[This Transcript is Unedited]

Department of Health and Human Services

Meeting of

Subcommittee on Standards

February 28, 2013

Hubert H. Humphrey Building
200 Independence Ave., SW
Washington, D.C. 20201

Proceedings by:
CASET Associates, Ltd.
Fairfax, Virginia 22030

P R O C E E D I N G S (3:15 p.m.)

Agenda Item: Welcome

DR. SUAREZ: Okay, we are going to get started with our subcommittee on Standards so good afternoon everyone. My name is Walter Suarez. I’m one of the Co-chairs of the Subcommittee on Standards. I’m with Kaiser Permanente and also a member of the Full committee and I don’t have any conflicts.

MR. SOONTHORNSIMA: Ob Soonthornsima, Co-Chair of the Subcommittee, member of the Full Committee, no conflicts.

DR. SORACE: Jim Sorace, ASPE, staff to the committee.

DR. SCANLON: Bill Scanlon, National Policy Forum, member of the Subcommittee, no conflicts.

MR. CORNELIUS: Llewellyn Cornelius member of the Full Committee, no conflicts.

MR. LEVIN: Randy Levin, Food and Drug Administration, staff to the Subcommittee.

(Introductions around room)

DR. CHANDERRAJ: Raj Chanderraj, member of the Standards Subcommittee and member of the Full Committee, no conflicts.

DR. FITZMAURICE: Michael Fitzmaurice, Agency for Health Care Research and Quality, liaison to the Full Committee, staff to the Subcommittee on Standards.

MS. KOSS: Alexander Koss, Pennsylvania State HIT Coordinator, Full Committee, Standard Subcommittee, and no conflicts.

DR. COHEN: Bruce Cohen, member of the Full Committee, no conflicts.

MS. KLOSS: Linda Kloss, member of the Full Committee and the Subcommittee, no conflicts.

MS. WILLIAMSON: Michelle Williamson, CDC National Center for Health Statistics, and staff to the Subcommittee.

DR. SUAREZ: I think we have someone on the phone. Can you introduce yourself? I do have one speaker I believe that was going to dial in but we will see about that.

Well thank you so much, this is just as a way of background. Our committee never sleeps like New York City. We are in addition to the work that we describe and discuss and talked about yesterday and this afternoon at the Full Committee, out of the Roundtable that we had last November, there was a series of topics I think that people identified that the Subcommittee should be considering. A couple of those topics relate to the ones that we are going to be covering today.

So we divided the agenda into two parts, the first part is going to be an informational items for the Subcommittee at this point. We will have an opportunity to listen to the presentations and have some questions and discussions with the presenters. One of the topics is on ID cards and Smartcard, so we will hear about those and where things are from the perspectives of the two presenters. Then we will also hear on one NDC issue, the National Drug Code issue that has been brought to the attention of the Subcommittee, and we will talk about once we finish the first part.

Because of the time, I think we are going to try to reduce each of the topics to about 20 minutes, and I apologize and have asked to the testifiers, we are going to try to wrap-up around four o’clock or shortly after. We might get a 10-minute indulgence postpone of the next meeting which is Privacy Subcommittee. Without any further ado, I think I am going to turn it to the presenters on the Smartcard and health ID card. I think we are going to first hear from – Kelly is it you?

MR. SCHOLNICK: Thank you for inviting AARP to participate in today’s discussion. I am Andrew Scholnick, Senior Legislative Representative with AARP Government Affairs Team. We greatly appreciate the Committee’s interest in the Medicare Beneficiary’s perspective as it considers technology that can have a tremendous impact on the Medicare program.

Use of Smart Card technology in healthcare is consistent with two of our key priorities. Strengthening Medicare for current and future Beneficiaries and safeguarding older Americans’ sensitive information. Smart Cards have the potential to simplify administrative burdens, reduce waste and abuse, and protect Beneficiaries from identity theft. In turn, this technology could give Beneficiaries great peace of mind as well as save Medicare billions of dollars.

People new to Medicare are often shocked to learn that the ID number displayed on the Medicare card is identical to their social security number. After all, we are constantly warned not to carry our social security numbers around with us, but the Medicare ID is more than an identifier, it is proof of insurance. Beneficiaries need to show their Medicare card at the doctor’s office and the hospital in order to have Medicare pay for treatment.

If a card is lost or stolen a criminal can use that number to get other personal information about the beneficiary and commit identify theft. Because of this threat, AARP suggests Beneficiaries carry a photo copy of the Medicare card with the numbers partially obscured instead of the actual card. However, a paper facsimile is a poor substitute for a more secure Medicare identification card. The Social Security Administration and the Centers for Medicare and Medicaid Services have both recommended changes. A Presidential Commission even raised this issue in 2007. Moreover, several pieces of legislation have been introduced in Congress that would remove social security numbers from Medicare cards. In fact, this December Congress signaled its desire to remove numbers from Medicare cards as well as to research Smart Cards when the House of Representatives passed H.R. 1509, the Medicare Identity Theft Prevention Act for 2012.

