Transcript of the January 14, 2005 NCVHS Subcommittee on Standards and Security Hearings

[This Transcript is Unedited]

DEPARTMENT OF HEALTH AND HUMAN SERVICES

NATIONAL COMMITTEE ON VITAL AND HEALTH STATISTICS

SUBCOMMITTEE ON STANDARDS AND SECURITY

January 14, 2005

Hubert H. Humphrey Building
200 Independence Avenue, SW
Washington, D.C.

Proceedings by:
CASET Associates, Ltd.
10201 Lee Highway
Fairfax, Virginia 22030
(703)352-0091

---

TABLE OF CONTENTS

• Call to Order, Welcome and Introductions – Simon Cohn, M.D.
• WEDI Update – Jim Schuping, Mark McLaughlin
• HIPAA Update
  • NUBC – George Argus
  • NUCC – Jean Narcisi
• Subcommittee Discussion and Planning for Next Meeting – Simon Cohn, M.D., Jeff Blair

---

P R O C E E D I N G S (9:17 a.m.)

Agenda Item: Call to Order Welcome and
Introductions

DR. COHN: I am Simon Cohn, Chairman of the Subcommittee and the Associate
Executive Director of Health Information Policy for Kaiser Permanente.

Want to welcome fellow subcommittee members, HHS staff and others here in
person, and, obviously, welcome those listening in on the internet.

And, as always, I want to remind everyone to speak clearly and into the
microphone. These microphones, as we know, are a little temperamental, but we
will obviously work with everybody to make sure that people on the internet can
hear us.

This morning begins with a briefing from the work group on electronic data
interchange on the status of the HIPAA implementation, as well as their
perspectives on upcoming issues.

After that, we will follow up with an update from the National Uniform
Claims Committee and the National Uniform Billing Committee on their work and
update of issues from their perspective.

Following that will be an open-microphone session, and, after that, we will
be discussing plans for the next hearings in February and basically reflect on
other issues that we need to be addressing in 2005 in our work plan.

I want to emphasize that this is an open session. Those in attendance are
welcome to make brief remarks if you have information pertinent to the subjects
coming before us today.

We, of course, also welcome emails from those listening in on the internet,
as well as letters.

As noted, in your agenda, we intend to adjourn no later than 12:15 today.

I do want to thank both Maria Friedman for her help putting the session
together today and Harry Reynolds who has been sort of a thought leader in
trying to help us move forward on the HIPAA administrative simplification area.
So thank you both very much.

With that, I would ask everyone to introduce themselves. As always, if
there are any conflicts of interest that you have on any of the issues today, I
would like you to so indicate during your introduction.

Jeff.

MR. BLAIR: Jeff Blair, Medical Records Institute. No conflicts of interest
that I am aware of for today.

DR. HUFF: Stan Huff with Intermountain Health Care and the University of
Utah in Salt Lake City. Member of the committee and subcommittee, and no
conflicts that I am aware of today.

DR. FERRER: Jorge Ferrer, Veterans Health Administration, staff to the
subcommittee.

MS. AULD: Vivian Auld, National Library of Medicine, staff to the
subcommittee.

MR. SCHUPING: Jim Schuping, Chief Staff Executive for WEDI.

MR. MC LAUGHLIN: Mark McLaughlin, Regulatory Policy Analyst for McKesson
and current Chairman of the Workgroup for Electronic Data Interchange.

MS. GREENBERG: Marjorie Greenberg, National Center for Health Statistics,
CDC, and Executive Secretary to the Committee.

MR. REYNOLDS: Harry Reynolds, Blue Cross Blue Shield of North Carolina,
member of the committee, member of the subcommittee, and no conflicts.

DR. WARREN: Judith Warren, University of Kansas, School of Nursing, member
of the committee and subcommittee. No conflicts.

MS. FRIEDMAN: Maria Friedman, Centers for Medicare and Medicaid Services
and lead staff of the subcommittee.

MS. SQUIRE: Marietta(?) Squire, CDC, NCHS and staff to the subcommittee.

MS. GILBERTSON: Lynne Gilbertson, National Council for Prescription Drug
Programs.

MS. PICKETT: Donna Pickett, National Center for Health Statistics, CDC and
staff to the subcommittee.

MS. NARCISI: Jean Narcisi, American Medical Association.

MS. FORQUET: Lori Reed-Forquet, ASTM.

DR. COHN: Okay. Well, I want to welcome everybody.

Harry, as is always the practice with those who help assist with putting
the meetings together, do you have any initial comments you would like to make
today?

MR. REYNOLDS: No, I just think it’s – I really appreciate the people
willing to testify today, because I think what is interesting, Simon, is if you
look at the attendance of the audience behind us, it is interesting that HIPAA,
which is still such an important issue out there and still in the midst of so
much implementation and contingency still in place, that it has gotten a little
quiet, and I think that is part of why we talked about doing this, and to get
an update and see where it is, see what the next efforts are, and so I think
that was really – this should be very timely today, because I think everybody
is out there working full speed, but it’ll be good to see, from the industry
standpoint, just where it sits.

Agenda Item: WEDI Update

DR. COHN: Well said, and that is probably a good transition to the opening
session, and, obviously, we want to thank Jim Schuping and Mark McLaughlin for
being able to join us, especially on relatively short notice. So we really do
want to thank you both for availing yourself and being able to be here today.

Please.

MR. SCHUPING: Based on those comments, I guess our ratings are down. Is
that how we read that in the marketplace? (Laughter).

MR. REYNOLDS: No, no. More people trust you, Jim.

MR. SCHUPING: Our star power is fading?

MR. REYNOLDS: No, more people trust you.

MR. BLAIR: You are becoming a classic.

MR. SCHUPING: You have to define that for me.

Well, on behalf of Mark and myself, I want to thank you for having us
participate in today’s testimony.

I would like to take this opportunity to extend a happy new year to
everybody. It looks like we came through 2004 relatively unscathed and are
looking forward to 2005.

Simon had said to me just before the meeting that one of the reasons they
invited us, other than our ratings were falling and they wanted to know if we
were still in business, was to stir things up here, that things were too quiet
on the HIPAA front, and I don’t know how much we are going to stir up today,
but we do want to kind of give you our perspective on what we are seeing right
now and hearing from our constituencies, as well as give you a little bit of
look forward at what we are planning on concentrating on in 2005.

Mark McLaughlin here who is the current chair of WEDI is going to provide
the overall testimony, and then we certainly would welcome any questions or
commentary that you would like to share with us.

So, Mark, why don’t you take it away?

MR. MC LAUGHLIN: Okay. Mr. Chairman and members of the subcommittee, I am
Mark McLaughlin, Regulatory Policy Analyst for McKesson and current Chairman of
the Workgroup for Electronic Data Interchange or WEDI.

I would like to thank you for the opportunity to present testimony –

DR. COHN: Mark, I think you have to get a little closer to the microphone –

MR. MC LAUGHLIN: Okay.

DR. COHN: – and I do apologize.

MR. MC LAUGHLIN: That’s fine.

I would like to thank you for the opportunity to present testimony on the
current status of HIPAA implementation.

In January of 2004, WEDI held a hearing to gather information relative to
HIPAA implementation. On May 14, 2004, WEDI representatives provided summarized
testimony to the NCVHS Full Committee relative to the information gathered
during the WEDI hearing. WEDI would like to reinforce the recommendations made
at that time. Many of the issues presented in the May testimony are still
prevalent today. Following is a summary of the main points listed in that
testimony and current status of those points.

The first point was related to current implementation issues, focus on full
compliance while maintaining contingency plans.

A continuance of the contingency plans with an emphasis on moving health
plans and clearinghouses into full compliance while providers complete testing
and implementation, and I might note that the italicized comments underneath
each of these bullet points is the current status.

Progress has been made in the implementation of the claim transaction, and
contingency plans are beginning to end for some health plans. While progress
has been made it is still critical for each health plan to evaluate their own
compliance percentages for their own submitter base prior to making the
determination to end their contingency plan.

The main concern there is that health plans not just end their continency
plan based on others ending their contingency plan. For instance, if CMS would
happen to end their contingency plan, we wouldn’t want the rest of the industry
to do that without evaluating compliance of their submitter base.

Bullet number two was an establishment of an authoritative industry forum
to answer questions, and that WEDI and the Designated Standards Maintenance
Organizations should be active participants in the effort to develop
“Frequently Asked Questions.”

X12 has created a portal to address questions related to the standard
transactions and the implementation guides. WEDI is working in concert with X12
to transition items in the existing WEDI Issues Database to X12. In addition,
WEDI will continue to operate the Issues Database to address industry
questions. WEDI has also created an X12 Portal Workgroup to ensure that
continued communication and collaboration can occur between X12 and WEDI on
standard and implementation guide issues. All issues flowing into the WEDI
Issues Database at this time have been related to X12. If the need would arise,
WEDI would also coordinate other issues with NCPDP or HL7 if relevant.

Number two, focus on the implementation of non-claim transactions, and the
testimony in May read that the industry has been very focused on the
implementation of claims. WEDI recommends that a renewed effort be initiated to
identify and promote the net benefits of enrollment, premium payment,
eligibility inquiry and response, remittance, authorization and referrals, and
the claim status inquiry and response transactions.

Progress is being made in the implementation of the remittance – the 835 –
and the eligibility inquiry and response – the 270, 271 transactions. At this
point there still appears to be little movement with the remaining
transactions.

The National Uniform Billing Committee and National Uniform Claim Committee
recently approved a DSMO request recommending that the industry be allowed to
move forward to Version 4050 from the current Version 4010 of the 835
remittance transaction. There are changes to this version that would allow a
more efficient use of the transaction.

In addition, version 5010 of the 271 eligibility response transaction
places additional requirements on health plans to return more information to
providers.

If recommended to do so by the DSMO’s, WEDI would support that HHS move
forward by regulating these enhanced transactions.

Please note that WEDI does not believe the industry should move forward
with any new transactions without first going through some pilot testing.

Related to security, early indications show that some organizations are
struggling with the flexibility allowed in the security role. Those
organizations are looking for specifics relative to implementation of the
security program.

WEDI is working with URAC and NIST to create crosswalks between the
Security Final Rule and several industry-accepted security standards,
including, but not limited to, the NIST 800 series, CMS’s CAST requirements,
OCTAVE and the ISO 17799.

Currently, the crosswalks are being reviewed for accuracy by the law firm
of Mintz and Levin. Once completed, the crosswalks will be published and
available for download on the WEDI website. The crosswalks will provide a
double benefit. For those Covered Entities who have on current security program
in place, the information will act to guide an organization to specifics needed
to implement a program.

Secondly, for those Covered Entities who already adhere to one or more of
the security standards listed, the crosswalk will provide guidance as to the
areas where they may already be compliant, as well as point out areas where
more work may be needed.

Related to the national provider ID and claim attachments, it is really
still too early at this time to determine the value or impact of these two
items. WEDI is working with New York Empire Blue Cross Blue Shield, X12N, HL7
and two New York providers on a Claims Attachment demonstration project and the
tasks are being measured. More will be shared on this topic at a later date.

Overall, the HIPAA implementation is progressing. The support of HHS in
removing the obstacles surrounding the implementation of remaining HIPAA
transactions, ROI recognition, security guidance and non-HIPAA transaction
implementation would be helpful.

WEDI looks forward to continue working with the NCVHS and HHS to improve
healthcare administrative simplification.

Mr. Chairman and members of the subcommittee, thank you for the opportunity
to testify. This concludes my testimony.

May I also –

DR. COHN: Sure.

MR. MC LAUGHLIN: – note that we did also give you WEDI 2005 Objectives and
Priorities. That was just an FYI for this committee. That is the second piece
of the packet.

Thank you.

DR. COHN: I’m overwhelmed with paper, and so I am trying to find it here in
the pile, but –

(Pause).

DR. COHN: Well, Mark, I apologize. You have thrown the subcommittee into
confusion this early in the morning, trying to find that second document.

I think – yes, I think Jeff has a question. I presume Harry. I know I have
some. I don’t think Stan has a question for the moment.

Okay. Jeff, go ahead.

MR. BLAIR: You indicated that there’s over 1,000 companion guides –

MR. MC LAUGHLIN: Yes.

MR. BLAIR: – and that the industry has not received a measure of a positive
return on investment, and that is primarily due to the fact that the standard
guides have – I think your words were – undermined the ability to achieve
universal standardization.

MR. MC LAUGHLIN: That is correct.

MR. BLAIR: And I think you indicated that WEDI is trying to make efforts to
try to see how you could go forward.

Could you elaborate a little bit more, not only in terms of the steps that
need to be taken to resolve this issue – resolving meaning get to the point
where we don’t have companion guides anymore – and whether – what thing WEDI
could do, what things you think HHS needs to do. What is the best way for us to
proceed to address this issue so the return on investment can be available to
the industry?

MR. MCLAUGHLIN: I think that the main things that need to occur are an
evaluation by the industry, both health providers and health plans, to
determine what it is they really need to process and adjudicate a claim
transaction.

It seems evident to me, given the fact that claims can be adjudicated with
a finite number of data elements from a paper claim form that the same benefits
could be achieved on the electronic version.

Now, that is more than likely not going to occur overnight, so I believe
that it needs to occur through incremental changes.

So WEDI’s workgroup right now has those entities evaluating the current
standards to try and come up with a single set of requirements that would allow
for adjudication among, even, say, 80 percent of the payers at this point, and,
then, we can begin to make recommendations as to which requirements aren’t
needed through the DISMO process.

DR. COHN: Jeff, can I just ask a question following up about that?

MR. BLAIR: Um-hum.

DR. COHN: Because I – you have to clarify this for me. I had heard a
presentation recently from Kepa Zubeldia(?) a previous member of the
subcommittee, who, obviously, is now in a private activity, but I had
understood he was leading up an effort to try to make something –

MR. MC LAUGHLIN: He does have –

DR. COHN: How does that relate to what you have described or –

MR. MC LAUGHLIN: WEDI is actually going to take a look at what Kepa’s
convergence project is doing as we begin our efforts to relate to each of the
specific data elements. So we are definitely tied into that as well.

DR. COHN: Okay. And I think just for the – I mean, we’ll probably – we may
want to ask him to come and brief us on what he is doing, but I had understood
he was sort of trying to mobilize the industry to at least identify all the
data elements they had –

MR. MC LAUGHLIN: Right. Right.

DR. COHN: – in their companion guides. That was my understanding anyway.

MR. MC LAUGHLIN: That is correct, and his tool, from my understanding, is
that it will bring to light the variances between the differences in the
payers’ companion guides.

DR. COHN: Yes. I’m sorry, Jeff. I didn’t mean to –

MR. BLAIR: That’s okay.

Maybe I would end this with what role do you see the NCVHS and/or HHS
playing to help resolve this?

