[This Transcript is Unedited]

Department of Health and Human Services

Meeting of

The National Committee on Vital and Health Statistics

Full Committee

February 28, 2013

Hubert H. Humphrey Building
200 Independence Ave., SW
Washington, D.C. 20201

Proceedings by:
CASET Associates, Ltd.
Fairfax, Virginia 22030


P R O C E E D I N G S (9:02 a.m.)

Agenda Item: Welcome

DR. GREEN: Well Good morning. Welcome to the next meeting on the National
Committee on Vital and Health Statistics. It is a lovely day in Washington,
weather wise. It is a very special day for the committee. Since I have been
associated with the committee, I believe that is a seminal moment when we have
a full membership of the committee, which is a celebratory event, as far as I
am concerned.

I wanted to ask our new members who are here, we will do introductions here
in a moment, I invite you to take a little longer than other folks might take
in introducing themselves, to just say a few words about yourself, and if you
are inclined, tell us why you accepted the nomination and why you went through
all of the work you have to do to complete the nomination. That would be nice
to hear from you.

Why don’t we do as a custom, run the table, and then run the room, and also
go to people on the telephone. Marjorie, let us start with you.

MS. GREENBRG: Good morning and especially welcome to all of the new members.
I am Marjorie Greenberg from the National Center for Health Statistics, CDC,
and I am the Executive Secretary to the Committee.

And Walter Suarez, had a 9:00 a.m. teleconference but he is here and he has
no conflicts.

MR. SOONTHORNSIMA: Good morning. Ob Soonthornsima with Blue Cross and Blue
shield of Louisiana, co-chair of the Standard Committee, and member of the Full
Committee, no conflicts.

DR. SCANLON: Bill Scanlon, National Health Policy Forum, member of the
Committee, no conflicts.

DR. CARR: I am Justine Carr, chair of the Work Group on Data Access and Use,
Steward Health Care and no conflicts.

DR. CORNELIUS: Good morning. I am Llewellyn Cornelius from the University of
Maryland School of Social Work. I have no conflicts.

DR. STEAD: I am Bill Stead from Vanderbilt University. I am the Chief
Strategy Officer of the Medical Center. My clinical background is in
nephrology. I am a longstanding Biomedical Informatician. I still am not sure
which conflicts I apply directly at this, despite the –

MS. GREENBERG: You don’t have any that you have to report.

DR. STEAD: I don’t? Okay. Since she knows all the details you can make it
simple. Thank you.

MS. MURPHY: Hi, I am July Murphy, Deputy National Coordinator for Programs
and Policy at the Office of the National Coordinator, part of the Department of
Health and Human Services. I am liaison to the committee from ONC.

MR. BURKE: Hi, I am Jack Burke, Complaints Officer at Harvard Pilgrim Health
Care in Boston. Member of the Full Commmittee, member of the Population and
Privacy and Security and Confidentiality committees, no conflicts.

DR. MAYS: Vicki Mays, University of California, Los Angeles. I don’t have
any conflicts. I am on the Populations Subcommittee and Privacy and
Confidentiality and Security Subcommittee.

DR. CHANDERRAJ: Raj Chanderraj, practicing physician from Las Vegas. Member
of the Committee, no conflicts.

DR. FITZMAURICE: Michael Fitzmaurice, Agency for Health Care Research and
Quality, liaison to the Full Committee and staff to Subcommittee on Quality and
Subcommittee on Standards.

MS. GOSS: Good morning, I am Alex Goss. I am a Pennsylvania State Health
Information Technology Coordinator and a Program Director for our statewide
initiative for Health Information Exchange.

I am very proud to be sitting on NCVHS. It is sort of interesting for me
because I am sitting on the other side of the table now. My prior roles as
chair of the Insurance Subcommittee of X12, also a member of a variety of
standards communities. I sat on the other side of the table and testified on
everything from quality to regulatory reform to standards adoption and how
people can play nicely together in the, same sand box.

I bring a background of business focus, with payer experience mostly, with
my foundation in Medicare, also in the private sector doing consulting work,
and the standards development. So I am very happy to be here. Thank you. I have
no conflicts.

DR. COHEN: Good morning, I am Bruce Cohen from the Massachusetts Department
of Public Health. I am on the Full Committee and co-chair of the Population
Subcommittee. No conflicts.

MS. KLOSS: I am Linda Kloss, Health Information Management Consultant. I am
on the Full Committee, co-chair of the Privacy Subcommittee and a member of the
Standards Subcommittee. No conflicts.

DR. FRANCIS: I am Leslie Francis, I am lawyer professor and a philosophy
professor at the University of Utah. I am a member of the Full Committee. I
have no conflicts. With Linda, my job is to encourage all of you to join the
Privacy, Confidentiality and Security Subcommittee. I am also a member of the
Population Subcommittee.

MR. SCANLON: Good morning. I am Jim Scanlon. I am Deputy Assistant Secretary
for Planning and Evaluation here at HHS. I am Executive Staff Director for the
Full Committee.

DR. GREEN: I am Larry Green. I am from the University of Colorado, member of
the Committee, and I have no conflicts.

DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the Committee.
No conflicts.

DR. NICHOLS: Len Nichols, member of the Committee, and I have no conflicts.

DR. BLEWETT: Lynn Blewett, I have no conflicts, and I am very happy to be

MS. GREENBERG: We need a little more information.

DR. BLEWETT: University of Minnesota School of Public Health.

DR. GREEN: What do you do there?

DR. BLEWETT: I have a research center there. It is called the State Health
Access Data System Center and we do a lot of work that states using and
interpreting other federal data for state health policy purposes. I do a lot of
work on implementing health reform, funded by the Robert Wood Johnson

DR. GREEN: We are so glad you are here.

(Introductions around the room)

DR. GREEN: Who do we have on the phone?

MS. HORLICK: This is Gail Horlick from CDC in Atlanta. I am staff to the
Subcommittee on Privacy.

DR. GREEN: Again, welcome to everyone. I would like to, before Jim gives us
a Department update, I want to run the agenda with everyone and get everyone
sort of clear as to where we are going to wind up. I am very fond of the idea
that it is always a good idea to start off with the end in mind.

As is our custom, we are going to learn what is going on in the Department
of CMS, ONC, and we are going to be hearing more about Privacy from Laura and
Sue at ONC and OCR. We will take a break after that. And then this thing
innocently called, NCVHS Planning for 2013, aligning with Committee themes, at
this point we are going to hear from co-chairs of all of subcommittees.

To remind everyone, we use the subcommittee structure as engines to get the
work done. All the subcommittees are critical. At the same time, for the next
stretch of the road over the last year, year and a half or so, we have
concluded that there is so much convergence and overlap and the need to
integrate and pull things together, that our intention is to overall function
as a committee as whole. It is sort of a double message, you are going to work
in subcommittees but we are going to work as a committee as a whole. This will
get clear as we go through today.

In that 11 o’clock slot we want to hear from all the committees about where
they are, what they are thinking about doing, and make sure that the Full
Committee is up to speed about each other and what is going on in those areas.

After lunch we are going to slide Ed Sondik in. He is fitting time in his
agenda to come this afternoon. We are targeting that to be the first thing. If
he is not here we will continue until he gets here.

Then we are really going to dive into this idea of the community as a
learning health system. Our deliverable there is everyone being clear about the
expectations of the April – is that April 30, May 1 – there is a lot
of preparatory work to be done for that important hearing and meeting.

You see the rest of the things listed there. That will be a discussion that
will largely center around that event and be mostly stimulated by the
Population Subcommittee and – I keep having a hard time saying, Privacy,
Confidentiality and Security – I am beginning to think I will call them
the special committee or something.

We will try and wrap up by 2:45 or so. We will try to summarize where we are
sitting right. Then we will have subcommittee work for the rest of the
afternoon. Remember all committee members are welcome to go to the
subcommittees. I urge you to take advantage of the opportunity if you can stay
and do that. Subcommittee meetings are open. You don’t have to be a member to
go, and I urge you to attend those if you can.

Debbie will get us organized for dinner tonight at some time during the
morning. The Populations Subcommittee cannot possibly wait past 8 o’clock to
get their work started, so they will start off the morning before we re-gather
at 9:00.

We are going to continue this strategy session about how the work
interdigitates and moves forward. We want to do something that we have not done
before, the Working Group that Justine is chairing, they are going to be
meeting Friday afternoon and usually most of the Full committee is gone by
then. You are welcome to attend that meeting. We would love to have members
attend that meeting, but we wanted to be certain that there was an opportunity
for that Working Group and this Full Committee to see each other, talk to each
other, hear what they are doing there, and build a solid understanding of what
is going on there. I think that is a particularly important thing for us to get
done there.

We are very fortunately to have Dr. Queen, who is as she said to me earlier
this morning, this is not about new measures, this is about using measures we
have got. That is also, I think, something that is really critical to this
community as a learning health system idea, and all that stuff too. That
promises to be a very informative session, too.

Then we will figure out how to wrap it up. The end here is we hope that
everyone on the Committee and all the staff will walk out of here at noon
tomorrow, quite clear about the workload, work plan, the sequencing, into the
summer. If we can get there we will declare a victory and keep going.

Any clarifying questions from the committee members? Staff want to add
anything for the plan for the meeting?


DR. GREEN: Okay, Jim.

Agenda Item: Updates from the Department

MR. SCANLON: Thank you Larry. Good morning everyone. I attend some meetings
at the National Research Council and one of the committees numbers its meetings
individually. So the Committee on National Statistics there usually says that
this is a 168th Meeting of the Committee on National Statistics. So
I think I am going to figure out that his is probably close to 200.

MS. GREENBERG: We actually are required to report this year how may
recommendations the National Committee had made in its lifetime. It has been
around since ’49, so Marietta, we came up with something.

MR. SCANLON: So four meetings a year for 63 years or so. But anyway, we will
do that next time.

I want to welcome all the new members, we were very happy that the Secretary
supported our recommendations and we were very happy that you were nominated
and that you were willing to come and serve. Again, we asked Justine to stay on
to chair our Work Group on Data Access, which is a big initiative for HHS to
bring together and make accessible the information we have to improve health
and health care across the U.S.

I think we know have agency liaisons from pretty much all the agencies now.
Not all of them are here but they should be attending later today. We have some
new staff, in our office we hired Lily Bradley, who was an Innovation Fellow,
HHS Innovation Fellow. She will be staffing, she will be staffing the Data
Access and Use Work Group here at HHS, as well.

I don’t want to fail and mention that the Secretary has reappointed Sally
and Walter for another four year term. We are very happy that they were willing
to serve and we are happy to have them as well.

As Larry said, I think we are at our full complement, and we will be there
for most of the year, of committee members, and hopefully staffed as well.

Let me turn a little bit to HHS programs and policy and planning. Generally,
I think I reported last time that we will be carrying out continuity in all the
policy programs that you have seen for the last four years with all of
legislation. So there may be a few tweaks, but basically the initiatives that
we started, everywhere from health reform to our public health initiatives, and
so on, and our data initiatives, they are all underway and will continue.

We are in the process of updating our HHS strategic plan. We will be doing
this for a four-year forward look. I think I have discussed the major goals
with you previously, and I will certainly send those around again. Again, they
basically have to do with strengthening the health care system of public
health, protecting public health, prevention, and related programs, so we have
human service goals as well. I might mention that data and information and EHRs
and automation, are big parts of the process of being successful on our
strategic plan.

We will be updating that and I can arrange a briefing of where we are headed
on the strategic plan, as well.

In addition to the strategic plan, we have a number of other initiatives
that we have begun and these will all continue. Let me just mention a few of
those. In general they have action plans associated with them. We have a
monitoring management system in HHS where we monitor progress towards the goals
in all of these plans. So let me mention a few.

We have a strategy for tobacco control for HIV prevention, and control for
health care acquired infections. We have a disparities elimination plan as
well. You all know about the National Quality Strategy and the National
Prevention Strategy, as well. We have plans relating to global health, early
childhood health and development, which will be a big initiative, as we go
ahead. And we have plans focusing on Alzheimer’s and disability related, as

In general, as I said, when we are forming an initiative, we usually include
some data and evaluation experts to be sure that number one, we are not
repeating or duplicating something, but in general, to be sure that we are
stating the goals in a quantifiable ways where we can actually measure
progress. We use indicators where we actually have data.

I don’t know how much to say about the famous “S” word, except
that we have in HHS, we have been very – one thing we do well is planning
– so we sort of hope for the best and prepare for the worst. We will be
affected like every other federal agency. If you are a Medicare provider, you
are probably going to see a percent reduction, as things stand now. So Larry,
you have got a cut in your income.

If you are NIH grantee, which you are as well, you are probably going to see
a delay or even fewer grants, as well. Virtually every grant program is
affected to this 18th percent or so. But again, we have been very
prudent and conservative in our expenditures to date in HHS, so we will
probably absorb those cuts in terms grants and contracts and so on. We don’t
anticipate any furloughs or personnel actions as things stand now.

Again, the committee should be reassured that we don’t anticipate any
personnel actions or other things that would adversely affect the Full
Committee. Again, that is today, tune in tomorrow.

Let me talk a little bit about health reform, and particularly about the
data parts of this. As you know, from the very beginning in health reform we
wanted to be sure that we could monitor the implementation of health reform and
the impact of health reform. We are moving through the implementation stages.
October 1st, of course, we hope to have state exchanges operating
and Medicare expansion and the other insurance coverage expansions beginning
then. There will be a great effort at enrollment and so on.

We had a lot of discussions about how could we improve our data resources,
our surveys, our major data systems, and so on, to better impact on the
implementation. As a result we looked at all of our surveys and we have made a
number of enhancements to many of them; the Health Interview Survey, the MEPS
insurance component, which is a survey of employers, as you know, household
component, which follows individual households, 14,000 households over almost a
two-year period, and focuses on insurance and expenditures of health care use
and so on.

And on the provider surveys as well. We have added a number of questions to
the Ambulatory Care Survey, to be able to look at for example, has the use of
preventive services that are available with no co-pays now, is that increasing,
and so on. So we are able to monitor that as well.

We are also working with the Census Bureau on questions that would help us
identify participation in the exchanges or market places as referring to them
now. Which is a little tricky. I think I mentioned, the only state that has
experience is Massachusetts. I don’t think anyone in Massachusetts thinks of
this as an exchange or even a connector, I think they think of what name of the
health insurance they have. So when they are getting subsidies or whether they
participate in an exchange, it is not an easy thing to measure as the focus
group showed.

We are working and trying out some questions. We are working with the Census
Bureau. They are a little ahead of us and we figured if there questions were in
terms of measuring participation in the market place or subsidies, we would use
their questions. It has been very difficult because again, we are sort of ahead
of the game in terms of where this activity is taking place. In Massachusetts
it seemed to be very difficult to be able to follow this in a survey, as well.
There will be a number of administrative data improvements as well.

So surveys, we have gone through a round of enhancements, and will be –
in terms of state data, in addition to the census data, we have added some
categories on insurance coverage to the behavior risk factor surveillance
survey at CDC as well. As we monitor the information, we ought to be able to
see, along with the administrative data, how things are going.

On the standard side, here I am referring to data collection standards. You
remember that the Affordable Care Act required the Secretary to adopt a set of
basically demographic data collection standards for use in all of our HHS
sponsored health surveys. So under our Data Council, we looked at what
standards may be candidates.

Again, a standard is different than a question. A standard is actually
something that has actually met some high quality standards and performance
standards of how to ask the question and how to analyze the data. So we were
fortunate we were able to identify standards for race and ethnicity – and
this is well beyond the OMB standards. I think we are able to get a lot of very
useful detail in terms of disparities and equity here.

In addition we were able to find a standard for – sex was an easy one,
for disability we were able to find a question that was used in the census
American Community Survey, that has sort of six items but it measures various
dimensions of self-reported disability. And primary language, we were able to
find one or two questions that actually identify English proficiency, and for
initial granularity, what exact language was spoken so that in terms of
planning public health and public health policy, that information will be
included in all of surveys now.

The questions are now being implemented. Many of the questions were included
to begin with, but we are now heading in this direction.

The other thing we were asked to look at was are there demographic data
collection standards that we would use in our administrative data systems. The
third leg here is are their standards, demographic items that we would include
in the EHR incentive program, Meaningful Use items that would be included in
the electronic health records as a demographic. I think the idea here was a
common core of data items that we would pretty much define in a standard way
and that would just allow better analysis of understanding and comparability
among these various sources.

ONC, Judy may report later, got comments on some proposals for some of the
demographic items in cycle three, maybe. In the meantime we are looking on the
administrative side, what are the standard set of demographic items we would
want to include. It might be – and again, we are not trying to increase a
lot of burden on administrative forms. It will be very parsimonious there, but
there are items that if defined relatively simply, and included in all of our
administrative data collections, income for example, and particularly related
to poverty levels. Employment, for example, and a couple of other things, it
would really be an immense contribution to how we can analyze the data and
utility of the data. So we are heading in that way as well, and I think we are
probably going to ask one of the committees’ advice on some of these things.

I did want to mention Susan Queen will be briefing you on this later today
but part of the monitoring process was the development of the Health Systems
Tracking Project. Here we got consensus groups together to look at what were
the major domains or content areas that you would look for in terms of
improving the needle on the dashboard in health reform. Then in those 10 areas
what are the five or 10 indicators that you would want to look at. So, again,
this is fairly 30,000 foot level, but the content areas include Access to Care,
for example, is measurement of access improving or getting worse. Cost and
affordability, insurance coverage, obviously, if that doesn’t move up that
would be an issue. Quality of Care, impact probable populations, workforce,
primary care workforce, and so on.

Measures of innovation, there are economist who believe that the more you
aim at controlling cost and regulate health care, it has a detrimental impact
on the willingness to invest in innovation. So we have some measures of that.

Population Health, these are traditional public health measures. Prevention,
specifically, these are preventive services and so on, and adoption of health
information technology.

All of these things together, you would hope to see positive changes on the
dashboard and on the needle and so we have measures in each of those measures.

We are updating the data from our data agencies on the website and Susan
will show you where we are there.

We published on our HHS Data Council website a guide to HHS major surveys
and data systems. Again, so we can look at them in terms of how do we want to
improve data.

A couple new projects I wanted to talk about, we had a micro-simulation
meeting in the fall. The idea there was to look at sort of a post-mortem on how
did everybody do with the various models, but specially on are there good
practices that people could identify, particularly for the consumers of models.
We had a very good turnout, a very good discussion, and I think we will
probably be publishing some proceedings that provide some guidance. Again, this
is not for the technician or the modelist themselves, this is more for the
folks who buy the models or use the models or have to interpret the models.

We are planning a study on a small area data. I think we would like to get
as many involved in that as well. We have just finished a study on public
health – sort of public health involvement and issues in the Health IT
adoption, where we had a lot of participation from the states and public health
organizations. In many ways, public health, other than some meaningful use
measures, public health has sort of been on the outside, obviously you focus on
clinical medicine first. But public health has somewhat been on the outside and
still doesn’t quite have a strategy for how to deal with this.

That report, which I think we have finally gotten the final report, we would
be happy to brief he committee. Obviously the major focus is on clinical care,
obviously, but the public health area should benefit from the adoption as well.

We also have a project, I might mention we developed a data strategy and we
focused on number one, what were the major data gaps. I think much of those
were health policy data gaps and we are beginning to fill those.

The second area was are our surveys in data collection systems benefiting
from the latest in technology? Are we doing the best we can in terms of getting
the data? Everyone says they want high quality data quickly and cheaply, and
usually the statistic agencies say, we can do two of those. Now we have to kind
of do – it is not cheap – but at least officially.

We looked at all of our surveys and as a result we are looking at how can we
use technology to improve the data quality, improve the turnaround, improve the
availability? We have two examples I can give you. We are piloting a web based
panel as part of the Health Interview Survey, which was very interesting
because we already have their phone numbers and what personal computer capacity
and browser capacity they have. We are using a short questionnaire, a subset of
questions on the full HIS. That will be a way of getting a fairly quick

With the MEPS at AHRQ, similarly we are looking for how to do a quick
turnaround kind of data collection within the MEPS. So it would be sample from
the MEPS. They are looking at could you use Skype technology or telephone
technology or some combination. So we are moving along there as well.

We added questions to the employer survey part of MEPS. Everyone wanted to
know all kinds of information about what employer’s would do in health reform
and we added a number of questions there.

The third leg of our strategy was integration and alignment. Here we are
looking at how can we promote and assure that the data advances in our surveys,
public health and research, our administrative data, and our EHR technology,
how can we promote and encourage and hopefully assure, that all of those
developments align with each other, converge on the same goals and provide data
resources for more than just their original clinical decision making.

So we have a number of projects where we are looking at the standards help a
fair amount. The other area is looking at how can we look at EHRs, we generally
work with plans that have been using EHRs for quite a while, what is the
potential there for number one, for example, providing data to our provider
surveys. So we are experimenting with the National Inventory Medical Care
Survey and a couple other provider surveys, based on pilot studies with actual
health plans that have electronic health records.

We are also looking at how for research on small populations, to what extent
– there are different ways to do this as you know – to what extent
can EHRs help us here where the population is probably so small that a survey
is not the official to do this. So you are looking at registries or
administrative data or claims or EHRs. We have a pilot project there with
again, a couple of plans to see how well we can do there as well.

Of course we remain committed to the Health Data Initiative, which really is
to try and take all of this data that we are generating and others, to make it
readily available in an accessible way to communities and all of the
communities we normally deal with, researchers, public health, plans and so on,
to really improve health and health care, which ties in with our Community Data
Initiative and a number of other initiatives. So we are trying to tie all of
this together. Let me stop there.