A variety of scenarios has been proposed to make it harder to steal social security numbers from Medicare cards. These include establishing an entirely different Beneficiary Identification number system, only partial displaying the ID number on the card and embedding the ID number in the card rather than having it visibly displayed. However, despite agreement that there is a problem, little action has been taken. Changing the current system would require a significant investment.

For instance, CMS estimates it would cost at least $800 Million and take five years to issue new numbers and change the cards currently used by more than 52 Million people with Medicare. Also, doctors and healthcare providers across the nation would have to update their systems.

AARP believes that given the risk, this is a worthy investment to make and such an investment in our Medicare infrastructure should be made with an eye on the future. Any new system should leverage advancements in electronic health records, facilitate data collection, and improve efficiency. We believe smart cards have significant potential and could be a viable replacement for the current Medicare card. As such, we supported its further research and testing.

First, Smart Cards protect beneficiaries by removing the identification number from the front of the card and securely storing it in the microchip. This and other sensitive information would only be accessible by an authorized user. Some estimate put the cost of Medicare and proper payments at close to $50 billion each year. Verifying authorized beneficiaries using Smart Card technology would greatly reduce improper billing and could yield substantial savings to Medicare and other public and commercial health plans.

Second, Smart Cards have the capacity to do more than just identify the beneficiary. Given the continued absence of widespread interoperable electronic health records, Smart Cards provide another means of sharing information and in full control of the patient. For example, an individual would be able to share information in an emergency when her doctor cannot be reached, or have up-to-date information about the prescription drugs she is taking. We therefore recommend the National Committee on Vital and Health Statistics further study the potential applications of smart card technology in healthcare and the feasibility of adopting the technology of Medicare.

I thank you for your consideration and look forward to working with you.

MS. EMERICK: I am Kelly Emerick, I am the Executive Director of the Secure ID Coalition. I want to thank the Committee for inviting us to participate in this discussion today about smart cards and identity documents. I would like to first of all associate myself with the comments of AARP. We have been working with AARP in conjunction with the MGMA to talk about ways that Smart Cards could benefit the healthcare industry on the whole. I will try to cut my testimony short. I use Powerpoints, and I Pat filed a pretty extensive testimony with the Committee, that gives a lot of great reference material and so I really encourage you to take a look at that when you have a second.

We are all aware of the waste and abuse and fraud numbers that exist within the healthcare system, whether it is Medicare/Medicaid or the healthcare system in general. The Institute of Medicine report that came out last September detailed some of these areas, and really the administrative cost piece I think is an important element for us to look at going forward. TheDepartment of Justice talked about healthcare fraud, medical identity theft, and the numbers are pretty staggering.

I think the most interesting statistic for me is somebody who looks at identity in all sorts of different areas of our society, on the street value today for a health record is $50.00. The street value for social security number is $1.00, so that tells you what the value of a health record for somebody who would be able to actually use it.

For those of you who are not familiar with smart cards, they have become a kind of genera sized term, but they are actually defined as something through ISO Standard. They incorporate an embedded micro controller into a, in this case a card, but other form factors as well, tokens, SIM cards, FOB. This particular example you have on the screen on the right, is a WEDI compliant example that shows the identity for the beneficiary as well as the Provider. The smart card industry has suggested that, that information in addition, or in lieu of being printed on the front of the card, could be stored securely on the chip providing further security and privacy to that particular patient.

I will just go back for one second and talk about what makes a smart card smart is that embedded chip. What that embedded chip does is enables the ability to store information on that card. I will go to the next slide, which really is defining what the information that could be stored on that card. Smart Cards can store as little or as much information as really is deemed necessary. We can store a 124 Kilobit smart card can store about 120 pages of data. These are some examples of fields that have been defined by the industry, where information could be stored for patient demographic information, allergy medications, medical details, details related to your insurance coverage, eligibility information, and definitions of ICD 9 and 10. Those types of information can be stored on this card, as well as a First Responder application, essentially a break-glass application to find out the information associated with the individual.

There are a lot of benefits to Smart Cards and certainly again, this is detailed out on our testimony on page 9. We have provided a pretty extensive chart that talks about benefit to providers, patients, healthcare organizations, as well as payers. We can certainly walk through some of these, but I would just say that in the implementations that we have seen in the U.S. markets so far, the deduplication at enrollment has been a major factor. I will skip quickly through this and again, you guys can read all that on the chart.

The one thing that I will say in terms of patient benefits, and that really at the end of the day cares about patients, is positive identification of them at registration. Being able to associate the proper medical records with the proper person as they walk in the door, is a really critical piece of this, but also being able to then associate that record as they go for different locations for care.

The Smart Card works as an identifier and as a key to unlock information associated with that person, enabling you to pull exactly the right information in a timely way. I think the big thing for them is the ability to walk into a facility and not have to fill out information that they fill out over and over and over again. Therefore, better patient satisfaction.

