[This Transcript Is Unedited]



July 17, 2007

National Center for Health Statistics
3322 Toledo Road
Hyattsville , Maryland

Proceedings By:
CASET Associates, Ltd.
10201 Lee Highway, Suite 180
Fairfax , Virginia 22030

List of Participants:

  • Simon Cohn
  • Harry Reynolds
  • Justine Carr
  • Debby Jackson
  • Mary Jo Deering
  • Mark Rothstein
  • Paul Tang
  • Steve Steindel
  • Mark Overhage



DR. COHN: I think we should get started. I want to welcome everyone. I want
to call this meeting to order. This is a meeting of the Ad Hoc Work Group on
Secondary Uses Of Health Information of the National Committee on Vital and
Health Statistics. The National Committee is a statutory public advisory
committee to the U.S. Department of Health and Human Services on national
health information policy. I am Simon Cohn. I am Associate Executive Director
for Health Information Policy for Kaiser Permanente and Chair of the Committee.

I want to welcome committee members, HHS staff and others here in person. I
understand we are being recorded, and we will know when we get onto the
Internet. I want to remind everyone to speak clearly and into the microphone
for recording purposes. As I said, we will let everyone know once the Internet
connection is assured.

We do want to thank the National Center for Health Statistics for welcoming
us into their space for our meetings. We appreciate their hospitality.

Let’s now have introductions around the table and around the room. For
those on the National Committee, I would ask, if you have any conflicts of
interest related to any of the issues coming before us today, would you please
so publicly indicate during your introduction. I want to begin by observing
that I have no conflicts of interest.

MR. REYNOLDS: Harry Reynolds, Blue Cross Blue Shield of North Carolina,
member of the committee, and no conflicts.

DR. CARR: Justine Carr, Beth Israel Deaconess Medical Center, member of the
committee and no conflicts.

MS. GREENBERG: Marjorie Greenberg, National Center for Health Statistics,
CDC, Executive Secretary to the committee. Welcome to NCHS.

MS. AMATAYAKUL: Margaret Amatayakul, contractor to the work group.

DR. DEERING: Mary Jo Deering, National Cancer Institute, staff to the
subcommittee of the NCVHS.

MS. GRANT: Erin Grant, Booz Allen Hamilton, contract support.

MS. ANDERSON: I’m Kristen Martin Anderson from Booz Allen Hamilton, and we
are contract support.

MR. MC DONALD: Clem McDonald, National Library of Medicine. I am now a fed
so I have been purified. I can’t have any conflicts.

MS. DIAMOND: I’m Carol Diamond with the Markle Foundation.

DR. SCANLON: Bill Scanlon from Health Policy R&D, member of the
committee, no conflicts.

MR. STEINDEL: Steve Steindel, Centers for Disease Control and Prevention,
staff to the ad hoc work group and liaison to the full committee.

DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the committee,
no conflicts.

DR. ROTHSTEIN: Mark Rothstein, University of Louisville School of Medicine,
member of the committee, no conflicts.

MS. JACKSON: Betty Jackson, National Center for Health Statistics,
committee staff.

(Whereupon, the remainder of the introductions were performed.)

DR. COHN: We will let everyone know as we get the Internet connection.

Agenda Item: Overview of Work Group Task

Before we move into the agenda review, let me make a couple of opening
comments. We have been talking about this whole issue of secondary uses of
health information, but today marks the first set of hearings for the ad hoc
work group. We had a couple of preparatory conference calls. We are very
excited about getting started on this activity.

Specifically, we have been asked, we the National Committee as well as this
work group, have been asked by HHS and the Office of the National Coordinator
to develop an overall conceptual and policy framework that addresses secondary
uses of health information, including a taxonomy, describing types of uses and
users of health data, definition of terms, as well as guiding principles, the
balance, the risk, sensitivity, benefits, obligations and protection of various
uses of health data.

We have also perhaps in a more substantive fashion been specifically asked
to develop recommendations to HHS on needs for additional policy, guidance,
regulation and/or public education related to expanded or proposed uses of
health data in the context of the developing Nationwide Health Information

This is a broad discussion. The initial consideration and focus is around
the quality issues and how data can be used in the processing and management of
data directly associated with quality measurement, reporting and quality

As you all know, I will be leading the work group. I want to thank Harry
Reynolds and Justine Carr for their willingness to be co-chairs. As you know, I
will be depending on them significantly, and they will be running much of the
meetings over the next couple of days. I also want to thank members of the
NCVHS who have agreed to be members of this ad hoc work group around the table.
These include Paul Tang, Bill Scanlon, Marc Overhage, who hopefully we will see
soon, Mark Rothstein, Kevin Vigilante, who we will expect to see shortly, for
being willing to serve on the work group, and then all the other members of the
NCVHS, all of whom have volunteered to be reviewers for this process. We do
realize that this is going to be a fast-paced activity, and I think we are
delighted that everyone from the NCVHS is willing to participate in one fashion
or another as we dip into this area and begin to come up with perspectives as
well as candidate recommendations, and can being them along.

I also want to take a minute and thank our liaisons as well as our ONC
leads, Office of the National Coordinator leads, for their participation. We
will be expecting hopefully to see John Loonsk later on today, but also Steve
Steindel from the CDC, Mary Jo Deering from NIH, John White from AHRQ who is on
the phone with us. I think Mary Beth Farquhar will be joining us later on
today, and Debby Jackson from NCHS, Marjorie Greenberg, Kelly Cronin who may be
joining us later today, a variety of liaisons, and we appreciate their

And of course, staff support, I have mentioned a number of the staff
already, but without their work — I just want to acknowledge them for a
moment. This is another summer activity for the NCVHS, and without their
involvement, leadership, support, we would not be able to have this hearing. We
would not be able to move into the next set of hearings, which will be in early
August and our final deliberations, scheduled for later August. So we want to
thank them all for that work.