DR. GREEN: Bruce, I think you have a question. Does anyone else want to ask
a clarifying question of Jim? I know Denise and Judy and Sue are here, if you
could all come up to the table.

DR. COHEN: Great stuff, Jim. It is always very exciting to see the breadth
and depth of activities. I would love for you to report more on some of these

Just a couple of observations. One on the challenge of identifying impact of
HIEs. There is a narrow window of opportunity that we found in Massachusetts
when we implemented our Health Care Reform law, people realized that they were
getting covered because of new requirements. For the states that initiate
coverage there is an opportunity. In particular we found most states know there
general level of coverage and can identify the populations that don’t have
coverage. So focusing on those populations, in Massachusetts it was young
adults, and it turned out to be Hispanics. We were able to identify folks who
gained coverage.

So I think there are potential strategies to identify by being more targeted
through surveys about how to examine the impact of HIEs.

The other comment had to do with the core standard socio-demographic
variables and administrative datasets and EHRs. Again, speaking from our
experience, the issue isn’t developing these standards, the issue is training
admitting clerks and intake workers to do this in a consistent fashion. If ONC
and HHS has resources or develops training materials, there could be a huge and
measurable positive and constructive impact. I think the focus really needs to
be on ubiquitous training development and requirements for collecting these
data. I think the standards themselves can be developed in a straightforward
fashion, the issue has always been the lack of consistency across
administrative data. When we talked to admitting clerks, it is I don’t know why
I am required to collect this information. I don’t know how to respond to
somebody who says, why do you need to know my race. Whatever the issues are. I
think there is enormous potential for HHS and the feds to get into this
training space.

MR. SCANLON: I might mention, this goes back a long ways you know, it
started with Medicare, can we get better data for Medicare and Medicaid. We
actually had our, Sue may remember, I think we had – we actually issued
guidance to the plans based on work at IOM and work that we did that civil
rights reported for example, to make it clear that that only was not in
violation of any rules but that it was encouraged that you would do a better
job in your plans if you did have this.

The plans themselves, a number of plans, had begun forming groups to
actually look at collecting the data and then looking at what they have learned
and do it in a standardized way. We actually include in the plans when we were
looking at what should we look for. Basically we want – the standard, I think
you are right, it could be fairly straightforward for most of these.

Again, these are self-report. This is what the individual – the way
that we conceptualize this is what the individual reports about themselves.
When it gets to administrative data or hospital discharge data, it is a little
trickier about how did that data get there. We need guidance and we would need
training and particularly plans, and others.

I think it is even now, Judy can talk about this, but I think when people
see these data items on meaningful use suggested core, even there they say, why
do I need to ask this? Why do the vendors have to include this? We have to do
it in a fairly sophisticated way.

DR. MAYS: Bruce was very good in bringing up what I also wanted to bring up
but I want to add a couple of additional points because I think this is really
the crux of the matter to make the change in terms of the quality of the data.
There are two things, one is it possible that you can either print or put in a
journal or somewhere for also the researchers and others, just a here are the
demographic standards, so that there is a publication or something. Then we can
keep it at that level.

Then at the level that Bruce is talking about, if people could make even if
they are like YouTube videos, something where you actually demonstrate the
asking of the question and something about why it is. If it is at that level
what will happen is that we can very easily mandate it as part of training of
individuals when they first start certain positions. But it has to be short and
simple and very easy for us to drive somebody a website or some place to do it.

DR. GREEN: Great suggestions. Let us proceed to hear from CMS. Nothing is
going on at CMS. (Laughter)

Agenda Item: CMS

MS. BUENNING: Good morning I am Denise Buenning, I am the Deputy Director of
the office of E-Health Standards and Services of CMS. I am sitting in this
morning for Rob Tagalicod our Director, he wanted to be here to give you this
update, but of course the minute he walked into the building, he got snatched
away into a meeting.

Thank you. Again I am here to give you a quick update on our transaction and
code sets operating rules, health and identifier, and ICD-10 implementation at
CMS. Of course over the years, HIPAA has grown, the impacts of HIPAA and the
stakes involved and the administration of healthcare have grown and we are
moving from very much a paper to an electronic environment with more than five
billion transactions being conducted annually, saving the health care industry
more than $23 billion. But as we all know, there is still plenty of room for
return on investment. Some additional estimated $29 billion to be had, if all
of our health care transactions were done electronically.

Of course this places great pressure on both the government and the industry
to work together. It is no longer industry versus government or vice-versa.
Medicare and Medicaid, and of course our new entries into the systems such as
our exchanges, our ACOs, represent the world’s largest health plan. So together
we are the industry and we need to all work together to strike a balance
between the timelines that Congress has set out for us to enact these changes,
what we as an industry can bear, and the need for collaboration between all the
concerned parties to get the better, faster, cheaper stages without negatively
impacting patient care and quality. Of course this all needs to be done,
exchange accurately and securely, and this is a tremendous challenge.

So the future on e-health basically is the alignment that I think we heard
this before previously, the alignment of administrative simplification,
meaningful use, all of our different areas of concern. HIPAA is just one
element in all of this. It is a roadmap to the future of e-health and as we see
it, all these factors need to come together seamlessly, securely and
accurately, so that both clinical and administrative information can be
exchanged in real time when and where possible and feasible, and among health
care entities and payment transactions go through so that the process does not
use paper, and reimbursements and reconciliation can occur as fast as an
electronic banking transaction.

The ultimate goal is a better health care system that addresses the needs of
providers and patients alike. I think that in a lot of administrative areas we
always think of providers as being the primary audience. I think patients are
also an important part of this. But just because we are embracing this
electronic health care environment, we still have to ensure that safeguards are
built into our efforts and we are very cognizant of that.

So for the past couple of years now, a lot of our work has been focused on
section 1104 of the Affordable Care Act, with having to do with the
administration simplification. We made some progress on some of these, others
were kind of in the development stages, and still others are in the works. I
will give you a quick overview of where we are on some of these.

Again, if anybody has any concerns about why we need administrative
simplification, the numbers are going to tell the tale. Health care costs are
rising and they are expected to be 20 percent or one-fifth of our gross
domestic product in just another seven years. Thirty-three percent of health
care spending is administrative cost, the business of conducting health care.
Twelve percent of a typical physician’s practice, annual revenues go to billing
and insurance related costs. What they call the BIRC.

And from the resource perspective, two-thirds of a staff person, or
approximately 27 hours a year, is needed for these types of tasks. It is also
has been demonstrated that health care entities that have higher administrative
cost traditionally deliver diminished quality patient care.

So here is where we are in terms of some of the things we are working on. On
January 1, 2013 our operating rules for eligibility and claim status increase
went into effect. However, as I think all of you are aware, the Department
announced a discretionary enforcement period until the end of March, to allow
industry and vendor installations to catch up.

Per the Affordable Care Act, as of December 31st of 2013, health
plans must certify and/or provide adequate documentation that their status
systems are in compliance with eligibility, claims status EFT and ERA
standards, and some of the other associated operating rules. However, before
health plans can certify, they must obtain a HPID. So we are looking to align
the dates and timing of the HPID Initiative with the Health Plan Certification
requirements. That NPRM is currently being worked on by our staff so that will
be forthcoming in the near future.

Of course on January 1st, 2014, standards for electronic funds
transfer and operating rules for EFT and electronic remittance advice go into
effect. And of course, finally, my favorite one, October 1st, 2014,
ICD-10 launches.

Going into 2014, large health plans need to obtain an HPID, and small plans
have until November of the following year, and both that proposed in final rule
are completed and on the books.

Per the Affordable Care Act, health plans must certify by the end of 2013
and again in 2015, that they are compliant with some of these standards and
operating rules. Just to elaborate a little bit on that. We were are working to
try and make attestation as clean and as simple a process as possible, that is
why it is taking us a little bit longer for us to get something out there for
the industry to react to.

January 1st of 2016 calls for Claims Attachment Standard and
operating rules for the remaining transactions and industry discussions
regarding claims attachments, I know are underway. Attachments is going to be a
great opportunity for us to leverage existing infrastructure so that we have
consistency in the exchange of clinical information both from a format and a
transport perspective, with other regulatory and industry initiatives. We don’t
want to recreate the wheel. We are trying to align our work with what may be
adopted for example, in the potential stage 3 of meaningful use. This is where
we start to see the intersection of clinical and administrative information
that is foundational to future health care payment a delivery models that focus
on payment for quality.

Finally, November 2016, HIPAA covered entities must use, must start to use
their HPIDs to identify health plans in the standard transactions. Again, that
was finalized this past September.

Basically here is what we have completed. We have HPID, ICD-10, Operating
Rules for Eligibility Health Plans, Claims Status standards for EFT and
operating rules either in the works or in the hopper.

Then progress we have in NPRM Final Rule for Health Plan Certification. The
Operating Rules for the remainder of the HIPAA standards and transactions,
which as you know, the Secretary named CAQH Core last September. And then
again, working for a standard for claims attachments.

Our Health Plan Identifier. This is required under the ACA to eliminate and
streamline the multiple, proprietary identifiers. We basically structured this
by saying that they could enumerate as a controlling health plan or as a
subhealth plan to a controlling health plan.

The other entity identifier is voluntary. You must have a need to be
identified in the standard transaction but not be identified as a health plan
under the HIPAA. You cannot have an NPI at the same time. You can’t be eligible
to obtain HPID and you can’t be an individual. So there are some stipulations.

Our Health Plan Identifier enumeration system is about to go live most
likely within the next two weeks. What we have been doing since last November
has been guiding the health plans in terms of providing them with information
on how to access the system, how to possibly enumerate. We have had lots and
lots of webinars and conference calls. They can start again, obtaining the HPID
or the OEID by getting into the Health Insurance Oversight System, or HIOS.
This is a system that CMS has that all the plans are familiar with. They have
already registered a lot of their information and the data has been captured.
Those needing to register for the first time can also do this by going into
this landing cage, and there they will be directed to a HPOES registration

Again, some of this information may be pre-populated for the plans. If they
already have a HIOS registration, but this pre-population will not include any
other identifiers that have been used in either the HIOS or another system. So
all the health plans that are applying for an HPID are going to get a new

This is a website that everybody can go to if they want more information on
upcoming educational events that are taking place with regard to HPID.

Now this is one of my favorite ones. This is Health Care EFT ERA. We are big
fans of this Standard and Operating Rules for Electronic Funds Transfer and
Remittance Advice. We think it holds great potential for administrative costs,
cost savings, and speeding provider reimbursement. Who doesn’t want to be paid
for their services quickly, accurately, eliminate paper checks, trips to the
bank and calls to the plan to try and figure out what exactly they are getting
paid for. We think this is a case where the Standards of the Operating Rules
will mean real meaningful change for provider operations. This goes into effect
in 2014. It adopts the NACHAA CCD plus addenda as a standard for the EFT
between the health plans financial system and the plans bank or financial
institution. The other part of the standard is the X12 TRN segment or the 835,
as the standard for data in the addenda. The Operating Rules of course, are
supporting that transaction and that standard. We think that again, it will be
great benefits, along with this Standard of the Operating Rule. We think that
it will eliminate some of the biggest obstacles to the use of EFT/ERA, that
being the reconciliation at the back-end, because it demands that a trace
number be included in the transaction.

Yes, some providers are going to have to reregister their information with
their payers and their plans, but we think that in the long run it is going to
be a great benefit.

ICD-10, I think you all know what the data is. I am not going to rehash it.
However our approach to ICD-10 has definitely changed. I think again, the word
alignment keeps popping up in all of our conversations and I think that ICD-10s
part that is unmistakable. The connections among CMS’s e-health initiatives
requires really interoperability, requires us to think about it in the total
picture. I think that our mindset of kind of talking about ICD-10 as a separate
initiative, is a thing of the past. I think that one of the things that we can
point to is the fact that ICD-10 was included in stage 2 meaningful use as one
of the criteria for electronic health record certification.

I think you are going to see more alignment as we go forward. We are also
going to see more alignment with electronic quality measures. So I think that
all of this is going to absolutely intersect going forward. You will hear more
conversations about intersection of data, of quality, standards, and other
initiatives together.

So we are continuing with our implementation of ICD-10 internally to CMS. We
still have our ICD-10 Steering Committee, however it has morphed, it is now
called a e-Health Steering Committee. I think that that reflects the feeling
again at CMS, and I think that is starting to permeate throughout the industry,
that it is not just ICD-10, it is not just this initiative or that initiative,
it all converges together and it interacts together. Our E-Health Steering
Committee is going to be looking at not only ICD-10 implementation throughout
CMS, but also Operating Rules, the HPID and the other initiatives that we have
going forward with regard to e-health.

We have internally, an estimated 63 percent completion rate. Again, some of
these dependencies are going to have to wait until the last minute while other
things get done first. Our goal is to have all of our business processes in
place by October of 20123. That is a little far off. (Laughter) More like 2013.
So we will have a year for industry testing and we are continuing with our
industry outreach and focus on small providers as they continue to try and get
their arms around the ICD-10 transition. As we know it is going to be an
arduous one and one that they are going to need some help on.

Standards Testing and Compliance. As we all know from our conversations on
5010, despite all of our standards or operating rules or identifiers, we still
have varying discussions about the vernacular and our interpretation of some of
these terms across the industry. So we need to come to some kind of a consensus
as to what we are defining as end to end testing. What does it mean, what does
compliance mean, what does readiness mean, these are all really important
questions that are going to help us operationalize ICD-10, as well as the other
HIPAA standards.

We hope to tee up some of these discussions in front of this group and we
think it is an appropriate venue to make that discussion happen. We are also
proactively working on pilots to develop protocols so that standards that the
Secretary is considering for adoption get pre-tested so that we ensure that the
standards work seamlessly in the transactions.

We have another pilot to explore end-to-end testing questions and
implications. So now we have the tale of two pilots.

One of the biggest lessons learned from 5010 is that while standards may
appear on the surface to be ready for prime time that oftentimes the
implementation issues arise when we get into production mode. This can be due
for a number of different reasons; different interpretations, edits,
unanticipated issues, for example issues with Post Off boxes, addresses, et
cetera, the list goes on. In testing, it is often hard to try and consider
every possible configuration. However, it is evident that we have to have a
better way to both pre-test standards prior to adoption, as well as conduct
testing with trading partners that results in a smoother overall

Towards that goal we have two specific pilots that each address the
standards adoption at opposite ends of the spectrum. Using a 6020 platform,
which we are not adopting, but we are just using the latest version of the X12
standards as a platform, CMS is working with Emdeon to develop a processor
protocol to test the standard before adoption to help eliminate the
pre-adoption problems and provide better information from which the Secretary
can make a decision to adopt or not adopt a standard. This may add some time to
the adoption process, we are aware of that, but we believe that overall that
industry consensus indicates that this is necessary to a prolonged and very
costly standard implementation issues that occur at the backend.

The other pilot addresses what we commonly refer to as end-to-end testing,
but again, appear to have no common understanding or agreement. We are working
with our contractor, NGS and others, using an ICD-10 as a test case to
determine the process by which end-to-end testing can be codified, along with
definitions of some key terminologies to help get the industry on a level
playing field and eliminate some ambiguity.

CMS materials will also be included in a HMS WEDI ICD-10 pilot, that HMS
WEDI participants will use and provide feedback on the checklists. We will be
looking at those products and results of the pilot program. That is a one year

There you have it. That is a very brief update as to where we are on a
number of our HIPAA initiatives. I think if you have one take away from all of
this, that CMS is actively engaged, actively working with industry, trying to
find ways to employ operational compliance. In other words, what makes
practical sense for both the industry and CMS and all of our plans and all of
our new entities that are coming into play, so that we can move the industry
forward towards HIPAA compliance.

If you have any questions I would be happy to answer them at this time.

DR. GREEN: Wonderful. What I would suggest is we go ahead and get Judy’s
slides up, if you have slides, and take a question and a clarifying thing from
Len and Walter, and then let’s keep going. We are going to have questions after
we hear from all of these folks. I want to manage the time so that we respect
these presenter’s time and get them out of here, but we also have time to ask
questions after we hear from all of the presenters.

DR. SUAREZ: My name is Walter Suarez, thank you. I am with Kaiser
Permanente, a member of the committee and co-chair of the Standards
Subcommittee. I don’t have any conflicts. I probably should have said that

Thank you, Denise, for that wonderful overview. It really puts in
perspective a lot of the work that the committee and the subcommittee has done
over the last fifteen years or so. I do have two very quick questions. One is
about the EFT ERA regulations. My understanding is that the regulations that
were published where they are entering final rule regulations – has the
final rule notice been published?

MS. BUENNING: Not, yet. It will most likely be published shortly. We didn’t
receive any substantive comments back that would make any changes in what we
had in the interim final.

DR. SUAREZ: The other question is about compliance certification. Everybody
is I think looking forward to seeing that notice. You mentioned it is
potentially being published shortly, too? I missed that part.

MS. BUENNING: I don’t think I said being published shortly. We are working
on it. This is one that obviously the industry and of course the health plans
are very concerned about because of the very stringent and very heavy fines
that could potentially be levied against any plans that fail to certify or that
obviously misrepresent – that is a whole different level of penalty.

But because the statute was a little bit ambiguous, we are taking this one a
little bit more carefully, a little bit more slowly. We are looking at the HPID
enumerations system to provide us with the base of health plans. SO in other
words, if you get an HPID, then you would qualify as a health plan and you
would have to certify that your systems are compliant with the operating rules
and the standards.

That being said, we are trying to make the attestation as simple as
possible. We want to make it so there are ways to test to see if your
transactions are working correctly. We are trying to make some accommodations
so that, again, not only is it not onerous for the industry, but also for CMS
as a regulator. We do not have the resources to track transactions, paper, et

So we are trying to find a balance between the two. We had some ideas, some
concepts on this, and then got some additional industry feedback that made us
say, okay, let’s take another look at this. We had something ready to go and we
kind of took another look and said we want to re-examine it.

DR. SUAREZ: Maybe I will misquote you on this, but is this going to be an

MS. BUENNING: This is going to be an NPRM. The reason again for that is
because this is something we don’t have any experience with. It is new for CMS.
And also the industry doesn’t have a lot of experience with. SO we felt it was
absolutely proper to go the full NPRM final rule route on this one.

DR. SUAREZ: Thank you.

DR. NICHOLS: I’ll try to be quick. I notice the October 2014 goal for
ICD-10, and I have heard a rumor that there are a few other things happening in
2014, and there is obviously huge pressure to postpone this for all kinds of
reasons. I know everybody is tired of postponing ICD-10. Are we just acting as
if we are going to hit that? What is the probability of postponing ICD-10?

The second question is, I don’t know what ERA is or whatever that is, but
what I want to ask about is a concept that is simple maybe, maybe too simple
for this incredible view you just gave us, and thank you for doing that so fast
and completely – administrative simplification sometimes means claim
adjudication simplification, as opposed to just standards for electronic
submission attachments.

Is claims adjudication simplification on the agenda of this process?

MS. BUENNING: To answer your first question, I have been given no reason to
believe that ICD-10 will be delayed any further. WE have had discussion about
this at our level with our administrator, and it is my belief that she is
committed to that date. SO that is your first answer.

With regard to the whole process of administrative simplification and claims
adjudication, the standards and transactions obviously set a platform for
moving forward for any changes in adjudication. I can’t say that is a specific
target, a specific endeavor that we are undertaking; I don’t want to say it is
collateral to what we are doing, but it certainly I think may impact the way we
see claims adjudicated as we move forward. I think as the industry adopts these
standards, the operating rules, and sees what the benefits are, I think we will
take a look and see – and we have kind of talked about the future. Maybe
in the future there isn’t anything to talk about as a claim. Maybe it is all
virtual. Who knows that the future is going to look like?

The whole goal is to make this go through the system faster, better,
accurately and securely. I think that is something we certainly don’t overlook,
but we don’t talk a lot about the security of some of these transactions. It is
something that we have top of mind.

DR. TANG: Just a question from the Left Coast, you mention the ICD-10 as the
CQM. As you know the meaningful use is standardized around SNOMED. Is there any
chance we could – because everybody is going to be coding in SNOMED –
move towards using SNOMED in the quality measures as we try to align these

MS. BUENNING: We had the discussion before about SNOMED being a substitute
for ICD-10. I know there have been a lot of studies, reports, et cetera. It is
not a substitute for ICD-10 because ICD-10 is used specifically for
reimbursement purposes, and SMOMED is a clinical vocabulary that really doesn’t
meet the needs of reimbursement.

That being said, I think you are going to see an alignment of all these
different types – you’re going to see LOINC, you’re going to see SNOMED,
you’re going to see clinical quality measures, ICD-10, electronic health
records, meaningful use – all converging and working together. And that is
something I think we have talked about, but we haven’t really seen concrete
steps or progress towards that. And I think we are starting to see that now as
we work more closely with ONC, as they have set up their criteria for the
certification. Again, as we go through each stage of meaningful use I think you
will see that as being an impetus for also moving along ICD-10.

DR. GREEN: Any comments or questions form the Right Coast?


DR. CARR: This is just a quick one. This being my 37th
consecutive full committee meeting, I remember sitting in Vicki’s seat and
listening to all these acronyms and wondering if I was in the right room
because I didn’t understand them. I suspect there may be some new members and
old members who don’t understand them, and I go back to what we did them, which
was to make a glossary of terms. It would be helpful.

MS. GREENBERG: We have a share point site. If the new members haven’t been
introduced to it – I think you have been but we certainly will. I believe
we have the acronyms listed on there and we will try to make sure it is

DR. GREEN: My goal is to see that Sue gets fair representation here. SO here
we go – Judy.