The one thing that I will just say about the payer community is the ability to really address the medical fraud issue. People swapping cards for different benefits and again, getting co-mingled records so the ability to verify that this individual actually is the insured and we are paying for services for that individual.

There are benefits to employers using card as well, so this is looking on the provider side or in an employer setting, providing high security, both for physical and logical access to the assets at that location with single sign-on eliminating the ability to have to redo passwords, call the Help Desk, and reducing those problems.

In addition to that, I would just say compliance with some of the requirements that have come down from the Federal Government when we are looking at two factors solution better associated with controlled substance prescriptions, as well as potential benefits to the patients like ID cards, parking lot access. You would be surprised how important that is to a lot of folks, as well as cafeteria, eWallet type of application.

This is just an example of where Smart Health Cards are used around the world. Just gives you the range of different countries that are involved in the smart card market. When we looked at just taking a couple of those more directly, in France, when they switched over to a smart card base system, processing of transactions from a Euro $0.74 to $0.27 to process the same transaction. Over a series of a billion transactions a year, that’s some incredible savings that they have saved.

Germany is just rolled out at the end of last yea,r their smart card program and is now fully operable. They have seen an immediate reduction of fraud of $250 million Euros. We expect that number is going to increase substantially as they begin using that system more directly. Taiwan is really the major success story, where they have reduced the administrative costs down to two percent, which is the lowest in the world. Again, there is a smart card based system there that had limited patient information on their card.

Looking at the U.S. market, which I think is equally impressive and equally interesting, Mount Sinai Hospital in New York issued smart cards to their patient base. It eliminated a $1.8 million duplicate record clean-up that they were doing every other year. So they saw significant savings. But what that did was it not only eliminated that problem, it solved the problem going forward. So they did not have to continue to do that every couple of years. They were able to put a solution in place that was more preventative than going back and trying to solve it after the fact.

Memorial Hospital in New Hampshire, their medical record error rate dropped from seven percent to less than one percent. Their administrative time that they were using to enroll folks or bring folks into the hospital, went down from 22 minutes to 3 minutes, and their savings on annual was about $347,000. This is a 35-bed hospital.

I did mention a few things about Regulatory Compliance. Smart Cards do help with the compliance piece related to the HIPAA Privacy and Security Rule, assuring patients’ information is properly protected and controlled and use of access. Also privacy and security of electronic health records, which I know you all have been talking about for the last couple of days, certainly an important piece. We have been certainly working with ONC, privacy and security subgroup, talking about authentication, authentication requirements, why authentication is so critical not only for remote access of providers, but also for direct access of patients or beneficiaries.

I have already mentioned the ePrescribing under the DEA rule so this would satisfy the two factor authentication requirements.

Andrew did mention the legislation that’s been talked about on Capitol Hill. I am doing a study or a pilot program, of upgrading the Medicare cards for Medicare beneficiaries. Again, looking at the dual purpose of not only reducing fraud within the Medicare system, but also preventing identity theft on the part of seniors.

We come to this Committee today, I think we would really like to open up a dialogue, start a discussion about how this technology, which is really an open standard platform. Smart cards are non-proprietary. There are gazillion vendors out there. They are supplied around the world. A billion smart cards are used every day around the world for all sorts of different applications. This is not something new, not something that has just been invented, and this is something that has a proven track record. But again, is non-proprietary and is based on open standards so we are not locking into a proprietary idea that may or may not move forward. Again, we very much are delighted to participate in the discussion today and look forward to questions of the Committee. Thank you.

DR. SUAREZ: Thank you.

MR. JOBB: Thank you for the opportunity to testify today. My name is Devon Jobb, President and CEO with WEDI, and I actually want to talk about the Health ID Card Implementation Guide that WEDI currently has in place. The WEDI implementation card died as an implementation of the ANCI Standard in Sets 284, and was actually developed in 2005. We have later updated it as of 2011 Diversion 1.1, that really dealt with some of the new dependencies and EDI standards.

Simply put the WEDI ID card is identification standard interoperable form. Its primary purpose is to be an efficient and accurate initiation of transactions. It’s both human readable and it is also machine readable. In fact, this is kind of an example of it from United Healthcare. You will see you have the basic information on the front and then there is a barcode on the back. That barcode can either be a strike magnetic or it can be a two-dimensional barcode.

The reason why we went this way was to actually make it simple and easy in case somebody just had to grab the card as well as being able to deal with card readers, which are pretty inexpensive in terms of barriers for technology. The guide is not just limited to insurance in benefits, but also for any card in healthcare. Really it kind of has ability to multi-use in terms of using the basic information. The guide was developed with the idea that there would be a minimum set of data that would be required on the card. After that there are some optional data elements that can be added on top of that.

In terms of usage of the WEDI health ID card, right now it’s used United Healthcare with about 30 million cards. Aetna also uses it, Humana with an unknown number of blue spans. It is also recognized by Medicare Advantage and required. The Veterans Affairs will issue about 25 million cards using the WEDI Health ID Implementation Guide and then we also in 2013, Medicare Managed Part B, is also recognizing in their marketing guidelines, in requiring the use of the Implementation Guide. There is some penetration out there already. It’s difficult to figure out how many cards have been issued using it but we estimate it to be somewhere 70 Million cards currently.