I also want to thank our lead consultant on the project, Margaret A, for
joining us in her work, as well as Erin Grant and Kristin Martin Anderson, both
from Booz Allen Hamilton. Thank you for your help in terms of all of this.

I will stop for a minute. I think I have probably forgotten someone in
terms of people we ought to be thanking. I knew I had forgotten somebody.
Cynthia, thank you very much.

In all we plan on somewhere between six and eight days of public hearings.
I think we started out with the initial view that it would be now and at the
end of July, early August. I think we are beginning to realize that probably we
will need additional hearings later on in August, and coupling that with
additional time for public discussion of draft recommendations and framework,
with the idea that we will have an advance draft or maybe a final draft by the
end of September to bring forward. As always, given our history, this would be
a very open and inclusive process, and it is intended to be as we move forward.

Let me speak broadly of the agenda, both today and I think we will also see
this playing out in August. The agenda is a combination. It is meant to allow
us to go both from broad framework conversations, and we will sort those out
momentarily, but also getting down into the specifics relating to the issues
around quality, quality reporting, measurement and quality improvement, with
the idea that we will be working on both at once, using the specifics of the
quality issues to help around us as we talk about the high level framework
issues, but also talking about the broad level framework issues to make sure
that we are not missing anything as we delve into the quality issues.

So we are going to be maintaining this tension in our conversations in
talking about both at once, occasionally disentangling them, but once again,
the idea is to use this balance to help make sure that we are comprehensive as
well as thoughtful in our deliberations.

As always, we ask all members to come to the hearings with open minds and
to listen to the multiple different perspectives we will be hearing. The issues
and questions that will come before us are high level conceptual issues, and
some that we have been wrestling with certainly as long as I have been on the
NCVHS, issues of privacy and the balance of privacy among others. That is going
to be an important one.

But I think the other part of our discussion has to be around practical
guidance and recommendations, tools, technologies, other things that we can
recommend to the Secretary and HHS that may help minimize any issues or risks
we identify.

So I would suggest to you that we are thinking about things in two
different levels, broad level conceptual, but let’s also be practical and come
up with specific recommendations that are actionable by HHS. This is I think in
keeping with who we are and given our history of doing this for the Secretary,
broad level concepts, but also giving very specific recommendations that allow
the Secretary and HHS to move forward in a way that is actually going to make a

So I would have you all think as well as talk about this today and in
succeeding days. As nice as it is to talk at the broad conceptual level, we
need to tie it down to what exactly are we going to be recommending as next
step items, and coming out of this whole conversation, not today but certainly
by mid-August with specific things that are doable that HHS can do to help deal
with some of the issues that we identify.

I should also comment on the agenda review. One of the ways we are setting
up the conversation is to make sure that each day there is time for work group
discussion on the issues. We recognize that if we wait until the end of the two
and a half days to begin to get ideas and thoughts from the committee, we will
have forgotten some of the good ideas in all of this. So we are setting this up
so that today and in subsequent days there will be periods of time just for
work group conversation and discussion. We are thankful that Margaret A. is
here to put some of that together and keep track of that for us, as well as
hopefully providing valuable input.

With that, let’s talk very quickly about the agenda. Then I will turn it
over to Harry to run the sessions today.

This morning we are going to be starting out with some overall framework
conversation. We are really thankful to have Clem McDonald, who is not only one
of our favorite people, but also is a former member of the National Committee.
We do miss you, Clem. Even though he has been sanitized in the federal
government, we don’t believe that for one minute. We think he will bring some
interesting perspectives to all of this. We are also very thankful to have
Carol Diamond from Markle talking about some of the Markle perspectives in this
whole area. Once again, we are trying to get ourselves to hear a variety of
views at this high level framework conversation as we begin to drill down into
the quality issues.

After our first break, we will talk more about these high level key
opportunities and challenges with Lynn Etheredge, and then Janet Marchibroda
will be talking for E-Health Initiative. We are going to be taking a late
lunch, around 12:45. Even though the agenda says we are taking an hour and
45-minute lunch break, in reality it will be an hour and 15 minutes. We will
come back at two o’clock for the first of will be a variety of conversations.
Then this afternoon we move into the issues about clarity of current law,
relative uses of health data. We are pleased to have Sue McAndrew from the
Office for Civil Rights as well as Bill Braithwaite, who is now a private
citizen, but was instrumental in the development of the HIPAA privacy law, and
we are hoping some conversations around how HIPAA privacy thought about a lot
of these issues, recognizing that many of these things were if not explicitly
contemplated by HIPAA, at least there were some implicit views of how all of
this should work as perceived in current legislation and regulation.

Finally, we end up the day with a conversation from the health information
security and privacy collaboration, just to see the state of issues plugging
into all of this, and then once again some conversation.

So anyway, that is going to be our plan for the day, plenty of conversation
and hopefully plenty of time for interaction.

With that, I will stop. Harry, do you have any opening comments?

MR. REYNOLDS: No, you are right on time. It is 9:29, and we are ready to
go. With that, as Simon mentioned, our first panel is Clem McDonald and Carol
Diamond. So we will just go in order as it is listed on here. Clem, why don’t
you start us off?

Agenda Item: Key Opportunities and Challenges in Framing
uses of Health Data

MR. MC DONALD: I appreciate the chance to return to my old home. I am
fearing that NCVHS has been dispossessed, because the last time they were out
at NIH and this time in Hyattsville, and what happened to the Humphrey
Building, did you lose it.

Twenty minutes, is that the scheduled time? I better not discourse. Don’t
take me a being a representative of NLM. This is not sanctioned position
necessarily. It is my thoughts and experience. I am going to cover a lot of
subjects, some of which will reflect what I said at AMIA, and I will try to
answer the questions at the end.