MR. MC LAUGHLIN: Well, I believe that CMS constantly has participants in
SNIP(?) and in WEDI’s workgroups. I believe that that is one of the primary
roles that HHS can play, simply because CMS, as the largest payer in the United
States, will have a very big say in what is and isn’t needed. So I think that
that is the primary reason that they need to be involved and are involved.

MR. BLAIR: Okay.

DR. COHN: Anything else, Jeff? And I didn’t mean to break in on that one.

MR. BLAIR: No, no, no. Thank you.

DR. COHN: Okay. Harry do you have some questions?

MR. REYNOLDS: Yes, I sure do.

What do you, roughly, think the percent of readiness on claims is across
the board?

MR. MC LAUGHLIN: I believe that clearinghouses and health plans are seeing
compliance percentages in the 90 to upper-90 range now. It is getting there
very quickly.

MR. REYNOLDS: As you talk about the idea of the adjustment-reason codes and
the 835, state law is entering into the 835, and you have many states that have
prompt pay where there are clearly-defined prompt-pay reason codes that must be
sent back to a provider. Those state codes are not in the national database. So
I’ll just use us as an example. We have to actually – we have probably about
400 new practices receiving the 835 they never did before, but we still have to
print them paper, too, because we can’t fit the prompt-pay codes. So as we look
at this whole thing of how do we truly standardize, maybe WEDI and the DISMO’s
take a hard look at how codes can get put in there, because even with our
regional in Chika(?) we are trying to push it, because that alone would
eliminate an awful lot of paper that goes out even to people that are
automated. So that is kind of an anchor that is being dragged.

MR. MC LAUGHLIN: Right.

MR. REYNOLDS: You send somebody an automated remittance and then you drag
the anchor, the paper, right behind it, because of the state law. So that
process would be helpful.

MR. MC LAUGHLIN: Yes, I would like to take that back to the business
workgroup in X12 that are working on that.

MR. REYNOLDS: Also, on some of your recommendations – for example, the
crossovers and the other stuff that you talked about – I noticed that there
aren’t any dates, so I get a sense that maybe WEDI looks at it and then, once
somebody starts working on it – but is there really an over – kind of a
continuing evaluation of whether or not it is going to get done and –

MR. MC LAUGHLIN: Yes, absolutely. It is something that – all of these
efforts are actually ongoing, and, basically, this testimony is just a snapshot
in time, at this point.

MR. REYNOLDS: And then one other question, Simon.

On the companion guides, what percent of the edits in the companion guides
would you think are somewhat standard across the industry?

MR. MC LAUGHLIN: From my understanding, not many. It is a very low
percentage, where all the edits are the same.

MR. REYNOLDS: Well –

MR. MC LAUGHLIN: You are asking how many companion guides have the same
types of edits –

MR. REYNOLDS: Yes, because one of the things I think that is being
discovered in the regulation that you could help with, I believe – and I’ll use
two specific examples. One is if you have an inpatient claim, there is not a
requirement for the procedure date to be within the admission. That is not a
requirement under the HIPAA standard. Move such things as that to the standard,
it will disappear from companion guide.

So the point is that we talk about what is maybe needed in the industry to
either send a claim or adjudicate a claim, but there is also good business, and
I would say that many of the X12 standards are set up as looking at that
individual field, not the relationship of that individual field to the process.
So it is always good to have – there is no check, for example, that the
admission date be less than the discharge date. Those are companion guides,
because you sure don’t want to process a claim that has that situation.

So those are the things that, as you look at the companion guides – because
I would feel somewhat different. I would say that you would probably find 70 to
80 percent of the companion-guide edits could be moved into the standard which
are really good practice, because if somebody says this is the claim, admission
discharge, then the procedures ought to be done during that, not way after or
not way before.

So those are the kinds of things that I know that we are seeing on the
ground, and those are the things that – because keeping companion guides is not
fun for anyone. I can comfortably tell you that, keeping track of it, having to
deal with it, having to hear the noise with it.

MR. MC LAUGHLIN: Right.

MR. REYNOLDS: But, on the other hand, good business is still good business.

MR. MC LAUGHLIN: But even if companion guides were standardized, it would
still be simple or more simple to implement than the variance in companion
guides.

MR. REYNOLDS: I am in total agreement. No –

MR. MC LAUGHLIN: And so I believe that our convergence project, if you
will, the one that WEDI is working on, will look at both sides of that.

MR. REYNOLDS: Right.

I guess my point is if you fix some of the basics, then companion guides
are dramatically smaller and should be focused on other things. So that is just
–

MR. MC LAUGHLIN: I understand.

MR. REYNOLDS: So those are the kind of things that as you look at it –

DR. COHN: Sure, but – WEDI is only a piece of this. I mean, they aren’t
going to fix anything.

MR. REYNOLDS: No, no, no, no. No, I understand, but as the project is
going, those are the things that –

DR. COHN: I think there may be a comment, and, George, would you introduce
yourself before you speak?

MR. ARGUS: Sure. I’m George Argus. I’m the Chairman of the National Uniform
Billing Committee, and just wanted to touch base on where, I think, Harry is
going with this.

As part of our work with Kepa on the convergence project, we initially
tried to lay out the requirements by bill type, and bill type, I think, would
help eliminate many of the companion-guide problems that evolved over time.

It is a long and arduous process, and I am trying to do billing examples as
the way to go by bill type.

I think once we develop that compendium of the billing examples by bill
type, I would like the industry to basically take a look at those and validate
whether we have all those requirements according to that bill type, so that it
becomes very easy to basically align the industry and get support behind that,
and we’ll probably use WEDI’s resources as an educational component to
basically get that dialogue going as part of that process.

DR. COHN: Okay. Other things or do you want me to jump in at this point?

MR. REYNOLDS: No, the other thing, do you have a sense – you talked about
the other transactions. The list is in an order. Is that – do you, as WEDI,
have an order of what you think the best return to the industry is, rather than
just – or is this just a list of the transactions?

MR. MC MILLIAN: This is just a list of the transactions, but WEDI, in its
early stages of SNIP, actually created a sequencing white paper that would
allow the industry to move together through these transactions, and I believe
that sequence, at this point, was claims remittance and eligibility, in that
order, and then other transactions, of course, but that was just simply to keep
some from implementing the claim status first and others to implement the
claims first, to try to keep everyone in synch.

MR. REYNOLDS: That’s all I have, Simon.

DR. COHN: Okay. Well, you know, I may be – going to jump into this one a
little bit, and, as I am listening, I am, obviously – Jeff asked the question
of what is the role of the – you know, what should we be doing to help with all
of this, and, Jeff, I am not quoting you exactly, but, you know, as I am
listening, certainly, to your presentation – I really want to thank you very
much for it – I am sort of thinking, in some ways, this is a year where we sort
of move from implementation to return on investment or at least that is what we
should be doing –

MR. MC LAUGHLIN: Right. Um-hum.

DR. COHN: – and that, really, the things that you have identified, in your
whole document, are really things that are – I mean, trying to – you know, some
of this is voluntary industry activity, some of this is – you know, there may
be places where the federal government can help that we need to make sure that
given the – some of the processes the federal government has we need to be
careful about what one asks for, but I think it is really part of the role of
the subcommittee, I would posit, to try to shine the light – sort of a public
light on positive efforts to help not only just with the implementation, which
is really a 2004 issue, but really, this return-on-investment issue, and so I
think that one of the things we need to do is probably investigate some of
these convergence activities around the companion guides and possible
solutions, just to highlight that that is a positive step forward, and, George,
obviously, I wanted to thank you for your comment on that. Obviously, we’ve got
a – sounds like a variety of activities that we may want to look at.

I guess, as I looked through this one, it sounded to me like there were a
number of efforts that are really trying to move from – we’ve got this
implementation, but, as Harry commented, well, it doesn’t quite – well, it sort
of works, but it doesn’t really help us a whole lot, which is, I think, what
Harry’s commenting on.

For example, there was one where I think you talked about the CAQH activity
–

MR. SCHUPING: Correct.

DR. COHN: – which I think you are participating in –

MR. SCHUPING: We’re helping with that, yes.

DR. COHN: – coleading, whatever –

MR. SCHUPING: Yes, it is a collaborate effort –

DR. COHN: Yes, I don’t know much about it, except I received a note. It
sounded like they had their first meeting last week or something on –

MR. SCHUPING: We did.

MR. MC LAUGHLIN: Yes.

DR. COHN: Is that a correct assessment?

MR. SCHUPING: Yes.

DR. COHN: Okay. That is the limit of my knowledge on all of it, but is that
a similar sort of effort to try to move from just straight implementation to an
actual ROI?

MR. MC LAUGHLIN: Yes, actually, that effort is centered around getting
operating rules in place, such that everybody is operating in the same way,
which will make eligibility a lot more interoperable.

DR. COHN: Okay. Well, now, in that – and it sounds like we may want to hear
from CAQH and others who are involved in that activity, sort of – once again –
shine the light to sort of see what they are discovering and how we may be able
to help sort of begin to partially answer Jeff’s question.

Now, as I looked through this, I actually had a couple of questions. I
mean, you made, for example, a comment about code sets and talking about a
yearly update to the code-set maintenance cycle. Now, I wasn’t sure exactly
whether that was – we’re talking about code sets, we mean, sometimes,
everything in the world, and there are sort of like internal code sets to the
standards, which, of course, if we could get them to do a yearly maintenance
and update cycle, I think we would all be very happy, since that would be an
update to the regs every year, which is what that would indicate, but then we
also talk about ICD and CPT and HICKPIKS(?), Level 2s and everything else, and
I suspect that maybe that is what you – actually, I guess I am asking – I think
that is maybe –

MR. MC LAUGHLIN: That is correct.

DR. COHN: – what you were referring to –

MR. MC LAUGHLIN: Right.

DR. COHN: – but I guess, in the midst of all of this stuff, I am sort of
wondering, given that HICKPIKS, I guess, is announced through the Federal
Register – the plan – actually, it is beyond the plan, but they are going to
move to a twice-yearly update. I know CPT, and I have to recuse myself,
because, as you know, I sit on the CPT Editorial Panel, but, you know, their
Category 3 codes, which are new-technology codes, are supposedly on a
twice-yearly schedule.

What is going on – I mean, what are your thoughts about all of this stuff
and how does this relate in with your maintenance comment?

MR. MC LAUGHLIN: I think the concept really needs to be the synchronization
of when they are implemented. If they are implemented semi-annually, have all
of them implement around the same time frame, because, as vendors have to give
updates to their customers, if they are in a constant state of flux, because
they have to produce a new update for a new code set every month or every two
months, it creates a tremendous burden on providers for – they are always going
to be implementing. So if we can synchronize those in some fashion, that would
assist and reduce the number of implementations that need to be made.

MR. REYNOLDS: They tend to actually be implemented quarterly right now.

DR. COHN: Oh –

MR. REYNOLDS: In other words, I know, again, on the ground, we are getting
quarterly updates from our key vendors. So you’re – January, April. I mean, so
it is continuing to roll out. So, even though it might say yearly, some things
are a different schedule – back to the point – but they are usually bundled in
quarterly, so that you get things up, because you gotta get the providers
ready, you gotta get the payers ready, because, again, with HIPAA law, once a
procedure becomes valid – different than in the past, you know, you kind of
hung onto it and gave 90 days – it’s kinda there, and so now that we – and,
really, there’s been a lot of real positive things that have gone on. This
whole code-set thing has been an amazing transformation. You remember the
testimony we had where – or I heard it at maybe a WEDI meeting – where
California Medicaid had 40,000 proprietary codes. That’s all gone. That stuff’s
been transformed in this country. So I think if you look at where we were and
where we are, I mean, it has been dramatic.

Now, I think, your point on the ROI and their point on the operational is
really where we sit on the precipice, but the transformation has been
unbelievable. If you really look at what people are doing, it is really pretty
amazing that we have all walked this closely together for this long and gone
this far. So it’s pretty interesting.

DR. COHN: Well, Harry, I agree. I guess my question is we asked, through
this one – and I am just sort of bringing up issues, and I am trying to figure
out, in my own mind, what are key issues that effect our –

MR. REYNOLDS: No –

DR. COHN: – and I guess I would look to you on this one. Is this something
that we should be looking at because do you think that the code-set
implementation schedules, which – are sort of all over the place, is that
something that effects our –

MR. REYNOLDS: I think, considering hearing from the different people that
create code sets, who, right now, are somewhat autonomous, and trying to come
up with a way that that could be done in a way that people that do it quarterly
could do it – you know, I mean, in other words, it is a constant change, and it
is a constant change both – for everybody in the business, whether it is a
clearinghouse, whether it is a payer, whether it is a provider, and the one
thing that we have all tried to – our battle cry – not that there was a war,
but our battle cry on HIPAA was continue payments.

Well, there’s one thing in HIPAA now that when it makes a procedure valid
can influence that. So I think any way we can – we could hear from the
different people that do code, try to figure if there is any – at least that
they all understand that together they are creating a changing environment and
that that changing environment now has much stricter rules than when you could
set a proprietary code or you could do other things, might be very useful.

DR. COHN: Yes.

MR. REYNOLDS: Either for – you know, for somebody to at least do that.

DR. COHN: Yes. Well, I guess I would also observe that this is something I
think we may want to talk about more and actually bring some of the code-set
developers in. Of course, some of them are sitting around the table right now,
as we speak.

MR. REYNOLDS: Yes, that’s what I meant, yes.

DR. COHN: But, of course, as we would observe, a lot of it is statutorily
mandated, but even despite that, I mean – first of all, there’s nothing that
says some of that can’t be changed, since – I mean, apparently, for example,
you know, through regulation, HICKPIX decided to go to a different schedule,
literally, within the last year, as I understand it.

MS. PICKETT: And so did ICD. We were mandated to do twice-yearly updates.
We had been on an annual update cycle, but regulations said we now must do
twice yearly. So we are going to be doing twice yearly.

DR. COHN: Yes. So, I mean, I think maybe – you know, once again, I don’t
know if this is the number five item or the number two item or whatever, but I
just – once again, I am just sort of – once again, I didn’t come into this
meeting with an idea of what our focus would be this year, and I may have the
wrong one, so I need to ask the subcommittee, but – you know, we obviously do
have a responsibility under HIPAA, and I somehow feel like we are going up – I
want to say Maslov’s – I mean, whatever that hierarchy is from – Maslov’s
hierarchy – from sort of subsistence to – you know, I mean, beginning – yes,
the – maybe we’re a sub-act(?), maybe we are getting into actual actualization,
and I guess I would ask others on the subcommittee, you know, is this focus on
ROI really the appropriate focus at this point, and what, in all of this, are
the priorities?

MR. REYNOLDS: Well, I think it is absolutely a focus. We have asked an
industry to spend a lot of money, and that is all players in the industry to
spend a lot of money. We have asked people to group up and try to do it a same
way, which they have done. Now, there are obviously disparities.