Agenda Item: ONC

MS. MURPHY: My first slide is about meaningful use, professional registered
and paid, and when you look at it you can pretty much see the dark red is about
a third. SO about a third have been paid through their Medicare or Medicaid for
meaningful use of a certified electronic health record. About another third are
registered, meaning they have their gun sights, if you will, on the program and
then about a third are still pretending that it is not happening.

In the hospitals registered and paid I think you can see the numbers are
just lots better. We are dealing here with almost 75 percent paid, Medicare
and/or Medicaid. You may recall as part of the meaningful use program that
hospitals can receive money from both. Whereas in the previous slide it is one
or the other, Medicare or Medicaid, but the hos

Here is the total amount that has been paid out, and by the way all three of
these last slides were through the end of the year, through the end of
December. SO $10.7 billion is the total paid out. There was never an exact
dollar amount, but that is about half, about $19 billion or so was what was

One of the things we don’t do a good job, in addition to explaining out
acronyms, and when I came to the government I did not even know what ASPE meant
or OMB, so I am sitting here like oh, my god. So one of the things that I try
to do periodically is make sure that people are aware of the resources that are
out there, should you be so inclined to go browsing on the web. SO should you
be so inclined there is a health IT dashboard, and these statistics that I just
showed you are actually out there. And what is even more interesting, if you go
to the next slide, is that you can get state-based and county-based data based
on attestations. Again, sometimes I think that is a little known secret, if you

I am from Wisconsin originally and what I did was I had my cursor covered
over Wisconsin, so you can see that in Wisconsin it is blue, which means we
have one of the highest levels – the code is in the lower right-hand
corner there. But it is 60 percent of attestations and this particular one is
the providers. But again, you can actually click on that and drill down.

So if you are interested in your own geography or maybe competitive
geography – but interestingly you can see, and we are really spending a
fair amount of time at ONC studying this, it is quite different state to state.
What are the enabling factors and what are the hindering factors? And trying to
look at that in terms of barriers so that we can break down those barriers.
Again, less important related to the hospitals, very important related to the
individual providers.

Moving into health information exchange, I think you would have to not read
any articles at all to not know that this is a priority for the nation actually
is to get health data moving around the patient, making a patient-centered
record. SO as a patient moves between either geography for different kinds of
care venues within the same geography. So this would be their medication list,
and their allergies and their problems list and those kinds of things. Again
another reason why standards are so important because typically you can only
exchange information that is already standardized. Maybe you can exchange
information that is not standardized, but what happens then is when it is
received it is a blob of data as compared to being about to be consumed and
actually integrated into the receiving electronic health record.

SO just to make that point, it is the difference between having a piece of
paper that would have lab data on it as compared to being able to consume it
and actually display lab data on a flow sheet. SO again, extremely important
that we are looking at standards and lab space – we are talking about
LOINC and I will stay away from some of the other standards that are more

But we are making strides. However, this is an area quite frankly that is
lagging. In stage 2, in which the final rule is out and systems are beginning
to be certified for stage 2, we have really stepped up the requirements related
to health information exchange. One of the things I was just describing, that
ability to consume it into a receiving electronic health record, is actually
one of the criteria.

SO not only do you have to be able to send a transition of care chunk of
information, you actually have to be able to receive it into an electronic
health record and do something with it – put it on a flow sheet, run
decision support. So it is not just this data blob concept; it is really taking
and using it.

Now stage 2 is not ubiquitous yet, needless to say. It is not actually
– and I will talk about certification in a minute and how many are
actually certified – so these are some of the other kinds of statistics
that we are looking at.

E-prescribing, based on some nice incentives by our partner agencies here,
has been quite well adopted. Ninety-four percent of pharmacies are active in
e-proscribing. Forty-three states and territories are beginning to use the
direct standard, to use directed exchange, and I have the statistics there in
terms of the different kinds of messaging that is going on. Twenty states have
query-based exchange. The difference, for those of you who are standards geeks
– one is solicited and the other one is a lot more like e-mail. SO in
directed exchange I know that my patient is going to see Scott next week, so I
send Scott the information. I know how he is; he knows who I am; I refer to him
and I send information.

Query-based exchange is the more complicated. It is the one where I say I am
going to be seeing this patient next week and I want to know if anybody has got
anything about this particular patient. SO it is more complicated and it does
start to require trust relationship development, which means when I get
information from somebody I don’t relay know, because I am not getting it from
Scott, I am getting it from Susan and I don’t relay know who she is, I have to
establish these trust relationships in order to be able to accept the
information. So you can see that is lagging behind a bit.

Then we have only four states that are saying they are not doing anything,
and there was some consent guidance that I actually think Scott might be
talking about.

So moving off of health information exchange to our Beacon communities
– these are the 17 grants that we put out to communities to kind of show
the way in terms of how a community can come together and use the
patient-centric record, between public health, the clinics, the ambulatory
settings, the pharmacies and the hospitals in a particular geography. Again, we
have some featured success. The Beacon communities, the funding go away this
year. SO we are in our final push in terms of what lessons learned have we
gotten from the Beacon communities and how can we package those up an
disseminate those so that those best practices that they have learned can be
learned by other people. I will suffice it for that right now because you do
have the slides if you want to go into more of the detail.

The workforce training programs are also winding down. We had three years of
funding. Remember we started in 2009. So this is the community college program
enrollment and graduation. They have their last cohorts on the right now. Again
you can see how many have successfully completed and how many are still
enrolled. This particular program has exceeded our expectations. We had hoped
to graduate 20,000 students and you can see we are over that right now.

If we go to our university-based training programs on the next slide, here
again the last cohort is still in motion, but you can see that pretty much we
are meeting our targets here as well, represented by the diamonds. Some have
exceeded and some are a little bit under, but if you look at the program as a
whole we are doing well.

What we are doing in the workforce training programs is really now changing
our focus and saying what kinds of things do we need in the industry, and what
we are hearing from people is competencies. They want to understand not just
what kind of competencies informatics-trained individuals should have under
their belts, but at the graduate level of nursing, the graduate level out of
medical school, what should these practitioners be able to do related to health

SO there is some activity kind of pivoting taking place. No big grant money.
We are using that word that is in our title, the coordination word, to start
looking at some of the ways we can contribute to the industry without having
chunks of money to provide assistance for graduates.

Another area I mentioned – interoperability was one big area that we
focused on this year. A second big area that we are focused on is patient
engagement in their own health. Again, if you are just about reading anything,
even in the public press today, you are hearing a lot about that. In fact I
will point you to PBS did a special that our director of eHealth is in, as well
as ePatient, Dave, if you are familiar with him. He is one of our very famous
patient advocates. That is exactly what he is. He just happens to be a patient
who got engaged and interested in this particular topic. SO if you do go to the
PBS website as of today it is on their website. It is an hour-long special. So
if for any reason you are interested in diving a little bit deeper on this
particular are.

So we have organized our work around three areas, access, action and
attitudes. Again I won’t go into the statistics here but you can see that we
have been using pledge programs, we have been using – and I will show you
this in a little bit – our challenge programs to get some focus and some
interest going around this particular area. Again, we are not alone. The health
care community on its own has really rallied to this. You may have heard this
quote but patient engagement is probably the blockbuster drug of this century,
meaning that we can move some from our health indicators more with patient
engagement than we can with some of our other interventions.

SO gain a very interesting area and a very important area when we think
about patients a=engaging in their own health and engaging in their own health
care. When you relate that to the triple aim it becomes fairly important, too,
because I am sure they would like to be engaged in lower costs as well.

In terms of overall policy and planning, I mentioned already that the final
rules for meaningful use stage 2 and the 2014 addition, which is the companion
certification criteria, were published. Just by way of notice, 14 different
electronic health record vendors have already certified their products to stage
2. The certification has been available since the first week in January. Of the
14 that are currently certified, three of those are complete EHRs. You may
recall that you can do a modular certification or you can do a complete
certification, complete meaning you have all fo the criteria covered. There are
three electronic health records that have been certified as complete, two for
ambulatory and one for hospital. So that is really in motion at this point.

The requests for comments for meaningful use stage 3 did close on January
15th and the comments that were received from that were reviewed at
the January and February Health Information Technology Policy Committee.
Demographics, as was described earlier in this meeting, were definitely
discussed and there were actually a fair number of comments related to that.

How the process works with this is those comments have now been turned over
to the meaningful use workgroup, which is chaired by none other than Dr. Paul
Tang. So any thoughts that this group has specifically about the harmonization
of different kinds of standards really do sit at this point with the meaningful
use workgroup, because the next set of criteria that will be evaluated and put
out for public comment comes from the meaningful use workgroup through the
policy committee, which Dr. Paul Tang also co-chairs.

Very important, I think, there was a fair amount of discussion by Jim about
the harmonization of efforts around HHS. So really important to only to get the
harmonization of the standards, but your point was really well taken on
training. When I think of training I also think about implementation
specifications and being clear about how do you implement it in a way that is
going to make sense. And that’s where the training comes in. If people are
expected to do something because it is a governmental regulation it is
completely difference than if you explain why it is so important and how
collecting ethnicity, for example, at this umpteenth level of specificity is
really going to make a difference, and why it would be important to the nation.

The request for comments for our safety action surveillance plan was a task
that we got through the IOM study. IOM was concerned — we actually
commissioned the study from ONC. In late fall of 2011 they did publish that
report, which said we are not paying enough attention in health IT to safety
and we need to step up not only our expectations in terms of the products that
are being put out, but our surveillance as well.

So we put out an action plan for comments. Those comments closed February
4th. They are being compiled as we speak and you will be hearing
more about that. In fact we are going to be talking a bit about that at our HMS
conference already, which is next week – that is the industry health IT

We are also using a non-regulatory approach for governance related to health
information exchange. We had out a funding opportunity announcement for some
pilots to help us move to the next level of where we need to be related to
governance. There will be four, probably four, maybe only three awards
announced in the not too distant future in terms of that, and that is going to
be moving that forward.

And the last thing to talk about is prescription drug monitoring programs.
This also has gotten a lot of attention in the nation just in terms of being
one of the problems that we have to solve. Health IT is relay a bug assistance,
meaning that if you have that interoperability and data exchange between
organizations, we will know about people who are going from ER to ER to ER and
shopping got drugs, if you will.

That is one of the examples of what a prescription drug monitoring program
can assist with.

I mentioned certification already. We did transition to our permanent
program and I think that is about all I will say on this. There are some gory
details but I think none of you are particularly interested in that.

We do have almost 3,000 certified electronic health record products. Again
some of them are complete certification, some of them are modular
certifications, and you can sort of e eth breakout there. Those products are
form 930 unique vendors.

There has been some discussion already about the quality measures. Denise
kind of broached it in terms of ICD-10 and how we should be thinking about
harmonizing efforts a bit better at HHS. That is exactly what we are trying to
do with this quality measure workgroup. Really look at the measures and make
sure that fi we have a program in CMS and a program in ONC and a program in
AHRQ, that actually all of them are using the same measurements, down to even
how they are measured potentially..

So there is a huge effort toward looking at aligning those measures. The
idea also being that potentially an organization could report once and then
they reporting once would actually be used by the different agencies for their
own measurements, rather than report to this agency and report to that agency
and then report to that agency. SO you might actually get credit for many, and
then again building on the standards.

Some of the things that are going on, and again we don’t relay have time and
this is getting to a level of detail that maybe only some are interested in,
but we are using automated tools around the standards to actually automate the
process of how the quality measures are actually looked at in stage 2. What I
mean by that real pragmatically is when a vendor goes for certification of the
quality measures at stage 2 they are actually given the data set that they have
to run through their software and then we compare the output of that particular
vendor’s software to a pre-described output. So we are actually automating the
testing of the interventions as well. That is basically what these all say.

I am sure many of you are aware of our standards and interoperability
efforts. This represents 12 streams of work, each row is a stream of work. The
ones toward the top are close to done because the color of the row is filled in
closest to the right. You can see the direct is pretty much done. Transition of
care and lab results interface, which are actually needed at stage 2, are
balloted at what we refer to as HL7, and I am sure that many of you know that
is the standards agency that we get agreement on across the industry. Then
there are numerous other projects that we certainly don’t have time to go into.

But I do want to point out sort of the columns across the top. Similar to
what we were talking about with other things in terms of training and
implementation, that with these standards we are actually trying to get to
something that when it is published is going to be understood and be able to be
implemented in a standard way.

So the RI in the second to last column to the right is reference
implementation. We are actually going to take these things and look at
reference implementations and pilots to make sure that these are doable by the
industry writ large.

Our website had been redesigned. If you haven’t been there recently it is a
great place to go. This is just my commercial break on that particular thing.
There is lots of new information if you want to go to the next slide, which is
just a hint at some of the different kinds of things you can look at. We are
refreshing our news a couple of times a day. We try to get at least one or two
blogs out every day or so. That is how we are keeping everybody apprised of
what is going on and what is changing.

Another website that is a little known secret I think, and I only became
aware of it after I worked at the government, was challenge.gov. So I will
point you toward that if you are interested in any of the challenges that are
going on around the government. If you go to the next slide, specifically ONC
– so if you are at challenge.gov on the right-hand side there is a
navigator bar and it just goes to show you by the way how we don’t follow our
own standards, because navigator bars are usually on the left-hand side, but on
this particular website they are on the right-hand side. If you go down to the
Office of the National Coordinator, that is how you actually get to this
particular screen. We have been using this to spawn some innovation in the

There is one I particularly want to highlight where we did do a redesign
challenge linking with CMS data. Some of you may be aware that the CMS data is
actually publicly available-+ to individuals, to patients, and you can sign up
to get that with your Medicare number. SO when you go to the website you sign
up and you can actually see your information.

We had a challenge to create a mobile app to be able to access that
information. The mobile app was actually not only created and the challenge
winner announced, but they have actually commoditized this and it is available
for free in the iPhone app store. Just last week they released the Droid
version of it. SO for you or for your loved ones if you have anybody that you
know that is on Medicare, you can get them to sign up on the regular web site
and once they are signed up there you can activate the mobile app – it’s
called iBlueButton on the app store. You can get that to hook into this an
actually get all of the Medicare information that is known about an individual
beneficiary on your mobile phone. That’s enough for that commercial break. I
could go on and on about that. This is really exciting.

I will end with this is all about each one of us doing our part, and your
part especially in terms of patient advocacy, if you will, and sharing some of
the stories about how important it is to get patients involved in their own
care. Thanks.

DR. STEAD: Judy thanks for the awesome overview and I cannot compliment ONC
enough for the effort to make this actionable for the providers and the
vendors. One question, from the evaluation of the PCAST report back in early
2011 there were many pieced of that, but probably the simplest was this idea of
externalizing the data in a universal exchange language, where we had a very
simple syntax. I know that things like the N&I framework around
segmentation and privacy are working out layers of the meta data, for example,
but I was curious – is there an effort under way for this idea of a naming
authority that would basically mean that we didn’t have to harmonize all the
standards, that we could in fact pick up a chunk and look up what that standard
was and unpack it. Is that part of the roadmap at this juncture or not?

MS. MURPHY: I do not know the answer to that, because I did not dive deep
into the S&I work at this point, which is where that would fall. Do you
happen to know?

MR. WEINSTEIN: Like you said, we are looking at it on the privacy side in
terms of ways of using meta data to classify sensitive information. And to
apply privacy characteristics to data. I will talk more about that in my

MS. MURPHY: But as an overall initiative, if there was a big chunk of time
and work I would know about it. What I can commit to doing though is finding
out more about that and reporting at the next meeting.

DR. SUAREZ: Great comment. I am also very impressed with the report and
particularly with the measurement of progress. I think it is very critical to
know that there is 97 million exchanges already happening and 2.9 million
exchanges using Query Health.

To Bill’s point, the Standards Committee and the vocabulary work group and
the Clinical Operations Work Group, has talked about that concept of having a
central repository if you will, of reference data that can be mapped across so
that while we work towards harmonization, there is still going to be
flexibility in the way data is really maintained. What we need is a reference
place where this dataset has this type of meta data structure and the content.
So people can bring multiple data sets and look at the meta data and look at
the central place where the meta data reference point is and do some cross
analysis. I think there is some work being done about that.

My question goes back to really one challenge that I see. I think that it is
just an incredible display and array of activity that are going on and keeping
the momentum going will require on-going funding. I talked about in the past,
of something that I have been referring to, the fiscal cliff, that HIE
organizations are going to face. A state HIE grantee’s are going to begin to
face stoppage basically, the end of their funding in the coming months. There
are challenges about the sustainability model that some of them have.

The same can be said about the regional extension centers that are funded
for a limited time period. The Beacon Community grants, that are grants
ultimately. So the question I have really is how can we look at either
replacing some of that funding with some other support or validating this
sustainability model that regional extension centers and state HIEs and other
organizations funded through grants from the Office of the National Coordinator
will have. Is there a sense of what –

MS. MURPHY: It is a really good point. The Health Information Exchanges,
which are state based, so there are 56 of them, there are a few territories in
there, we haven’t changed the number of states. (Laughter) Sometimes I feel
like I would like to. The regional extension centers, you may recall that there
was a regional, so there are 62 of those, they have been tasked with
sustainability plan.

That being the case, we are also helping think about how we can go about
doing that. One of the things that got talked about here today as one of the
things on the table, and that is ICD 10 assistance. So maybe I am not helping
with stage 1 meaningful use anymore as a regional extension center, but I am
helping the small practices, the rural hospitals, the rural providers, or just
people who need help implement ICD 10 and again, this sort of idea of

That being the case, I don’t know that CMS has a spigot of money they can
just turn on either, for this sort of assistance. But as we think about holding
to that date, one way to hold to that date is to stick with it but also provide
help in the last year, for those people who are probably going to have a
problem with being able to do it.

So some of these use cases, if you will, I think are going to come. A second
area for provisional extension centers that we have been looking at, patient
center medical home, accountable care organizations. The way to do that
particularly when you look at the data mining and the data measurement that is
required, is not intuitive to absolutely everybody. If you happen to be in a
community where there is a large integrated delivery network who has resources,
you are probably going to be able to figure that out.

If you are in a smaller area and you don’t have those kinds of resources,
you might not be able to. So again, it is the second example of a return of
investment kind of idea. Have we figured out how we could fund those kinds of
things – no, but I think this interagency agreement discussion stuff, has
at least begun.

DR. GREEN: Scott and Sue, how are you doing? Are you going to be able to be
here for a little longer.

MR. WEINSTEIN: Yes, not a problem.

MS. MCANDREW: Hey, my role is done so I am cool. (Laughter)

DR. GREEN: To the committee, if you had any fantasies of a break anytime
soon, forget it.

DR. TANG: I know it has been said already but it is so exemplary I just have
to repeat how wonderful the work at ONC has been and how your presentation and
summary hit with measures and you are making public on the website, it is just
really, really very helpful.

I would like to bring up the SNOMED issue again, mainly because I think it
is an inflection point and it is very relevant to this committee. One is, as we
know, and almost the industry has unanimously said, we need to almost abandon
some of the old measures and go towards what are described as de novo measures,
for lots of reasons as we transition from the administrative claim sources to
the clinical.

At the same time, when we are causing this change, we certainly don’t want
to contemplate yet another change. So I am a little nervous that we are going
to redo all these new quality measures in ICD 10, when we really have actually
mandated that all the physicians in – and you know as an implementer, we
are now teaching them to now code in SNOMED, and the discordance, there are two
different terminology sets for two different reasons, and should, one,
appreciate the Department’s perspective on that and/or advice to this committee
on whether there is any advice to be rendered about that or opinion on that.

I would hate to lose the opportunity as we retool for – bad choice of
words – as we go towards de novo measures to contemplate having to do
something with another translation step or another conversion. Maybe your
perspective on that.

MS. MURPHY: So first of all my perspective is to really get informed by the
clinical documentation hearing. We really do rely on you all, the FACAs. One of
the, I think it was the Certification and Adoption Work Group of the Policy
Committee, held hearings just two weeks ago on clinical documentation.

The idea is you are typically using SNOMED things when you are doing
documentation. Is documentation then the path to billing or is it a separate
activity? That is kind of what you are bringing up. It is kind of like the
difference between what does ONC do versus what a CMS does because we do
clinical things and they do billing. We typically don’t go in their billing.

I know that they are interchanged or intertwined, excuse me, because we have
this whole issue of the potential of using systems to create documentation
potential by copying or pasting or using templates, for work that actually
wasn’t done and then creating billing fraud.

I don’t know what the path forward is but I see the link between SNOMED and
ICD 10 as inextricably linked as I see today documentation and billing. I don’t
know that we can divorce them so therefore we have to figure out how do they
either live in harmony or does one rule.

DR. TANG: I so appreciate the discussion, and I know the Department is doing
this about the alignment, it would be a shame to teach physicians to enter once
and then not use it.

MS. MURPHY: And oh, by the way, come back –

DR. TANG: And oh, by the way, also code for billing, which was the old way
to go to quality measures when they are being redesigned right now. It seems
like something we could render an opinion on and it should have been yesterday
– oh, actually we did do it yesterday, but to reemphasize it because we
are still at that time when quality measures are trying to get in the pipeline.

MS. KLOSS: Just a related comment, I think that this committee, several
years ago, at least took up the concept of looking more broadly at the
development dissemination promulgation of coordinated versions of all of the
code sets. That work really does remain to be done because if we are going to
harmonize these systems then the way that they are developed and updated, has
to be relooked at too. I do think that is the sweet spot where this committee
should be looking at.

MS. MURPHY: We would really appreciate it.

DR. GREEN: So you guys will bring this back later in the meeting, right?

DR. FITZMAURICE: Thank you for a great presentation Judy. It is remarkable
all the work that ONC has done. I want to pick on one of the good things that
you have done and that is the Work Force Training Program. You know when
agencies go in front of budget committees and then go to OMB, the question
always comes up, well, if this is so good then salaries will rise and people
will flock to that area. Why do you need to have a training program in that
area? The stock answer to that is well, yes, that is true but we want to do it
faster. It is critical that we do it faster. And so, you have the back and
forth, but we are always looking for success stories. Here is a training
program that worked and here is our measures of working of how well it worked.