Some of the questions were, what are the sources of clinical data that are
used for secondary purposes. There are lots of them, labs, medication orders,
radiology reports, dictation, EKGs, lots more. The neat thing about it is,
there is a lot of electronic data that is sitting there for the taking, and
Carol and I have similar views on some of this, that it is a shame that we
aren’t using it more and better.

Administrative data, which I think is unfairly maligned from the
researchers’ point of view. They go, it is no good. Well, nothing is any good,
depending on what you use it for. Oxygen is bad for you in too much quantities,
and water if you drown in it is not so good. So I think it is a shell. It is
very predictive under many circumstances, so it is good.

Tumor registries. There are 25 million records roughly in the U.S. around
the country, cardiology database, ACC, ATS. Each of those databases, one is the
bypass surgery, the other is catheterizations, has got two or three million
records. In some states I think it is 70 or 80 percent of all the cases now
going forward. Federal ESRD database, all the end stage renal disease has been
meticulously recorded and measured for at least the last four or five years;
I’m not sure how long it goes.

Outpatient medications. Pharmacy benefit managers have them all, just about
all. Pathology, paraffin blocks, there is genetic data sitting around. That is
good, not bad. I will come to that later.

Medicaid procedures and diagnosis, Medicare we all know about. Medicare is
really getting to be like a medical record. It is not just administrative, with
the drug data included and some of the additional stuff on the new Medicare
patient being collected.

Social Security death tapes. It is not a lot of facts, but it is very
important in predicting things. Death is the numero uno outcome. There are lots
of special federal collection instruments. Oasis, disability, Medicare deducted
exam, et cetera.

The uses. You are asking about secondary uses. Public health, this group
probably doesn’t need to hear more about that, but there are lots of good
public health uses of this, collective quality and cost control, performance
improvement, statistical feedback. Prospective feedback to clinicians to be
sure they get the things done on the patients where we know what needs to be

Personal health records, lots of opportunities there. Commercial uses. I
bring that up because it is the scary part of all this. In my thinking about
what I saw about things, I say very strongly we should do X, Y and Z, but
everything is set for selling the data, we get into tricky spaces there, bad,
maybe dark side-ish, and fearsome to the population of patients. There is
marketing, market access, feedback to physicians statistically. There is valid
commercial uses, but I think we should cage them in some ways.

Research uses, epidemiology in general, early discovery of drug toxicities,
Vioxx is the poster child that likely would have been detected with a
sufficient database much earlier than it was. Cost benefit and variation;
Windberg’s work. Someday in the next ten years we are going to have to figure
out what is really worth it of all the stuff we do at the trillions of dollars
a year. It isn’t all worth it. We know that now really, but we spend
profligately. These databases would be a major help to that. The inverse of
that is the value of new diagnostic and treatment technology. We could just
follow some of this stuff and see how well it is doing. The coded stints that
kill you earlier or save you longer, those kinds of issues can come out of

Recruitment of patients into studies. It is a shame we have such barriers
to that with the databases that exist. These are free human beings who can say
no if these things are done right, but we protect them even from the
opportunity to be asked, the way I read it.

Longitudinal followup. There is a theory about clinical trials that is
really appealing, that historically we spend gazillions of dollars per patient,
do modest sized studies that don’t product convincing results, whereas the
large simple trial says, more or less, randomize the patients. You don’t limit
them in a whole lot of ways. Get a whole lot of them so you don’t have to
collect so much data to do adjustments, and see what happens. In the most
extreme form you come to the pharmacy and randomize the drugs, and they would
wait to see who lives and dies. This is maybe trivializing it, but there are
some opportunities to do things like that on a large scale and really
understand what we should be doing going forward.

Then the issues. We have a huge shortage of evidence for decision making.
Clinicians are faced with zillions of decisions, and the research we have, the
evidence we have, really just covers a smidgeon of them. Preventative
decisions, some are cardiovascular interventions, some anticoagulation
interventions. We have minimum help with special circumstances like aging,
comorbidity, how one should change a decision based on those realities, little
help with decisions about diagnostic testing, surgery, use of devices, and
almost no help regarding cost benefits. Brian Ames and others have written
about that. You need so much more data, you need large sample size to get those
kinds of estimates. The studies say do or don’t do, not how much it is worth.

In some ways we worry about the small stuff. We have this incredible
interest and intensity in doing perfectly the five percent of care
interventions we think we know how to do, so we make sure we do them the way we
think we know how, and 95 percent just float and wander around, and we have no
idea whether we even should do them. So somehow there is an imbalance there.
These gaps could be filled in with the right population based data.

So the prime directive to me is to pull together the data that would let us
take advantage of all the data that exists. This is not just for secondary
uses. It would make life easier in primary use as well, if it wasn’t such a
struggle to get a whole net result, and know that the patient didn’t pick up
their drugs at the pharmacy, and on and on. So the separation — it is
important to emphasize the secondary uses, but we shouldn’t forget it is almost
the same kind of work we need to do to use them for both.

This could be used to assess the effect of the services we provide at so
much cost to so many with so little benefit. That is my belief.

We have to overcome the usual wall of entropy to pull the data together. I
started fiddling with the equation; you might be able to actually measure why
it is so hard. That is, there are so many independent bodies and so much
movement in each of those bodies. You could maybe convert it into an equation
and quantify it. But the equation is really hard.

Regional is what we should be focusing on. I’m not going to argue for that
now. Then all the things you could roll into it, the RIO model I believe as
being the way that is most practical, but I come from that school.

Many of those who did the standardizing work in overcoming this entropy
would get paid back and motivated if they could get easier life out of the
other people doing that same standardizing and unifying.

Why is it hard? The same reason that houses and desks become messy if you
don’t work on them. There is an immense amount of entropy in the process. I
couldn’t prove that with this formula.

That is not right. Major points of disorder is not the right word. I have a
new secretary. I didn’t really mean to say that. But we have major things that
we have to reorder or get better in order.