One of the things in the work in this area is never done, we currently have asked our Health ID Workgroup to reconvene and actually look at some of the new technologies out there related to smart card, as well as some other technologies that have risen and is also trying to look at health ID technology, as it relates to claim fraud and overbilling. There has been a lot of news about that recently, so we are going to be looking at trying to figure out how those cards can be used in terms of looking at unnecessary, unjustified tests, uploading of treatment and stark law of violations of waivers, and then patient fraud and claim fraud as well. That work is beginning right now so we should be able to issue a report on that probably later on this year.

That’s currently where we stand with the card and I will be happy to take any questions that you might have.

MR. BARRY: This is Peter Barry, and Paul can I add just a little bit to the end of your statement and that is we don’t have exact numbers but if we infer from the Institute of Medicine estimates of some of these some billion dollars per year in fraud and overbilling? Overbilling seems to be about in the range of $50 billion. Claim fraud, where a claim is made for treatment but was not provided, in other words it’s a claim that is made out of old clothes and appears to be about $19 billion per year. Patient fraud, where the actual patient is not the covered person, we think probably is much lower and probably about $2 billion per year. Now those numbers they are very slippery(?) so I think we should only use them in the sense of ranking, rather than in making calculations based upon as to what the yield on investment might be. We also quantify the better quantification in this current research effort. Thanks.

MR. JOBB: Just to note Peter Barry is Chair of our Health ID Worker.

DR. SUAREZ: Thank you very much. Thank you Peter for joining us, this is Walter. We are going to take a couple of minutes for questions.

MS. WEIKER: I just have a statement, it’s not a question. NCPDP also has an Implementation Guide for the Pharmacy Benefit that’s based also on the INCEP standards and guide has it, if it’s just the Pharmacy Benefit and then it has the layout, which mirrors basically the WEDI Guide for what we call a combo card, which is the Medical as well as the Pharmacy. So NCPDP also has an ID Card Implementation Guide that is used widely by the major PBMs for ID cards as well.

DR. SUAREZ: So those cards are used by –

MS. WEIKER: Like Express Scripts, those type of Pharmacy Benefit Managers, where an employer or an insurance company cards out the Pharmacy Benefit to a PBM.

DR. SUAREZ: So they issue that card to the beneficiary?

MS. WEIKER: The PBM issues the card, yes.

MR. JOBB: But again for example, what Margaret is saying is if there is a medical benefit then they will issue the WEDI Implementation Guide but then use the NCPDP on top of that?

MS. WEIKER: Right.

DR. SUAREZ: Thank you so much for the testimony. I am going to open it for comments from the Committee. I see that we have three already, or a couple of comments. Take a quick prerogative from the chair to ask a question and it is on smart card. For anybody that has gone to Europe lately, you have experienced the reality of having the old current U.S. standard with the magnetic strip in the back and then going to buy something in any store in Europe and faced with the reality of being looked at like 18th century technology. But any case, my question was with respect to security, the smart card that I would probably get from a bank, I could use it in any ATM or any purchasing site and they will use it and they will access the data that is in that chip to process the purchase. Right? How does it work in terms of a smart card for healthcare and what kind of security do you have embedded in it so that there is some sort of authorization process and someone has to authorize the access of that data? How does that work?

MS. EMERICK: Great question, for anybody that has been to Europe, bad news. But good news on the U.S. side that is changing VISA, MasterCard, American Express, and Discover, have all agreed by 2015, the U.S. market will transition the chip based credit cards. So you should be getting yours in the mail shortly. If you have not gotten it and you are travelling abroad, they have special programs for travelers. You can call your bank and they will send you the chip based card because they do not want you not to be able to buy something.

That’s a great question because in the financial services market, let me step back and talk a little bit about how the chip works. What the chip does is it segregates information on the chip and when it is inserted into the reader it does not trust anyone unless they have seen the appropriate code that is associated with the information that is trying to be accessed.

For example, a reader for a bank system would have a different code set than a reader for a healthcare based system and that card would need to see its required codes in order to access information.

Another piece of that in the financial services market, there are chip and PIN based cards. Most cards you have a PIN associated with it, much like we have for ATM cards today. The credit cards would have a PIN code then associated with it that would need to be presented in order for the card to give up information.

Again, in the healthcare environment there are many options of you could have a card with just the chip associated with it. You could have a card with a chip and PIN associated with it. You could also have a card with a chip and PIN, or chip and biometric, depending on what level of risk. You want to know that the person standing in front of you is actually authorized to access this information. Sso there is a range of options that are associated with it. But really it comes down to programming specific cards for specific uses.

DR. SUAREZ: We are going to Raj and then Michael.