We also have a list here, as well as other lists, of additional regulations
that are going to be coming out by this, and the continuing hue and cry in
boardrooms is, Well, we spent all this money. Have we gotten anything yet
before we spend the next bunch of money?

So I think anything that can be done – whether it’s – you know, that’s why
I was asking the order of the transactions and everything else. Everybody has
been focused on the 837, because that is really the bloodstream. That is really
– it’s gotta be – but the ROI is really going to come from additional
electronic or answering eligibility or answering claim status or doing
electronic remittances, things that really help all sides of the equation, and
so, Simon, I think, if there is not some discussion on how that happens and
what the implementation is and when it is going to start returning – and what
does a return look like is going to be paramount, because I think the next
smaller changes will get probably more noise or equal noise to the overall big
change because of that ROI question that you are bringing up, at least a
discussion of it, not that there is or isn’t – I mean, I am not even saying
there is or isn’t, but without that discussion and without that debate and
without that understanding that somebody is taking a look at it, these next
steps that we need to go up – and I think there are still some pretty big steps
to step for some of this new stuff – are going to be a challenge.

So ROI, I think, personally, as a member of the – the industry spent – and
the industry being everybody, not – spent a lot of money, and we have come a
long way. Now, what – how do we make something come out of it if it is not
there yet?

MR. BLAIR: Could I make a suggestion on this?

This discussion was triggered by the fact that there’s 1,000 companion
guides that are – quote – undermining the industry’s ability to achieve ROI.

However, clearly, there was a lot of payers that felt that it was very
important for them to provide – to have those companion guides. So it might be
more constructive if we focus any inquiries that we have and directions that we
have, not so much as I had done initially when I made my comments, where I
said, you know, how do we eliminate the companion guides, as if that was the
problem, but that we take it from the standpoint of what we want to achieve,
which is an investigation into the impediments and deterrents from achieving
the return on investment, and if the companion guides are part of that problem,
then that is a problem to be solved, but there may be other impediments that
are deterring the return on investment. So this way, we cast it in a positive
way that is positive for the industry and for the country.

DR. COHN: I think we would agree, and, actually, I think we were trying to
cast it in the slightly wider net, because I think that companion guides are
just one of a number of issues – I mean, we had observed it, but I think we
were – what we were trying to do was to cast sort of a wide net here of what it
was going to take to move the industry, and I know that is obviously a major
issue for WEDI at this point –

MR. MC LAUGHLIN: Absolutely.

DR. COHN: – as you mull over it.

Now, obviously, I guess I would ask – given the fact we have our speakers
here – we have obviously culled out a couple of things here that we – that may
or may not be the highest priority. What other things – I mean, you know, in
terms of things that are really, in your view, barriers to ROI realization, I
mean – not every bullet point is the same.

MR. MC LAUGHLIN: No, and I think that the bullet that is related to return
on investment lays out your answer fairly well, and each of the areas really.
It addresses the ROI that can be accomplished in the claims for the remittance
and for the eligibility, as well as the additional adoption of other voluntary
transactions, such as the acknowledgment, and that is probably one of the most
current and most important efforts that WEDI is working on right now is the
voluntary adoption of additional acknowledgment transactions, because, today,
there is no standard communication link between trading partners through the
transfer, whether it is a communication or a syntactical check or for
validation of the actual data contents themselves, and to be able to
voluntarily adopt those as an industry will help reduce the number of calls to
payers, so the payers have relaxed the requirements for their staff. It won’t
require that providers do a lot of phone calls to their clearinghouses or to
the payers to find out what is happening with their transactions.

So I believe that that is one of the more important issues that WEDI is
working on right now, and we are going to be conducting a policy advisory
group, a PAG session, in – early this first quarter here to vet that, again,
throughout the industry.

We held a session in November in Atlanta at one of our conferences related
to this topic. We had some base-line material that we put in front of our crowd
and gathered a lot of good comments there.

As noted in the testimony, we are also working with X12 on that, and CMS
has been participating as well. I think it’ll be critical that CMS buys into
what it is that we are doing, because they are the largest payer in the
country.

So to allow a time line such that their resource and their finances will
allow the adoption as well is probably going to be a critical piece.

MR. REYNOLDS: Yes –

DR. COHN: Oh, Stan, I’m sorry. Please.

MR. REYNOLDS: He was leaning forward. That’s why I didn’t –

DR. COHN: Okay – (laughter).

DR. HUFF: I just wondered if you could say a little more about the pilot
that you mentioned on claims attachments and the scope and time frame for that
and when we might know some more about how that is going.

MR. SCHUPING: At this point in time, they are in the very early stages of
pulling together all of the players or the partners, if you will, for this
pilot. We are looking for a report from Empire probably within the next three
or four weeks.

I think it is going – it is probably going to move relatively slow in the
initial phases as they try to work through the – all of the complexities
of what they are trying to get done there, and WEDI is kind of sitting in an
administrative oversight role, if you will. They are reporting to us as they
move from phase to phase, but, right now, they are very much in an
organizational phase and just lining up the players that are going to make this
thing happen.

I would hope – I think, initially, Sue Rider(?), who is the project manager
from Empire on that, had indicated that she had hoped to have some type of a
report out probably by the fourth quarter of this year with some meaningful
recommendations on it. Now, whether they’ll be able to move quicker than that
or longer than that, I don’t know at this point.

DR. COHN: Yes, and I think, Stan, just to follow up on that, that was
actually, I think, the pilot that we recommended in our letter from – Summers,
and we probably could actually get CMS, I guess, or – I think that is that one.
So – but so noted.

MR. REYNOLDS: Yes, play off of Stan’s comment. It is going to be real
interesting to watch the pilot, because the whole idea of attachments is a very
misunderstood environment in all arenas. I am not sure there are many companies
that really understand exactly what they are – completely what they are asking
for, completely what they want, and a lot of times, is it notes or is it – I
mean, so it’s been – it is an interesting – I think that is going to be an
interesting struggle as to what it really needs to be to really make this work
well.

So I think – I really think it is good that WEDI and, you know, bodies like
that are overseeing this pilot, because, you know, this can be looked at very
individually by people, and I think the only way it can move forward is to have
some general bodies of people under umbrellas that maybe aren’t as strong as
stakeholders is the only way that that is going to be looked at, I think, in an
overarching way.

DR. COHN: Yes, I was going to say, also, as I think about it, I mean, one
needs to make sure that we don’t replace companion guides with claims
attachments, which I think is the – yes, and I think I may be speaking for –
once again – one of our former subcommittee members, Dr. Clem McDonald on that
one. (Laughter). So every claim does not have a claims attachment associated
with it, which I think is the concern here.

MR. REYNOLDS: One other question. Just like – you know – when you look at
the status, claims was first, and everybody was focused there. Do you see
payers and others starting to step up further in the eligibility and the claims
and other things?

MR. MC LAUGHLIN: Absolutely, yes.

MR. REYNOLDS: I think if this study were taken now, I think the result – In
other words, this is a little bit dated. When you had your last thing, I think
it would look a little bit different, in some arenas. I know there are other
arenas that are behind, but I think what we are seeing is a lot of people had
to get implemented with everything, and one thing may be us as a committee,
Simon, going forward. There was probably – in the eligibility and claim status,
there was probably maybe too wide of an okay. You are compliant, but I could
say, yes, and you could tell me something real, and we are both compliant, and
there wasn’t any way to do it.

So I think as we, as a committee, hear the testimony going forward on some
of these other things – and I think attachments will be very much a similar
thing – we understand whether or not the product that’s – or required fields or
things that are necessary are good business or if it is an easy entry in to be
okay, and that has been the struggle. So you could be totally compliant
answering yes and no. That is not necessarily where you want to be in
eligibility in the future.

So I think that is a thing that us listening – and I know as I listen to
anything new coming out in HIPAA, I want to at least understand what it means,
and does the minimum requirement require, then, everybody to come back later
and say that doesn’t work? And that is the frustration that I think is going on
in all sides of the industry.

And so compliance, although you can’t completely mark compliance as it’s
got da, da, da, da, da, you know, these things, there’s got to be a package
that makes it worthwhile. You know, there’s compliance and then there’s
worthwhile business, and I think those are some of the issues that everybody is
facing now, and I think those are the things that you are seeing, things
getting upgraded and things acting a whole lot different, but that is one thing
I think this committee could help with as we ask those questions, not that we
know the individual fields and the individual data that goes in the fields, but
with what is coming out, whether it be attachments or whether it be anything
else, is this truly viable and do we have enough people saying it is viable,
and once they say it is viable, then that’s it, not a span that can go all the
way from yes to I can tell you everything about a person for three years and
both of them are compliant, and so then that forces all kinds of business
practice.

So I think that is a learning that I had from the other side of the table.
(Laughter). So I think that is something as we listen and as we go forward with
these standards on any of this stuff. We heard the same thing on security and
others. That is the hard part. So minimum compliance may not be good business,
may not even be average business. (Laughter). Might be poor business, and so
that is – when you get the ROI, if you don’t do good business right up front,
then you are doing it again and again and again and again.

Is that fair?

MR. MC LAUGHLIN: Agree.

MR. REYNOLDS: I mean, would that be –

MR. MC LAUGHLIN: Absolutely.

DR. COHN: Now, I had actually – and we are going to wrap this up, I think,
in just a minute or two. We are going to talk about, I think, certain next
steps, but – have a question just to make sure I understood. You had made a
comment in here about all new standards being piloted.

MR. MC LAUGHLIN: Yes.

DR. COHN: Now, I just want to clarify. You mean an actual new standard. You
don’t need a new version of a standard, do you?

MR. MC LAUGHLIN: Yes, actually –

DR. COHN: Oh, you want to have every new version of a standard piloted?

MR. MC LAUGHLIN: – as we progress to a new version, yes. That is the
recommendation.

DR. COHN: Oh, okay. So you – you mean like when we went like from like a
40-10 and we were proposing a 40-50 or a –

MR. MC LAUGHLIN: Yes. Just to verify –

DR. COHN: Really?

MR. MC LAUGHLIN: – to validate that the changes are going to do what
we are expecting them to do.

Again, we are focused on getting the ROI back out of these transactions,
and if we are not doing up-front legwork on these transactions, we want to make
sure that – you know – what we expect it to do that it is actually going to
accomplish that.

DR. COHN: Okay. Well, I think that will be a conversation we probably also
need. Actually, I guess that I am glad I asked, because I sort of looked at it,
wasn’t quite sure that that was what you intended –

MR. MC LAUGHLIN: Yes –

DR. COHN: I mean, even if it – and I guess I would ask you, even if it, at
this point, it slows things down?

MR. MC LAUGHLIN: And just so you know, too, that also came out at the
testimony last year when we were interviewing the industry, basically, on HIPAA
implementation, was the need for pilot testing, before we move forward with any
changes, was necessary.

MR. REYNOLDS: Well, you know, if – you know, we have a – there’s a
contingency – to play off that, Simon, there’s a contingency in place now for
claims. So as soon as you go to 40-50, there’ll be a contingency in there for
40-10, and so what you are going – because it’ll be effective as of a certain
date and people will be kind of there and – so if you do pilots –
philosophically, if you do pilots, and the pilots work, then you may be much
more strict in your enforcement of a date than you may have been in the past,
because, right now, everybody’s kind of making it work and trying – but once
you go from a version, you may be more strict. Whereas, it is a new one – I
mean, you are going to have a little more of a ramp-up, possibly, because,
again, when we talk about ROI, having multiple versions running at the same
time from lots of different people is an added business expense, and so I think
the pilots, although they philosophically slow it down – philosophically – then
– but if you have – if you know it works and you know you’ve got the
stakeholders saying it works, then your ability to set a more firm and require
a more firm date and move people faster to a firm date, you got a better
chance, I think.

MR. SCHUPING: It can be a two-edged sword, but what we are hoping, Harry –
and I hear what you are saying, but what we are hoping is that these pilots
will be moved quickly and they’ll bring quickly to a point the focus of what
the issues really are, the business issues and so forth, so that you can
grapple with them up front, make some recommendations and then move quickly
toward the implementation.

MR. REYNOLDS: Right, and wouldn’t you agree that we now have a – we now
have an industry that understands HIPAA, which we didn’t have – that we didn’t
have when we started the transaction? We had a lot of people that –

MR. SCHUPING: It’s not over yet, Harry? (Laughter). But they are getting
better –

DR. COHN: Yes, but, Harry, what I would say is that I think the industry
has realized that it is a business issue and not just a technology issue, and I
think that has been the big learning. So I don’t know how all of you are, but,
you know, when we talk about these things now within my own organization, it
doesn’t just sit in the IT department.

MR. REYNOLDS: No, I meant – that’s my point. Yes, so it went from just
another standard to a part of your business, just like health benefits or
anything else, as a subject in the boardroom.

MR. SCHUPING: And we are trying to put a spotlight on some of those
business issues, and we think a pilot is a great medium to do it, you know,
quickly.

DR. COHN: Any other comments? I mean, I think this has been a sort of a
good start. I guess I would have the subcommittee members think about – I mean,
to my view, I mean, I think – and, once again, we need to get sort of a general
agreement as we go on this morning, but I do think that there is a value for us
to shine a light on on issues and practices and all of that in this area.

I would just posit to you that maybe, really, our focus this year is – you
know, is this issue about moving from implementation to return on investment,
but I would have you all – I mean, this is something where everybody needs to
agree that that should be what we do.

MR. REYNOLDS: I have one other –

DR. COHN: Please.

MR. REYNOLDS: Yes, maybe hearing some testimony or maybe – whether it be
from CMS – you know, WEDI’s recommendation here is to keep contingencies in
place, even after CMS may stop in an area. In other words, if CMS reaches a
critical point, which they are close to on claims, and then they pull off the
contingency, the recommendation in here is that others look at themselves
individually and keep it in place.

You know, now, the challenge of the rule versus the end date – when it’s
off, when it’s on – what risk are people at, is going to be an interesting next
step, I believe, because with ROI – Simon, back to your point – until everybody
at least reaches their critical mass of automation under HIPAA that they had
before, the return is dramatically negative.

On the other hand, as CMS has moved ahead and has required people to be
electronic, there has not only been a focus on claims, there’s also been a
focus on CMS. So we have an industry group recommending that contingencies stay
in place. We have a regulation that says, when the contingency goes, the
contingency is gone. That balance is going to be an interesting balance that is
going to happen.

MR. SCHUPING: Yes, may I just say that we are not recommending that
contingencies stay in place, but that they be evaluated by each individual
entity, so that they are sure that their submitter base is ready to go. They
need to evaluate themselves separate of CMS. That’s all.

DR. COHN: Okay. Steve.

DR. STEINDEL: Yes, I’m sorry. I walked in late on what sounds like a very
fascinating discussion, and maybe this was discussed beforehand, so forgive me.