There is patient IDs across sources. Life would be a lot better if we had a
universal patient ID, but that is not going to happen. We have to be aware that
is a problem, knowing this number is the same person somewhere else, so that we
can make this whole out of the parts.

We need a standardized data structure to know where to put things in the
field and files. The solution is the standard data structures. I want to
emphasize this staff data structure. I have been talking with Medicare and
others; they don’t know how to think about the standardization when they think
about a group as being a field in a database, rather than as it is in most
clinical systems.

There is an issue with that. They just don’t know that there is this handle
on the variable that itself goes to a master file and then a place where you
have got to standardize things. It is an interesting discussion, and I think I
am making progress with them.

The basic issues and problems don’t vary with the use. There are some
exceptions. When the use requires data elements that are not now available, so
they want to declare a use space and they go, you have got all this data, but
you might not have all the data you need for that particular application that
is not now being collected. Or if it is collected, it is collected irregularly,
and not entered into anyone’s computer. It is scribbled on little pieces of

We have to realize that that is an additional level of work to collect that
and do that. It is not just, get them to do something different; it is, get
them to do more work. It may be the right thing to do, it probably is, but we
should be conscious that there often is extra work, and someone has to absorb
the new data collection costs.

An example of this, office testing systems. When you think about
performance measurement, a lot of the instruments are like a thermometer. They
stick the blood on it and they read it just like you read a thermometer, and
you write it down. There are no electronics in it to get anywhere else.
Further, if you do the collection, you can’t just get by with putting a number
down, you have got to record the test, you have got to record the date and
time, you have got to record who did it for the quality assurance stuff, you
have got to record the patient ID. So there is a fair amount of labor in that,
and we should focus on some of those things because they could be made easier.

The other exception is when the data is being sold. I really don’t know how
to think about that. I think it raises a lot of — when I was in Indianapolis
it raised a lot of terror in my mind, because it changes the whole dynamics in
the collective thinking about it. All of a sudden the institutions start
thinking, billions of dollars, and it changes everything in not necessarily a
good way, I think in a bad way. Plus, it makes everybody suspicious, and maybe
rightly so. If you say it is only going to be used for research and public
health and those kinds of things, the whole business, the scariness tones down.

This is the flats versus stacks. I want to talk a little about this. Think
bingo cards versus playing cards. Has everyone here played bingo? It may be an
ancient sport. On the bingo cards are numbers and the information is all
attached to one big block, one chunk. You can’t shuffle the numbers on a bingo
card. But when you get dealt playing cards, you can shuffle them, you can sort
them, you can move them around in different ways.

In the flat structure the variables are defined as columns, flat data
structure. This is the traditional way for research statistics and
administrative, government databases. The stack structure, the variables are
more like playing cards. On that card is the patient name, the date and the
number and the value, and you can shuffle them around, you can mix them up in
different ways.

That is the way all the clinical systems are built. And it has many
advantages for flexibility and blending data and merging data. This would be
the flat structure, where you have one record. This is one of the cardiology
databases, some of the data that is in one of them, and this would be the stack
structure. What is a field column in the stack structure now becomes a value in
the table. This is maybe long, complicated and subtle and may not be a good
thing to talk about today.

But if we think that way we get less confusion. If we clarify those
distinctions, there is less confusion and discussions about standards and how
to shift data around. I am praying that more of the large administrative things
store the data that way, because in the research world they make up these data
sets, and they change one element in the question, then they make up a new data
set. Lo and behold, after awhile they have 25 data sets, most of which are the
same and no one knows how they are different. Whereas, if you formally decide,
this is the variable linked to a specific external thing, you can change one of
them, and you still know what is all the same.

Now, linking patient identifiers across sources. Different sources randomly
pick different identifiers, more or less. That is how it comes out. This is
solvable with linkage strategies, at least within restricted scopes of time and
space. Shorter periods of time, it is easier because people have moved, smaller
geographic areas, it is easier because you have fewer people.

I would just say, don’t make it worse. We could make it impossible to do
linking if we get even worse on what fields can be moved and shipped around. I
don’t know if everyone knows which ones I am talking about, but the tighter we
get on this, the more impossible we make it. Then if we get to a certain level
it actually becomes evil for patient care. That is, you will make mistakes, you
will get the wrong data being linked in, and you are going to think the wrong
thing. Research can tolerate a little more error because you are making
statistical decisions.

Then an action maybe for this committee in terms of HIPAA which I am going
to defend — I don’t know if I was defending it if I was on the committee —
was to consider opening the way for one-way hashes. I can’t give you the
formulaic way to solve them. I don’t know enough about all the issues, but the
one-way hash more or less is the thing you stuff in the patient’s ID and
convert it into something and you can’t reconvert it.

The advantage is, let’s say you have a research database, collecting data
at huge expense. The Women’s Health Initiative would be a good example. You
would like to make it cheaper. You would like to hook into Medicare data to
find out the big outcomes. You can do that under IRBs and all the rest, and
then you get all the registry data from both sides. You do a lot of work and
you link them together, knowing all the facts about the registry data.

Going forward, if you could use hashing techniques, they could both
independently do this hash. There would be no need to expose this data going
forward. There are issues because you can’t do nearness matches and things with

Now, we pleaded in the HIPAA process, letters came from five universities,
arguing to allow hashes. The response was not only no, but damn, no. So it is
in the regs that we can’t do hashes, partly as a result of the fact that we
asked for them. I apologize for that. But we ought to really explore that,
because it could be less patient privacy risks with this kind of approach,
trying to do the kind of research that would be valuable and less effort to do
the linking if you could send around these unidentifiable things and link them
back together. But there are issues, and I don’t want to trivialize them.

Vanderbilt University has gotten permission to do some kind of a one way
hash with a very large thing, doing some additional things. So I think it is
doable in a way that everyone would be happy with.