I wonder if you would consider looking at the percentage of trained workers
with HIT jobs, say over the next five years, and maybe also developing a job
bank program or a training inventory bank, for employers to searc.

MS. MURPHY: Thank you, those are good suggestions. We have not yet looked at
that, but I think that would be a good sustainability kind of —

DR. CHANDERRAJ: I was a participant in the Community Work Force Development
and I successfully completed that. But unfortunately the answer to that
question about how many people are gainfully employed as a result of completing
the course, only four candidates out of the 30 candidates that have been
enrolled in the community program, are employed now in the health force.

So it is going to be very, very hard for them to get jobs. Especially in the
days where physicians are seeing less and less reimbursements. The ONC has done
a wonderful job because it got grants and funding, but you are imposing a lot
of heavy burden on the small groups trying to implement all of this. Now the
ICD 10 coming and the SNOMED and things coming, you are putting a terrible
burden on the physicians community and I don’t know how many of them will be
able to participate in the Meaningful 2 Certification process. It is going to
be a very onerous task.

Also, I question how many of the respondents who just gained the Meaningful
Use bonus for stage 1, how many of them are Medicare participants? I know a lot
of physicians, especially in my state, the implementation rate is only about
less than 30 percent. How many of them are retiring or refusing to participate
in the CMS program to get meaningful use. From the census from AMA, there are
about 700,000 physicians, with the target for ONC is about 500,000 physicians,
and only two-thirds are participating yet or got meaningful use.

MS. MURPHY: So the number, I think it was 503,000 physicians, is related to
CMS, and they come up with the number of eligible providers. I do not know all
of the reasons for the difference, but the remainder, the difference between
their 500 and what you are saying, 700, is those are ineligibles. So they are
either working in ineligible areas or they do not have enough Medicare or
Medicaid complement to be eligible. That is where the 503 came from.

DR. GREEN: Okay, Scott?

Agenda Item: Privacy

MR. WEINSTEIN: So thank you very much for inviting us to speak here today. I
am sitting in for Joy Pritz, who is our chief privacy officer at ONC. I know
she would have really liked to have been here to present to you, but she is on
the Left Coast today doing a conference there.

I just want to give you an introduction to our office. It was a position
that was created by the High Tech Act specifically, and the duties were listed
in the Act when it passed. They included advising the national coordinator on
privacy, security and data stewardship, and coordinating with other federal
agencies, including state and regional efforts, and as Joy really likes to
point out, also international efforts with regard to privacy and security. The
international sphere is one that is really growing in terms of concerns with
cyber security particularly.

We work in these three main areas of privacy and security development. One
is policy development in which we coordinate efforts to insure that key privacy
and security protections are in place, to insure public trust in health IT
adoption, health information exchange and meaningful use. And this includes
consulting with private and public stakeholders to evaluate and develop privacy
and security policy, particularly as it relates to electronic storage and
exchange of health information. That is obviously the real change in the
industry that brought about the creation of the chief privacy officer.

We also provide programmatic support, as we are subject matter experts in
privacy and security in the support of ONC programs throughout the United
States. So we provide our subject matter expertise to ONC programs like the
Nationwide Health Information Network. Our regional extension centers, which
are established across the country to assist particularly small providers in
adopting certified electronic health information technology. We assist them in
educating providers about the new privacy and security means that arise as they
adopt electronic health records.

We work with the strategic health care IT advanced research projects on
security, the SHARPS grant programs. So we coordinate with those grantees in
their efforts to insure alignment with the efforts that are ongoing at ONC, and
health IT security and privacy committees. We work with the beacon communities,
the health IT workforce, as was mentioned by Judy. We look at obviously the
adoption of meaningful use stages, the certification criteria, and meaningful
use criteria as they relate to privacy and security. And we manage the privacy
and security aspects of healthit.gov.

We also do large amounts of research and policy implementation, where we are
researching how providers and patients are reacting on privacy and security
requirements, and the new concerns that arise with the adoption of health
information technology.

I have kind of gone over this in the previous slide, but these show some of
the government and federal advisory committee groups that we work directly with
in our privacy and security policy coordination and development. I mentioned
the Policy Committee Privacy and Security Tiger Team, and the Security
Committee Privacy and Security Workgroup. We help staff those teams and take
their recommendation and bring them to ONC for potential implementation and the
certification rules, and meaningful use stages. We also work with the Inter
Division Privacy and Security Task Force. That is within HHS. Then we have a
step above that, the federal Health IT Interagency Privacy and Security Task
Force, the NSTC, the National Strategy for Trust Identities in Cyberspace,
NSTIC, which has been really active in the areas of provider and patient
identification, the Office of Management and Budget IT Workgroup, the HHS
Privacy Committee and the federal CIO Council.

So my presentation is going to focus on these three areas that we are really
working on right now, one is going to be this issue that is currently in front
of the Privacy and Security Tiger Team, relating to query and response for
health information exchange. Meaningful Use Stage 3 RFC, which ended in January
and the results, the comments were brought in front of the Policy Committee, as
Judy mentioned, in January and February.

I am going to give you a little update on some of the projects that our
office has been working on. Let’s first talk about the Privacy and Security
Tiger Team and the development of recommendations that they are proceeding with
around response. Just a little background on this issue. Currently, except
where the law expressly requires disclosure, HIPAA permits but does not require
providers to release PHI in a range of circumstances in treatment and payment
operations, as an example here.

The goal of the Tiger Team in this effort is to reduce potential real and
perceived barriers concerning types of clarification efforts, to enable them to
respond to queries consistent with their professional ethical obligations, and
with privacy and security laws. Just to sort of summarize this a little bit, in
today’s world we think a lot about what we call push scenarios. Those are the
predominant scenarios in health care, such as a primary care provider providing
documentation in a referral situation, or a hospital discharge, where the
hospital is pushing information upon your discharge back to your primary care

What query response foresees in something a little different, where you go
to see a provider for the first time and they are able to either in a directed
way query providers that you identify as a patient, as one that you have seen,
or potentially in a non-targeted way to query what is out there generally in
terms of your health information.

Those kind of summarize the three scenarios that the Tiger Teams are looking
at. One is the targeted query for direct treatment when HIPAA is the
controlling law; one is when data is covered by more stringent privacy laws,
whether it be state law or federal low, such as the Part 2 substance abuse
regulations; and scenario three relates to non-targeted queries.

Moving on to talk about the Stage 3 RFC, and what I want to focus on, there
are several questions asked in the request for comment, but I think the one
that would be of most interest to NCVHS was the questions that was asked by the
policy committee about patient consent and data segmentation. Three questions
were put forth in this RFC and 74 comments were received about it in response.

The first question was how can EHRs and HIEs manage information that
requires patient consent to disclose so that populations receiving care covered
by these laws are non-excluded from health information exchange. This
particularly implicates, as I mentioned before, substance abuse programs, which
have heightened restrictions under law that are in place in order to encourage
patients to seek care in those areas, in those potentially stigmatizing areas,
knowing that the information, when they go to seek care, cannot be disclosed
without their express consent.

So in response to this question there were suggestions that referred to our
initiative, the data segmentation initiative, the work that has been done in
terms of meta data tagging as a way of communicating these policy requirements
with the data. And there were concerns in the comments expressed about whether
the capability is in broad existence today, a concern that perhaps it would be
better to focus on punishing inappropriate use of data as opposed to the
appropriate use of data, and the idea that maybe PHRs would be a good way of
providing this granular control of patients as opposed to doing it in an
exchange environment.

I think question two related to how can meaningful use be leveraged to
improve the capacity of EHR infrastructure to record consent, limit disclosure
of these particular types of information, to providers and organizations
specified on a consent, and the managed consent expiration and revocation, as
well as communicating these limitations on use and re-disclosure to providers
that receive this specialized data.

The responses here focused on creating EHR capacity to do this. There was a
sense in the comments that EHRs currently might not have the capacity in the
way that they manage data to be able to segment or identify what is protected,
what constitutes substance abuse information in the first place? What
constitutes HIV information?

This kind of goes along with the second comment of creating specialized
fields for specially protected information, potentially to make that an easier
endeavor within EHRs. Then requiring certified EHRs to manage patient consents
and control re-disclosure, either in a general way allowing EHR vendors to
determine how to do it, or to describe a way, as some commenters suggested.

Question three was, are there existing standards such as those identified by
the data segmentation for privacy initiative, IG, which I will talk about later
in the presentation, that are mature enough today to facilitate the exchange of
this type of consent information. Many commenters felt that indeed the
initiative did identify a useable, implementable way of doing this. They point
to other code sets, such as HL7 confidentiality and sensitivity code sets, and
existing pilots through the data segmentation initiative that are on their way
to becoming live pilots. Then another commenter pointed out the eHealth
Initiative blueprint on building consensus for common action.

So now I want to shift to talking about, or giving an overview, of some of
our current initiatives. This is a snapshot of everything we are doing right
now and it would take a long time to go through every single one of these. So
what I am going to do is kind of take a select grouping of these that we think
are of particular interest to you at NCVHS. I am happy to answer questions of
some of the other ones that I don’t address.

As I have already mentioned in this presentation, this is an initiative that
is near and dear to me as the project manager for it, the data segmentation for
privacy initiative, which, as Judy mentioned, was part of the standards and
interoperability framework, which involves bringing a group, a community
together that are both standards experts and vendors, implementers that are
interested in coming up with a solution to a problem that involves either a
lack of standards or the existence of standards, that are not being used in a
harmonized way.

So the idea of this initiative is to figure out a way to implement
disclosure policies, whether they originate from a patient’s own preferences,
the law – as we mentioned, concern with substance abuse information –
or organizational policies. We hear a lot of organizations use data
segmentation currently when it relates to VIP patients, for example.

In implementing these disclosure policies we want EHRs and HIEs to be able
to operate in an interoperable manner, to be able to communicate these privacy
restrictions with the data, so that industry, when they receive specifically
protected information from any of the patient law organizations, they know how
to implement that. They know how to handle the data and handle it

The initiative built on the recommendations from NCVHS and PCAST in this
area on how to use meta data. NCVHS really focused on what areas are needed for
this granular consent. That relay factored into the use cases that our
initiative selected, focusing on substance abuse and HIV, for example. The
PCAST recommendations discussed the use of privacy meta data in order to hit
that interoperability piece.

Currently, just to give you an update on where we are, the IGs were
completed last year and we have several pilot demonstrations next week and
HIMS. One is the Department of Veterans Affairs and SAMHSA have teamed up
together to really tackle that substance abuse use case, as well as the
Department of Veterans Affairs unique use cases as it relates to their need to
protect HIV data and data related to sickle cell anemia. They are working on
classification schemes in order to create rules so that they know what data
within their system falls into those categories. Then applying the privacy meta
data that our community came up with to then limit access to that information
appropriately, and then when it is sent from one system to another, that access
control carries because of this specialized privacy meta data.

For more information on that pilot and our other pilots, which involve
private EHR vendors as well as the University of Texas Austin has teamed up
with a private vendor as well, Tampa Bay 211, which is a substance abuse
referral network – not just substance abuse, mental health and behavioral
– they have teamed up with a private vendor to work on how we can adhere
to a patient’s privacy wishes in these sensitive areas. For more information I
have the wiki page for our data segmentation initiative.

Then we have our eConsent project, which involves development of innovative
ways to educate patients about their choices in terms of exchanging health
information electronically. This project has piloted four different facilities
in Western New York, the use of tablet computers. In the waiting room the
patient is given a tablet computer and they are given a basic two-minute video
that describes information exchange generally. Then after that video there are
subcategories that the patient can choose to drill down into if they have
concerns in particular areas.

So it is really about giving that broad overview, that broad educational
knowledge, but allowing the patient to decide where they need more education
and more information. The next steps for this project – we are conducting
a debrief with pilot site personnel, we’re analyzing the data collected during
the pilots to prepare a final report that will inform future implementations of
this strategy for both educating patients about health information exchange,
and obtaining their consent, their educated consent in a meaningful way that
exemplifies the recommendations of the policy committee, which were that
patients should have meaningful choice for their information to be included in
health information exchange.

We’ve worked on the security training game. We are working on activities
that will assist providers in understanding their obligations as they are
adopting health information technology. One of those is some of the security
concerns, the new security concerns they have to take into account as they are
adopting further health IT. For example, this is a screen shot from the video
game that we developed. AS you can see, the question here is, “Can I take
my laptop home tonight so I can get caught up on billing for last week?”

So what is being discussed here is mobile device laptop policies. That is
something obviously that, as health IT expands, more and more providers,
particularly small providers, who never had to deal with this issue, are going
to have to think about it. This provides a platform for at least starting that
discussion. Providers are going to have different policies based on the way
they do things, but this starts the discussion in that direction – how can
those end users be trained in these new areas that they might not be familiar
with, that they didn’t learn about in medical school?

We are also working—we established a web site on healthit.gov
surrounding mobile devices. This was an area that has been extremely rapid in
development, something that has evolved in the past five years where mobile
devices were something that were strictly used for work, for e-mail, and now
have evolved with the smart phones to being personal entertainment and
knowledge bases. We are seeing more and more providers in our outreach efforts
using BYOD, using the same device for work and for home, and exploring some of
the security concerns that arise when devices are used in that way. This web
site is aimed at providing educational videos, some research on how mobile
device security works, so that providers can secure mobile devices in public
spaces, on site and at remote locations.

We are working on a project in conjunction with the Office for Civil Rights
on the notice of privacy practices, using innovative ways to identify barriers
to consumer understanding of the privacy notices and looking at formats and
approaches to the notice that an communicate effectively to consumers, while
still conforming to the regulatory requirements.

We’ve conducted – actually last night was our first focus group where
we worked with patients, consumers on reading the HIPAA notice, and their
reactions to how their information is shared. I can tell you from being there,
one of the most interesting things that came from that focus group was how
interested they were in the new rights that are coming from the Omnibus Rule.
They were extremely interested in those rights and learning more about them. So
it was early helpful knowledge going forward as our contractor, in conjunction
with ONC and OCR, looks to come up with this new innovative way of presenting
the notice. As you can see our time line, we are running through March 2014.

We are doing various surveys, other surveys that look at consumer attitudes
towards privacy and security and health IT. We are leveraging the Health
Information National Trends Survey in doing this. This consumer survey has been
completed and the results analyzed. Along a similar line here, the mobile
health focus groups, where we are assessing consumer attitudes towards mobile
device applications as they are sprouting again. Mobile is huge, it is growing
at a rapid pace. More and more consumers are using applications to manage their
health care. And the key take away that we have found so far in this projects
are that the consumers do have privacy and security concerns. And consumers
actually do make case-by-case determinations when they are deciding whether to
us an application or not. The factors that they are weighing when making the
decisions are their own technological literacy, their trust in the app
developer – who is providing the application, whether it is their
provider, whether it is a third party – their control in terms of how they can
manage information in the application in the context in which it is being
offered to them. And consumers are broadly interested in their information
being safeguarded, which shouldn’t be too much of a surprise.

So that is it. I know there was a lot of material we are working on. As you
can see we are working on a lot of different issues of privacy and security and
health IT. I am happy to take questions.

DR. GREEN: Question?

DR. MAYS: Thank you again for an exciting and really great presentation. I
have two questions. One is in the area of laws around protection of data –
HIV and substance use are very specific examples. But one of the areas where we
are finding problems is in terms of mental health. Typically it has always been
carved out and it was kind of separate from – so those of us who are
working in this area of integrating behavioral health into primary care, what
we hear from people is that one of the things that they like is everything else
being fairly open and accessible, but have concerns about it. I don’t know if
you are thinking about it or if it is something to put on the radar as one of
those really sensitive areas, and it’s not just the substance abuse, but it is
the psychiatric disorders, it’s some of the distress issues that people bring
in that they are trying to find a way to protect it more than the other things
in their record. I don’t know if you are thinking about that.

The other question I have is, there seems to be some – and gain it is
kind of like coming from the way in which we work – in public health
screening activities quite often there have been in the past volunteers that go
out – like in LA we have these huge screenings where we might have
thousands of people that are there that don’t have access to health care.

We are starting to cut back and be very concerned because we thought it
would be a lot easier to collect data using tablets and what have you, and give
it to people, to even give them thumb drives and say now the handover to this
particular agency for you to go and continue, and we are told that we really
have to worry about collecting data like that, because we have to have another
level of protection. It is not clear.

So there are a lot of moving targets here about what is applying in this. I
am just kind of throwing that out because I think that the perfect is killing
the good here.

MR. WEINTEIN: So on the mental health question I can tell you that while we
did data segmentation, obviously we focused on those Part 2 use cases. Mainly
the reason we focused on those use cases is because of how broadly applicable
it is in terms of it being a federal regulation, something that every provider
in every state that have these treatment programs have to abide by. And not
just those treatment programs but anyone who receives data from the treatment
program has to be able to abide by the restrictions.

We made it very clear in our initiative that we weren’t limiting the
functionality to just that issue. There is a lot of interest among our pilots
and among members of the community towards expanding this capability. This
project data segmentation was not just about implementing Part 2, but about
providing an avenue for potential granular consent in other areas, like mental

In terms of the second question, in terms of tablet use – I think you
are talking about the security concerns of having additional devices data as a
result of collection, I can at least tell you with eConsent, my understanding
of that project was that they were very careful not to store information, the
consent that was captured, locally on the tablet. So immediately when someone
would document their consent, it would be sent to the server and would not be
stored on the tablet specifically.

Our mobile device work relates very much to those concerns with tablet use
and USB use, for sure.

DR. GREEN: Let’s go to Bill and come around the table this way. We will wind
up with Leslie.

DR. STEAD: The segmentation work is awesome and is really beginning to
provide very concrete examples around things that were quite abstract a couple
of years ago. So congratulations on that.

Really the concern and question I have surrounds how we begin to think about
his, not as something that is applied external to our electronic health care
systems at the exchange, but how we actually begin to apply it internal to
those systems. At Vanderbilt, as I wrestle with how we can actually respond to
this requirement, not what we allow patients to restrict access by payers to
events they paid for – the Rule 45CFR. Practically speaking, since we at
least are not smart enough to segment except at the encounter level, if I see a
person for a plastic surgery procedure and I discover they are HIV positive in
that event – and it is all part and parcel of that event – the next
time they see a provider they are going to have to know that if they care about

So as best we have been able to tell we can meet their request, provided
they will pay for all downstream care. That will obviously be a very expensive
payment. That would become possible if we, in fact, had these segmentations
internal to the base systems, but none of the current systems are designed that
way. That is where the power of getting to where the universal exchange
language is actually part of the base infrastructure.

So I don’t know if there is real attention to try to get to that in time to
let us deal with some of these regulations.

MR. WEINSTEIN: What I can speak to is at least one that I didn’t mention in
my presentation that we have started, and that is data segmentation for
Provenance project. We are conducting interviews of vendors to see how they at
least manage provenance within their system. That is an area that could
potentially be a lever for segmentation. You can segment based on source of
information. That is at least one step forward. In order to do that, like you
said, the provenance information has to be internal to the system in some way.

We are using this project to explore how it is being done currently and
where there are potential gaps in that area.

DR. SUAREZ: Thank you. Another example of when you have people, power and
passion – I was going to use the “P” for money but I can’t think
of one. Anyway, it is just an amazing amount of work. I am pleased to have been
able to work closely with a number of these initiatives, including the data
segmentation for privacy.

I have three very quick notes – not so much questions. Number one, on
the provenance part I am glad you touched it because I was going to mention it.
It is truly beyond the data segmentation portion. It is really a provenance
issue, and this is a major issue for health care organizations, because right
now the expectation is we are going to be required to or expected to accept
data from different sources and incorporate that data – not that we are
not doing it, but we are doing it not in the way that is expected to be done
into the future. Provenance, including provenance for data that comes, for
example, from EHRs and other sources, will be very critical, again not just for
data. So to me that is one of the most critical priorities for the next several

The second topic – and the other two are really adding to the point
about some other areas where we need some work to be done collaboratively, is
in the area of privacy of what I see as the next Holy Grail for us, and that is
genetic information. I think privacy and security for genetic information is
going to raise the bar even much higher than where we are today.

The other area, of course, along the way, is privacy and security with
respect to the cloud systems and the cloud applications out there. More and
more data is actually being put into these clouds and some of the clouds are
cloudy to say the least. I think that is another major area for potential

DR. FRANCIS: I want to thank you. I also want to say that we are actually
working in some ways with you and on that slide of all the groups, it might not
be a bad idea to put us there, too. But I am on the Tiger Team. So for example,
in the query discussions, basically as a liaison from the Privacy, Security and
Confidentiality Subcommittee.

I would say one of the things with the personal health record letter that we
did a couple of years before the data segmentation letter, we can sometimes
take a problem and sort of chew on it and framework it in the same way we have
been doing right now with data stewardship ad community engagement.

If there are topics like that, where we could brainstorm where it would be
helpful. I am assuming there is a hard copy of your slides over there. So we
can go through the kinds of things as a privacy subcommittee. But if you have
particular thoughts for us about areas that would be analogous to the data
segmentation it would be enormously helpful.

DR. GREEN: Sue, you get the morning’s award for patience.

MS. MC ANDREW: I am happy to have the opportunity to speak and I am more
happy to be able to have a final rule published and be able to talk about that
instead of the litany of, it is coming soon. We now get to say that about other
things, and people know what that means.