What bothers me a little bit is the NCVHS making recommendations on ROI.
Actually, I know Simon is just looking aghast at me, for those on the internet,
and – but the reason why I am saying this is I think it is a very important
thing, and I think we should actually make statements on ROI, now that I said I
don’t think we should – (laughter) – but maybe we should couch it some other
way, like – you know – how to maxibly(?) achieve interoperability in the claims
area, because that is directly related to ROI and directly related to this
contingency problem, because you can have a very good return on your investment
by not doing an investment, and if we left the contingency in place, that is
actually what could happen, and so I would like to phrase it more in the area
of interoperability, because that is directly related to ROI.

DR. COHN: You know, I’ll actually continue to look aghast at you –
(laughter) – and I think the subcommittee needs to talk about it.

DR. STEINDEL: I think so, too.

DR. COHN: I think interoperability is a technologist’s solution to
potentially try to achieve ROI, and I think that – I mean, any of us who sort
of think through the interoperability question, the only reason you would do
interoperability – I mean, that is not the only reason, but is sort of to
optimize the outcomes, and, obviously, there’s quality outcomes, there’s
patient-care outcomes, there’s financial outcomes.

Now, in this sphere, I tend to think that most of what – because these are
administrative and financial transactions as opposed to patient-care
transactions, at least for the moment, that I think probably the financial
outcomes take precedence, but that is an arguable piece, but to merely hinge it
as a technology discussion, which is really what interoperability does, I think
sort of misses the point. At least that is my view. I guess I would ask others.
I don’t mean to respond quite so –

DR. STEINDEL: I think it is something to discuss in the future.

DR. COHN: Yes.

DR. STEINDEL: I don’t want to take committee time.

DR. COHN: Yes.

MR. REYNOLDS: Well, I mean, you know, to play between the two things – and,
obviously, I’m an ROI favorite. I’ll put my hand up –

DR. COHN: Yes.

MR. REYNOLDS: – but if you would look at positioning in a different way,
critical-mass implementation is really what gives you the ROI. So continuing to
focus on the things that are not allowing us to get a critical mass to use
everything – because if it is out there and it’s been pushed and people have
had to do it, then I think that’s as much an issue, because, then, everybody
individually will decide what their own ROI was, but if you can’t get everybody
using this and everybody is not stepping up to it, then the – will come, there
may be a lot of empty seats in the stadium, but yet you still pay the same
amount for the stadium. So I think that’s – it is getting a critical mass, and
that is why I was asking for their order of transaction, may be another way of
looking –

DR. STEINDEL: Harry, that is kind of the point I was trying to make. Thank
you.

DR. COHN: Oh, okay. Yes, I think Steve was trying to wake us up, actually.
(Laughter). Nice try.

Jeff, did you have a comment or shall we –

MR. BLAIR: No, no, that’s fine.

DR. COHN: Okay. Well, with that, why don’t we break for 15 minutes. We’ll
get back at a little bit before 10:45.

Want to thank you for a very stimulating conversation, and we knew you were
the right people to start out the conversation today, so thank you.

(Break)

Agenda Item: HIPAA Update

DR. COHN: Okay. This is the last session, actually, of these hearings.
We’ll start with, obviously, George Argus and Jean Narcisi talking – not so
much a HIPAA update, I think, but an NUCC, NUBC update.

And then from there, we’ll move into any sort of open mike that people –
anybody needs to make a statement or otherwise, but, then, we’ll, hopefully
quickly from there move into subcommittee discussions and planning for future
meeting, with the intention we adjourn shortly after 12 noon.

Anyway, George are you leading off this presentation?

MR. ARGUS: It doesn’t matter. I could.

DR. COHN: Please.

MR. ARGUS: Thank you.

Again, my name is George Argus, and I am here today as the Chair of the
National Uniform Billing Committee, and I want to thank you for the opportunity
to testify and provide you with an assessment of our recent HIPAA activities.

As you may know, the NUBC voted at the November meeting to move forward
with the implementation of the UB-04 data set. We are currently soliciting
public comments about the implementation date as well as costs associated with
the adoption of the UB-04 data set. The responses we receive will help the
members of the NUBC to better understand the preparation time needed for the
healthcare community to move forward with the implementation of the UB-04 data
set.

There are many reasons behind the UB-04 data set redesign. Some of these
include the 2003 request actually from, I believe, this subcommittee to align
the paper UB with the HIPAA electronic 837.

The other is to basically look at the public-health needs, efforts to bring
about a national approach on research-data needs, new reimbursement models that
seem to basically bring our attention to the data variables, and we are looking
at how best to include quality and/or performance-based indicators to make the
necessary payment adjustments that might be a part of that data set, and there
are a number of other reasons.

First, we wanted to focus on the overall administrative efficiency of the
existing transaction standard. We wanted to also recognize the importance of
clinical coding in the eventual implementation of ICD-10-CM, and we wanted to
accommodate the eventual release and adoption of future HIPAA identifiers.

There is a provider identifier, which the enumeration begins in May of this
year, and, eventually, the health-plan identifier as well.

We also wanted to improve the handling and processing of liability claims,
so we made a few changes that are part of that portion of the claim-processing
environment.

We also sought to coordinate some of the state variations in handling local
healthcare needs, and we wanted to provide the ability to have some flexibility
at the state level managed by our committee at the national level.

And so we put together a survey for the public to basically take a look at
the UB-04 as part of the final design, and we are soliciting their comments.
The comment period ends at the end of January, and I have included for everyone
the overview of the public-comments section of the UB manual, and it is
available on our NUBC website.

I am not going to go through the details of all those components. I think I
described some of those early on, but what we wanted to do is take a look at
the implications that it may have for the industry to basically handle some of
the new items, the deletions of the existing items, as well as some of the
modifications of the existing items.

Obviously, any change to transitioning from one data set to another is
difficult for any organization. Obviously, the transition from the legacy
electronic formats to the HIPAA transactions was enormous. We anticipate that
the data set itself and the paper UB itself are going to be changes that will
require enough lead time and preparation for the industry to prepare.

And so in the packet you also have the questionnaire that went out to the
public, and, again, we will be meeting in February to basically go over the
responses that the public-comment period will provide, and then come back with
a firm date as part of that process.

I’ll just stop there and let Jean do this, and we’ll handle questions
afterwards.

DR. COHN: Okay. George, thank you.

Jean.

MS. NARCISI: My name is Jean Narcisi, and I am the Director of the Office
of Electronic Medical Systems at the AMA, American Medical Association, and
Chair of the National Uniform Claim Committee, NUCC.

It is my pleasure to appear today on behalf of the NUCC before the
Subcommittee, NCVHS. I would like to thank you for the opportunity to testify.

In preparation for the implementation of the National Provider Identifier,
the NUCC recently made recommendations regarding the placement of the NPI on
the CMS-1500 paper claim form. The NUCC recommendations include minor changes
to some of the box headings in the 1500 claim form and the instructions for the
appropriate placement of the NPI. For those of you that are listening and do
not have a copy of the testimony, the NUCC is seeking comments on the
instructions and draft form that can be accessed at the following link:
www.nucc.org/draft1500/.

Written comments regarding the proposed changes can be emailed to the
following email address by February 15, 2005, and that would be:
nucc@ama-assn.org.

And for those of you on the committee, I have provided the draft form as
well as the current – the old form, so you can take a look at it and compare
them as I go through the recommendations.

The NUCC reviewed the paper 1500 claim form and the CMS instruction manual
to determine if the NPI could be reported on a paper form. It was determined
that the form has adequate real estate to report an NPI. Currently, the PIN
number goes in Box 33, and Medicare instructions describe its usage as follows:

Item 33. Enter the provider of service billing name, address, zip code and
telephone number, and this is a required field.

Enter the UPIN for the performing provider of service who is not a member
of a group practice. This includes the PIN of a billing absentee physician in a
solo practice.

Enter the group PIN for the performing provider of service who is a member
of a group practice.

And suppliers billing the DMERC will use the National Supplier
Clearinghouse NSC number in this field.

The current paper form has separate fields for the following:

The tax ID number, which is in Box 25, and the referring provider ID, which
is in Box 17a.

The Tax ID field, Box 25, is for IRS Report Form 1099 reporting, and the
Tax ID will not be replaced by the NPI. However, the referring provider ID, in
Box 17a, will be migrated to the NPI, where available and appropriate, and the
existing real estate on the 1500 is large enough to handle the 10-digit NPI.

The NUCC arrived at the following conclusions regarding reporting the NPI
on a 1500 paper claim form. Some of the headings of the 1500 boxes were changed
in the proposed draft to reflect the recommendations. All constituencies will
be polled for review and comments as to the feasibility of the recommendations:

Number one, the NPI for referring physician, which would be an individual
called the Type 1 NPI, would be reported in Box 17a. The original heading of
the box was “I.D. Number of Referring Physician.” The NUCC
recommended changing the heading to “NPI# For Referring Physician.”

Number two, performing physician/provider-individual performing/rendering
should be reported in Box 24J and K. Note that this means Box 24J,
“COB”, will no longer be available for the use for COB purposes. Box
24J is 2 bytes and Box 24K is 8 bytes. Since the NPI is a 10-digit number, the
NUCC recommended that Boxes 24J and K be combined in the proposed draft and
renumbered as 24J.

Number three, since the NPI is not universal, there will always be
providers who do not have an NPI and who may have non-NPI identifiers they need
to report on a claim form. That creates the possibility that there could be two
identical ID numbers, one NPI and one other proprietary, but not an NPI, each
representing a different provider.

After exploring several alternatives, the NUCC recommended that a qualifier
be used. The individual performing the service should be reported in Box 24J
and K, as previously mentioned, which is now renumbered as 24J, and the
qualifier should go into Box 24I. Note that this means 24I, EMG, will no longer
be available for use. NUCC suggests using XX as the NPI qualifier, since this
is the same as the qualifier that is used in the electronic 837 transaction to
indicate an NPI is being reported. SV would be the qualifier for all non-NPI
identifiers, also following convention of the 837.

Number four, the Type 2 NPI, which would be a group NPI, if any, consistent
with where the service was rendered, should go in Box 32 along with the address
and zip where the service was rendered.

The type 2 NPI could be that of the provider group if the address of record
of the NPI is identical to the address where services were rendered.
Alternatively, the NPI of another entity – for example, a nursing home, should
be entered here.

Again, the NPI’s address of record must be identical with the address where
services were rendered. If there is no NPI corresponding with the address where
services were rendered, there would be no NPI reported in 32, only the address
text and zip code.

Number five, the Type 2 NPI, group NPI, for the billing entity should be
reported in Box 33, group ID for the billing/pay-to address. Note, billing
services will not receive an NPI.

Number six, outside Lab-Box 20 is not used very often because most labs
must bill with their own 1500 form. However, there may be instances when a lab,
like a reference lab, performs services that would be billed by a group and the
address and zip of the lab would then be reported in Box 32.

There may be a few instances where both the billing provider and the
performing lab need to report their locations in 32. To resolve that conflict,
separate paper 1500 forms should be submitted, one for the provider services
and one for the lab services.

Number seven, the NUCC was asked to explore the possibility of
accommodating two ID numbers for the transition period. With all providers and
all payers dealing with multiple trading partners, carrying both the old and
the new numbers would be one approach to alleviating some of the conversion
timing issues. A single cut-over date for the entire industry is not realistic,
especially given the experience with the HIPAA transactions.

With sufficient space available in Boxes 32 and 33, the NUCC endorsed the
concept of providing both the old ID and the new NPI, including qualifiers, in
both blocks for the duration of the NPI implementation window, which is May
2005 to May 2008.

Therefore, carrying both numbers temporarily may help give maximum
flexibility to all trading partners. The NUCC recommends that the qualifier XX
and the NPI number should be printed on the bottom left side of Boxes 32 and 33
and an old number with an SV qualifier preceding it should be printed on the
right side of boxes 32 and 33.

In the proposed draft, Box 32 will accommodate 12 bytes for the NPI number
on the left side and 15 bytes for the other ID on the right side. Box 33 will
accommodate 14 bytes for the NPI number on the left side and 16 bytes for the
Other ID on the right side.

Number eight, there is not a designated box on the current 1500 to carry
the provider taxonomy code. Therefore, the NUCC recommended that if a provider
taxonomy code needed to be reported it should be reported in Box 33 on the
right-hand side in the “Other ID” location. The qualifier PX should
precede the provider taxonomy code to identify that it is a provider taxonomy
code.

Number nine, there is not adequate space in 17a, Referring Physician, or in
Box 24, Line-Item Rendering Physician, for carrying both the old and the new
numbers. Therefore, the NUCC recommended using the XX or SV qualifiers in those
boxes to inform the receiver which ID was being used.

Number 10, general discussion by the NUCC tended to support the concept
that the NUCC should again look at the possibility of revising the paper form.
The current form was approved in 1988.

Thank you for this opportunity to present the proposed changes to the 1500
claim form. We would be pleased to respond to any questions.

DR. COHN: Okay. Well, thank you very much.

Questions? Comments?

You know, I guess I would just start with just a question for both of you,
and, obviously, I want to thank you both for coming. I think I should publicly
disclose, I will not recuse myself, but, in fact, I am a member, actually of
the NUCC, representing America’s Health Information Plans, an acronym that I am
still struggling with, but I am getting better.

I would observe that, actually, a number of members of the committee and
staff support are actually members of either NUCC or NUBC, and I don’t know if
they want to publicly state that affiliation, but I’ll leave that to them.

Having said that, I think I have a question for both of you, and this is
just sort of, I think, level setting.

Obviously, the – you know, I think both NUCC and NUBC are important thought
leaders in terms of the business uses and business applications relating to
claims forms, both electronic and paper.

Obviously, you are both custodians, at this point, of the paper forms, as
they currently exist, but not of the electronic form, at this point.

Can you both comment about the extent of usage of the paper forms at this
point? I mean, we talk a lot about, obviously, the standardization of the – and
use of the ANSI electronic form versus non-standard electronic, but we haven’t
really talked a lot about how many people are still using paper claim forms.
Jean, do you want to start, and then George?

MS. NARCISI: Well, I don’t have any percentages. We haven’t done a study at
the AMA for quite a few years. In the mid-to-late ‘90s we did, and we
found that, I think, that use of the paper form was still as high as about 50
percent. Now, that has probably come down because of – Medicare requires
electronic claims for all the claims for physicians’ offices that are larger
than 10, but I think there’s still a lot of paper forms being submitted for the
non-physician-type claims.

And the other thing, too, that you have to keep in mind is that the claim
form is often a print image on billing software from a provider’s office. So
the actual form itself may not be going out of the office, but that is what the
screen looks like. So any changes to the paper form we found in our last
research will probably put quite a bit of cost into the industry. So that is
one reason we were looking at just trying to change the headings, because
participants on the NUCC said that the reason the form is red is because you
can scan that form in and the red drops off. So they didn’t believe that that
would make such a big change for anything.

So we are having them tested, then, through Web MD Clearinghouse, and then
also through McKesson(?).