An aside, this stuff about privacy, this is strictly Clem talking. Even if
I am sanitized, I want to say this one thing. I think that we have gotten
ridiculous about privacy at the edge. It might be possible, maybe someone might
someday, but shoot, they drive a motorcycle without a helmet and they don’t
worry about that. People shouldn’t be so darn selfish. This is going to help us
all, at least in the research scope, and it is not useful if 20 percent pull
out. We don’t know who that 20 percent is. And everybody gets their health care
paid for indirectly by the society, and we all get tax benefits on our
commercial insurance. So someday, someone should say, hey, let’s not be so me,
and think about us. With little minuscule tiny risks, someone might think they
know who you are, someone in a private office somewhere, but it doesn’t seem to
balance out against what the good should be from all of this.

There is a wonderful leader of the Genetic Alliance. I am probably quoting
this wrong, but they argue more or less that everybody should get their genes
up too, because we will all get cured that way faster, at least certainly those
people who have genetic diseases. Enough said.

A second aside is, deciding what is right is much tougher for selling the
data uses. I would like to carve that out, and say everything I say doesn’t
apply to that.

We have got to deliver information in a standard data structure. This
problem is solved, as far as I’m concerned, for most clinical space. HL-7,
NCPP, they are delivering this stuff in billions of messages a day. Empirically
I actually was very critical of the messages, because in my job at Regenstrief,
I had to review the bad messages and fix them. I thought, we are getting all
these terrible messages. Empirically like 98.5 to 99.5 are good, so it is
really a small percentage are bad, where you couldn’t automatically flow them
in. So the syntax is not the problem.

The bad stuff, they just stuff things in the wrong fields, and someone has
got to make them do better. You guys could help that. Almost every clinical
system has these things. Variables across sources. Variables are invented
randomly. We need to have a code. LOINC is one for many of these purposes, and
won’t go into that too much. The slides are in your hands. I didn’t do a
handout, but they are on your machine.

What we should do, could do to make this life easier is encourage and
incent the producers of data to make good messages. Don’t encourage doctors to
buy systems that collect bad data. Then they have to spend $15,000 per provider
on consultants to make it right. It would be so much cheaper to get the senders
and incent them in some way to make good data. Instrument vendors could stick
LOINC codes into their instruments and emit them with the variables. They know
what the variables are. It would be the easiest place to do it.

There is another set of issues. This was at HL-7, if someone doesn’t know
it. Medical records. The medical record is like a modular house. It is made up
of a bunch of stuff. The message defines the structure of the module. We don’t
need a separate structure to define the module inside the record and outside
the record. In fact, that would be bad. You are not going to get much if it
doesn’t come from the outside, and you have got to send it out to somebody
else. So keep thinking modular, and don’t keep finding gaps to invent still
more standards, so we have even more to deal with. Just get on with it. Stop
looking for the gaps.

We are almost done. We ought to squish CDSC and HL-7 together. There is
another split developing in the research side versus the clinical side. I don’t
know how you do that, but something needs to be done there to get them

Focus on the senders rather than the receivers. I have said this already.

DR. COHN: Clem, what does CDSC stand for?

MR. MC DONALD: CDSC is a fairly large and important and effective
organization working primarily through pharma to standardize steps. They have
got a lab message standard that is somewhat like HL-7, but it is different.
They have got a transmission standard to FDA. NCI is very involved with them.
But we are creating this separation — I worked in an academic medical center
for 35 years — that is goofy. Research works here, but it is the same
patients, same data, same labs.

DR. DEERING: It is a very bad acronym. CDISC stands for clinical data
interchange standards consortium. In fact, in a few areas they are working very
closely with HL-7, especially on modeling in some fundamental areas.

So in the area that they overlap, I think there is a lot of squish.

MR. MC DONALD: Well, it is not enough. I have been in this game a long
time, and people always look like they are working together. They have got the
head standard, that is another one. It is not really this, it is not really
that. It is nobody’s fault in some ways. It is just this entropy thing. There
are good people on both sides. Enough said on that.

To answer your question regarding facilitating quality data gathering, I
mean, gathering data about quality. We need to make it easier to gather the
needed data, encourage data exchange. Too much work is required to gather it.
Hand-held lab machines, I mentioned about that.

If they build LOINC codes as input they probably need little scanners to
scan a barcoded patient ID, because the boxes won’t necessarily accommodate a
great big interchange engine. HL-7 outbound. If they printed the whole results
of the 2D barcode, someone could scan into the medical record. Somebody had to
think about this problem. There are tools and pieces around that make it a
little bit easier without a lot more expense, I would think.

Current privacy regs. Administrators do over interpret HIPAA. They say
HIPAA says no when it doesn’t. We can’t do that because of HIPAA. Well, you
can. Despite my fussing about it at the edge, HIPAA really is useful, and it is
well defined. You can figure it out. It is written down. There are a lot of
people that know about it. There is a whole legal industry that has built up
around it.

So leave it alone. That would be my strongest suggestion. I think we cannot
make progress faster by major changes to HIPAA. So don’t start over. There are
just a couple of little things, but maybe if you open the box you are going to
blow it all up. You don’t need anything tighter for security.

I keep coming back to selling the data. One tweak to consider is the
one-way hash; I mentioned that already. You could do this updating once you got
to figure out who they were, and you could make a lot of research problems
easier, I think. Use this where protections may be low.

When it is sold, things get complicated. I am assuming it can only be
de-identified when it is sold, but I don’t know about that. Even then, with
complex data sets, we get this complicated balancing act. De-identified is not
anonymized. Everybody accepts de-identified, the way the rules work. We have
got to be pretty cautious about complex data sets, even when it is

At NIH, for example, the DB gap, they are not going to give that out and
put it public, even though it is de-identified, because who knows — we are
really young in this area. On the other hand, you don’t want to declare that it
is really identified data and have all the things you have to do with that. So
there is an interesting balance.

But I do think we have to be cautious, researchers and users have to be
cautious about de-identified data. It is very complex in its nature.