DR. CHADERRAJ: I have three questions. One is regards to data change. Patients come with one set of medications today and the next visit they come with a different medication because they went to their provider. How can you change the information on the chip? Is it a process that the patients need to go to get a new card from the existing provider to change it? Are those cards now readable by a universal reader? Or, if the smart card is being sold by different vendors they will all have different readers. Where does it come to? The last thing is, in order to prevent fraud has any thought been given to surgically implanted chips that will give the data?

MS. EMERICK: Putting on a privacy hat, I would not recommend implanting chips. We are not there yet. Great questions, thank you. I will take a little bit about readers, so there are interoperability standards that exist across the industry. Readers and cards can talk to each other, there are software applications associated with that so no real problems in terms of if you buy a card from one company and a reader from a different company, there is a very robust market again because we have open standards. I want to talk a little bit about data change. For the benefit of a smart card is, is that a medical professional would be able to write to that card if you wanted to change the prescription that the individual is taking. Add information to that card pertinent to that person’s health record. Again, it would depend on what sort of information you want stored on the card. Do you want emergency medical information stored on that card? Or do you just want basic will call record locator information that would then direct you to that person’s, let’s say personal health record that exists somewhere in the Cloud. There would be a directory capability so that you could pull up a health record that had been altered by a Provider. So again, there are options there about how much information you want to have, or how little information you want to have stored on the card, but both of those are options. Does that make sense?

DR. FITZMAURICE: I have got credit cards with barcodes on the back and I have got a Government ID with a chip on it so I guess we are moving closer to it. Someone mentioned an ANCI standard for information on a card. Is that the ANCI in New York?

MS. WEIKER: Yes, it.

DR. FITZMAURICE: That is not an accredited committee under ANCI that does it?

MS. WEIKER: Well ANCI does not really develop standards per se, and you are right Michael, they accredit the standards development organizations. Kelly mentioned the ISO standards, ANCI is the U.S. conduit into ISO, so if I want to go make a change to something in ISO, yes I could go to Geneva and do it maybe. But it would go over a lot better if I went through ANCI and had them be the conduit into wherever the ISO meeting was to get it changed.

DR. FITZMAURICE: There is an ANCI standard committee that does this?

MS. WEIKER: Right. It is like an ISO tag kind of thing.

DR. FITZMAURICE: Secondly, Devon you presented a card. Is that a mag-stripe card that you showed? I did not see a chip on that.

MR. JOBB: That is a correct. Back here is the Mag-Stripe, a two-dimensional code.

DR. FITZMAURICE: What I am thinking is, regardless of which one I have, I do not want all my information on the card. I want to have it stored somewhere that if my dog chews up the card I can get to it and so how secure is it and I think there was a question Walter was asking, how secure is the information up here somewhere and can all the card readers read all the cards? That is, the chips are in the same place? Are we going to have a lot of different placements, a lot of different ways to store information on a chip? We will have to be convening in 20 years to develop a common standard for health cards?

MS. EMERICK: There is actually a common standard for health cards today that exists. It is an ISO base standard. All the chips are in the same place so your government ID card, the chip is in the same place on the healthcare card. It just depends on which way the card is either landscape or portrait dimensions of the card. How you choose to use it. The federal government is using the portrait version. A lot of healthcare institutions use a landscape version but the chip is physically located in the same place on every car.

DR. FITZMAURICE: So maybe the card reader reads a header and that header then tells where the information is located on the card, and leads you to where the information is stored away from the card. That is neat. I like that.

DR. SUAREZ: Any other questions?

MS. KLOSS: Could you speak to the relationship between the personal health identifier and the smart card. Is one enabling of the other? Can you be as successful as you potentially would with a smart card, if you do not have an identifier or uniform identifier?

MS. EMERICK: Well I think certainly the Patient Identifier is a very large issue and we have certainly worked with HMS pretty dramatically on assuring that there is a unique Patient Identifier Number that exists. It makes access and interoperability of health records so much easier. We can certainly have disparate systems set-up where identifiers are known within those systems, but if you had a unique identifier then the idea of a much more robust exchange of information is much easier. We would definitely see a unique identifier as being complimentary to the success of a largely deployed smart card system

MS. KLOSS: And you think some of the return on investment that you see from other countries at least in part relates to the fact that they do have a help identifier.

MS. EMERICK: I think that is a fair statement in part and I think this gets to kind of the heart of what we want this Committee to look at, which is the systems that are being deployed in the U.S. market today are mostly in hospitals, which are closed systems. They have their hospital, their clinic, their surrounding doctors that work with them, so they are deploying a smart card for their campus let’s say. They are seeing amazing benefits and returns on investments because they are able to solve their own problems locally. In order to expand that benefit, I think we would need to have some sort of unique identifier that could be used across the system.

MS. KLOSS: So if we continue to proliferate and each system has their own solutions then Medicare beneficiary will carry around half a dozen cards or anybody could potentially carry.

