans, there is LPHI, Louisiana Public Health Institute. They do lots and lots of work with community access as well as some research. That is just one. There are lots and lots of them that get grants from AHRQ.

DR. GREEN: I have a question for Ob. It relates to your role in BlueCross BlueShield. There are a number of states that have experimented with all payer data pools of some sort. I know there are some communities that have tried to go to those payers to collaborate with them to use claims data in their community based work. Do you know anything about that?

DR. FRANCIS: For example, the Utah beacon community is specifically using the Utah payer claims database for diabetes research.

DR. GREEN: Is that in scope?

DR. FRANCIS: If we are looking for beacon communities, that is a perfect example of where an all payer claims database has been used.

MR: SOONTHORNSIMA: That is relevant. Of course, there are disparate arrangements across the country.

DR. GREEN: There are questions about what does it take? What are the problems? What would it take to do it? It seems to me like that is further down.

MR. SOONTHORNSIMA: So AHRQ and CVE, Chartered Value Exchange — remember them? Under the previous administration? I am not sure they are still around. I get emails all the time that belong to them.

DR. KLOSS: They are still active.

MR. SOONTHORNSIMA: I am not sure how active, but some of them are doing community outreach, research work.

MS. BERNSTEIN: Are they here? Where are they based?

MR. SOONTHORNSIMA: I think they could be funded by AHRQ. I am not sure.

MS. KLOSS: Are we ready to adjourn and to be continued? We will pick back up here at 8 o’clock in the morning.

(Whereupon, the meeting adjourned at 5:25 PM)