Special cases. For research we should make it easier. I said this already.
There are great opportunities to help each other and our children by
withholding our data. You get some fantasized risk in some cases. There are
some risks. The risk is, the insurance company might find out. But people
should read what they sign when they set up for life insurance. They tell them,
you can get all my data, so nothing we do in privacy protection will help stop
that. You have already given it away when you buy the insurance.

Employer business is another set of issues. There should be some laws
there. We should not require consent for de-identified or limited data sets. If
anybody is thinking about that, we might as well forget about secondary uses,
it becomes so impossibly complex. As I said, all of health care is paid by a
part of society, and we should be more generous about our data. As I said, we
are just being greedy buggers by forbidding its use.

RIOs I think are the sine qua non for most secondary uses. I can’t conceive
of another structure of RIOs or some variant of RIOs to get all the data put in
one place.

I don’t think we should do a national database. First, it is too hard,
secondly you don’t need it, and thirdly there will be political eruptions about

Question six, collect for other uses. Yes. This is my experience when I was
at Regenstrief. Mark can tell you better. Public health. We used it for
research, for de-identified research across all the institutions, but we were
not allowed to compare sources. There are other parties who have interests in
the data than just the patient. One has to be cautious about what we might be
doing to them and how they would cause eruptions if one did things to them.
There are doctors, there are hospitals, there are lots of issues where you
might invade their business interests which wouldn’t be fair or right when they
are giving you the data voluntarily.

We could do identified data research with probably IRBs from all of them,
if they wanted to insist on that, or you really need only one. There is a
magnificent performance project. Mark just got in; he probably can talk about
that, involving payors, hospitals and office practices, where they all share
the data in a limited way to achieve the goals of this. It is brilliant.

Uses of data for research, de-identified, you scrub the text and you remove
the forbidden fields. Don’t make it public. Only qualified researchers can look
at this complex data set. Limited data sets are available that need a little
more work, and I mentioned IRB. I think that is really all.

That is all I’ve got.

MR. REYNOLDS: Clem, thank you. We will move on. Carol, go ahead and
present, and then we will open it for questions afterwards.

MR. DIAMOND: Thank you for inviting me. It is a pleasure to be here with

I am Carol Diamond. I am with the Markle Foundation. I am going to touch on
some of the things that Clem raised, but also try to make some comments that I
think you were looking for in the agenda in terms of context and framing for
these issues. I think it is very critical to getting this right.

I have probably three key points to make, but I’m sure I’ll stick in a few
more. The first is, I think we have to reset our definitions and assumptions
about health data. I want to try to encourage articulating a new set of working
principles. I want to encourage the development of an information policy
framework that broadly addresses both what the public wants and hopes for out
of health care and also what they are concerned about.

Just a little bit of background on Markle and Connecting for Health. As
many of you know, Connecting for Health was established in 2002. We have
testified before this committee many times in the past, although it has been
too long for me.

Our simple goal is to accelerate health information sharing environments
that improve quality and cost effectiveness of care and bring together public,
private and not-for-profit groups. Everything that we have published and worked
on to date is available on our website.

We have had three historical areas of focus, technology and standards,
policies for information use and the role of the consumer. We never uncouple
these three in our work, because we think they are part of a piece, and they
are all necessary.

For the last several years, at least for the early years of Connecting for
Health, we developed a view of what information sharing looked like. In the
road map that we wrote in 2004, we described it as a decentralized open
standards based information network or network of networks, was the term we
used. We proposed a common framework of both privacy and technology attributes
that would accept and encourage local innovation while achieving
interoperability and portability.

It is based on a framework of privacy and built on a model of trust, which
can’t be instilled in the system. It has to be built from a trusting place.

There is this other piece of the information sharing that we are looking
for, which is to improve quality and safety in public health. So it is time now
for Connecting for Health to start to turn to some of those issues.

We started this work by talking to people on the steering group, and asking
them what they thought about the current state of public health research and
quality was. I will share with you a couple of those comments, but in general
there was a lot of concern that there wasn’t a cohesive approach to how we
handled public health data. When we started to talk to some of the people who
actually hold clinical data, what they tried to impress upon us was that there
are so many people now asking for that data in so many different ways — a new
quality initiative, a new P4P, a new public health requirement, a new reporting
requirement, research being done at the institutions. In fact, it was coined
the 800-knot problem, that there is no 800-pound gorilla anymore, but there are
800 knots, because every day somebody is asking for another slice or another
cut for some purpose.

In our initial approach, we tried to think a lot about what that meant and
how to improve it, and I will share with you how we evolved from there. But I
do want to also say that for the steering group there is a shared vision, and
we were able to solicit that. These were some of their comments. Again, our
steering group is made up of some of the people in this room, and also a broad
slice of public and private health care leaders.

Research should be a normative part of health care. Every intervention with
a patient is a chance to learn something. The data must be incorporated with
decision support and remeasurement, not an episodic hiccup of the data dump.

I have been saying this for 20 years, folks, where is the data feedback
loop? The only way to improve the process is to extract the information from
that process and send it back to the person.

What we got from these interviews was that clinical care is over here, and
quality and public health and research is over there. There is a huge wall
between the information that is used in the clinical setting and the
information that is gathered for these other things, and a recognition that
that gap is very detrimental to providing high quality care. It has been
written about for two decades. I don’t have to tell this committee about IOM
reports or RAND studies or other people who have looked at these issues, and
have pointed out not just that there are holes in the evidence base, but where
we do have an evidence base we don’t apply it all of the time.

The lost in translation term, this is from the 2003 New England Journal
piece, but there are many pieces and people who have written about the mixed
opportunity we have in taking information about lots of people and applying it
to the point of care to make a better decision for that person.

Instead of trying to tackle the issue of the 800 knots, once we realized
that we were probably trying to ameliorate a situation that wasn’t ideal
anyway, and just making it easier to send data to multiple sources wasn’t
really the objective, although we thought that for a short period of time, we
tried to set out at least a shared vision of what it is we are trying to
achieve with health data.