In terms of where we are, we did publish in the Federal Register on January
27th our Omnibus Final Rule that implements a number of provisions
that stem from the HITECH Act. We call it an omnibus rule because we threw into
this rulemaking anything and everything that we could possibly have in the
regulatory chain so we could get it all done at once, which helps align
implementation dates for our covered entities as well as relieving burden on
the reg processing pipelines.

So we also, in this Omnibus Rule, incorporated the final rules on the
Genetic Information Nondiscrimination Act, and those privacy provisions that we
had an NPRM out for some time, we included review of the comments that came in
on the two interim final rules, the one on breech notification and the one on
the enforcement penalties. Then we also threw in a number of non-statutory
provisions that had been percolating through, including a number that addressed
recommendations that had been on the table for some time, coming out of this

So in terms of what is in this final Omnibus Rule that is new for consumers,
courtesy of the HIGTEC Act, consumers now will have a right to get an
electronic copy of information that is in electronic form at the entity. This
will be primarily the electronic health record. One the plan side it will be
basically their payment record and whatever additional information is held in
electronic form.

So this right is envisioned in a way of allowing the individual, not just
the covered entity, to play in the wonderful world of manipulating electronic
data instead of having to deal with reams and reams of paper, and trying to
find a way of organizing and looking at all of that data.

They also have the right, under the HITECH Act, to direct that that
electronic copy go to a designated third party, largely designed as a way to
empower personal health records. I think what was envisioned was that instead
of having this electronically delivered to you, you would direct it to be
delivered to your freestanding personal health record and then be able to
access it through that mechanism. However, it was not limited to that so we
took this opportunity to broaden that and empower individuals, whether they
their information is electronic or not, that they have the right to direct
their copy, whether it is electronic or not, to a designated third party.

In fact, we have enabled people to do that under the current access right
even now. This juts makes it a little stronger. We do indicate that the entity
needs certainty about who this third party is and how to get the information to
them, we do require that this direction to the designated third party be in
writing so that everyone is clear, and there is documentation available as to
where the individual wanted the information to go. As in normal HIPAA
standards, this can include an electronic writing – the writing can be
electronic, so it doesn’t have to be on paper.

Courtesy of the HITECH Act covered entities are prohibited from selling
protected health information unless they have the individual’s authorization to
do so. That is not necessarily new. They were never allowed actually to sell
the information, and that gives you the permission to disclose it, but if you
did have permission to disclose it, then we do not care, prior to this, whether
or not you were reimbursed or what you charged the party for the disclosure
that we otherwise permitted.

That has now changed with many, many significant exceptions. So I think
going forward, for instance, certainly treatment and payment disclosures are
not subject to this test. Public health disclosures are not subject to this
test. Information that flows as part of the sale of the business itself is not
subject to the test. So there are a number of examples that are totally outside
of this prohibition.

Otherwise, including research, and we had many, many discussions with our
research community, this does apply to the research community, and we took the
standard that Congress had devised for the research community and decided to
apply that standard basically across the board to the permissible disclosures.
So essentially it is not considered a sale if all you are being paid for is the
cost that it takes you to assemble and transmit the data.

So it is a cost-based fee and as long as it is just your work to assemble
and transmit this data, that is fine. But otherwise, if you get more than that
then that can be problematic.

We also, in the preamble, note several research scenarios where the payment
you are receiving really is for a broader purpose, such as general
participation in the research program or study, and it is not just that the
money is coming to you in exchange for the data. So even though there is an
exchange of data as part of this larger program that you are participating in
or getting a grant for, that is not considered a sale either. So we really are
looking for a very targeted payment for the disclosure of that information.

Similarly, marketing got tightened. There are some more limited exceptions
to this. For the marketing communications, which are paid for by a third party,
those also now will require an authorization. An exception is for refill
reminders and information about adherence programs and information about
current prescriptions.

But this was an attempt, I believe, by Congress to close a loophole, if you
would, in the way the current marketing definitions work, so that this third
party could pay the provider. The provider then would send out these “Dear
Doctor” letters to either a targeted subset or across their patients more
broadly, urging them to switch drug regimes to this new drug that was being
marketed, or other kinds of using the goods and services of this third party.

So while the information was prohibited – you know, the third part
could not have bought the consumer list from the doctor to send out their own
letters, they could use an intermediary to do this, so Congress was interested
in closing down this last avenue through which these marketing materials were
still being disseminated and that is the provider can no longer take money from
the third party to market that third party’s goods or services.

It does impact health plans in a somewhat unexpected way because we did run
into issues related to certain ways in which health plans were advising their
beneficiaries about value-added goods and services that were not actually part
of the plan’s benefits. These are going to be impacted to the extent that the
vendors of these value-added goods and services pay the health plan to promote
them to their beneficiaries. Those kinds of transactions would no longer be
permitted. They will now become prohibited as a marketing communication and
require an authorization.

What we have talked with the vendor community about is the way the marketing
prohibition payment works. It does not prohibit in kind exchanges. So the
vendor can provide the materials themselves to the health plan, as opposed to
giving them a cash payment to send those out.

There was an additional requirement to insure that there is an easy way to
stop fundraising communications. Again, the current rule does require these
communications for fundraising to inform the recipient that they can opt out of
future communications. The HITECH direction was that this opt out notice to the
individual must be clear and conspicuous. So you are now required to have a
clear and conspicuous opt out. The exercise of that clear and conspicuous opt
out needs to be in a way that is not overly burdensome or costly to the
individual to exercise. There is also much more of a hard stop at the other end
where the individual does exercise the opt out.

So there may be some need to tweak systems to make sure that whoever is
receiving this opt out information is in a position to act on those promptly.

Finally, as was mentioned, in the areas of the right to request restrictions
of disclosures, there was one change. Currently, while the individual has the
right to ask for the restriction, we have allowed the covered industry
discretion to agree or not to agree to the requested restriction and
enforcement follows only those restrictions to which the covered entity agrees.
Congress has decided that in one area the individual would actually have a
right to demand and control disclosures, and that is when the services and the
treatment is paid for in cash or out of pocket, then they can request that
their health plan not be advised or obtain that information, that disclosure.

We did struggle with what to do with downstream disclosures. One noting that
risk right to restrict runs only to the health plan. So it does not limit, or
run to other providers. So the exchange of this information is not n any way
restricted across providers, but there may well be the same sensitivity from
the individual’s point of view with regard to how these other providers
disclose the data. So we have tried to deal with that in the regulation, but we
have not imposed an actual obligation on the covered entity to insure that the
restriction flows downstream with the data. So the only prohibition really runs
to the health plan.

I mentioned GINA. What the Omnibus Final Rule does is also implement the
privacy protections now that will go to genetic information. It has always been
treated as PHI to the extent that genetic information is identifiable –
and that is a whole other discussion. What we were asked to do is make that
explicit and so genetic information, as defined by the statute, is now to be
treated as PHI. So that won’t be a relay big lift.

It does prohibit health plans form using and disclosing genetic information
for underwriting purposes. This again should not be that big of a lift, largely
because they are currently under an interim final rule that was issued at the
same time we were. We issued our NPRM – this prohibition went into effect
for the purposes of actually determining coverage and eligibility for benefits,
health plan eligibility. So these prohibitions not to use genetic information
for underwriting purposes has been in place since I am going to say 2010.

We have been very careful to try to align the terms and definitions in the
privacy are, to track those that are being used by the entities, the Department
of Labor and a portion of CMS, and the Internal Revenue Service, who are
responsible for the actual nondiscrimination provision as it effects health
insurance itself. We try to include all of the definitions that were required
by the statute and to make them aligned as much as we could with these other

I will say there is an enforcement track that go to the prohibitions in
using this for underwriting purposes. They are administered on the
nondiscrimination side. What this does is impose, in addition to those or as
well as those, it makes using these for underwriting purposes subject to HIPAA
penalties. The last time I looked I do not think there was – it is not one
or the other where you wind up getting both sets of penalties.

Just briefly, on some of the non-statutory provisions, student immunization
was something we heard from this committee about some time ago. So we took this
opportunity to insure there was an easier way than the authorization process
that is currently in place for parents to allow their providers to release
proof of immunization directly to the schools. So that is now permitted.

We also from this committee, as well as our general discussions with the
research community, took this opportunity to try to align how the privacy rule
works with again the informed consent and the Common Rule. So we have made it
easier to use a single authorization form for more than one research purpose
and to relax the policy on when you can get an authorization for future
research. These have been two rubs that we’ve talked to the research community
about quite a bit in the past couple of years.

These changes will require an update to the Notice of Privacy Practices. We
have also used this opportunity to relax the distribution requirement on health
plans, who would have been required to send out this updated notice within 60
days. So now, to the extent that they can just post this on their web site,
then they can just mail the revised notice out within the next annual mailing.
And we did relax some of the rules related to access to decedent information,
including putting a time limit on how long the privacy protections would
attach. And also to make this information a little more accessible to friends
and family. We ran into a number of problems with regard to difficulties with

One of the bigger areas of change is the business associate requirements. I
think this is going to have the largest impact going forward in how we perceive
of the privacy protections, and what the scope if my office’s enforcement
efforts are. So business associates are now directed to comply with the same
security rue standards as the covered entity.

They are also directed to comply with use and disclosure requirements that
are expressed in their contracts, and they cannot of course do anything that
the covered entity itself cannot do. So they can’t do any use or disclosure
that would otherwise be in violation of the privacy rule. These requirements,
these obligations on business associates, will now be enforceable, not simply
by whatever contract remedy the covered entity had with the business associate,
but they will be enforceable to the same extent that my office can enforce
against a covered entity, and they would be subject to the same HITECH civil
monetary penalties that a covered entity would.

So our book of business is now going to encompass this world of business
associates, and we have made clear that this is not something that the business
associate can insulate themselves from by simply contracting out with yet
another entity. So to the extent these business associate obligations flow
downstream from the business associate, the subcontractor to that business
associate just pops up now as a business associate themselves, and their
contract downstream now is subject to the same thing.

This obligation on the part of a business associate to protect the
information and secure it in the same way that a covered entity has to do will
follow the information through this business stream.

There were a few tweaks that we made in terms of breeches and enforcement
provisions, in particular. Just briefly on the breach notification, we did get
a lot of blow-back from a standard that we had in terms of defining a breach by
the potential harm to the individual. So we have replaced that with a standard
that still allows the entity to do an assessment of the circumstance’s and the
nature of the information that was involved in the breach, and to make a
determination whether there is a low risk as a result of the breech that the
information disclosed would be compromised.

We are hoping that we can focus the entity on looking at what were the
factors in the breach, what was the nature of the information that was lost,
and to do the assessment based on those which are much more knowable and, if
you would, objective for the covered entity to assess than trying to speculate
about whether or not there would be some harm to the individual.

In enforcement we did provide some additional information about what would
qualify for some of the higher tiers of culpability, including willful neglect
and reasonable cause.

Briefly on dates, as I said, it is published in the Federal Register January
25th. The effective date is March 26th. So we are using
this period between the publication and the effective date to do as much
outreach as we can. We do conferences, we do webinars, we are running around eh
country talking about this. That will not stop after March 26th.
Between March 26th and September 23rd will be the
compliance period, and we will begin enforcement efforts with regard to these
new provisions come the end of September.

We are giving entities that have a conforming business associate agreement
in place as of publication date of the Federal Register, so they get an extra
year, to 2014, to conform those contracts as necessary.

I did want to say just a few things about some of the outreach that we are
involved in. I will get some of this, and the URL sites, to you, but we do have
– a couple months ago we did put up on the website our de-identification
guidance. That is available to entities to help them figure out not only how to
comply with the current safe harbor method to de-identify, but we have tried to
make the expert determination method of de-identification more accessible, for
covered entities in particular as they move forward in an electronic world with
larger and larger electronic data sets. It is really this expert determination
that is probably going to be more useful to them than the safe harbor method.

In conjunction with the Omnibus Final Rule we did publish a sample business
associate contract language on our web, and that is now accessible. We do have,
in cooperation with ONC, we did work on the mobile device guidance, and we are
attempting, both in terms of that endeavor and work that we are doing with ONC
on the security rule, we are trying to scale down the security rule
requirements so they, too, are more accessible to a smaller provider, is to
make sure that those tools are not just best practices and good ideas and
suggestions, but that we can actually use them and give them out to entities as
a way of complying with the security rule, in sort of this data in one multiple
uses that these kinds of guidance materials can be both educational as well as
a compliance tool.

On the consumer side we are working to update our fact sheets. We have those
ready for posting, and we have had them translated into seven languages. So
those should be up shortly on our website. I understand the current stumbling
block is we had two Chinese versions, simplified and traditional, but our
landing page only wound up in one version, so we have to go back and get the
landing page expanded to two versions of Chinese. But we expect that to be done
by the end of the week. So those should be up shortly. We also are getting good
feedback from the number of YouTube videos. Someone mentioned YouTube videos.
We have those largely for consumers, but we do have a couple of security t=rule
You Tube videos that would be a good starter kit for some smaller providers.
And we are looking for other ways, additional videos that we can out up there.

So with that I thank you for your time.

DR. GREEN: Thank you. Let’s take a question from Walter, and another quick
burning question. I sense that you are just about exhausted.

DR. SUAREZ: Thank you. Very quickly. It is amazing to see 500-plus pages
reduced and summarized so nicely into five slides. So I thank you for that.

The first question is about accounting of disclosure. Is that still on the
agenda for this year? And can this committee help in any way?

Then the second question very quickly is back in May of last year there was
a publication of an NPRM modifying CLIA to allow for laboratories to disclose
lab results directly to patients. Is there any sense or do you know the status
of the final rule on that?

MS. MCANDREW: Thank you for bringing that up. That was another note I made
to myself. I hadn’t included it in the slide deck. This is out the door, so
yes, regulatory activity now continues on other fronts, but smaller fronts. So
we are continuing to collaborate with CMS to bring out a final set of access
permissions for information from CLIA from the labs. I believe that should be
on track for some time – I won’t say soon, but I think it is kind of in
its final laps. So look for that.

Accounting of disclosures has many laps to go before it sees its final lap.
But we are putting that now back higher in our hierarchy focus. So we are
hoping to be able to move forward on that. I think in all likelihood there will
be some additional collaboration that is done. The possibility is still there
that we will end up re-proposing, depending on what the final solution looks
like. If it is distinctly different from what the proposal was, what our
commenters hoped it would, so that is definitely a work in progress, but it is
something that we are going to be focused on.

I would just want to say one third area we are going to be working on is in
collaborating with the White House as part of the gun violence initiatives.
There we are going to be taking a look at the Privacy Rule as well as privacy
in general, in terms of what impact that may be having on entities being able
to report individuals who are prohibited under the Brady Bill and the other gun
control statutes, as not being eligible to purchase a gun. So our first step
there will be an advance notice of proposed rulemaking. We have not made any
final determination about whether there are privacy barriers to being able to
report into the criminal background database. But if there are we will be
looking for ways to address them.

DR. GREEN: Let’s go to Leslie and Vicki and then to Len.

DR. FRANCIS: One thing that is still open from the HITECH Act is sharing
penalties and figuring out how to value privacy harm. Is that at all on the
radar screen? The reason I ask is it is something that we have back burnered on
the Privacy Committee, but it is something that we considered taking up.

MS. MCANDREW: That, too, is an issue out of HITECH that we have not had a
chance to address. That is also something that we would probably do as an
advanced notice of proposed rulemaking in order – it is not an area in
which we have within the office good expertise. It is also something we are
having some difficulty finding reasonable models out in the real world.

So to the extent that the committee can be at all helpful in vetting some
practical ways of doing that that would help us move forward in this area, we
certainly would be interested.

DR. MAYS: I wanted to ask about, in your first slide about the right to
direct copy to designated third parties. It sounded like when you were talking
about it you see those third parties as entities? Is it that, for example, that
these could be directed to like one’s family member or someone else? And if so,
in protecting the security of the transmittal, will the person on the other
side need to be kind of either technologically sophisticated to unencrypt data?
What is the thinking in terms of that?

MS. MCANDREW: It is not limited to entities, so it can be sent to third
parties, individuals, family members, attorneys. We have not, outside of our
covered entity, and now business associate, universe, we don’t require the
individual, or if they are sending it to an individual who is not a covered
entity, to have any particular – you know, they are in charge of their own
information and privacy with respect to that information, and security with
respect to that information.

So other than some general education in terms of what the risks may be, we
would not be imposing standards on what the recipient of that data has to do to
receive it or protect it, unless that entity is a covered entity. It is an
interesting issue.

DR. NICHOLS: So I, too, marvel with Walter at that reg into seven slides. If
I had a hat I would take it off. That’s point one.

Point two, I was relay struck at the provision on restricting the flow of
information about what one bought with cash back to one’s insurer. I realize
this is a done deal and you are very happy about that and I am proud of you,
too, and I don’t want to re-open the issue as a policy discussion, but I will
just raise the point – is Kaiser an insurer? My doctor is paid by Kaiser
Permanente Federation, which has an exclusive contract with Kaiser, the health
plan. I might want her to know what I did with this money and bought this stuff
that made me feel good. But you are telling me that we can’t let Kaiser, the
plan, find out.

I raise it more – we can argue on the head of a pin whether Kaiser is
or is not a health plan – but I would just offer the observation that in
some parts of our country plans are actually leading the edge in trying to
improve managing care. So preventing them from getting it as if there is
something special about them just strikes me as odd.

Second, if you are in a contract where you have a medical savings account
type of arrangement, then it seems to me you kind of have to tell them what you
spent the cash on. So I am just curious as to how that all has implications for
us as we go forward in the health care system. I am just worried about these
arbitrary boundaries that the plans are over here and everybody else is over
there. In fact, it is pretty — I believe Walter used the word

MS. MCANDREW: One thing that I would emphasize, that this is not a uniform
requirement. So it is still up to the individual to ask for this restriction.
So it is not like all cash transactions are now prohibited from going to the
plan. It is only if the individual paying cash, usually for some degree of
confidentiality, so it is to honor their perceived interest in keeping this
information just between them and the doctor. The party that would have no
interest, presumably because it has already been paid for, so the provider is
not going to be going to the plan to get payment, then the plan has no interest
in the services.

One can debate the pros and cons of that. Nonetheless this is the law we
got. This is the law we put into place. I think we have tried in the preamble
to work through as many scenarios as we could. We do recognize there are some
payment scenarios with regard to CMS where you can’t unbundle these things. So
the individual is faced with having to pay for the whole thing in order to get
the protection, or they cannot enforce the protection.

We have tried to make it as manageable as possible.

DR. GREEN: Some of you will recall that after our last meeting, about eight
members of the committee said that was a fire hydrant that we got in the
reports from everybody. There was so much going on that we need to take more
time for this. Secondly it would be a whole lot better if it was done in person
because the quality of the information and the communication exchange was much
higher. And it would be relay nice if everyone came with a PowerPoint. So we
did it differently this time and I want to thank your presenters very much. I
am sorry the other two are gone already, but your being here in person is very
meaningful, very helpful. We appreciate it very much and we appreciate the
preparation you have put into it and the way you presented it. I know I speak
for the whole committee that we are deeply grateful. You have helped us. You
have helped us a great deal. You are a great enabler for the work that we want
to do.

We are going to take 45 minutes for lunch.

(Whereupon, a luncheon recess was taken at 12:12 p.m.)


A F T E R N O O N S E S S I O N (1:05 P.M.)

DR. GREEN: I am going to be capricious and arbitrary here. We are going to
be passing around the leadership of our work this afternoon and our
conversation to the different Subcommittee co-chairs. Unless they object, I
think we will start off with the Populations Sub-committee. Then I suggest we
go to Privacy and Security. Then I suggest we go to Quality. That will give Ob
and Walter the longest period of time possible to recover from yesterday to
make their presentation. It was quite a day.

Again, the idea here is just to hear what the committees are up to, the
direction they are headed, the things they have got in their sights, where they
think the priorities are, and to give everyone else a chance to query the other
committees and to go back and forth about what do you mean by this and what do
you mean by that. The intellectual product we are looking for here is spotting
the overlaps and the synergies and avoiding having two groups of NCVHS
basically plowing the same ground from a little bit different perspective,
aiming to come out of it with enough conceptual coherence about what we are
doing across the subcommittees so that we can function as a committee of the
whole around our three themes.

One of the assignments of all members of NCHVS is to be able, on demand, in
the elevator, to explain to someone what our three themes are. That is not
between floors one and 63. It is between is between floors one and four. You
have to be able to spit them out.

Standards, communities as learning health systems, and convergence —
convergence across the nation’s health data infrastructure and enterprise that
is so fundamental to developing information that can improve individual and
population health in a way we can afford it. That is what we are going to work
on. We have the added advantage of having a workgroup that is trying to be very
specific about helping the data we have be used more productively. We will hear
more from Justine and that crew tomorrow morning.

Should we rehearse it together? Can all members say what our three themes
are? You have to have those in mind. The assignment is listen. Keep those three
themes running through your heart and mind as you are listening to your
colleagues, here, on the Committee talk about the work that they have in mind.
That can sort of provide you a little bit of a guidepost.

Marjorie has something she wants to say before we pass it to Bruce.

MS. GREENBERG: Because I have you all together, here, I wanted to, first of
all, say that, yes, we heard you about wanting to be able to process all of
this incredible information from departmental representatives better. I really
want to give credit to Debbie Jackson — there she is, Miss America — because
she worked — these things don’t just happen. She worked closely with each
person. We got the slides. Of course, we are meeting here, though. It does have
its challenges because of the security. In any event, trying to get people in
person and have the slides, we will continue to try to do that. Debbie really
did a lot of work on that.