MS. EMERICK: While our industry might like that, I would say that is probably a very inefficient use and definitely we would want to see the ability. Again, and with electronic medical records too we want to see the ability of somebody to move their record within the system, or at least locate their record even if it is in a different system than their current provider is using. How do we have a key that gives us access to that record no matter where it resides and no matter what system it resides on?

MS. GOSS: In absence of having a National Identifier of each individual, there is a tremendous amount of work and expense going on right now for health information exchange, master patient induces, and how do we support this in a better rated environment where we have centralized and better rated models? It is a huge expense going on right now.

MR. JOBB: Just wanted to kind of give a history note on this. On the 1990 WEDI report, we actually called for personal identifiers in the original report. As you all know that is kind of a long debate.

DR. SUAREZ: Thank you for that reference. All right, well thank you so much for the testimony. I think this is critical. Conceptually, when we think about disruptive and transformative elements that we have to think about and we talked all day today and yesterday about attachments and moving information more efficiently, I think there is a clear opportunity around how this relates to all the changes that we are seeing and that we will potentially see in the future. As a financial market begin to move in this direction, U.S. is probably going to have that opportunity.

MS. EMERICK: Can I just add one final point on that note? It is interesting that you talk about that transition because we just saw the State of North Carolina issue an RFP looking at a smart card for Medicaid. How they are going to identify their new expanded Medicaid population and they are looking at smart card solutions to help them manage that.

DR. SUAREZ: So clearly this is going to be one of the topics that our subcommittee, and certainly this year, the Committee will be hearing so, we really appreciate your time in coming and presenting this and we will, I am sure, invite you to come back at a much larger opportunity to listen to where things are and where we should be taking all of this. Thank you so much. I am going to turn it now to our second topic, which is National Drug Code.

MR. BIZZARO: I want to thank the subcommittee for the opportunity to present here today. My name is Tom Bizzaro, I’m a pharmacists, Vice President of Health Policy Industry Relations with First Data Bank, Vice Chair of the NCPDP Board of Trustees, past Co-Chair of the NCPDP Workgroup Two on Product Identification. Currently the task group lead on the development of end product identification standard for NCPDP. I think a little history here is necessary.

Next year I will be a pharmacist for 40 years, and the use of the NDC, both for clinical systems and business systems in pharmacy has been used almost that entire 40 years. It’s interval to the business and to the clinical decision support that we do in pharmacy. So they are concerned about any change to NDC is very concerning to the industry and to the professionals that use the NDC code. I tried to find the date but somewhere between 10 and 15 years ago I presented in front of NCVHS to talk about the use of the NDC code in the industry from a business and clinical perspective.

About eight years ago, the FDA started to look at the possibility of changing the structure of the NDC and they did some research on the change of that structure. Of course the industry was very concerned then, there was a lot of discussion about it. The FDA had a number of consultants and reached out to those experts in the industry to talk about the NDC and the change that would be required in the industry if there was any change to that format of the NDC.

We have not heard of the FDA speaking of making a change to the structure or format in those six or eight years since we had that original conversation. But just recently we became aware that the FDA was using the NDC code to identify products not in the commercial marketplace. This raised a concern for the members of NCPDP and others that are we going to be in a position where the structure of the NDC has to change because we have run out of codes to identify manufacturers within that NDC structure.

Just this hint that there may be a change has made the entire pharmacy industry nervous. I am going to read a bit from the letter we sent to the FDA to kind of highlight our concern. “The NDC number assigned to a pharmaceutical at a packaged product level is integral to every pharmacy dispensing system, claims of adjudication system, formulating management system, physician billing, government billing for both Medicaid and Medicare, and hospital management systems. These identifiers are used to power plate inventory control systems, drug delivery systems, and billing systems. The product identifiers are used to populate patient drug profiles and are often the key into clinical decision support. Clinical systems dependent on product identifiers include allergy, therapeutic interventions, drug interactions, food interactions, and dose checking. Critical patience safety applications such as bedside verification of patient identity, coupled with intended prescribed medications, also are tied directly to NDC’s, for example, through barcoding.

Verification programs for automated medication packaging and dispensing systems including those involving robotics also depend on NDC.

These are only a few example of how drug and health related product identifiers are used. These examples are meant to show the critical nature of those identifiers providing insight into their use, as well as demonstrate the source of the level of concern surrounding any structural change of these codes. Any change to the structure without consideration of the impact on patient safety modules, financial systems, and business operations, could be so disruptive as to place patients and businesses at risk.”

So the concern of the membership of the NCPDP is well described. We have not done any detailed research into how long it would take industry to adjust to a change in the NDC format. But the estimates that we have had have been no fewer than five years and some up to 10 years. We also have not done detailed estimates of the cost involved in changing this structure to the NDC, but we do believe that could be in the hundreds of millions of dollars and very possibly into the billions of dollars. I just want to make it very clear that every system that exists now that relates to pharmaceutical products has a relationship to the NDC in its current structure.

So the concern that I am bringing here to the subcommittee is that we want to make sure that if there is any change being considered to the NDC that those experts in the industry, both from the business side and the clinical side are involved in any change.