So we wrote these little vignettes that are meant to imply some idealized
future state, as a way to say this is what we are shooting for, and as a way to
shape our thinking toward that.

One of the vignettes which I am just going to share pieces of with you is
about a physician in a small four-doctor internal medicine practice. He is
seeing a patient who is coming to find out about whether or not she might be a
candidate for switching to a new oral hypoglycemic. It has only been on the
market about 18 months.

We tried to show an infrastructure that would be available to the physician
that would allow him to look at not just what are the studies on this drug, but
how is this patient’s glucose control historically trended against patients
like them, with the same characteristics, with the same risk factors, with the
same attributes.

We tried to also suggest that for a learning opportunity at the point of
care, the network might also help this physician look at themselves and their
ability to achieve glycemic control against other physicians with similar

This is a very different model from the static and somewhat historical and
retrospective model we have today for quality for public health and for
research, where we try to look at data historically, and then provide maybe
sometimes, not always, some feedback back to the clinician about their care a
year ago for a population of patients with a particular condition.

The upshot of this vignette is also that even for areas like public health,
there are opportunities to think about the use of information from the decision
maker’s point of view. That is where information has the most value.

In this case, the patient also had an upper respiratory infection and
although the literature told the physician that there was a particular
antibiotic that was good for this bug, there was some community data available
to the physician to suggest that there might be an alternative antibiotic that
might be more suitable.

This kind of a system, where you are always finding and learning about what
is working and what is best for patients, I think is really the goal of all of
the uses of health information. We sometimes forget, and particularly in the
last decade or so, that the purpose of research in public health and quality is
not data collection or reporting. It is actually having an impact on someone at
the point of care, on making a better decision than they would have otherwise.
That is the point of it all. If it can’t be used by someone who is in a
decision making place at a point of time, then it doesn’t achieve its full

We did similar vignettes for the consumer and for the policy makers, and
these are all available and can be shared. I don’t want to take the time to go
into them. So I am going to suggest three points here about trying to reset the

I recognize fully, having worked on some of these issues for the last five
years intensively, and prior to that, that these are complicated issues, and
there is a tendency to try to find quick and easy fixes. That is what everybody
wants. So every time we engage in some of these conversations, there is a
temptation to believe that there is a silver bullet that is going to fix all of
this and make it all simple.

I am going to try to raise three points that hopefully can encourage some
further conversation. The first is on primary versus secondary use. I don’t
know what definition the committee is using for primary and secondary use, I
tried to poke around, but these are the two definitions that I found most
prevalently used.

What I worry about is, in this definition of primary use it says data
collected about and used for the direct care of an individual patient. My
challenge is, is that really all you need for high quality care of an
individual patient? Don’t you need all the things that are referenced in what
is here defined as secondary use to make a good decision?

That separation to me is something that I think is an artifact of an old
paradigm. It is an artifact of a paper-based world. It is an artifact of not
thinking in terms of networks and information mobility and agility, some of the
points that Clem was raising. I don’t think our policy discussion should
perpetuate the historical gaps in knowledge that we have had in health care. I
think we should really think about challenging this linear kind of thinking.

In my view anyway, health information should flow in a continuous and
virtuous cycle. The policy process should not create camps between the simple
value of data and the population value of information. The point is, if data
collected for population health is valuable, it is valuable because somebody
was in the position of making a decision and made a better decision because of
that information.

I think the policy framework should protect the individual’s rights and
society’s interests by articulating the appropriate and inappropriate uses in
the context of notification and control. This framework has to achieve both the
goals and the protections. I think that is really the challenge.

The second point that I want to talk about is consent, in the sense of,
this is not a magic bullet. Very often, and I think historically, you hear very
polarizing conversations about consent.

My two cents, having worked on this in Connecting for Health, is that the
issue is not so much of only consent, but what is it that you are consenting
to. That is really the critical question. The consent alone, we know, doesn’t
protect privacy. We believe there has to be a suite of interdependent tools.
These are policy and technology options.

And consent is subject to real world limitations. I offer you two clear
limitations. One is, because of the operational realities and the overworked
health care system that we have, when consent is obtained, very often it is
blanket in nature. We try to get consent for everything that we might need to
do so that we don’t have to go back and create yet another process.

The second is meaningful consent. The very nature of health care and the
very nature of peoples’ state when they interface with the system means that
you don’t always know exactly what you are signing when you get into that ER.
Take it from me, an informed consumer, I understand a lot about policy,
technology and health care. Yet, when it is a family member in the emergency
room and you are consenting to a whole host of things, this isn’t a time where
you make always the same decisions you might make if you were sitting on your
living room couch relaxing.

So I do think consent is an important issue. I would hate to see this
committee perseverate on it in the absence of a broader set of issues that can
when working together really create the framework that can protect privacy.

In Connecting for Health we developed a set of principles that guided our
work. The technology principles here, I have mentioned some of them and I don’t
need to go into them.

These were our privacy principles. We didn’t make these up necessarily.
This was a hodgepodge of fair information practices and some of the OECD
privacy principles. These principles, once we established them, helps us delve
into policies. I want to make the distinction between principles and policy,
just to elaborate some of these. On the principle side, purpose, specification
and minimization. I am hoping I don’t have to belabor openness and
transparency. Specify the purpose for which you are collecting data, and make
that purpose as narrow as possible based on what you need it for. Collection
limitation; collect only what you need for that limitation. Use only the
information you said you were going to use for the purpose you said you were
going to use it.

All nine of these principles are part of the piece. If you overemphasize
any one, like number five, individual participation and control or consent, in
our deliberations we saw quickly how that can undermine everything else,
because once you have consent, why worry about everything else. Yet, everything
else is part of creating a substantive set of protections.