The other thing I want to say because now, this is the second meeting day in
a row that we have not only drunk from a fire hose, but without a break. I just
need to explain and I haven’t had to do this for a while, but because the
co-Chairs are here, too, and I don’t want to just pick on our Chair, here, but
all the people who run meetings are here and some of you might be running a
meeting even if you aren’t a co-Chair.

I know that individual members can get up. They can run get a cup of coffee.
They can run to the restroom. We have people who are recording this. We have
people who are making sure that it is — for the transcript. We have people who
are making sure that people are watching the webcast. They cannot leave as long
as your words of wisdom are being expressed. We have to not do this again. Two
days in a row.

I, personally, I don’t know about the rest of you, but if someone is
speaking, I don’t want to walk out on them. We have to have — after about two
hours, we need to have a break. I know we are just so dedicated and we work so
hard that we don’t want to lose 15 minutes, but we really can’t do this a third
day or a next meeting. Understand that is the reason because there are people
who are supporting this meeting who do not have the option to just get up and
walk out for ten minutes.

DR. GREEN: Did the Office of Civil Rights talk to you over lunch?

MS. GREENBERG: A suit is pending.

DR. GREEN: Bruce.

DR. COHEN: Hopefully, this won’t take two hours. Actually, if it does take
two hours, it means that we are having really good discussions. We will build
in a break.

I am going to be giving a quick overview of the Populations Sub-committee.
Feel free to interrupt me. I have a planned presentation, but I find the
richness of the interaction is really helpful. If you have any questions as I
present, please feel free.

DR. GREEN: Bruce is Sallie on the phone?

Agenda Item: Subcommittee Activities

DR. COHEN: She was planning to be on the phone earlier, but since our
schedule got changed, I just don’t know here availability.

Before I start, obviously, I have to acknowledge Sallie. I have the
wonderful team right here — Tammara and Kassi and Debbie, who were invaluable
helping put this together and help organize our stuff. The incredible
dedication of everybody on this sub-committee is to be commended.

MS. GREENBERG: And Susan Kanaan.

DR. COHEN: How could I forget? Thank you all.

We distilled Larry’s three themes into one since it is a lot easier for me
at my age to remember one rather than three things. Essentially, the theme of
our activity is supporting health data needs for community-driven change.
Actually, this is a very powerful theme when you think about it. It is
integrative. We hope it will allow us to converge the interest not only to the
Population Health Committee, but, certainly, the Privacy and Confidentiality
Committee and, certainly, the Data Workgroup. After hearing what happened
yesterday in Standards, that certainly fits in and, certainly, Quality as well.

This theme also focuses on data needs because that is what we do best. We
have the expertise to focus on data. Community driven change is a key for us
because that is really keeping our eyes on the prize. That is where the payoff
is, particularly thinking of how we, in the National Committee and HHS, can
help promote community driven change.

We have been very busy. I probably over process, but that is my modus
operandi. We have had frequent calls and an enormous number of email exchanges.
My inbox is always full with activities. Susan is going to talk in more detail
tomorrow about the preliminary environmental scan that she has done looking at
some of these issues.

We have developed an instrument to get feedback from communities. We will
talk more about that later today. Hopefully, we will finalize that tomorrow in
order to send it out. I concluded our initial planning and formatting for the
joint workshop we are going to have in the spring that is going to focus not
only on population health issues, but privacy issues and data workgroup issues.

Finally, Vickie and Nancy and Leslie Cooper have taken the lead in helping
put together an APHA session, which will be in Boston in early November on
these themes. We have done an enormous amount of work. Let me just give you
some highlights.

As I said, Susan will talk more about the environmental scan tomorrow, but
it took place over a two month period. The focus was on initiatives supporting
community data used to improve local health. The goal was really to help us
target where we can make a contribution. Susan talked in three telephone
interviews, one email, and six key informant interviews, as well as doing the
review of 13 programs, which she will describe tomorrow.

Essentially, here are some of the observations that I gleaned. We talked
about this earlier. There is a lot of data already collected and is out there.
The issue is how to determine what to use and how to use it at the level for
action for communities.

Clearly, feedback that Susan got is that technical assistance is not
universally available. This certainly could lead to recommendations from us for
the Secretary. It is also important to note, although, I am like a supreme data
geek, the data just start the conversations when we are working with
communities. People make the decisions. The issue for us is how to empower
communities to use the data to create these dialogues to make good decisions
for themselves.

Finally, it has become clear that the National Committee can leverage
federal involvement to help promote these kinds of partnerships and activities.
As I said, tomorrow morning, I think, Susan is going to present more detail.

Feedback questions — so our goal here is we want to get additional feedback
from communities and data experts through outreach. We have been trying to
design a feedback form that will cover a variety of topics. The goal for this
feedback is to help inform the discussions at our workshop, reveal some areas
where the National Committee can make a difference, maybe identify some
speakers or participants for the workshop, and actually begin starting the
process of thinking strategically about what recommendations the Committee
might be making to the Secretary.

Again, we will discuss in more detail I think today, perhaps at the Privacy
breakout and tomorrow morning at the Population Health breakout, finalizing
this feedback questionnaire. The four basic topics that we hope to get
information on are data access, tools and measures used to analyze these data,
issues around community understanding, and experience with de-identifying data
and privacy. We also want to use this as an opportunity to get more feedback on
The Community as a Learning System Report.

This is also a nice opportunity for me to shill for new members for the
Population Sub-committee. All of you folks who are new to the Committee, we do
incredible work.

The way our — we are creating and Tammara has been incredibly helpful here
in creating an online survey that when we finalize, we will distribute through
our listservs through the members of the Committee. I really call on all of
you. We will provide you with this survey. Send it out to your colleagues, to
individuals, to organizations, to listservs that you think would be interested
in giving us feedback on these areas around community data use and community
data needs.

We are going to distribute it and talk to individuals and then we are going
to analyze the results and use it for the workshop.

MS. GREENBERG: It is a feedback.

PARTICIPANT: We shouldn’t call it a survey.

DR. COHEN: I am sorry. I don’t know how that word got on there. An online

DR. SCANLON: A generalized request for information such as would appear in
the federal registry. That is what I would think it is.

DR. COHEN: Humblest apologies. Our workshop, I think we worked really well
to create a really dynamic workshop. The goals, building on our previous work,
again, to advance the understanding of access and use of data, refine our
understanding of how communities use stewardship and protect data and really
focus on figuring out what the role of government is in helping promote these

The three themes for the workshop are how do communities collect, protect,
and compile data? By compiling, I mean put together data they get from
secondary sources. How do communities use these data and incorporate them in
their decision making process to create local change? Thirdly, how can we — we
being the National Committee and HHS, promote and enable this community driven

I am very excited that this is going to be a really powerful workshop not
only for content, but for structure. What we are going to do is have a
combination of expert speakers and the workshop — I think some of the key
activities of the workshop are going to be breaking the group into small groups
to discuss these three major themes. We have the structure of the workshop set
up so that we will hear some insights from experts on these topics and then
break into small groups. I hope these groups will have folks from communities,
data collectors, folks who are interested in privacy, as well as data
liberators sitting down together to address these major themes and, ultimately,
develop recommendations.

The final activity that I mentioned is our APHA panel that we are developing
for November. The APHA panel — and I really have to thank Vickie and Leslie
Cooper and Nancy for their leadership. APHA, American Public Health
Association, the granddaddy of all public health conferences. It attracts
10,000-20,000 people a year. It is one of the fundamental places for not only
presentations, but gathering of people from not only all over the country, but
all over the world to share public health insights. There are lots of different
sections and stuff. After you Google it, you will get a sense of the extent of
its reach.

The session is going to be entitled, What is a Learning System for Health.
Well, the session will be entitled — I forgot what the title is.

PARTICIPANT: Supporting Health Data Needs for Community Driven Change.

DR. COHEN: I apologize. I am going a little too rapidly here. The content is
going to be dealing with a variety of issues. Vickie and Nancy will be
moderating and then we will hear first from Claudia Grossman from IOM to talk
about what a community health learning system is. Then, Clara Savage from
Wooster — it is going to be in Boston so we tried to invite someone from a
local coalition. Clara heads up a Community Pathways in western Massachusetts.
She is going to provide a local perspective on data use and issues.

Pat Remington is next going to talk about perspective of just creating an
infrastructure to support communities using data. He will talk about Match and
other kinds of activities. Then, coming from Tufts, will be Marc Rodwin, who
will talk about data as a public good. I will try to sort of put things in
perspective from NCVHS’ and a federal role of how we can help support this

That is in November. We welcome everybody to come up and really help
publicize this, which will be sort of an extension building on the workshop in
May. It will just sort of continue with the theme that we are trying to create.
Thanks. Any questions?

MR. SCANLON: That’s excellent. One thing, Bruce, on the APHA, could we leave
at the end maybe make it a two-way conversation and if folks have ideas about
data improvements or dissemination improvements for HHS —

DR. COHEN: Oh, yes. The piece I left off here is I think this is going to be
an hour and a half. 45 minutes will be us. The other 45 minutes will be
dedicated fully to participation from the group.

DR. MAYS: Not quite 45 minutes, but I think we have 20 minutes of time for
discussion. I think that was — the plan was Bruce is at the end of the
discussants to kind of then open it up to use it as an opportunity to kind of
— I don’t want to call it testimony, but to seek some sense of compelling
issues from people and what have you.

Also, we will remember to bring our report and things to distribute at that
meeting. If you are not there, if you could send them to us, we will make sure
they are in the room.

DR. COHEN: I will need some guidance. I don’t know whether I will be
representing the National Committee officially. I remember doing those ethics
things that I need to be careful what my role is. At some point, I will need
some help in how I do that.

MS. GREENBERG: You are local, but, yes, I would think you are representing
the National Committee in your role. This is not a National Committee sponsored
session, but members and staff worked to put it together. If you all don’t know
— maybe you already said her name, but Nancy Breen from NCI and Leslie Cooper,
also, from NIH, have been working with Vickie. It was Vickie’s idea. I think it
is a great one.

Bruce will obviously only be in a position to talk about, with his NCHVS
hat, things that NCVHS has already spoken to and deliberated and made
recommendations on. It is, hopefully, a good way to get people more interested.
We found out a year ago when we had a panel at the NAHDO, the National
Association of Health Data Organizations, people were going, oh, you guys do
that? We thought they knew us. That is always helpful.

I know there was also — I mean, there are so many things. This group, you
know, you have however many people and there are twice that many ideas. They
are all good ones. It is hard to keep up with you all. It is impressive. There
was some discussion about maybe trying to have, at least for those who are
there, some kind of actual NCVHS sidebar meeting in which you were — had an
opportunity, more, to do kind of the work of the Committee, which is getting,
whether it be what you were suggesting or other aspects. If we held it in
government space and everything, it probably could be done. Is that still on
the table?

DR. COHEN: We hadn’t really pursued it in order to focus on putting this
session together, but that would be fantastic. I know there were issues about
travel outside of the DC area for a lot of folks. It would be great if, either
before or after APHA, we could have an official meeting. I don’t know what we
need to do to get that together, but I am certainly open to that.

MS. GREENBERG: Let’s talk about that in your breakout session so that we can
get an idea of what you have in mind and whether you really would like to do
that and see what we can do. Officially, sub-committees aren’t even held to the
quorum rule, though they may be in the future. Right now, I don’t think they
are. There are issues with traveling, particularly staff and all of that. If it
is a really good opportunity, we should try to make something work.

DR. COHEN: I think we will probably be hopefully by then in the stages of
really — I don’t know whether we will have compiled our final recommendations
from our May workshop or developing action plans to implement them, but I could
see it being a real nice opportunity if folks would be in Boston for this to
meet face to face because those are always a lot more productive.

DR. GREEN: Bruce, I have a question. What would be the product that is going
to be produced out of this that the whole committee will see and approve? Not
just the workshop at APHA, I am talking about that five part enterprise you
laid out.

DR. COHEN: So I guess I see several products. The most immediate product, I
think, is making recommendations to the Secretary about what the HHS can do to
help support communities in their effort to use data for community driven
change. Depending upon how much information we gather, there might be Version 2
of the Communities as a Learning System, building on the testimony, reports,
and feedback that we solicit. I see definitely recs for the Secretary and
possibly a report.

MS. KLOSS: May I add to that? We certainly contemplated that the workshop
would provide real life feedback on the stewardship framework and it would give
us insight as to how best to proceed with that.

DR. COHEN: I was remiss in saying we hope that there will be lots of folks
from the data workgroup involved in this, too, because I see a huge potential
leverage point for liberating data and providing different levels of access at
the community level emerging from this, too. I see a real synergy here.

DR. CARR: Not only will I come, I will host a dinner.


MR. SCANLON: I am assuming we are talking about healthcare data, too —
population data and healthcare data.


MR. SCANLON: So the whole CMS side, claims data, administrative data — that
is for community use.

DR. COHEN: Yes. I think it will be nice not only to focus — I think as we
discussed gaps and future needs, my experience is communities are less aware of
the potential use for emerging claims data and a variety of data that might
emerge from compiling EHR information. It will be very interesting to hear
communities talk about this. I am looking forward to that.

MR. SCANLON: If there is a model from some folks that have already done it,
maybe we could find out from CMS what groups have already qualified for that
data sharing.

DR. COHEN: Thanks for reminding me, Jim. We have eight slots for speakers as
part of this workshop. We have some ideas for some of these speakers, but if
anyone has any suggestions about folks for data liberation or privacy and
confidentiality, we really need to begin to get our priority list of invitees
either to speak or just to invite to be involved in this.

MS. KLOSS: I might suggest that we ask if we could return to that topic
tomorrow after the sub-committees have met and we kind of put in place the
suggestions that we now have and bring that to the full committee and ask for
your help in filling out or confirming that.

DR. CARR: In the spirit of converging, I am just looking at envisioning a
federal role, the 14 things that we outlined in the community health data
report. I think it is important for us to really build off of this so we
continue. The work done in this was fabulous, just tremendous work. We should
really build bridges from this to what we are asking, what we are finding, and
how it ties together.

DR. COHEN: I agree. I keep looking back at the Community as a Learning
System report. If you haven’t read it recently, it has a lot of insights and
ideas. Some of the detailed questions that we developed for the workshop derive
from some of the issues highlighted here.

DR. CARR: Yes, but, to Larry’s point, I think committing ourselves to, of
those 14, an outcome is going to be we are going to address four of them and we
have developed the question so we really have some continuity. I think we are
close. I think just committing to that continuity will help frame the next

MS. GREENBERG: Speaking of that, and I appreciate that, not only is Justine
a former chair of this committee, but she has joined Susan and me as a
historian. She doesn’t look old enough.

You didn’t exactly mention it, but it is in the feedback tool trying to get,
also, the input from a report from the early 2000’s, that schema of the
influences on health of population health and incorporating that, as well. That
went into the community report and we are continuing it forward. I think that
is the nice thing about having a history.

There was something else — had we had the morning session that we didn’t
have this morning, the one that is duplicated by this session so it is okay we
didn’t have it, but I think we would have talked a little bit more about these
three themes that we — the Executive Sub-committee agreed to in August. We did
talk about that on the orientations, which we had.

We had two orientations by the way. Not all of you know, particularly if you
are not on the Executive Sub-committee. We had two phone orientations with our
new members. We have these three themes. One is really this one about
empowering communities with data to improve their health. The other is
standards. The third is the convergence amongst all of these clinical,
administrative, electronic data. We heard that all day yesterday.

We see that the standards and the convergence theme are definitely
integrated. The convergence and this workshop are also integrated. I just think
that is the bigger picture that we want to keep in mind. From what Jim asked,
will you be talking about all different types of data? Yes. I just wanted to
bring that in so we got that perspective.

DR. GREEN: Another question and then I will go to Vickie. Timing. It is very
clear what is going to be happen is April/May and when APHA is going to meet.
There is a very clear message that whether or not there is a Version 2.0 of the
report and if it emphasizes four things and gets framed up that way depends
upon the interval work to some extent.

There is going to be a letter for sure. We should be managing ourselves to
get that letter produced in a timely way. Could we just talk about that for a
minute, please? It seems to me that the steps that we have to go through to
produce a letter — that key pivotal point where the purpose of the letter for
the questions or issues get agreed to that the letter is going to address and
some draft work about what the recommendations are going to be, it seems to me
it would be possible to have that step done at the June meeting of the full

We will come back to this. It may be too ambitious. I am thinking that it
would be very nice if we could actually have a letter for action at our
September meeting. I am quite confident that this is complex enough that it is
quite unlikely that the initial proposition will be the final proposition. This
will evolve.

We are constrained by when the Committee can be convened so if we miss that
June window to agree on the conceptualization of the letter, it will be the
November meeting that we could do this. Do you have a preference?

DR. FRANCIS: Could I actually interject something? Just to be clear about
this, this is a jointly planned hearing of Privacy with Populations. One of the
questions that is going to need to be thought about about product, timing — I
very much appreciate your timeframe, but it is actually going to be — I think
it is an open question whether there would be two letters? We haven’t resolved
that. It is going to depend on what we learn. I think our current intent is to
have it be a combined, but we don’t know.

DR. GREEN: I absolutely agree with that. Maybe it is time for us to go to
discussion with Leslie.

DR. MAYS: I just want to say that we have the feedback tool we are working
on. Again, we keep talking about convergence. I just want to make sure — we
are almost ending it. To the extent that the other groups wanted something in
it, it is today, right?

DR. COHEN: Our plans are by the time we fly out of Washington, D.C., we will
have a finalized feedback form. We are going to be discussing it perhaps
somewhat this afternoon at the Privacy — that section, at least, at the
Privacy breakout and tomorrow morning at the Population Health Breakout. If
anyone wants to be involved in those discussions, if there are other issues you
want us to collect information on, it needs to happen by tomorrow at noon.

Next week, what we are going to do is, even though it is not a survey,
clearly, we are going to pilot test it with some community groups just to get
some feedback, to make sure that the feedback — the questions we ask make
sense to these groups. The following week, hopefully, Tammara and Kasee can get
it in final form so it will be available to all the Committee members and all
of the Data Workgroup members to send out to their listservs and their

Then, probably, that takes us to the middle of March. I think we will have
it out in the ether for a month to the middle of April. We will be collecting
information until then. That will help us refine our final focus of some of the
questions at the workshop and begin building some recommendations.

I see us — whether we write two letters or one letter, we don’t need to
finalize that right now. Hopefully, by June, we will have some idea of some of
the larger issues, the key issues that we are going to want to focus on. I am
comfortable with that. I think September is a reasonable time to try to
finalize the letter or letters.

DR. GREEN: Scroll this up. Keep going. What needs to be added into this?

MS. GREENBERG: May I just say one thing? If you are going to try to use
either the session, itself, or a sidebar meeting during the APHA, that meeting
is before the November NCVHS meeting. If you wanted to get some feedback, et
cetera, then that would speak to maybe finalizing it in November. You just have
to decide how you want to use that if you want to take advantage of that. It is
a short window, but it is just something to think about. Otherwise, I applaud
Larry for not wanting this to go on until we implement ICD 10.

MR. SCANLON: Bruce and staff, let us see before you send anything out. Let
us take a look at it so we can make it look like a request for information that
we do all the time, but not a survey. You probably want to put it on the
website, I would think.

MS. GREENBERG: The idea is it is an electronic tool. We are developing some
language. It is really for each of you with your day hats, in a way, to help
the Committee by gathering — first of all, we would go back to the people who
have already testified to the group and we have already been working with, who
were people involved and communities involved with putting together that

We have a lot of back experience doing that — going back and getting
feedback on reports we have done. That is fine. It is this broader outreach,
which, as I see, is kind of being done by everybody with their day hats to
further inform the Committee. We are working on some language so that everybody
sends it out the same way. We do not want people saying we are conducting a
survey, et cetera, because that is not what we are doing. We are trying to get

We want, for sure, for you and Maya to take a look at this. We want everyone
— I wanted to say if you are going to push it out to groups that you are
working with and that you think could be useful that you use the language that
we develop.

MR. SCANLON: A FACA doing a survey is the same as the Agency doing the
survey. This has happened before. This is an RFI, like you heard from Ankh and
others today. You can ask generalized questions like this. That would work
fine. That is really what I think you have in mind. You probably want to have
it on the website where it is centrally posted, maybe the NCVHS website as well
as if people want to send copies out, that is fine.

DR. GREEN: I would like to issue an RFI to Leslie.

DR. CORNELIUS: It is this bit about the website as opposed to — because I
remember when we talked about moving it to the subgroup it was really because
we were playing the fine line between us, here, and how to get this information
back. When I hear the item about putting it on the website somehow I am a
little stressed and worried.

MR. SCANLON: It has to be located somewhere centrally. If it is a survey HHS
is doing it. You don’t want to go there.

DR. GREEN: Leslie.

DR. FRANCIS: Linda and I co-chair the mouthful committee. We worked this up
jointly. Linda is going to actually handle any questions and discussion. I also
need to say that Maya back there, who is our lead staff person, is enormously
helpful. We have had a number of sub-committee meetings and conference calls
that have gone into this. What we just tried to do with these slides is give
you a very brief sense of where we have come and what has motivated us in
shaping the way we are approaching the hearings in April.

Right after the CHIP report, we, as a sub-committee, with the thinking that
the goal was convergence on themes, including communities as learning systems
as a paramount theme, how data could be used well, we did a lot of
brainstorming about who our stakeholders were, what are the major issues, to
try to decide where we should focus the sub-committee efforts. This is now
going back before we produced the stewardship letter. This is just a
non-exhaustive list of some of the more important stakeholders,
patients/consumers. These are all stakeholders in what gets done with data —
public health, health plans, policymakers, regulators, vendors, exchanges,
legislators, and so on.

Here is a very small list of some of the issues for — I guess I will call
themes that we had seen running through many of the discussions. The critical
importance of trust we heard about this morning. If people don’t trust how data
is being used, there are going to be problems. There are going to be problems
in getting the data, keeping the data, using the data.