Understanding that at some point in time, we may have to change the structure of the NDC because of the number of codes that are going to be available long term. But we wanted to make sure that we are involved in making a decision in the change of that format that is considering all that both patient safety issues and business issues that would be involved.

DR. SUAREZ: Thank you so much. Dr. Levin? Do you want to provide your perspective?

DR. LEVIN: I can’t really provide any policy discussion from the FDA perspective. What Tom was talking about with looking in to changes to the NDC, that did result in a proposed rule to change the way that the NDC is structured and assigned, and that we did get the feedback from that rule on what basically just things that Tom was describing right now. That the effects of changing the NDC would be on the system, on the costs, so we did have that but there has not been a follow-up final rule. This has been a number of years now and so that is where we are right now.

DR. SUAREZ: So when was the proposed rule published? I totally forgot.

DR. LEVIN: Got to be five or six years now.

DR. SUAREZ: Five or six years ago, okay.

MR. BIZZARO: I think the thing that is so concerning is that we have had discussions around the impact. Of course personnel change and the history and experience with the issues around that change may no longer exist in certain areas of the FDA. So we want to make sure that the FDA is still aware of that.

We are also concerned with the information we have received on the use of NDC codes for non-commercially products. That is something that we see as decreasing the number of codes that would be available for those products in commercial use.

DR. LEVIN: I can provide a little feedback on that too. One other thing to add is that the NDC, the set of labor codes. This was started in the 60’s, the NDC. In the 70’s the Drug Listing Act increased its scope to every commercially marketed drug in the United States so that really broadened the scope. Also in the 70’s it was expanded to non-drugs as well, drug supplies.

So this set of NDCs that were available and the labor code went from three to four to five. In the current regulations, said that it would potentially go to six, is in the current regulations.

That set of five digit labor codes, a fraction of that has been partitioned for these non-drugs. So it is not even there is another source of that.

Then the other thing that has happened over the years is that the marketing of manufacturing of drugs has changed a great deal with a lot of outsourcing and you will have many different manufacturers involved. Different than it was maybe a number of years ago where it might have been a fewer of manufactures. So if every manufacturer gets assigned a labor code, I think that is what you were describing.

MR. BIZZARO: Even if it is not a commercially available product. Our concern would be that yes, you need to identify who those folks are, but we need to understand why does it have to be an NDC code. Why could it not be another set of identifiers?

DR. LEVIN: One more thing that has happened since that time is that Congress passed amended the Act so that companies are required to list their products electronically. So that has offered a lot of efficiencies like how you collect the information, where all the manufacturers involved with a particular product can be linked together electronically, which has been a big plus. But we still continue with the assigning labor codes to individual manufacturers, though this practice – for animal drugs they do not take that practice. What they have done is that instead of doing that, since we have them all linked together we can just assign the NDCs to the marketed products and not these intermediate products.

DR. SUAREZ: To me as I listen to this, I think NDCs are to pharmacy and drug code what ICD and ICD 9 and 10 are for medical specification. I mean as you describe it, they are permeating through the system in such a way that they are you know, if we are going to change a structure or change a code itself, it has a significant implication to many, many systems.

But I am also hearing that there is a clear sense that we are going to run out of code, whether it is 10 years down the road it is?

MR. BIZZARO: We do not know.

DR. SUAREZ: We do not know.

MR. BIZZARO: That is one thing we, when I am talking about we I am talking about NCDPD and its members. We do not know how worried we should be because we would like to have that conversation with the FDA to find out. What is the concern? What is your estimate for how long these codes are going to last? I think you make a really good point about the relationship between the NDC and the IC-9 as a billing code, not to contradict what Marjorie said about it being a code for statistics because it is exactly what it is.

But I think we have an opportunity here where it’s RxNorm where we have a clinical representation of a drug, and NDC remains a representation of the packaged product for billing and pharmacy. So I think we have an opportunity here that we can start to break apart these things where a code set that was meant for packaged products no longer needs to be a code set that is used for clinical representation of a drug product. But right now, where we are is with the NDC filling both bowls.

DR. SUAREZ: Any relationship to the, I mean falling very back closely, something that is so parallel but might relate to this and that is, the universal device identifier, the UDI. There is a clear incredible opportunity for devices to have a unique identifier. Even though internationally there are two major identifier systems in this world, but clearly there is going to be so many benefits and so many good things coming out of that to the point that is being considered to be incorporated into the EHR as part of the requirements for medical use and for EHRs to be capable of actually capturing the UDI.

If one were to think about that, the UDI has several, actually it is a very long number in many cases and codes, and we are talking about the NDC, which now is a five digits.

MR. BIZZARO: Up to five digits for the manufacturer.

DR. SUAREZ: So the idea is expanding or has been progressively to expand the digits in terms of the spaces.