DR. COHN: Okay. Thank you.

George.

MR. ARGUS: Well, the use of the paper form has obviously decreased over the
years, particularly, I think, within the institutional-provider community. It
still has utility because it is still used, in large respect, particularly with
liability situations – Workers Comp and the like – which is still not covered
by the HIPAA transactions at this point in time.

It also is a fallback, if you will, to, in many cases, with coordination of
benefits. Oftentimes, there is a need to continue to provide the paper as part
of a coordination-of-benefit approach, along with other supplemental pieces of
information that describe how the claim may have been adjudicated, either an
EOMB or a remittance advice as well, as part of that process.

The UB data set itself is a little bit different than the 1500. We have a
lot of codified components that make up the UB. Many of those codified
components are also part of the electronic. So the value codes, the – codes,
rev codes, all those are unique to the committee.

The committee basically does review and meet for that very purpose to
manage that, and those are an integral part of the claim adjudication start,
and, therefore, it conveys unique pieces of information.

The earlier discussion today regarding the claim-adjustment reason codes on
the 835, the NUBC, because it does have both provider – major provider and
payer representation is in a unique position to kind of establish the data
needs in a way that is understood, at least from the claim perspective. That
has been our focus.

Perhaps there needs to be an 835 equivalent of that type of committee to
basically work through the very issues about claim-adjustment reason codes,
taking into account the state needs and then building them up and managing
them.

I know S12 does it, but not – there aren’t too many small providers that
can afford to go to the S12 committees, and, therefore, that is something, I
think, our committees have that capability of bringing about.

The only difference is the claim is the only transaction that works off a
common E37 platform, but is further refined in terms of – or different
implementation guides, if you will, that talk about the claim. All the other
transactions have a single one. So if there is going to be this type of
discussion, it has to basically coordinate among the different committees as
part of their process.

DR. COHN: Okay. Thank you.

Questions or comments?

` Harry.

MR. REYNOLDS: Yes. Thanks for your efforts, both of you. I think this is a
good move for the industry.

But seems like you are taking a little different approach, maybe, and I
want help to understand it.

George, as you were talking about – you are working on the UB04, is there a
goal of having something changed on it by the time NPI is necessary?

MR. ARGUS: The UB92 can accommodate an NPI, but it cannot accommodate an
NPI in a previous identifier, and so the goal is to be able to recognize
problems of transition –

MR. REYNOLDS: Yes.

MR. ARGUS: – and so the UB04 can’t accommodate the NPI and a previous
identifier. So it would facilitate the adoption of the NPI during that
transition period. So it is one of the areas that UB04 can deal with and to
deal with more effectively, as well as the upcoming health-plan identifier,
when and if that is released.

MR. REYNOLDS: Helping the industry with some guidance, whether it be from
you or you recommend something to somebody else about how to deal with those
two numbers, because I think that is going to be a significant NPI
implementation issue, because since it is not a one-to-one match, the NPI to
the whatever provider number somebody had before, that transition is going to
be very key as it goes forward. So I think that is a key point, and I am glad
to see that that is already being taken care of in the 1500.

And, Jean, as you mentioned, you are just fixing the HIPAA 1500 for the
NPI, but not in relation to the HIPAA transactions.

MS. NARCISI: Well, we have done a mapping of the paper form to the 837, and
I think there are probably only three elements that can’t fit on the paper that
are part of the 837, but they must not be very important, because I haven’t
heard too much about it, but one of them was provider taxonomy code, and then,
when we would go through a review, we determined that if a provider taxonomy
code was necessary, this is where it could be located, but there are pieces on
the form that aren’t in the 837. I think there are about 10 different items
that aren’t. So it becomes a discussion about, well, do we really need a new
form then? Is this going to be sufficient enough? So by sending it out and
hoping to get some comments – I have had very few comments. One comment was,
well, if you are going to make these changes, why don’t you just revise the
whole form. So we’ll have to see what kind of comments come in and deal with
that at our February meeting.

MR. REYNOLDS: But I think your result – not just through maybe this
committee and others, your result nationally in some kind of broadcast would be
good, I think –

MS. NARCISI: Um-hum.

MR. REYNOLDS: – because that is probably a misnomer that is out there in
the world right now as to just how different both of your forms are –

MS. NARCISI: Yes.

MR. REYNOLDS: – versus the 837, and I think that is key.

Simon, the question came up about paper claims. I can tell you ours are –
we get 17 percent – we got 17 percent paper claims last month, 389,000. I’m
working on a presentation – (laughter) – so I have the real numbers.
(Laughter).

DR. COHN: And is there a breakdown from the hospital versus physician or
provider?

MR. REYNOLDS: Well, I’ll do it this way: We are 92 percent automated in
hospital and about 80 in physicians.

DR. COHN: Oh, okay.

MR. REYNOLDS: So you can break them up that way.

DR. COHN: Okay.

MR. REYNOLDS: So those are real numbers.

MR. BLAIR: That’s for claims submission –

MR. REYNOLDS: That is correct.

MR. BLAIR: Yes?

MR. REYNOLDS: Yes. Yes.

DR. COHN: Well thank you.

MR. BLAIR: Do you have numbers, by any chance, for eligibility yet?

MR. REYNOLDS: Yes, but do you want me – you want –

DR. COHN: Did you want to talk about that now, Jeff?

MR. BLAIR: Oh, microphone.

Are you able to share with us any data you have for the receipt of
eligibility electronically with HIPAA compliant claims, compliant transactions?

MR. REYNOLDS: Yes. It’s a quick answer, yes. Be happy to. We are getting
about 30,000 eligibility transactions a month, and about 27,000 claim-status
inquiries, but the problem is they are only coming in from one clearinghouse.

On the other hand, we are getting 1.2 million 837’s a month. So – and,
again, those are real, up-to-date – last month – numbers. So that is the
rollout that we are all looking for.

MR. BLAIR: So you are looking around one percent or less of eligibility.

MR. REYNOLDS: Well, it’s hard – yes, it’s hard to say, because – well, I
won’t go into the long explanation, but the point is I think if providers use
the eligibility, they can use the eligibility in dramatically different ways,
as well as claim status, than they did before, because, as I was mentioning to
Simon, if you had a patient in the hospital, you could electronically hit the
insurer system every day they are in the hospital. You can’t necessarily call,
but you could hit it every day to understand whether or not that person is
still covered – are they still covered, are they still covered, are they still
covered – while I know they are in the hospital. You can do that
electronically, so when you say 20 percent, I don’t know, we might be getting
20 times more than we thought we would.

I mean, this is one of those things where you have opened an electronic
pathway and then here it comes; and, then, depending upon the sophistication of
the provider to use it, hospital and/or doctor, that volume is increased. So
that is where, I think, the ROI and that’s where the business practices within
the providers to use the data from the payers in these cases, again, making
sure that the data is worthwhile using, and I think you’re set. So that’s –

DR. COHN: Okay. Other questions or comments about all this?

Okay. Well, I think it’s – I mean, this is obviously important efforts both
– for the improvements on both forms, obviously, to enable the country to move
into the future. So, obviously, I think we want to wish you luck on this one,
and, obviously, I think the purpose here was primarily just to further
publicize the open period for comment, to make sure that as many people knew as
possible, and so I guess, Jean, you publicized the web address where you can
make comments.

MS. NARCISI: Yes.

DR. COHN: You want to do that again?

MS. NARCISI: Yes.

DR. COHN: And, George, maybe if you would also.

MS. NARCISI: The form and the instructions that I went through are
available at www.nucc.org and you
can email any comments to nucc@ama-assn.org, and I also was going to
mention that if you noticed on the bottom of the current form that the Council
on Medical Service at the AMA had approved that form back in ‘88, and I am
actually going to be meeting with them in early February with these direct
changes to see – get some ideas from them if they have any comments on it.

MR. ARGUS: And the public-comment information for the UB04 is on the NUBC
homepage, and that address is www.nubc.org.
Just click on the upper-left-hand corner. You’ll see public comment and it’ll
take you right to the information that contains an overview of the changes, an
example of the survey and when you are ready to digest and put together the
responses you can do it, complete it and submit it to us electronically.

So we are anxious – and, actually, we’d be happy to share the results from
this, because I think it would be a good exercise to kind of identify lead time
and transitions that might be beneficial in terms of future consideration of
other changes that come about in the industry just knowing when vendors might
be ready, the lead time that they may have to have, when providers might be
ready, the transition period, is it a hard date, is it a period where there is
the old and the new. So those are things that we are asking for respondents to
basically provide us with guidance and input. So we’ll be happy to share that
information once we have it.

DR. COHN: Great. And we’ll obviously be talking to the DSMO’s as a group I
think later on in the year, and, hopefully, maybe that’ll be one of the things
that we can discuss with both of you.

I do appreciate you both coming out. I know it’s – I mean, it isn’t quite
like coming from California, but it’s still, this time of the year, a
relatively arduous process and we really appreciate you coming and sharing this
information with us today.

MR. ARGUS: Well, it was warmer than Chicago, so – (laughter).

DR. COHN: Okay. That’s –

Harry.

MR. REYNOLDS: Can I ask one more – Jean, you are recommending that – did I
hear you say you are recommending that it be a red form?

MS. NARCISI: That’s – so far, that is what it would – yes, try to keep
consistent with the old form.

MR. REYNOLDS: – providers you may want to make sure that you designate the
type of ink –

MS. NARCISI: Sure.

MR. REYNOLDS: – because there are quality standards and you would hate for
somebody to know it’s red and buy a bunch and –

MS. NARCISI: Oh, that’s a good point.

MR. REYNOLDS: – don’t go through scanners. So there is a – red ink is not
red ink is not red ink, especially when it is going through scanners. So that
may be something as – if you get an overwhelming yes, you may want to double
check that, because we have run into that before where somebody goes into an
office, says I’ll print these red, and then they come in and then they don’t
work –

MS. NARCISI: And they don’t work?

MR. REYNOLDS: – with standard scanners, and then that office has kind of
hung themselves out there for inventory. So just be something to –

MS. NARCISI: Sure.

MR. REYNOLDS: – help them with as you –

MR. ARGUS: And, actually, that is one of the issues I think we will be
discussing at our February meeting is really trying to protect the form so that
it is standard.

The form vendor who produced this offered to make available the negative
for any form vendor who is interested in reproducing it, but it would give the
industry a clear expectation of where the start line is, the color and the
like. So –

MR. REYNOLDS: Those are huge situations in the reality of the
implementation, so that is great.

MR. ARGUS: Yes, I mean, we talked about whether they should be copy
protected or not, and I am not quite sure that we can copy protect it, but,
clearly, we can vote on this negative as provided by so-and-so, and it would be
made available at a reasonable price.

MR. REYNOLDS: Thanks for addressing that. I think that’ll help a lot of the
small doctors’ offices and the practice-management systems when they actually
start producing these. So thank you.

DR. COHN: Great, Harry, and I actually had no idea that you ran a little
scanning shop – (laughter) – but I guess I shouldn’t have been surprised.

MR. REYNOLDS: (Laughter). Yes, sir. I don’t have this gray hair for – I got
a number of reasons to have this –

DR. COHN: You have skills that I had no idea.

Anyway, thank you very much and we really do appreciate it.

With that, move just to see if there’s any open mike, anybody in the
audience need to make any comments or – any of the issues from yesterday or
today?

Agenda Item: Subcommittee Discussion
and Planning for Next Meeting

DR. COHN: Okay. Well, let’s then move into our sort of subcommittee
discussion and sort of planning for the next meetings.

I think maybe – I mean, I guess before we move into yesterday, since this
stuff is all real fresh right now, let me just ask subcommittee members – I
think the sense – and, obviously, what I was proposing as we were talking, and
I am hoping that this is sort of where we are going, is is that over the year –
you know, and I think we need to get back to more active involvement and
oversight of the implementation of the HIPAA administrative and financial
transactions.

I guess what I was proposing was is that we at least start with sort of the
frame of moving from sort of implementation to ROI as sort of almost like the
theme of the year, knowing that, as I think Steve Steindel commented, that
obviously clearly includes interoperability issues, and as Harry commented that
includes uses issues. So I think those are all very appropriate ways of
describing this.

We obviously – you know, I think we’ll probably, as time permits, want to
have panels through the year, sort of focusing in on that. There are obviously
a lot of things we heard from WEDI, sort of threads I think we can further
develop.

We also, obviously, need to hear from the DSMO’s, which will hopefully be
later on this spring –

MS. FRIEDMAN: – a request to do the annual report in February.

DR. COHN: Well, we’ll have to see if we have time in February. I guess I’m
– we’ll talk about that. I think the annual report will be – the timing of that
will be determined by whatever else we have on our plate, and I think our first
priority in February is likely to be the e-prescribing letter, and that we’d
like to be the second priority. So we can move to that to sort of see how we
time that and frame it.

I think our next meeting after that is – it’s either March or April, and I
– Is what now?

MS. FRIEDMAN: Full committee is in March.

DR. COHN: No, I said – I actually really meant the subcommittee. I think we
are in April, but, obviously, there is a way to – you know, depending on how
much time we have for breakout, we could actually do it during the March
breakout, but that is sort of squeezing things a little tight in terms of time,
especially in case we need to modify the e-prescribing letter at all.

So let’s think about that one, but, certainly, we know that we need to do
it this spring, but, obviously, this – I guess I would ask is this a – the way
we have described this, is this one of the items and action items and agendas
we should pursue this year?

Okay. For the people on the internet, everybody is nodding their head yes.

Harry, did you have a comment?

MR. REYNOLDS: No, I just think it is going to be key, because there is
going to be a new set of things coming out, and I think being able to have a
good, honorable discussion about the return on the others and what was learned
and whether or not you can get them used is going to be key in the success of
people jumping in –

DR. COHN: Okay. Great.

Okay. Well, any further conversation about that – and, obviously, we have
this issue that we’ll need to figure out somehow how to accommodate the – well,
the timing of the DSMO report. So we will sort of deal with that.

Now, shall we move from there, back to our conversations yesterday and sort
of where we are with our e-prescribing letter?

Margret, do you want to make any comments about work that you are doing in
terms of drafting pieces or –

MS. AMATAYAKUL: I have started to draft sort of – as Maria would say, the
TF(?) language that sort of could go into the March letter just at the
beginning saying, you know, that these are the second set of recommendations,
et cetera, et cetera, trying to summarize the testimony that we have heard, and
then I think – you know, trying to capture the essence in terms of getting
ready to write recommendations.

So it would be helpful for me if I could get comments, you know, in terms
of, you know, what people are sort of thinking ought to be in the
recommendation.