Consumer education. It is really important for people to understand what is
going on. Community engagement to improve health and all the wonderful roles
that data can play in that. The important of innovation. We are tremendously
aware of what an innovative field this is. The expansion of use of health
information in non-health contexts. I don’t even know what counts as a health
context anymore. Where you locate your grocery store is or maybe isn’t a
health, for example. I certainly know that my health insurer doesn’t pay for my
lettuce. How we even think about health is complicated.

All the myriad secondary uses — cloud technology, the idea of having rules
following the data. Should the rules follow the data? Should the rules be
segmented to the custodian? Patients expect the rules to follow the data so
that their data in one place is as protected as it was in another place. The
whole regulatory structure we have doesn’t work that way.

This is actually a slide from a year and a half ago that we thought might be
interesting to see how we identified issues.

We had a hearing last April. These are some of the themes from that hearing.
This was the hearing that was designed to result in the Stewardship Letter. The
Stewardship Letter was the coordinated side of the CHIP report. What the CHIP
report said essentially, at the end, was unless we have good stewardship, we
are not going to be able to do all of these great things to improve community
health. We took our role, then, to be to take that next step and to think about

These are some more of the themes that came out of that April hearing. The
importance of chains of trust, of participation, of consent. That privacy isn’t
an individual issue. It is a social issue.

From that hearing, we developed a letter that is in your packet, I believe.
It was sent in December. I think it was in the agenda book. In which, we
identified the following eight elements of a stewardship framework for the use
of community health data. These come from fair information practice principles
and what we heard in the myriad forms that they now appear in the prior
committee work and elsewhere and from the April hearing.

Here were the eight elements of the stewardship framework in that December
letter. These are drawn directly from the letter. The importance of considering
each of these — openness, transparency, and choice, specification of the
purpose of data use, community engagement and participation, data integrity and
security, accountability of a data steward, how the data steward should protect
de-identified data, how a data steward should attend to the risks of enhanced
data sets.

We also called out in that letter issues when data sets get enhanced and
when they are small groups. I noticed — this morning, I didn’t have time to
ask a question, but I noticed Jim’s discussion about small groups. That is a
very important stewardship issue.

This is considering, thinking about if you are a steward. This isn’t
particular recommendations with respect to stewardship. This is a framework for
what you need to think about — issues of stigma and discrimination.

The Stewardship Letter made these four recommendations to HHS. HHS should
facilitate the development and promulgation of stewardship models when health
data are used to improve community health. HHS should support the development
of dynamic guidance resources, compiling best practices for experts,
communities, and other data users based on what is being learned about
stewardship. HHS could help by compiling case studies of results that
communities achieved through their uses of data so that other communities might
learn and be inspired. And that HHS should promote the creation of training
materials for researchers who collect and use community health data.

Those were specific recommendations. We have, in cooperation with the
Populations Sub-committee, wanted to facilitate what are people wanting to do
with the data? How can that be married to stewardship frameworks? How can
stewardship frameworks be developed in such a way that they enable communities
to use data the way they would like to use data?

We, in conference calls, looking back at the stewardship framework issues
and the specific recommendations — actually, this is also from the Stewardship
Letter. I’m sorry. These are high priority areas for resource development in
the Stewardship Letter –how-to examples, and case studies about de-identified
data, data use agreements and their enforcement, risks of disclosure and data
reporting, including information about data aggregation and the small group
issue. What are useful methods and practices for openness and transparency
about data collection, maintenance, and use? What are good ways of engaging
communities and closing the loop with them?

Here was the way we kind of distilled that. This is now what I got a little
bit ahead of myself a little bit with for the April hearing. To focus on what
are communities doing and what are some of the helpful things that could be
shared among communities with respect to when you are a steward of community
health data? How do you achieve openness, transparency, and accountability? How
do you handle the issues of enhanced data sets and data aggregation? Are data
use agreements useful? How are people using them? How are they enforcing them?
What are some of the issues that come up? What are some of the models for
community engagement?

Those are some of the themes that we want to be able to produce either
recommendations to the Secretary or, if you go back here, documents that are
helpful documents for folks who are using data, which is more on the model of
what the CHIP report did and less on the model of a letter to the Secretary,
but which could include, possibly, examples of good practices. Guidance
document is actually a formal term. We are thinking more of here are some
useful how-to’s and here are some possibly useful — we may learn about useful
training materials. We may learn about particular case studies that are
particularly useful with respect to questions of openness and some of these
other issues.

We are planning in the information request to find out from communities what
types of data — for people who fill out the survey monkey instrument — the
instrument, not the survey — we are intending to ask them what types of data
they collect, what types of data they allow others access to, and what types of
data they get from others. Is it all completely anonymous? Is it de-identified
in the HIPAA sense? Do they have identifiable information and so on? We do
intend to ask questions about data use agreements, as well.

If you want to know more about all of that stuff, we are going to be having
two joint committee meetings in the spirit of brilliant convergence. The first
one will be spearheaded by Privacy and the second one by Pops tomorrow morning.

DR. GREEN: Questions? I understood right that Linda is going to deal with

MS. GREENBERG: You also want members, right?

DR. FRANCIS: Yes. In introducing myself, I — I think there is a really
important sense, in which if you are — I am also a member of Populations. I
think there is a really important sense in which if you are interested in using
data, you have to be interested in protecting it, too.

I see them as — I don’t even know that I want to say flipsides of the same
coin. I think of it almost as those wonderful amusement park things that you
got that if you looked at the picture one way it was one and if you moved it
just a little bit it was about something else. I really am deeply committed to
the idea that use and protection go hand in hand. Each enables the other. That
is just my own little personal soapbox.

MS. KANAAN: I would like to offer a little bit of almost simultaneous
translation, especially for the benefit of new members. We have two different
names being batted around for our report. I hope we can come to a single name.
What Bruce is calling the Communities as a Learning System report, also known
as the CLS report, is, I believe, what Leslie is referring to as the CHIP
report, CHIP is sort of the old original working name having to do with
community health information. Just so you all know that we are talking about
the same report.

DR. MAYS: One of the things that, at least for me, is becoming clear is the
differences in who we might need to solicit as participants. It sounds like for
your group it really is different than ours because it is a much more
sophisticated community group because you are really wanting to ask about this
data stewardship, which I don’t think there is a lot of groups that have been
wrestling with that. Either it is we are asking at a very basic kind of level
about the issues that go into a stewardship or you are asking at the level
where you want to learn more about models of stewardship. Is that — can you
help me with which is your priority?

MS. KLOSS: Well I think we — I would go back to last April’s hearing. We
really had a range of individuals, those who really were carving some new
ground in community health and had a sense of the issues of stewardship, but
perhaps didn’t label it and call it that or have understanding of formal
frameworks, and we had people who were good at community involvement, not even
necessarily health. I think we need a spectrum.

That is why I think the design of the agenda really allows us to hear from a
range of perspective. Because we are using breakout techniques, we need a range
of perspective on these complex issues, I think. I think that is the work that
we have to do later today and into the morning is start plugging names in. I
certainly think we need some academics, but we learned a lot on these issues —
in fact, some of our breakthrough thoughts about privacy not being an
individual issue came from people who were working in the trenches on these.

DR. FRANCIS: One of the things that we heard was communities — a role for
HHS is to facilitate people sharing information with one another. That is part
of what is behind the workshop design. Another thing that we learned, though,
is that there is — there is need for some more information for communities.
They want to know how to think about the small group problem, but they are not
entirely sure how to do it. That is a more expert question. It may be that we
will learn from the instrument that there are some people out there with great
ideas that we haven’t tapped into.

MR. SCANLON: As you know, NIH does community based research. They also have
policies and processes for community engagement. Now, that is probably a
different scale then what we would be normally be talking about here. It
carries with it a lot of process that could be costly. If there are some
principles that we could borrow — Robert is not here today, Robert Caplan, but
if there are principles, policies, or practices we could look at?

DR. FRANCIS: We actually did hear from people. That was at the April
hearing, we heard from some of the folks who are involved in that kind of
community — the technical form of community engaged research. It is a great

MR. SCANLON: Again, I would just keep in mind that this is a continuum and a
scalability here. The governance and the procedure is sort of proportional to
the level of effort of the resource, itself. Some policies and practices that
would be good for fairly well resourced kind of an activity with potentially
identifiable information is much different than pulling together 12 indicators.
That is all. I think there is a set of different principles for each one.

DR. GREEN: We saw a year and a half ago this variability of communities in
range and scale. We heard from communities that are so far ahead of the
privacy/confidentiality screen frameworks that is was, frankly, a little
frightening. They are ready for your list of things. They are ready for
guidance about how to do this. We also saw communities where it had not
occurred to them what they were getting into and where they were headed. We are
going to see this range.

DR. FRANCIS: One of the things we learned, I think, is if you ask a lot of
communities have you had any problems about privacy, you get the answer no. The
reason you get the answer no is they haven’t thought about it. It just hasn’t
been on the radar screen, not that it isn’t an issue.

MS. KLOSS: I think as we have talked about what might be a useful output, is
describing different case studies that individual communities can identify
with. It is not a set of victims. It is really a set of models that they can
identify with.

DR. FRANCIS: We were very clear on that in the Stewardship Letter. The
recommendations were not necessarily to have recommendations about this is how
everybody needs to do it, but, rather, to have good examples for different
types of situations that could be helpful.

DR. GREEN: For planning purpose, now that we — at this stage of the
conversation, we haven’t heard from two of our sub-committee groups. I think we
now know that a letter to the Secretary from this may actually have to be two
letters. Or not. We don’t know. You have also strengthened the probabilities
that there is going to be a report in addition to that.

I think we should go forward assuming that in 2013, products from this work
are going to include at least one letter to the Secretary, possibly two, and at
least one more follow-on report. The purpose for a plan is to know whether or
not you are following it so you know when you quit doing that and you diverge
to something else. That is what we will put in the plan to start with.

MS. GREENBERG: We, in one of our many marathon teleconferences, we have
discussed — the groups have discussed this. We even at one point said, well
maybe we need two different hearings. There is a really strong convergence
desire here to show that these are all, as you said, parts of a whole. I think
— I would hope that all of the aspects of the hearing end up in one letter
tied together and then there could be other documents.

For example, as you said, Linda and Leslie have both talked about giving
more examples, having models or practices, and all of that. That could be a
document unto itself. There may be some other things that come out of more the
data population side of it. I would hope that there would be an overarching
letter that would bring these together.

It was very interesting yesterday that when we were talking about
attachments, which sort of no longer is known as claims attachments, although,
that may be step one if somebody is talking about the claims attachments. We
had great discussion about convergence of data and all of these different types
of data from all these different sources. Again, another marathon morning where
we had gone on for maybe three hours before someone mentioned privacy, the
minimum necessary, and all of those things. It isn’t always the first thing on
peoples’ mind, but at the end of the day, everyone was going, oh, yes, of
course. I think that is why it is so important that these things be integrated.

DR. CARR: Somebody just said something about the idea of giving examples,
which really struck a note with me because I think we need to have a sense of
what the destination is. I think we get into a lot of challenges when we think
in terms of you must, you must, you must. I think what Leslie said before that
at the end of the day, it is all about trust.

I think we ought to begin to have the framework that maybe we have guiding
principles. There are six principles and achieve as many as you can. I think
where we get stuck is we say it must be A,B,C, and D. The more we learn about
data and the potential and the abilities, it will come back to — the
fundamental will be about trust. To me, I think it is important for us to
define our destination. Is it an absolute or is it a guidance?

DR. GREEN: Bruce, then we will go to Bill. I am going to reverse myself.
Let’s hear from the Standards folks so that Paul can sort of process all of
this at once before he talks about quality.

DR. COHEN: I am ruminating on your focus on outputs. I think, given where we
are in our attempt to converge different techniques for dissemination, I would
love to see us challenge ourselves to see if some of the outcomes could include
development of model apps and YouTube videos of how to do how communities do
this. I think when we talk about our output letters and reports are nice, but
we have heard constantly that there are a lot better ways or alternative ways
to reach the audience that we are interested in. I would love to see us think
creatively about having our work product in different venues.

DR. GREEN: I am sure Linda Kloss will have a very hard time with that, but I
bet she can get through it.

DR. SCANLON: This is in some ways a follow up to what Marjorie raised and
what Justine followed with. What triggered my interest in making a comment was
the notion of minimum necessary. It was true that — I won’t say it is because
we didn’t value privacy, but when you are drinking from the fire hose sometimes
it takes a while to get to the topics, right?

This is not quoting from legislation, which is the minimum necessary words,
but often we talk about necessary and sufficient. I think we have to recognize
that we have been living in a world where we may have had necessary
information, but we haven’t had sufficient information. Part of the reason why
we haven’t had sufficient information is because of the burden of collecting
it. That was part of what yesterday’s discussion was about, how the world is
changing and the world is going to allow us to have sufficient — closer to
sufficient information to deal with a lot of the objectives that we have sort
of in mind.

While we have that potential, we have to worry about privacy and
confidentiality. We also have — I think this comes to our talking about trust.
We have to create sort of a situation where there is enough trust to allow the
sufficient information to be sort of in the hands of the people that can use it
to accomplish very important sort of goals.

I just wanted to say that because I think that is something where these two
come together, but it is critical that they come together and that they work
together to accomplish sort of a bigger picture and goal.

DR. MAYS: I think we are all talking about kind of this product and what it
needs to be. To me, there are two issues. One is sometimes we are asked to do
something because we are responding to the Secretary or to your office. That is
one kind of thing. We have to think in that framework of how it helps. On the
other end, we are talking about, it seems, trying to help people who are out in
the community. That seems to be like a different kind of product than we
usually think about.

To some extent, I think we have to have a frame as to who is the primary
target that we are trying to offer what to and then to frame how we do that
relative to what works for that group. It may not be — that is why I am a
little confused about what we say to the Secretary. Is it that we say to the
Secretary we think these things should be done? Or is it that this is an
instance in which the community group is empowered if we were to give them
something to just run with it?

If we had some great guidance, do we have to go through the Secretary with
that guidance? Is it something — I remember who we are supposed to be a FACA
to. The way we are doing our hearings and talking to communities so directly
and they are kind of primed to run with this, I guess I am just confused a
little bit as to what we give seems to be very different for the Secretary than
maybe for the community.

DR. GREEN: Linda, a couple of meetings back, I thought was quite eloquent
about definition of the audience. Did you want to make a comment?

MS. KLOSS: Really? I guess what I was going to say is that in the design of
the agenda for April, we really allowed the final half day to wrestle with just
these questions — the range of stakeholders and the messages and the products.
I think it is hard probably to go very much further than what we have gone
today until we are together having heard what we have heard and then start
distilling it. We appreciate your message of the sense of urgency.

MR. SCANLON: Can I respond? Your main client, not your only client, is the
Secretary, even if you are developing tools and guidelines for others. It is
not really that difficult. All you do is inform the Secretary that you believe
this is a good opportunity and it needs leadership and convening or other
things that HHS can do. One of the things this Committee has already learned is
that a tool set or something like that guidance to communities would be very
helpful and we are happy to convey this to you. Then you post it on the website
and make it available in other ways.

That is different than actually making recommendation that HHS do something.
It may be a combination. I don’t see them as dichotomous. You should always
report back to the Secretary, I would think, just as your boss, basically.

DR. GREEN: Let’s keep moving here. We are going to flip this after all.
Let’s hear from these folks, who just don’t have enough to do. I mean they just
don’t have enough to do.

DR. SUAREZ: Let me switch. I think what Ob and I wanted to do first was to
give you a picture of where we are in terms of our Sub-committee work and sort
of our plans for — we will see how this goes. What we want to do first is
really give a quick overview of where the Sub-committee on Standards is. We
presented this and discussed this with the Subcommittee at a January call. I
think it is a good way on introducing the topic that we discussed yesterday at
the hearing.

First, I certainly want to acknowledge the members of the Sub-committee and
our liaisons and welcome our two new official members to the Sub-committee.
Certainly, we are very excited to have Alex join the Full Committee and
particularly our Subcommittee.

DR. GREEN: Let’s just hit the pause button there. Alex is on this Committee?
All right.

DR. SUAREZ: It took us some convincing. No. We welcome all of the other new
members, who have joined us as well. I know there is a lot of interest in this
topic. I think you will see the connection. That is the main theme, hopefully,
that you will see across is the connection between the topic that we are
covering and the work that is being done by the entire committee and all of the
other subcommittees.

I am now going to very quickly go through this. This slide is sort of a
replica of what you saw from Denise’s presentation this morning, the CMS Update
on the status of the different regulatory activities. You see the operating
rules that have been published that are coming up. You see the planned
compliance certification, the ICD 10. You see the Plan ID, attachment
standards. These are the regulatory dates of compliance with those.

This is something that you heard this morning and I am not going to spend
time, but this is, in great respect, the main thrust of the work that the
Sub-committee has done over the last several months. It is continuing to do
this this year.

Some of the key topics on the agenda for the Sub-committee are basically
summarized in this slide. We have to — we are looking at recommending the
standards and operating rules for claim attachments to the Secretary. We are
looking at, also, the need to recommend operating rules for the remaining
transactions. One of the things that you saw in the previous slide is this item
that says operating rules for claims, enrollment, premium payment,
preauthorization, and claim attachments are due January 1st, 2016,
the compliance date.

Claim attachments is one of them, but there is the need to review and
recommend operating rules for the remaining transaction because there needs to
be a regulation published about that in 2014. That is part of our

Every year we receive a report from the Designated Standards Maintenance
Organization. These are six organizations that have been identified in the
HIPAA law to be the designated standards maintenance organizations. They are
NUBC, the National Uniform Billing Committee, the National Uniform Claims
Committee, the Dental Content Committee from ADA, HL7, HealthLevel 7, X12, and
NCPDP, the National Council on Prescription Drug Programs. This report we
receive every year around June.

That report, by the way, in some years, is very critical because this is the
report that recommends to this sub-committee that the industry is ready to move
to version 5010 of the HIPAA standards. Now, we hold hearing and listen to the
industry based on the recommendations and then make our own recommendations to
the Secretary that, yes, we should adopt regulations that move the industry to
the next version or a new standard or new transaction. It is a very important
report for us.

Monitoring the industry status of implementation of various standards,
codes, and identifiers and operating rules. One of the roles and
responsibilities of the Sub-committee is to keep an eye on how the industry is
evolving and implementing all of these regulations. Every year, we also hold a
hearing in June to listen to the industry on where things are with
implementation of 5010, for example? Or how is the planning and preparation for
ICD 10? How is the planning for the Plan ID going? All of those elements are
part of our hearing every year usually in June.

Again, monitoring the industry planning for upcoming compliance. In addition
to how things are going with the implementation of things, how things are going
with planning of the upcoming requirements. You heard EFT and ERA are going to
come into effect January 1st of 2014. The Plan ID is also in 2014.
We need to talk about that and listen to the industry about how things are

One of the last items is this HIPAA report to Congress. Every year, we look
at putting together a report. Not every year we actually do one. Last year, we
took the time to do — two years ago. We took a major effort to do a larger
report because it was the tenth report since we have done it.

That is our overall agenda for the Sub-committee in the coming year. We have
established a little bit of a work plan. The last two months we have been
planning for this particular hearing that we had yesterday. Yesterday, we had
the hearing so that is the February NCVHS meeting. That is the Sub-committee
hearing. We are having a meeting this afternoon after this meeting to talk
about a couple of specific topics — smart cards and card IDs and NDC, the
National Drug Code, a couple of issues around that.

Then between March and June, we are really going to take time to debate and
deliberate on the discussions that we had yesterday and the recommendations and
the observations coming out of the hearing. I prepare a letter to the Secretary
to present to NCVHS in June with observations on recommendations related

We are also, as you know, we also held a roundtable. It wasn’t a hearing. It
was a new form of getting together called the Roundtable where we invited a
number of leaders in different areas and from different perspectives to discuss
really the future of information exchange between providers and payers, really,
the future of the data exchanges in support of all this transformative care
that we are seeing, transformative activities that we are seeing in the

We need to talk about what are the next steps with respect to that. We, as a
sub-committee, have been talking about it and are looking at the possibility of
holding a second roundtable in partnership with CMS and others this year at
some point.

Now, in June, we are going to be presenting to the Full Committee the
recommendations on attachments as well as we are going to plan a hearing, our
June hearing, on various topics, as I mentioned listening to the DSMO, report
the status of the implementation of the various activities around HIPAA, Plan
ID, standards, compliance certification if we see or have anything out already
from the regulators.

Those are sort of the main activities, I guess, for June. Then in July and
August, possibly holding the second roundtable discussing the observations that
came out of the hearing in June and discussing plans for a possible 2013 HIPAA
report to congress. It hasn’t been decided yet to do that or not. That is
something we will be doing in those months.

The later part of the year gives us an opportunity to really look at some of
the larger topics that we have and give us some more time. We don’t have a lot
of detail, yet, on those, but it will certainly give us an opportunity to bring
in some of the larger topics once we have dispensed of all of these priorities
that we have.

Attachments — I want to just give a brief overview and then Ob will be
closing with some of the themes that we heard yesterday. Then other members of
the Sub-committee and the Committee that were there will be also able to jump
in and provide some more information for everyone, particularly for the new

Some of the quick background about the attachments, particularly claim
attachments. This was actually originally included in the HIPAA law as one of
the defined transactions. As you can see, Section 1173 identifies a health
claim attachment as one transaction for which electronic standards should be
adopted or have to be adopted.