MR. BIZZARO: So the thing that makes me nervous at least, is the fact that the regulation allows for six digits in that manufacturer code? Even though the regulation allows for that, we have been so used to using the NDC number in its current format that, that change would be drastic. The other thing that really concerns us, and me in particular, from the way that we are seeing a proliferation of electronic medical administration records using the barcode of a drug product. That breaks the GS1 UPC code set. So if we expanded that manufacturer code to six digits it actually breaks that standard also.

DR. SUAREZ: Other comments from the committee.

MR. SOONTHORNSIMA: Just a brief comment. I think given the impact it is probably far reaching in what you just said, up stream, downstream impact, health plans actually use the NDC code in their grouping of claims and episodes.

In fact we provide that payer based record where you group all the clinical episodes together and give it right back to the providers for gaps in care and so forth. So that’s a huge downstream impact that would be changed in NDC, too.

DR. GREEN: What is the time frame and where is the decision point?

MR. BIZZARO: That is an unknown and that is again one of our sources of our concern.

DR. LEVIN: When we did the proposed rule there was a calculation at the NDC’s at that time, it was well over ten years. I mean it would at the supply of NDCs. That has been a number of years ago. What has changed, and again with all the different manufacturers involved in production, we do not know. But it was many years the code’s available at that time.

DR. SUAREZ: I think we would be specific with the expectations perhaps from the committee, is to encourage the development of a plan for what is going to happen with NDC. I think that is the real essence. There is concerns and there is questions about how quickly we are going to run out of NDCs but the critical part is really, doesn’t matter when because when is going to happen. It is really what are we going to do when that happens?

So the opportunity is to really encourage and basically promote the formation of a working group to develop a plan, just as your perspective as presenting, is to come back to the subcommittee and discuss a plan. My sense and the responsibility as a subcommittee that we have is that this is a HIPAA medical code. So defining HIPAA as an external medical code set by our committee. We as a committee that oversees if you will those code sets, just like CPTs, and there is some use actually have CPTs that at some point I have mentioned. But we have the responsibility of hearing exactly this concerns on these issues and be alert about them and be ready to develop and create the opportunity to plan for what is going to happen with them. That is what I think what we can encourage is the formation of a working group, perhaps even involving someone from our committee or something, that will help formulate some strategic steps towards what is going to happen in the future with NDC.

DR. GREEN: And who has the authority to change the code.

DR. SUAREZ: Who has authority to change the code? You mean the actual inside the NDC to add a new code? The code structure?

MR. BIZZARO: It is not the regulation and Randy mentioned that it could be up to six digits. It can also have letters in it. Either one of those things just destroys the current structure that we have for identifying drug products.

DR. SUAREZ: Michael you have the last word?

DR. FITZMAURICE: Yes. So when will the NDC codes run out? We do not know so you should be talking with FDA, FDA should be talking to you on that score.

Walter mentioned the Uniform Device ID. Is Uniform Device ID learning from the anomalies of the National Drug Code? Are they looking at the good principles of identifiers that has never reused and contains no embedded information which refers you to an information system that has the interpretation of that code? Ultimately it boils down to changing Legacy Systems has a cost. Work-arounds have a cost. Mapping also costs and you sometimes miss out on the benefit of technology advances.

So you have got to plan for change and how to move ahead when you are writing your programs that restrict you to 10 digits or 11 digits, do not let you put letters in there. Now is probably the time to start changing these systems in anticipation. That already now would have moved at 15 digits but lets us make it flexible. Flexibly use an alphabet and we have five years, ten years till it runs out? Who knows, but let’s start doing this rather than the sky is falling ten years from now because we are running out of NDC codes.

MR. BIZZARO: We actually had changed the standards in NCPDP, the number of standards that allow for of those broader based identifiers. The issue here I think, and Michael touched on it, is the fact that we have such a strong or such a large legacy issue involved and we have to deal with that. As well as looking at what the future is going to bring.

MS. WEIKER: And then the unknown factor is just how many years do we really have.

DR. FITZMAURICE: One more unknown factor, will anybody do anything till we reached the end of that time?

MS. WEIKER: We better do it beforehand or it will be really, really ugly.

DR. SUAREZ: And with those words, thank you very much for bringing this up or the testimony and for engaging us. As I said I think we are going to discuss this and formulate a response to your inquiry.

My sense is I think we are going to look for some sort of formation of a working group that can develop some plan towards the future for NDC. So I am looking forward to something like that.

MR. BIZZARO: Speaking for the membership of NCPDP, we would greatly appreciate that effort.

MS. WEIKER: And would actively participate.

DR. SUAREZ: Thanks so much again and thank to the committee. For the subcommittee, just very briefly, our next steps in terms of yesterday and today’s work, I think I mentioned yesterday, since we do not have a subcommittee anymore and subcommittee meeting until we convene the calls, we are going convene a series of calls. We are going to do some calling when subcommittee members are available, because we are going to have several calls to address all the many issues that we heard in the last couple of days.

Thank you very much and with that we stand adjourned.

(Whereupon, the subcommittee adjourned at 4:15 p.m.)