MR. BLAIR: Simon, do you think it would be helpful for Margret to read the
draft, so that, you know, the folks on the internet would get an idea of – you
know, it is up-front stuff. It’s – what? – a page-and-a-half or something like
that. So –

DR. COHN: I don’t think so, Jeff. I think it’s one thing to tee-up
language. I think we need to be a little more certain of our fact base, which I
think includes any of the testimony that may occur in February, before we start
publicly reading draft language, at least – I guess I would look at others on
the subcommittee to make sure that you are agreeing with me on this one, but I
think that we are not far off from that, but I think we are a couple of weeks
off.

MR. BLAIR: Well, maybe the reason that I was saying that is I wanted to
make sure that the people on the internet understood that this draft does not
include our recommendations at this point. We haven’t made recommendations yet.
This draft includes – when you said – what did you say? Tee-up? You used
initials there. In other words, it’s the background in what we have heard.

MS. AMATAYAKUL: Teeing up your golf ball.

MR. BLAIR: Teeing up –

MS. AMATAYAKUL: (Laughter).

MR. BLAIR: Okay. So that is what has been written so far. We haven’t
drafted – there’s no draft of recommendations yet.

MS. AMATAYAKUL: Right.

DR. COHN: Well, but – however, what I would ask, and I think what Margret
was requesting, is I think this is the time where thoughts from subcommittee
members about issues that need to be included in recommendations, thoughts
about how they ought to be framed and all that, this is the time for us to
begin to get in language to Margret so that at least there are placeholders, so
as we finish our testimony in February that we can then begin to move into that
other stage – to have something that is a little more concrete. So is everyone
clear about what we are asking for? And I think it is by the end of next week.

MS. AMATAYAKUL: Yes, if – what I would like to do is be able to follow the
same format as the other letter, using the observations and then the
recommendations, the short – you know – bullets. So if you want to send both,
that’s fine, but, certainly, the – you know, something that you might want to
see in the recommendations. I can always put some of the observation around
that; and, yes, by next Friday, if possible, because that really only gives us
one week before –

DR. COHN: The next meeting.

MS. AMATAYAKUL: It doesn’t even give us a week. It gives us a weekend
before the February meeting.

DR. COHN: No – No, no, actually, you’re wrong. I guess it’s a question of
if we have the stuff to you by the 21^st. That is actually 10 days
before the –

MS. AMATAYAKUL: Right.

DR. COHN: – full committee meeting.

MS. AMATAYAKUL: Right.

DR. COHN: So –

MS. GREENBERG: The subcommittee meeting.

DR. COHN: Well, everything’s a short time in this. You know, if you are an
emergency physician, actually, it’s a long time. (Laughter).

But, anyway, we are obviously just dealing with draft as well as getting
the issues on the table that then we can sort of figure out what the – how we
may want to frame them into things.

Now, just in terms of that – and we’ll begin to sort of look in terms of
the time frames and what it is we are going to do. Just want to run through
everybody sort of the – I won’t say the drill, but the plan for February
hearings and then moving to recommendations for the March meeting, because I do
think we need to think about that and plan it.

Now, obviously, we are going to be beginning to have placeholders, as I
said Margret describe. I think from my sense – and I guess I would ask – and
Maria, I think, has been sort of trying to catalogue the things that we need to
hear about in February, but, clearly, I think there is a need to hear updates
on various standards that we have been sort of tracking and following along,
recommendations that we had been making from our last set of recommendations,
and they include an update from the National Library of Medicine – I’m looking
at Vivian Auld as I say that – hearing from the NCPDP and other associated
groups who have been working on those standards that we had asked to – you
know, work going on in the private sector that we were sort of asking be
brought into the standards arena to sort of see where we are on all of that, as
well as there is another piece which I also understand that Lynne Gilbertson,
NCPDP was leading off or at least having discussions with the industry, which
was, I think, a discussion we had around, well, what are the essential best
practices around sort of – I am trying to think of how to describe this. It
begins to look sort of like security/e-signature, realizing that we have, I
think, recognized that there’s an intimate correlation between the two, and I
may not be describing this completely accurately. Certainly, it is a focus on
e-signature, but recognizing that there are things that go around e-signature
that are pieces of this whole thing, and I apologize. I am sort of groping for
words here.

Margret, do you have a better way of describing this particular one?

MS. AMATAYAKUL: It might be helpful to determine if, in the NCPDP standard
or elsewhere, there’s some guidance on the best practices associated with
transmission of the transactions through a secure network. We heard about
credentialing. We heard about the acknowledgment to close the loop. We heard
about the use of EPN, et cetera. Are those codified anywhere?

DR. COHN: I think you have said this much better than I was. So – Harry.

MR. REYNOLDS: As part of their testimony, also, you know, we are thinking
about the pilots and we are thinking about what we have to do and what we could
recommend, and I think when you – Margret mentioned the transmission and –
within – you really have three pieces, I think. You have the prescriber. You
have the transmission and you have the pharmacy, and I think it would be
helpful – if there’s any kind of a continuum in each of those that says maybe
we start this way, moving towards this, so in the prescriber’s office – I mean,
we talked about PDA’s. We talked about everything else – what are the things
that have to be clearly done, and when we talk about best practices, what would
be the best practices that we would want to hear, especially at getting
adoption in what the prescriber might do, what Margret just brought up on the
transmission and in the pharmacy?

So what are the – because it is really three different pieces that all have
to hook together and three different environments that have to hook together,
have to have all the right things to make it work, so that the prescriber is
happy that they are covered and they can sign on and they are authenticated and
everything else, and then the transmission is okay, and then the pharmacy says,
Now, I can do my job, and, oh, by the way, now, I can send something back to
the doctor – that is kind of a breakdown that then lets you know you looked at
each individual key player, and we know that they can do a sig and we know they
can do a formulary, the basic stuff, but, now, how do they really work
together, and is anything we are recommending going to hurt any one of those
three or four or does it really help them going?

For example, if you looked at the pilot and you may say, as far as – at
least you would want to know, in a pilot – you could go ahead and let a pilot
go – and I’m talking. I’m not recommending. As long as you can authenticate
that the person has and they can show within the transmission that everybody is
taking their own responsibility, you can at least understand the flow of
e-prescribing and see if there are holes in some of the things we have in
formularies, other things, versus if you say, I gotta put all this security
over the pilot, then, am I just testing the security or am I truly able to test
everything else?

So there’s going to be different players, I think, doing pilots at
different levels, and so I think – at least I would like to see us be able to
give CMS a range of opportunities to have pilots that may not test the whole
piece, but may test enough of the flow to do it, and that is just a thought.

MR. BLAIR: Could I piggyback on your comments?

If there is some way – because you were saying there may be more than one
scenario here. We talked about – what? – the three, four, five levels for
secured substances, for example. Not secured, controlled substances. That might
be separate than many of the other e-prescribing information that is going over
the network.

At least in my mind, I tend to start with those NIST levels of
authentication based on the risk, and then driving down may be based on which
scenarios we are looking at, what is the risk, then we could say what are the
best practices to address each of those risks, you know, with different
scenarios; and then maybe the third thing that I tend to think of as folded in
there is – one of the assumptions is that if something is going over a – quote
– secured network, what is the definition that we should use for a secured
network, and what are the best practices, according to the risk of going over a
secured network?

DR. COHN: Yes. Margret, did you have a comment there?

MS. AMATAYAKUL: Yes, I have a question. In terms of the security of the
network, my first comment was really more associated with what Harry was
saying, you know, the end to end, the flow from the prescriber through the
network, you know, what is needed at each of those points, but I think Jeff has
raised a very important issue, and I am wondering if we should learn more about
the difference between like SSL and VPN, for instance.

DR. COHN: Well, is that a focused issue that we want to get a briefing on
in February? I mean, this is not a panel of experts talking about it, but I
think there are some facts that could be brought to bear to help inform us
about whether there are different issues or whether those are basically both
secure networks for this definition.

Stan.

DR. HUFF: I am in agreement that we want to – what we would like to get in
place, I think, is best practices, but what I – I hope we are not taking a turn
where we are trying to set standards ourselves within this body. Somehow, we
want to give this a home back in NCPDP or HL7 or NIST or somewhere, so that
they are the people who will carry forward.

So I worry about us getting into the details of SSL and VPN’s and other
stuff. I mean, maybe – if we make a decision, I would rather do that based on
discussion of standards that talk about those things, rather than – I am
wondering how we would get from sort of the – we got a list of things that –
you know – came out, not this meeting, but last meeting about the best
practices that were recommended by a subset of the folks anyway, and I wondered
how we could somehow get from that to a real standards organization that was
representing those best practices or something. I don’t know how to do that, I
guess, but –

DR. COHN: Well, I guess I would start, maybe, by asking NCPDP, which I
think is already taking the lead, I mean, has the standard – has the
transmission standard, has also been working with the industry to identify,
hopefully, best practices.

I apologize that I don’t know what may already be in your standard in
relationship to all of this – and I am actually looking at Lynne Gilbertson as
I say this – so some of this stuff may already be covered. So I think that is
sort of the question I think you are asking, isn’t it?

DR. HUFF: Yes, I mean, in a sense, I would like to maybe – you know, think
about – and I hate to burden NCPDP. They have been so great in responding to
the burdens we have already placed on them, but it would be nice if those –
again, those industry practices that were in the document that were shared last
session, in fact, you know, became some sort of standard within NCPDP or – so
yet another working group or something that we’re progressing, though, so that
there was a chance for open-consensus process to take place on those best
practices.

DR. COHN: Yes. Steve is looking at me a little –

DR. STEINDEL: Yes.

DR. COHN: Want to make a comment? And then Harry.

DR. STEINDEL: I mean, just a quick glance that I have made on the copies of
the ASTM standards that were shared with us, they contain a lot of these
definitional elements about what should be part of the standards that are in
the various phases of the e-prescribing transmission network that we saw
described, and I think the first thing that we should probably do, or someone
should probably do, is take a look at the ASTM standards and see if they are
already in there, instead of asking NCPDP – They’re not, Margret? Okay. I was
just looking quickly.

MS. AMATAYAKUL: They provide a lot of guidance if you are going to accept
PKI, and they provide a lot of guidance in terms of, as you say, definitional
components, but not specific to the e-prescribing domain, and not really the
ends that I think Harry is talking about.

DR. STEINDEL: I would be reluctant to ask for a standard that describes the
e-prescribing domain, because this is something that replicates all over, and
it is done all over today, and I am leery of actually making a standard to do
it.

I think if we can enunciate clearly what the aspects should be in a letter,
I think there is enough that is being done today in terms of industry
definitions and industry practices – and I won’t call them standards, because a
lot of times it is because of their constantly changing nature they are not put
in the form of standards from people like W3C, and I think some of the other
internet security groups that we might pick up on.

DR. COHN: Steve, I think I need to make a comment, and then Harry.

I am actually reminded, as we all talk about this one, and we have tried to
go down the standards path on this, but if you look at the HIPAA security rule
– and I am not sure I would describe it necessarily as a standard – it is
really an evaluation and risk-assessment standard, and I think what we are
trying to do is maybe we are trying to go down that road a little bit by
talking about, I think, some risk assessment and guidance and whatever, and I
think that, actually, the question we were just asking – just to be as concrete
as possible – was, geez – you know – what is a secure network in this context
anyway, and do we need to alert HHS to say that, gee, there needs to be
different guidances potentially put forward for different sorts of –
quote/unquote – secure networks or are they all sort of the same? And I guess I
spoke of my own level of ignorance as that of being somewhat aware that they
are not the same, but, I mean, do we – does that even come to the level of what
we need to say something to HHS about? And I think that was where we were
trying to go – at least, I hope.

And I don’t know if that makes any sense or not. I mean, I didn’t – it is
not intended to be a two-hour session.

Steve, and then Harry. I’m sorry.

DR. STEINDEL: Yes, I think, Simon, that makes a lot of sense, and this is
the direction I was thinking about yesterday is really what I heard was there’s
many ways to approach the issue of security over the e-prescribing system as
described; and, you know, we also heard from NIST and others that the
definition of it, what constitutes a closed system, and – as Jeff put it –
which of the various OMB levels apply really is contextual, and saying things
like we did in the security regulation that you should do a risk assessment and
decide where you fit, and probably in the letter we can give some guidance as
to what goes into this risk assessment, but not any definite solutions.

DR. COHN: Yes, and let me say this a slightly different way, again, but I
think maybe what we are saying is really that the risk-assessment levels are
actually not contextual, but how you meet them may be contextual. Are you in
agreement with that sort of comment?

DR. STEINDEL: Um-hum.

DR. COHN: Because I think that, to me, was sort of what I was hearing
yesterday from NIST was that – you know – exactly what they were saying that
had to be done about things was basically based on the assumption that things
were a completely open network, but that, obviously, if you were in different
situations, things might be a Level X, but there may be a variety of ways that
you meet that Level X requirement. Is that –

DR. STEINDEL: That is another way of stating it, yes.

DR. COHN: Okay.

MR. BLAIR: Little point of clarification. Steve, when you used the phrase
open or closed network, are you referring to a secure network like the
e-prescribing networks? Is that what you’re referring to?

DR. STEINDEL: I –

MR. BLAIR: I wasn’t sure what you were referring to.

DR. STEINDEL: Well, like an open network is just doing something on the
internet. That is what I would refer to as an open network, and there are ways
that we can make data have increasing levels of security on that open network,
and sometimes, we can – through a VPN, we could actually turn the public
internet into a closed network. So, you know, as Simon was saying, it is
contextual. It is how you are using it and how you apply it as to whether or
not you should think of it as an open system that anyone can hack into or a
closed system where, you know, it can be as complete – you can talk about a
closed system as completely closed as some of the military systems, you know,
or some of the systems that we are using, very secure systems.

MR. REYNOLDS: My comment is if you think of the philosophy of a chain of
trust, that is what we are trying to recommend, that there be standards put in
place for a chain of trust, because, right now, the pharmacist – we have heard
over and over again in the testimony that the pharmacist ultimately is
responsible for whether it is a valid prescription and whether it is coming
from somebody valid.

Now, obviously, when you think of the chain of trust, you know, whether you
use open network, closed network, it doesn’t matter. If we recommend or we
think about recommending that there needs to be a clear and precise chain of
trust – documented, audited and so on – that says, It left here and it got
here, now, whether one vendor decides to make it through point to point or one
makes it through the internet with all the appropriate controls or one needs to
have sign-on that is 15 characters or the other one has 8, long as it fits in
some kind of a NIST philosophy, and then you take – and that gets ratcheted up
by Schedule 2’s where they have thrown in the non-repudiation, which – I drew a
picture here where you got six hand-offs. Non-repudiation through a six handoff
environment gets real chain of trust. (Laughter). That is tied together forever
chain of trust.

So I think the idea of us thinking about recommending that there has to be
a chain of trust, so how many hand-offs, we don’t know, but those hand-offs
have to be set up, certified by whoever is doing them, because, for example,
nobody asked me how I transmit an 837 claim to anyone, but you don’t want – but
HIPAA privacy tells me it better not be hacked.