NCVHS actually held hearings back in 1998 on this topic and recommended
adoption of a standard. Of course, significant work was done between 2001 and
2004 to define what really attachments were and developed some of the standards
and tests, actually, for various scenarios and application. Several entities
conducted this very, very successful and valuable test on the implementation of
electronic claim attachments. Then NCVHS submitted a letter, officially, to the
Secretary back in March of 2004 and November 2005. In September of 2005 is when
HHS published the proposed rules that describe all of these elements about the
claim attachments and the when and why and who and how and all of those

Then that stopped. That is where we stopped, basically. Nothing else
happened after that. A lot of discussion and debate. If you remember back in
2005, HL7 and all of the other elements around EHRs were just beginning to get
a lot of momentum out of the ONC initiatives and HHS initiatives. It really —
I think HHS took the time to take a pause and say let’s look at how this
evolves and see how this really can be done. If we were to introduce this right
now, it would be, perhaps, too disruptive and too advanced. We don’t want
people to go back to paper, but actually begin to adopt more electronic

With that background, let me just highlight a few of the things that have
happened. You all are very familiar with this. Really, I think a couple of very
critical aspects of why this attachments topic now is so important. These items
that I tried to list here — first of all, this is all about the patient and
trying to improve the care of the patient and improving the experience of the
patient and avoid potential issues with respect to delays of care because of
need to send and back and forth information between providers and payers.

It is also all about data. We heard all morning the importance of the same
data is being used in different places for different purposes whether it is a
clinical message between two providers being done along the lines of meaningful
use or exchanges between a provider and payer to fulfill an administrative
transaction. It is the same data. We are finding more and more that it is,
indeed, the same data. Actually, there is this lack of perpetuation of the
concept that there are really two worlds here. One is the clinical world with
all of their data and then there is this administrative world with all of this
complex systems and processes and their own data, too.

There are all of these other elements. The triple aim has certainly pushed
us to look at improvements in ways of doing business to improve quality and
efficiency and the population health. High tech, again, has pushed us,
particularly with respect to the EHR adoption and the standards associated with
clinical messages. It has really moved the ball forward so far that it actually
has permitted what we heard yesterday, which was amazing.

Then there is care delivery reform and all of the things that are coming up
with respect to reform from medical homes to accountable care organizations,
health insurance exchanges, all of these elements and the payment reform that
goes along with it. All of these are changing not just the type of relationship
and the business relationships, but also the data needs between these
organizations to support these processes. Then there are all these other
aspects of mobile health and personalized health care.

You know, this morning I was so excited to hear all of this incredible work
that, in a summary, had been done by ONC, by CMS, by others. Then there is this
big cloud that we have to be very careful and mindful of and that is privacy
and security. At lunch, I heard a couple of very interesting stories from
Leslie about real realities of electronic health data and how a lot of people
are looking at it and using it. You learn about it in the most incredible ways.

I was really, really very excited this morning and then I went to lunch with
Leslie. It was amazing. It was incredible the true stories. At some point, we
should hear them because they just give you a sense of how important privacy
and security is.

Where does this come from now — the need to really move again along the
lines of attachments? The Affordable Care Act, as many of you know, had a
number of provisions. One of them was very specific. It said the Secretary must
publish final rules by January 1st, 2014 on claim attachments,
specifically. It was a very direct order to move along in that direction. The
proposed rules have been published. The idea was now we have to publish final

NCVHS’ role then becomes what we have done in the past, which is convene
hearings and listen to the industry about where things are and how things are
evolving with respect to attachments? What are the priority areas where
attachments apply? What are some of the latest developments with respect to the
standards, with respect to the technical ways of conducting with the data,
itself? Then we make recommendations to CMS on the adoption of the standards,
implementation, specifications, and operating rules for claim attachments.

Here you see the timeline very briefly. We had a first hearing on this in
November of 2011. We just invited the industry to tell us where are things
today, at that point in November, and then how are things going to evolve
between then and by the time we really need to make recommendations? It was a
very, very useful hearing as well.

Then the second hearing was yesterday where we really focused on the scope
and the definition and the priorities and the standards and where things are
and what kind of recommendations the industry had for us. We expect, again,
recommendations to come out from us back to the Full Committee in the second
quarter. Again, the regulations, as it looks right now — this is January
1st, 2014 to publish those. We will talk a little more in a second
about some of the perspectives of these. Remember, the expectation is that
there will be a final rule coming out.

Some of the things to consider that we had in mind when we prepared this
particular meeting was the scope of what we want. That is why we started to
say, well, should we really call it claim attachments? Should we just focus on
the general concept of attachments and put it in quotes? We kept putting it in
quotes because we felt that — I think Bill said it magnificently yesterday —
we should stop perpetuating this concept of separating the concept of data for
administrative and data for clinical.

When you think of an attachment the simplest way to think of it is simply a
message that contains medical documentation to support something — support a
function, support a process, a business process, for example, a claim, an
eligibility inquiry, or a prior authorization enquiry. It is no different than
the same information that goes from a provider to another provider to support a
referral or to support some other transitions of care.

At the end, we are truly seeing — and that is the unique opportunity that
the topic of attachments gives us as a committee is to truly see, finally, the
convergence of this concept of information about a patient that is used for
different purposes, but it is ultimately the same information. Conceptually,
yes, we want to make sure that we align the recommendations and the exchanges
with the same type of standards that are being used by providers to exchange
data with other providers when they need to do that.

The other topics — you know, we have to come up with a definition of the
business application of this transaction, the applicability, the priority areas
of the transactions, and then identify, certainly, the standard that is being
recommended, the implementation specification, the code sets of the
transaction, the operating rules, the transport mechanism, and a few other
things that you see there. That is our sort of need of what we need to cover in
our recommendations.

The structure of the hearing was basically a first panel with industry
representatives from the standards body, basically. We heard from HL7. We heard
from the Regenstrief Institute, which maintains something called the LOINC. I
am not going to try to remember what it all stands for. It is the code set that
is used to identify the document that is expected to be attached or that is
needed from a payer to a provider. The code that identifies that we need a copy
of discharge notes. That is a specific code set that is being used for the
transaction of attachments.

We heard from the X12 Standard body. We heard from pharmacy from NCPDP. We
heard from CAQH/CORE, the operating rules authoring entity. We also heard from
esMD, the CMS Medicare project called electronic submission of medical
documentation. Nice name for exactly what we are doing, medical documentation
exchanged. We also heard from CMS, the OESS side. This is the regulator who
basically told us this is what we hope you can provide us in terms of input to
draft and to write this regulation.

Then the second panel was industry perspectives, plan perspectives, the
provider, multi-stakeholder, the vendor. We did not have the consumer. We
probably should have had the testimony from a consumer on this because they
provide a truly different perspective of privacy and other things. We went with
this. We also heard from ONC in terms of a big picture of how this concept of
attachment also fits along with all the other activities that are happening
under ONC’s leadership.

We sent questions to testifiers in advance, a lot of detailed questions. We
asked them to try to address them in written testimony, as well as in their
oral presentations. We received an incredible amount of information. Some
testimony we received on paper only like the American Dental Association and
the perspective of the dental industry with attachments and how it applies to

Anyway, we had an incredible hearing yesterday. We really, really
appreciated the detailed work done by each of the testifiers. This has been, as
I have been hearing from a lot of people that attended, one of the best
hearings. The depth and the specificity of the testimonies were just incredible
without necessarily getting into a lot of the details because people were able
to really follow, people who normally don’t follow technical discussions.

Here are my themes. I will then let Ob —

DR. GREEN: Walt, we need to adjourn so you can go do more work pretty soon.

DR. SUAREZ: Let me then turn it really quickly to Ob to just say a couple of
things before we adjourn if that is okay.

DR. GREEN: Okay. I am going to ask everyone to hold our questions. You will
see on the agenda that tomorrow morning we are coming back to this to
crystallize everything. I am going to impose on the Subcommittee time about
three or four or five minutes to ask Dr. Tang to comment about the
intersections he sees with Quality.

MR. SOONTHORNSIMA: Very good. Thank you, Walter. If you think about, again,
stepping back 65,000 feet, you think about all of the things that are happening
in 2014 — ICD 10, Meaningful Use, EHR adoption, HIPAA operating rules, claim
attachment, and then we have this health insurance exchange that is taking
place this year as well. There are definitely lots of things going on. There
are also lots of great opportunities.

If you think about all of the goals of each of these initiatives, they are
all very well defined. I think they are worthy goals. However, when you have
the intersections or when you have things going on at the same time, those
goals may — the result may be sub-optimized.

This is where convergence — and we started talking about this over a year
ago. The intersections for all of these initiatives, the intersection of these
initiatives, the common set of data or requirements that are going to derive
from the richness of the data, whether it is clinical, administrative, marrying
the two, that is probably where our biggest strategic opportunity lies as a

Recognizing that we have to move away from this concept of claim attachment
— this is a concept of 1998, you mentioned — what opportunities do we have
now to influence and make recommendations for the Secretary so that we can look
forward and, at the same time, try to address some of the pain points that the
industry is going through?

What we heard yesterday, and I am going to be very brief, a few points —
yes, it was like drinking from the fire hose, but it was very rich and there
were some consistent themes. One is that we felt that the Standards Development
Organization, SDO, and operating rules entity really are in alignment. They
really are coming together and they are recognizing the need for collaboration
more effectively. We are seeing that. That came through yesterday.

Everyone seems to agree that this is no longer about claims. Everybody seems
to be concerned about the rule being too prescriptive. Again, this notion of
why are we trying to address something that is in the past? Things have
evolved, even within the last five years. At the same time, don’t make it too
broad because, otherwise, you are going to make it too daunting for the
industry to implement considering everything else that is happening at the same

Regardless of the rule on attachment, education and awareness of this is
very, very critical. While there has been a lot of ROI — I guess there have
been pilots that took place back in 2004. Again, things have changed. There is
not a whole lot of adoption yet. Let’s be cautious about what we actually are
going to advise the Secretary. Another thing we heard was let’s prioritize area
where we are going to have the biggest gain.

Lastly, roadmap. I don’t know how many times we heard the word roadmap last
night or yesterday. We heard roadmap again from Denise this morning. With that
said, I think the next step for us is to hone in on the theme. Here is an
opportunity. Do we focus on the past? Do we focus on the present? Do we focus
on the future where the intersections lie? There are lots and lots of option.
Do we narrow it down to just the packaging? Do we narrow it down to the data

I am going to get too technical, but there are different options in terms of
what we can advise the Secretary on. Hone in on the themes. Craft different
recommendation options. And really get a lot of dialogue going within the next
few months. We don’t have a whole lot of time. This is a lot of work. I will
pause right there.

DR. GREEN: We will reconvene. You and Walter can lead the discussion where
you want to in this room in about 10 minutes.

DR. SUAREZ: Yes. I do have to take one more minute to make a very, very
critical announcement. I really am very excited about this and it is so
important for this work. As some of you know — and I forgot totally because of
how many years — 20 years ago, probably one of the most seminal, important
reports happened. That was the 1993 WEDI report. Many of you remember. Some of
you remember. That was the seminal report that actually created HIPAA as we
know it today.

Well, WEDI has actually convened an Executive Committee that is going to be
chaired by the former Secretary Louis Sullivan, coming back and he is inviting
very high level, CEO level people from health plans and provider organization,
convening them with the exact same objective that he had back in 1989 when he
convened a group that formally created WEDI in the first place.

He is asking them to come back and participate in this group, which is
starting April of this year, and look at how they can again transform, truly,
the healthcare system, the way the original goals of the 1993 report called
for. We are very excited to hear about that, at least from the Sub-committee
level. We are interested in certainly following up, working with them, and
inviting them at some point to report back to us. I just wanted to take one
minute to inform you all.

DR. TANG: Actually, this is going to be good to follow up on what Ob just
said. First of all, my one story pitch to the new members. If you want to take
advantage of a once in a lifetime opportunity to participate in creating
measures for consumers and provider to fundamentally change the healthcare
system, then we are your group.

The other point is that — I don’t know — about a year ago this group said,
you know, we do a lot of cross-cutting things. That is the way we ought to do
business. We should do it in a convergent way. You will notice that every group
re-emerged as the group working in convergent ways except for Quality because
we were team players and we said we are going to support all of the three
themes. That is what we are doing.

It is labeled as overlap. I think it is overlap, but I think it is also
conscience. This is where it is going to follow up with what Ob said. In the
whole quality measurement space, after decades of reliance on what we had,
which was the administrative and the claims data — and I think it was as Bill
Scanlon was saying. It is necessary, but it is not sufficient. We are at an
inflection point where it no longer has to be sufficient or can be to do the
job we want to do.

The other things that happened in the past few years have now made EHRs
going to be in front of every provider. PHRs, I would say, are going to be in
front of every patient and consumer. We are going to have a lot of data that we
should not only leverage, but cause to be collected in ways that we never
envisioned before. That is what has changed. That is the new norm and the new
necessary — the new sufficient.

At the same time, as I mentioned earlier, we are causing a lot of
consternation and change in the providers. We are asking them all to use these
electronic tools. We are actually already scheduled to ask them to change their
coding system. We had in mind one coding system, but the earlier remark is
shouldn’t it be take advantage of a better coding system, one that can feed
into the things that we want it to do.

We are asking patients, both implicitly and explicitly to take more control
of their own health. We are going to give them more financial responsibility.
We already have been giving them more financial responsibility. We are going to
do more.

Why don’t we take this opportunity when we are totally reorienting
everybody’s sights to do the best — pick the right rational choices, whether
it is data or tools or focus? I am going to talk about two cross-cutting themes
on the conscience side.

One is, as we look about — what Ob was saying was where do we focus — the
past, the current, or the future? I think this is the do we be proactive or are
we responsive? We just heard about a litany of things that we are asked to do
almost by statute. One of the things we are good at is to look forward when we
give ourselves a pause and do that. I think the looking forward, one
implication of that is this whole SNOMED versus ICD 10 as a coding system for
what we do and about the health of individuals in populations.

For individuals, it is certainly more about the clinical terminology than
the classification system. That is the basis for saying should we take a pause,
then, at the time we are about to force — nobody really has yet — at the time
we are forcing everybody to change their coding system, pick one thoughtfully
thinking about the future.

The other cross-cutting is actually, ironically, we used to be in the
medical — we still are — the medical model of thinking about things. It is
the mental model of how we think about health is really as healthcare. We have
sort of inadvertently flipped over, as I sort of listened to us today, into a
population, but population as if it is a thing. It is just a thing. There are
people who worry about population health. We are communicating and giving those
people tools to work on population health. We sort of forgot that they are made
up of individuals.

Ironically, we actually swung the pendulum all the way over the thinking
about the aggregate and a little bit less, I have to say, about the
individuals. That is a little bit of a caution or conscience in the sense of —
and it goes back to what are we trying to measure? One of the things the former
Quality Sub-committee — there have been many — talked about were the measures
that matter to individuals. We got closer to thinking about them as being a
part of a community, but I hope we didn’t step over them and forget about the

An important piece would be personalizing quality measures and care and
health around an individual to get the engagement. Could we think about that as
we — sort of looking at the hearing — and I am a part of that group, too —
we are thinking of putting together, are we talking about individuals or are we
talking literally only about communities? I think there is — when we go back
to our roots of data, it is really data about individuals so we can measure
what we do with individuals to improve their health and then raise the health
status of the country. We almost have to think of it that way to make sure we
are measuring the right thing so that the individual consumer, the individual
patient, and the individual provider has the tools necessary to do their job.
Those are my sort of vote for conscience thoughts.

MS. KLOSS: Can you clarify one thing? When you were talking about SNOMED in
this context, you are talking about it as the basis for constructing
e-measures, are you not?

DR. TANG: Correct. Well, so what are e-measures? We want to have something
that can come back and affect individuals.

DR. GREEN: That is meaningful to providers and patients.

DR. TANG: That is meaningful to the providers and the patients. One of the
powerful things we have been tapping is that if it is meaningful to them — and
it has not been so far — then you get a lot of things, quote, for free. There
is so much that both providers and consumers want to do for themselves that you
actually don’t have to pay them to do that. You just leverage their individual
responsibility, accountability, and pride.

If we miss the boat on getting the right measures — that is why the
measure, itself, is so important. That is why the data, itself, is so
important. There is just so much elegance in a system that has this positive

MS. KLOSS: My clarification was just predicated on, again, like moving past
thinking claims versus clinical data, I don’t think we want to go back and
revisit the SNOMED versus ICD. We need to understand that they are designed for
different purposes and have distinct value. Your point was that for electronic
measures, as we look to the future, having the objects in SNOMED.

DR. CARR: One of the constructs that has emerged in the Workgroup on Data
Access and Use is separating out supply side issues and demand side issues.
This is reminiscent of that. I know that if I think back on the Quality
Sub-committee, we spent a lot of time on the supply. What measures can you
derive from ICD 9? What can you cobble together? How do you kind of manage

The demand was really from payers, not even from providers, really from
payers. The world has changed. The demand is really from people, who may be
patients, but who are seekers of health. That changes up the conversation. ICD
9 code might be fine for payers. It is fine for paying bills. It had a role and
probably will continue to play a role in terms of describing some care, but we
heard today people will get their health records electronically from their
physicians. They have to be able to understand it.

I think you are right on that it opens up a whole new dimension, the same as
what we heard with claims. We have to think in terms of our continuum of care,
accountable care across the continuum. I support what you say. I just suggest
this construct of supply and demand because each has different issues, but they
shouldn’t be one instead of the other.

DR. COHEN: Thank you, Paul. Very provocative comments. They are wonderful to
think about. I appreciate you serving as our collective conscience.

I guess when I look at the National Committee on Vital and Health
Statistics, I think it is difficult for me to think of health written broadly
as a sum of individual encounters with the medical care system. I understand
the — for me, it is necessary, but not sufficient. I am struggling with how to
incorporate both the focus on individual wellness and the quality of community

I think this is a healthy debate and engagement that will continue to drive
the work that we do together. I appreciate that perspective. I think we need to
think incredibly expansively. Would you like to comment?

DR. TANG: Two things. One is an example. Our measures right now, our quality
measures, are averages of populations. Yet, you cannot actually tell whether
either an individual doc or an individual patient is doing well.

One example of a different kind of, quote, quality measure is an
improvement. The difference to an individual patient or the doctor saying 70
percent of the diabetics I am taking care of in the past year have improved
tells me a whole lot more either as a doctor or a patient. That is an example
of the distinction.

The other thing you mentioned was the community. How do you focus on the
community when you focus on individuals? Most of our scourges in today’s health
— obesity, diabetes — cannot be affected one patient at a time. We have to
operate on a community. We have to measure our impact on the community and I
would say on an improvement level versus a community average. We got this out
of our hearings of the past, too.

It is just very interesting. You get what you measure. You get how you
project and interpret your measurements. I think we have a very unique timely
opportunity to affect the tool, the data, the measure to really affect care
just like across the board. It really has to be done now because we heard that
the conversion — you could almost say the ICD 10 conversion — this is a
little dangerous — should not be part — it really isn’t — it is a
classification system that can be used for billing, but it actually doesn’t
have to be front of mind for — I won’t say it. I am just saying we should
focus the change on the clinical terminology for the docs and patients. That
was my only point.

MS. GREENBERG: Can I say something? Paul and I agreed at lunch — we are all
doing our business at lunch, obviously. Paul and I agreed at lunch that
physicians should not have to worry about ICD 10. I have always agreed with
that. We are really on the same page except that, yes — there is something
else I want to say, but let me just say this.

Yes, ICD 10 or ICD 9 or ICD 8 or whatever is used for reimbursement, but I
think, as the National Committee on Vital and Health Statistics, it is first
and foremost use in the world is for statistics. Let’s not forget that. I
really ask you that at least as the National Committee — I can’t control you,
for sure, but I can’t control most people —

DR. GREEN: So far we haven’t found anybody who could control this group.

MS. GREENBERG: But don’t call it a billing code because that is just not
what it is. It is a statistical classification and it has an application in
reimbursement case mix, et cetera.

Put that aside. What I want to say was that I really think we should keep in
mind the schema about the influences on population health, one of which is
obviously healthcare. It is the one we spend the most money on, but it is one
of many influences on health. That is what I see the Committee maybe coming
back to its roots in some ways of focusing on population health, but that
doesn’t preclude recognizing the very important role of healthcare and that it
is a major source of data and that they really need to work together.

Just like privacy and data use, they are not in competition. They shouldn’t
be. SNOMED and ICD shouldn’t be in competition. You are the Committee who can
show how these things fit together, rather than compete against each other.

DR. GREEN: I have yet to hear anyone sustain the argument that there is such
a thing in real life as a healthy person in a sick community. Nor have I heard
anyone be able to sustain the argument that there is such a thing as a healthy
community full of sick people. I often think mental health, public health, and
so called physical or medical care as triplets separated at birth. I am very
fond of the old adage that — this is a century plus old conversation about how
these things fit together.

I have this sense right now that it is a propitious moment. Policy windows
are open. To fulfill that old adage about after all our travels, we return to
where we began, understanding it for the first time, I think we have a lot of
opportunity in front of us. We are going to come back tomorrow morning.

Tomorrow morning is going to be a different type of affair. We are going to
be organizing ourselves for work, laying out a proposed schedule for the next
few months, swallowing hard when we look at how much — our aspiration are big
here. We are going to have to put them in a, we can do this envelope tomorrow.
Come back ready for that. You are going to get more input through two meetings
right now, back to back. The next one is going to start at 10 after three. I am
pleased to report that it is Ob’s and Walter’s problem to convene. Then we will
go to the next one. We will go to dinner. We will come back. We will work hard.
We will wrap up at noon tomorrow. We have a special treat tomorrow. We are
going to be able to add to this mix a discussion of where the workgroup is.

(Whereupon, the meeting adjourned at 3:00 PM)