Okay. So the same kind of thing, I think – so as we look at it, what is the
chain of trust – we know that there has to be a chain – because, right now, it
is the signature, but, in the future, it is going to be electronics, and
electronics in our world – future, we can’t pick one, because it is changing
every other day, but if we can paint that as the picture and then under that
say, and, oh, by the way, you know, if it is Schedule II, we have heard from
the DEA that they feel it’s got to be non-repudiation, which may mean you’d
have to do this or – because there is a lot of e-prescribing.

We have heard a lot of testimony from e-prescribers. Somebody is buying
into the chain of trust right now, because there’s a whole lot of doctors and a
whole of prescriptions and a whole lot not being – that are getting filled
through this chain of trust now, and they are not going to be under any
different laws going forward than they are at this moment.

So that is why there is a lot of stuff going on now that works. We just
gotta make sure we mention where it is different, we talk about the chain of
trust and there needs to be some structure set up and thought process going
through. That is where I am kind of going with it.

DR. COHN: Yes –

MR. BLAIR: Are you saying, by your comment – I’m sorry –

DR. COHN: Well, I was going to try to let – I think Stan had been patiently
waiting –

MR. BLAIR: Oh, I’m sorry.

DR. HUFF: Well, I like the direction. This is just a brief comment that –
and I think where we – the thing that would be nice is where we can, if we can
refer to definitions and other things that are coming from OMB or from NIST or
ASTM, so that as we use these terms of open or closed or degree of confidence
or other things, we can refer to the standards – to definitions that are in the
standards for those things that we base our recommendations on.

DR. COHN: That’s good. We are all getting together.

Now, Margret had a comment, and then Jeff wants to make a comment.

MS. AMATAYAKUL: You had asked me last time to write up a small piece on
HIPAA, and I did and circulated that, and I do think we should bear in mind
that, although there is probably a very, very small percentage, but there may
be people who do not have to comply with HIPAA. They are not covered entities,
because they send no electronic transactions and they are not Medicare and they
don’t have to or they are very small, and so they – and they could be doing
e-prescribing, so that the e-prescribing that the non-covered entity is doing
is not falling under HIPAA.

DR. COHN: Okay. Except as a business-associate agreement.

Maria has a comment.

MS. FRIEDMAN: Just to follow on what Margret just said, that may be true,
but if they are doing e-prescribing and they are using the vendor solutions we
have heard and going to the secure network to the pharmacy and then it is all
automated from there, all of that is HIPAA compliant. So, you know, by default,
they may not have to, but the way the system is set up, it is happening anyway.

DR. COHN: I just want you to –

MS. AMATAYAKUL: Except at the front end.

DR. COHN: What?

MS. AMATAYAKUL: Except at the front end.

DR. COHN: Yes, except at the front end.

MS. FRIEDMAN: Well, no, I mean, if I am putting it in at a PDA and I am
using, you know – and we have heard from like six or eight different vendors,
whatever that does to get to the pharmacy is HIPAA compliant –

DR. COHN: Yes. Okay. I don’t want to solve this one right now, but I do
want, Margret, you to note it as an issue that we need to come to resolution
about whether we need to say anything about this issue about covered entities.
I know Harry had brought that up a while ago, and I think we just need to – the
discretion of whether this will eventually merit a recommendation of any sort
or a statement or whatever. So, once again, I think we can do some further fact
finding to clarify that one, and then reflect on it in the letter.

Jeff, it is your turn.

MR. BLAIR: I have, in the past, taken great recognition and appreciation
for the fact that the industry is performing an excellent service in providing
e-prescribing services, and we don’t want to slow that down, and the MMA law is
trying to make sure that this rolls out, in a way, as quickly as we can, to get
these benefits to the nation in terms of patient safety and quality and lower
costs.

And I am saying that and I am repeating that, because, you know, that is
something that, you know, that I feel very strongly about, and now I want to do
an on-the-other-hand – like Tevye from Fiddler on the Roof – okay?

MS. FRIEDMAN: Uh-oh.

MR. BLAIR: (Laughter). Maria just went, uh-oh.

I think we have to be careful, just sort of like a caveat, a note of
caution, and I don’t know whether we need to hear testimony explicitly from
SureScripts and Proxy Med and RX Hub on this, but the chain of trust and the
secure network that they are putting forth, I think we need to understand
clearly the degree that that trust is maintained, the degree of integrity as it
goes forward. There’s been statements or assertions that it is secure. I would
like to be assured that it is secure. I would like to have a better level of
comfort, and it – obviously, it won’t be as secure as PKI, but is it secure
enough for the risk that the NIST level indicates is appropriate? And I don’t
know if the best practices – the testimony on best practices will provide that.
So I guess what I am asking for is either we receive that additional confidence
and assurance in the testimony on best practices or we supplement that
testimony with explicit testimony of how the chain of trust that you indicated,
Harry – how the integrity is protected through the chain of trust.

DR. COHN: Yes, I think Steve has a comment.

DR. STEINDEL: No, I –

DR. COHN: No, nothing you would like to say verbally?

DR. STEINDEL: Nothing I would like to say verbally. It’s just a visceral –

DR. COHN: Just a visceral response.

Okay. Maria, do you have a comment?

MS. FRIEDMAN: I would like to ask Jeff why he is feeling – I won’t say
insecure, but he wants this additional validation. I thought it came through
loud and clear, not only in this round of testimony, but previously. We have
heard this several times.

DR. STEINDEL: Simon, since Maria said something, I’ll say the same thing. I
mean, I basically have heard them say the same thing three times, and I don’t
think I am going to hear them say anything different the fourth time.

DR. COHN: Yes, and I think they also have written testimony –

DR. STEINDEL: And I think they have answered the question.

DR. COHN: Yes, and I think they have written testimony that we can easily
review with that information.

Obviously, at this point, shouldn’t go around again, unless we have
something new. You know, unless there’s a really new question that we have to
ask them, I don’t think it is appropriate to – I mean, they’ll probably be here
anyway, but we’ll – (laughter) – but I think we need to be careful about having
them just say the same thing again.

MS. FRIEDMAN: That is kind of why we had that session yesterday. It was
just kind of one more look back, just to make sure that we addressed that issue
in that way, because we had heard it a couple of different times in different
ways and it was okay. Now, let’s look at the potential for fraud and abuse and
authentication and non-repudiation, and that is why I asked them to address it
that way, just to come at – you know, the same issue one more run at it from a
different way.

DR. COHN: And, you know, and maybe I would – Jeff, actually, I am not in
any way discounting what you are saying, because I am actually thinking that
maybe there is a different way to talk about this one, and I guess I am sort of
thinking more that, in a letter, what we are asking for are sort of pro-active
statements about HHS should probably assure X level of security, X level of
confidence or whatever, as opposed to asking the industry specifically, Do you
meet X level of A, B and C, and asking each of them to say things. So I think
it is really more of a – at least, I think we are saying things in more
positive statements about a need for a desired level of security.

I mean, are you comfortable with maybe taking it from that perspective,
rather than asking them to mark things in the boxes or whatever?

MR. BLAIR: The reason that I am pausing is I don’t know, and – but,
apparently, it is the sentiment of the subcommittee, as I heard it, that people
around the table do feel – seem to feel comfortable and have a level of
confidence in the security of the networks without additional testimony. So I
accept that.

DR. COHN: Well, Jeff, I guess I am not even sure that I – I think what I
heard from the groups is is that they were – they came forward and described
pretty specifically what they were doing, and I don’t think we can ask them for
much more than that, I don’t think. So I guess the question is if they have
really described how they connect everything together, you know, I think it
becomes our assessment of whether that is adequate or not –

MR. BLAIR: Um-hum.

DR. COHN: – as opposed to then asking them, Well, geez, you have that level
of security, but are you secure enough?

And, once again – and I just sort of – I mean, that’s why I am saying that,
only because I thought that they – once again, I would have to review the
testimony – and I’d maybe ask Margret to review the testimony, because I think
– but I think that that was what we received from them.

Maria.

MS. FRIEDMAN: Didn’t we also ask them – you know, you say it is secure, but
what problems have you encountered? Have there been breeches, blah, blah, blah?
And the answer was no, not really, that there are – you know – millions of
things going through, and that is working well, and nobody had any real horror
stories to tell.

MR. BLAIR: From what I could tell, from what I remember, I didn’t hear any
objections or criticism about the data integrity of the secure network.

MS. FRIEDMAN: Um-hum. So far.

MR. BLAIR: The areas where I heard concern was were the practices strong
enough to assure authentication at the beginning – authentication of the
prescribers and the dispensers. Is that correct?

MS. FRIEDMAN: That is what the NIST person said also.

MR. BLAIR: Yes. Okay.

DR. COHN: Margret, do you have a comment?

MS. AMATAYAKUL: Oh, no. (Laughter).

DR. COHN: No? Okay.

MR. REYNOLDS: Yes, the only thing I would, I guess, like to hear, we heard
testimony yesterday from the DEA – and I think it was yesterday. I have been up
here all week. (Laughter).

DR. COHN: It was yesterday, Harry.

MR. REYNOLDS: Okay. Yes. Good. I’m focused. I got it. Okay.

So I think the key point, you heard non-repudiation. You heard it clearly
and precisely. Current e-prescribing does not have non-repudiation. It has
chain of trust, because you are passing it through many pieces. So all I am –
what I was surprised at yesterday – just to give you – I was surprised that
there was no open-mike discussion by the industry after DEA spoke, because I
think if DEA were to go past Schedule II, onto III, onto IV, onto V, and make
that truly the game, I think that – whether it is the small prescriber, whether
it is this chain of trust or whether it is anything else may change, and I
would personally like to hear some kind of a comment from the industry,
because, if you remember, when we had the industry testimony on the previous
things related to NCPDP we got clear recommendations. When we got into the
security and the secure socket layer, we had a little bit of discourse going
back and forth as to why maybe there weren’t maybe a little more pointed
discussions.

So I still have a gap in my mind between where DEA came out and where
e-prescribing is today, and if it were to go one way or the other, is that a
problem or is that a concern or is that something we need to take into
consideration? So that is just – that is one outstanding thing in my mind that
I can’t get a hold of.

DR. COHN: Well, Harry, and thank you for transitioning to that, because I
think yesterday I talked about three – us thinking about three separate buckets
– non-controlled substances and then Levels 3, 4 and 5 and then Level 2 – and I
think that is sort of where you are going.

I certainly would add to that that I think we, at least, need to review the
documentation that we had heard previously about how states are addressing all
of that, and I know that the national organization, the State Boards of
Pharmacy, had given us previous testimony, and I – unfortunately, my memory is
not so good that I actually remember everything that was in those documents,
but we may need to ask them back to tell us, only because there is DEA, then
there’s State Boards of Pharmacy and state acts in relationship to this, and
then there’s how people are implementing things.

So I think it is a real – I mean, I think we sort of need – I mean, that’s
not a chain of trust, but that is the world as we know it. So we probably need
to sort of go back and retrace our steps around that a little bit.

I think Lynne Gilbertson has come here to make a comment, and then we’ll
get – and then – well, we’ll get Judy, Steve and continue.

MS. GILBERTSON: Harry, is your question what would the e-prescribing
industry do if Schedule II’s were held to a different standard than normal
prescriptions and III, IV’s and V’s? Is that basically what you are asking?

MR. REYNOLDS: That is step one, and then what if everything got held to
that standard?

MS. GILBERTSON: Okay. The first part –

MR. REYNOLDS: Because once you –

MS. GILBERTSON: Okay. The first part, from the different industry
testifiers we had, I think there were quite a few who said if Schedule II’s
were held to a different standard, they would become paper, as they are today.
So that would be one step that would occur.

Now, if all were held to that, we would look at a pretty serious impact to
the e-prescribing electronic environment, if everything had to go, because the
testifiers kept saying over and over again, you are effecting the largest
percentage by holding it to standards of the smaller percentages.

MR. REYNOLDS: That was my point, Simon –

MS. GILBERTSON: That was just what the testifiers had said.

MR. REYNOLDS: Well, and I knew they had, but – so that is where I still
have a – we had an industry that helped us get the first letter, because they
talked about what they were doing. You know, so they – we picked out the things
that were already going on.

Now, I think we are at a fork in the road, at least for discussion, not,
again, positive or negative, but for discussion as to so now what happens? Now,
what would be their feelings? Now, what would this look like, and can this go
at a full scale if – so our letter is going to have to have something to say
about it.

DR. COHN: Well, and, Harry, before Judy asks – makes her comment, asks a
question, let me just clarify from you in your conversations were you
referencing DEA’s comments about Levels 3, 4 and 5 or you were specifically
focusing on requirements around Level 2?

MR. REYNOLDS: They talked about 2, and if I recollect correctly, they
talked about 2, but stopped short – short of whether it would go to the others,
because we talked about that, and so my point is if we have an industry that
says, I can go forward now and I am willing to work with your standards and do
everything for the way we are doing things, and then I have an agency that
could have jurisdiction, say, so – that I’m willing to – I might tighten this
down for everything, because I think with all these hand-offs, non-repudiation
just becomes a huge issue.

DR. HUFF: But I am not sure – I mean, I think we can only recommend what we
think is appropriate, and if the DEA does something, then, those guys are going
to make their own decision about what they do with their applications,
regardless.

I don’t think we would change our recommendation if – based on what the DEA
said trying to anticipate the reaction of the industry. It seems to me that we
just need to – we need to recommend what we think would be appropriate and
beneficial, and if the DEA does things that are out of our control, then the –
we might want to have more hearings then and see if there is something we could
do, but I am not sure – I mean, I don’t think we would recommend something
different because we thought the DEA was going to do something different.

MR. REYNOLDS: I’m not saying – and I wasn’t alluding to that. I’m just
saying there’s just a –

DR. COHN: Yes, and let me maybe frame the conversation slightly
differently. I mean, I think we know non-controlled substances, and I think
that is not really what we are talking about right now. I think what we heard –
at least what I heard from the DEA yesterday – was a pretty strong statement
about the Category 2. I heard that they were – I mean, as you commented, they
were uncertain about Category 3, 4 and 5, and I think that probably part of our
role is to probably try to make some recommendations that might include HHS
having conversations with the Department of Justice or whatever around 3, 4 and
5, and trying to get some resolution to that, only because my – at least what I
heard yesterday – my memory is is that is an area where there is a lot of
ambiguity. That is why I think we need to hear from the states about how they
are handling it and what their own regulations are around all of this stuff,
and then we need to reflect about that.

I don’t think that we are going to be able to – I personally don’t think
that we are going to be able to make a lot of – come up with a solution about
how to handle Category 2’s, since they seem to be a very different species, at
least from the DEA perspective.

MS. GILBERTSON: And wasn’t in the VA’s pilot, they got a special
dispensation or whatever – exception – for Schedule II’s, not for III, IV’s and
V’s, which kind of tells you –

DR. COHN: Exactly.

MS. GILBERTSON: – that that’s where they were thinking for the pilot.

DR. COHN: Exactly.

MS. FRIEDMAN: Yes, they had to get that waiver from the DEA –

MS. GILBERTSON: Right.

MS. FRIEDMAN: – in order to actually do it.

MS. GILBERTSON: Actually do it.

MS. FRIEDMAN: Then what I heard from the DEA was that their requirements
were for 2’s and it would be optional for 3, 4 and 5’s.

DR. COHN: I’m sorry, Judy, you –

DR. WARREN: Yes, I just wanted to reply back to Harry, because he made the
comment that none of the vendors really made any comments after DEA. I thought
Proxy Med – I thought Jack Guinan was pretty serious of his company couldn’t
handle Schedule II drugs, you know, and if we recommended Schedule II, they
would be close to going out of business; and the guy from Florida, with the
name that we can’t pronounce.

MS. FRIEDMAN: David Medvedeff.

SPEAKER: David Smith. (Laughter).

DR. WARREN: And he was very careful – you know, to saying that they were
doing PKI, and we got a very limited sense, which did not match up to the DEA,
and when you think back to where we were in our last set of meetings when we
heard about Dr. First(?) and some of those others, the others said they
couldn’t handle some of the PKI issues.

Now, Dr. First said, if you require it, I’ll do it, but it would take a lot
of ramp up for them to do that, but they would do that, and I think, given the
nature of where they have come from in a business sense with James Chin as
their CEO, they could probably manage that, but I’m not sure the others can.

So I think the industry has given us a response. However, I was surprised
that a lot of those vendors didn’t send somebody here to hear the DEA. I don’t
know if that’s what you were after. There was – I mean, I really expected all
of them to show up again, because they were worried about the DEA, and they
didn’t.

DR. COHN: Well, but I think what you are saying is that Level 2 is
different.

DR. WARREN: Yes.

DR. COHN: And I think that – I mean, that is just something we need to keep
in mind with whatever recommendations we make. We may choose to make
recommendations that don’t solve the entire problem.

MR. REYNOLDS: No, and I think that – that is where I was going.

DR. COHN: Yes.

MR. REYNOLDS: No, I mean, if that is going to be clear, good. No, all I’m
trying to do is keep the conversation going so we get to a point where if that
is that much different – and we are hearing from everybody that it is that
different – and – that may be a part of the letter.

DR. WARREN: And I also think we probably need to have a pretty clear
dialogue about whether or not Schedule II should belong in the pilots that we
are doing for e-prescribing or if we want to have one pilot that kind of adds
that in as a component, so we can see impact; but I guess my concern is if we
add it in to all the general pilots, it may be enough to kill them off.

DR. COHN: Yes. It sounds like Margret is capturing that already. So that’s
good.

Steve.

DR. STEINDEL: Simon, my comment from the DEA testimony was I found it very
interesting in the area of non-repudiation. They showed a slide on what
constitutes a PKI, and, in that slide, they referred to the hash, which is the
non-repudiation aspect of a PKI, but whenever they brought up non-repudiation
after that point, they were vaguer that they didn’t – like they were looking
for recommendations on how to do non-repudiation, that there was an implication
that it would be done by the hash method and by the PKI system, but there was
also an implication that they could be exploring other solutions, and one thing
that I got after all the comments that – you know, the responses DEA made to
our questions was that a lot of this is still in the exploratory stage and that
they are looking for what can be industry-acceptable solutions, and they are
going to release it as an NPRM. They are not releasing it as a final rule. So
we do have a chance to look at it, the department has a chance to comment on
the NPRM, and we can take a look at it with respect to the needs of the
e-prescribing community.

DR. WARREN: – withdrawn, they said.

DR. STEINDEL: No, it’s going, but when it is going to be released it is
going to be as an NPRM.

MS. FRIEDMAN: That is true, but our recommendations will come out first.

DR. STEINDEL: Yes, our recommendations will come out –

DR. WARREN: We had the NPRM out there. It’s just recently been withdrawn,
which leads me to think they are still not very clear –

DR. STEINDEL: They are not very clear. It was very clear to me that they
are not very clear.

DR. WARREN: Because they were pretty active at our last January meeting
that the NPRM was out there.

DR. STEINDEL: And, you know, I think there may be a way to craft even
Schedule II so it can fit into the e-prescribing structure.

DR. COHN: Well, Steve, I guess I would invite you to send bullets to
Margret that help encourage that. (Laughter).

Okay. We have a comment from Lori. I think Jeff wants to make a comment,
and then I actually want to begin to wrap up, since we are getting close to
12:15.

Lori, do you have a comment? Please introduce yourself.

MS. FORQUET: Yes, Lori Forquet from ASTM.

Regarding some of the earlier statements made today on secure networks,
standards supporting them, I want to reiterate that the ASTM 2085 and 2086
standards are not PKI focused. They are very specific to security best
practices or things such as 2086 in specific or internet and intranet networks.

What I think would be very useful would be to overlay that guideline on the
multiple network models that are out there. So I think we have heard a lot
about the network model from the value-added networks to the pharmacies, but,
perhaps, there is more variation from the physician and application into that
network, and that is where I think there may be further things we need to look
at to assure whether it is secure or not secure – Margret’s comments on the SSL
versus the virtual private network.

Further on that, if the – if it really is a server-side SSL, for instance,
between the physician writing the prescription and the application vendor that
then communicates with the value-added network, then you don’t have a closed
network. You have an open network, which, that point, would then be at risk of
anybody on the internet attempting fraud, and it depends on, then, if that is
perhaps user name and password only, you have a very high risk at that section.

So we need to really drill down on the multiple models, the existing
models, and then overlay a risk assessment and then determine whether or not
something needs to be strengthened. Whether it is strengthened with or without
PKI is really not the question, but where and how, under best practices, and,
again, please look at 2086 as a guide for that.

Regarding the industry, I will reference, once again, the pilot that we are
looking at in Connecticut for security – excuse me – secure implementation of
electronic prescribing. I do have at least two vendors- All Scripts and Health
Ramp – who have indicated they are willing to modify their product at that end
to conduct that sort of pilot. So I think we do have some vendors that don’t
find it will be overwhelming to implement it.

DR. COHN: Lori, thank you.

Now, Jeff, I think you have the last comment, and then we are going to
begin to wrap up with some next steps, so choose your words carefully.

MR. BLAIR: (Laughter). My observation is that when we start to think of the
pilot, I think there’s a lot of different things that have to be evaluated
during 2006 in the pilot, and I think of it as many scenarios that need to be
tested, not just one. So I don’t think we should think of things as just one
pilot.

DR. COHN: Now, with that, I want to begin to wrap up. I think we have done
some brainstorming. I think we have put a bunch of ideas on the table. I think,
going back to our earlier conversation about this issue of whether we bring
somebody in for SSL, VPN or whatever or we just get some written information
that we can share, I think if we can get sufficient written information, that
might be sufficient, but I’ll defer to our – to both Jeff and Maria and Margret
as we begin to sort of see what we can identify in all of that that might
resolve that issue.

Obviously, I think we have talked about a number of different sessions that
I think we need to have. Clearly, we are going to need to spend a significant
amount of time talking about whatever it is that we sent to Margret initially,
further ideas beyond that. I do want to leave a significant amount of time for
actually work on the recommendations and review of them at that meeting,
probably on the second day, I would imagine in the morning.

Now, I think that I am going to have Maria – and hopefully Maria is
listening here – going to try to start scheduling weekly conference calls with
the subcommittee for after February 2^nd for each week succeeding – I
would imagine, probably a two-hour conference call, with the idea being that
will give us a chance to look at successive versions of the letter. We may be
able to cancel the calls after a couple of them, I guess one could hope. Based
on our previous experiences, I wouldn’t assume that, but –

MS. FRIEDMAN: I don’t remember what day we had them last time, but it
seemed that people were able to make themselves available. Wasn’t it late in
the week? Wasn’t it like a Thursday or something?

Let me ask in a different way. Is there any particular day that works best
for people or not?

DR. STEINDEL: Maria –

DR. COHN: I think you have to query us.

DR. STEINDEL: – in February, Thursday will not –

DR. COHN: Yes.

DR. STEINDEL: – universally work well for me –

DR. COHN: Yes.

DR. STEINDEL: – because that is going to be a travel day for me –

DR. COHN: Yes, late in the week is actually not good for me either, but so
we’ll – you and I will work and posit a couple of times and dates and sort of
see what people are available for.

Now, I think my bet is based on what we are talking about. I think it is
unlikely that we’ll be hearing a DSMO report in February. I mean, as we look at
the schedule, maybe there is time that is just not immediately apparent to me,
but I think we are going to – I mean, given that we just –

MS. FRIEDMAN: We are still doing a day-and-a-half?

DR. COHN: Well, I think we are still doing a day-and-a-half, and I think
that we – I mean, given that we just heard this request – I received this
request during our last session. I think we are just going to have to think
about exactly when is the best time to have that, and it may be at the March
full committee meetings or it may be in April. We’ll have to look at sort of
the timing and the need in terms of all of that to happen.

I guess, alternately, we can explore with people – No. Let’s not explore
anything with people at this moment in terms of all of that, but we will talk
about it and Maria and I will do a little planning around that.

Now, we are going to have to start – people about meeting dates for the
last half of the year, as well as, I think, our next full committee after the
March hearings – after our March full-committee meeting is April 7^th
and 8^th – April 6^th and 7^th for the
subcommittee, and then we actually don’t – my memory was that we were having
trouble scheduling one between then and our June full-committee meeting, at
least to my memory, and I suspect that we’ll be trying to – trying those – that
period once again to see if there’s dates that might work for people, as well
as we will try to come up and begin to scope out dates for the remainder of the
year, assuming that is okay. I mean, I don’t want to overburden everyone, but
it’s probably time, knowing that all of your schedules are filling up.

Yes, Harry.

MR. REYNOLDS: Yes, on the DSMO’s, I don’t see any issue at all moving that
out, because I think we didn’t hear anything today that would be actionable. We
didn’t hear anything that would necessarily be hot enough on somebody’s plate
that we would have to make some recommendation to the Secretary or go forward.
So I don’t think that delaying that would be a significant issue.

DR. COHN: Yes, I – I don’t know. I mean, I’d have to find out more, which
is something probably Maria knows, but I don’t, but I think we’ll have a
conversation with them and figure out a reasonable time to do it, recognizing
that – you know – the schedules are sort of what they are.

Now, do other people have comments?

Stan.

DR. HUFF: So this is a new subject.

DR. COHN: Oh, please. What is your new subject?

DR. HUFF: Well, we have been dealing with what I think are very important,
but, in some ways tactical issues, you know, about drugs and – one of the
things that occurs to me is are there other big issues that this committee
should consider or think about?

And the one that comes to my mind is the whole idea, which I think has been
expressed as a vision before, and this is not original with me, but the idea
that, in fact, we could change from the current process of classification of
billing codes and mortality codes from a manual process to an automated process
that depended upon the clinical data that was collected. So I had this vision
in my mind that we are doing coding at the bedside, according to the things
that we need to take care of the patient. We are collecting data at that point,
and that you could have an automated creation of billing and morbidity or
mortality codes, and I think this is a long way off. We are a long ways from
that, but I wonder if there are things that we, as a committee, could start
considering and suggesting in terms of pilots and other things that could make
that ultimately a reality. That could have a huge change, ultimately, in our
understanding of healthcare in the U.S., I think, if we could – so I thought
Marjorie might wake up. (Laughter).

MS. GREENBERG: I was awake, but I perked up.

DR. COHN: Okay. Steve and then –

MS. GREENBERG: You’re talking specifically mortality coding.

DR. HUFF: Billing coding as well.

MS. GREENBERG: Yes, or – well, I would not consider morbidity coding
strictly billing coding, but, I mean –

DR. HUFF: No, I wasn’t equating the two. I was saying that both of those
kinds of classifications should derive directly –

DR. COHN: Stan –

MS. GREENBERG: Well, I

DR. COHN: I am going to – I am going to – hey, I’m going to apologize to –
Okay. Marjorie, the last comment, and then we are going to need to finish up.

MS. GREENBERG: You are not even going to let me answer here?

DR. COHN: No, you have the last comment.

MS. GREENBERG: Okay. I just wanted to clarify his question.

I think it would be good for you to hear from somebody – particularly the
NCHS, who is responsible for mortality data – to understand what some of the
challenges are there.

I mean, we do automated mortality coding now from entity-level data. So, in
a way, it is – you know, we are there, but the problem is that, frequently, the
underlying cause of death, or, commonly, the underlying cause of death, which
must – you know, there is a whole process for mortality coding. You do the
immediate cause and then the next cause and the underlying cause.

Often, the underlying cause isn’t even in that hospitalization, because of
the way – it is very different than morbidity coding, the way the rule is for
actually arriving at the underlying cause of death. So it is not – you could
have – you know – exquisite detail on everything that went on in that
particular encounter in which – or hospitalization in which the patient then
died and you wouldn’t have the information you needed –

DR. HUFF: My focus wasn’t mortality data, so much as it was morbidity and
billing classifications –

DR. COHN: Okay –

MS. GREENBERG: But you said mortality –

DR. COHN: Okay.

DR. HUFF: I said them all in there, and I would like to address all of
them.

DR. COHN: Okay –

DR. HUFF: That one is a minor part.

DR. COHN: Okay. Okay. And I – we have noted it as an item. I will
apologize, but we are losing members, because we are after the end of our
session. We are finishing beyond time.

I think, Stan, what we will do is we will put that on as an item for us to
discuss – and I apologize, because we intended to discuss strategic issues for
2005. We made it through HIPAA and we got into sort of what we needed to do for
e-prescribing, but I think that that is something –

DR. HUFF: And that’s all I wanted to do –

DR. COHN: Yes.

DR. HUFF: – is just get it – raise it as an issue.

DR. COHN: Yes, and I think what we will do is talk about it at –

DR. HUFF: And I think Margaret is right. That is exactly what we need to do
is hear what the issues are.

DR. COHN: Exactly.

MS. GREENBERG: Yes, I mean, I would love for you all to look at this.

DR. COHN: Yes.

MS. GREENBERG: I just wanted to make that clarification.

DR. COHN: But what we will do is we’ll hopefully find some time on the
second day at the next meeting to sort of brainstorm and talk about a number of
these issues. So I want to thank you for putting on – but I just don’t want to
solve the problem right now.

DR. HUFF: Why not?

DR. COHN: Well, we are moving in that direction.

Anyway, with that –

MS. GREENBERG: I was only trying to clarify the issue.

DR. COHN: Sure, and I do want to apologize for everybody. We are running
about 10 minutes after our stated adjournment time.

I want to thank those who are still listening in on the internet as well as
still in the audience.

Subcommittee members, we will stand adjourned until our next meeting in
early February.

Thank you.

(Whereupon, the meeting adjourned at 12:26 p.m.)