When we did the common framework, you will see here in this schematic of it
that P1 is a set of principles, but we did not stop there. We used those
principles to articulate policies for health information sharing, which is what
we were focused on. We focused on things like the models, policies and
procedures for an HIE, notification and consent, matching, authentication,
patient access, audit, breaches, and even data quality, which is the technical
column, the T column. But all of these issues need to work together.

If you boil down the common framework, there are essentially five
attributes of the infrastructure it envisions. It is obviously decentralized
and distributed; I have already mentioned that. The common framework dictates
for policy reasons the separation of demographic from clinical data on the
network. I’m not talking about what is an enterprise database, I am talking
about what is on the network, what is wide and shared.

Maintain a flexible platform for innovation to enable interoperability. I
think Clem said this in another way, but don’t get so specific and design so
many detailed specs and standards that you begin to thwart both participation
and innovation.

Implement privacy through technology. I think this is a key opportunity in
the information age. Clem mentioned one-way hashing. We had enjoyable and
hysterical debates over one-way hashing over the years, but I think all of
these tools have to be brought to bear in creating an environment that achieves
both public expectations and addresses their concerns.

The third thing I want to talk about is the lockbox. This is another magic
bullet conversation you tend to hear. That is, the only way to really protect
the data is to lock it up somewhere and just give one person control over it,
and that’s it. I think this is again an artifact a little bit of papers, not
mainframe thinking, which is what we are talking about in a network
environment, in an electronic environment, is copies of information. These are
always going to be copies. You can’t source delete. Somebody in one of our
committees said, don’t take the little file icons on your PC literally. You
cannot eliminate the source of that data. Just focusing on putting it somewhere
or putting a copy of it somewhere doesn’t address the broader health ecosystem
in which the original sources live. I think that has to be contemplated.

Again, my message is not that there is an easy quick fix silver bullet. My
message is to the contrary, that this requires a comprehensive set of work and
that based on this committee’s history, I know that is possible. I know this is
a very thoughtful group, and you will give this due consideration.

In terms of where consumers are, I just pulled together some very brief
data from surveys we have done and that others have done. Both of these pie
charts are relevant, actually. Four in five — when we asked them, would you
allow medical experts to review millions of anonymous health records to
determine what treatments work best for different diseases? This would allow
your doctor to have the most up to date medical information, expand their
knowledge about different treatments and diseases. Eighty-one percent of the
total agreed. Similarly, when we asked about, do they think it would improve
health care quality and reduce medical errors, 80 percent said yes.

But Americans recognize both the upside and the downside. I would say that
is the positive in this, that they see both the positive and the downside.
There has never been a survey on privacy and security of health information
where somewhere between 80 and 90 percent haven’t said, I am worried about
privacy and security. We all know that, we have all seen those surveys.

Two pieces of data on the fear of misuses. One is from CHCF and the other
from the public policy center survey. Fifty-two percent in the CHCF survey said
that they believe the employer uses medical information to — or would use
medical information to effect personal or insurance benefits, and 85 percent
believe if a genetic test result is known to insurers they would refuse
policies or charge more. So these are some of the fears that people have about
the misuses of information.

In our most recent survey from December, three-quarters of Americans said
they would be willing to share their personal information to help public
officials to look for disease outbreaks and research ways to improve quality of

I’ll point you to one other very relevant study which comes from the VA.
Actually Joy Priss pointed me to this study, and I would encourage the
committee to take a look at it. They looked at the veterans’ willingness to
allow researchers to access their medical records, and what they found is
summarized in these bullets. They are willing to share, but willingness to
share doesn’t mean they were completely willing to cede their control. They
want a say in deciding how their medical records can be used in research.

They were most willing to share their records with VA researchers. They
placed the highest level of trust in them. What that higher trust translated
into was, they were willing to accept less stringent consent procedures. In
other words, they said for VA researchers, maybe current policies and
procedures didn’t need to change.

I don’t think this is the be-all and end-all on this issue, but I do think
it is a really important study, since there aren’t that many of this nature,
and I think it is an important data point about peoples’ attitudes toward the
use of their information in social science and medicine.

We have been developing a set of first principles for population health.
They are built in our historical work, the common framework, the visioning
scenarios which I shared with you in part, some of our steering group
interviews, and the road map.

The first is designing for decisions, that this is all about making a
better decision. Clem touched on this as well; I won’t belabor it. Design it
for many. But the network should enable analytic tools to support consumers,
families, health professionals, policy makers, public health officials, that
everyone who touches the health ecosystem is a valid beneficiary of health
information, and they have to meet all the diverse requirements.

They have to be shaped by public policy goals and values. So the public
policies have to be made explicit, subject to public discussion, and then
architected into this technology at the outset. You can’t leave these policy
decisions for later. That has been my soapbox anyway for a very long time, and
I won’t belabor it.

It does require change. The big change for us in talking about population
health versus health information exchange is that we suddenly felt, uh-oh, this
is not greenfields. When we started talking about health information exchange
in 2000 and two, three, they were greenfields. Not many people were doing it
except these two guys to my left here, so it was really greenfield, and it was
a different conversation.

Once we started moving into these areas of population health, there is a
lot of siloed infrastructure and a lot of legacy built into these areas. I
think for the kind of information sharing and the kinds of benefits we are
talking about, it is going to take a lot of leadership and a lot of commitment
to a different approach.

The fifth is just that it has to be possible. This is certainly something
Connecting for Health has always focused on.

The sixth is something we call distributed but queryable. Clem talked to
this when he talked about linking information, not data, and not having to
expose the data necessarily in order to do analyses with the one-way hashing.
But these are the kinds of tools that we have to start thinking about. Rather
than every time somebody needs to do some sort of an analysis, they have to
collect all the data they need for that analysis.

What that has created for us is enormous redundancy, an enormous number of
silos and an enormous number of different kinds of requests and requesters, and
it is hugely inefficient.

Trust your safeguards and transparency. I won’t belabor this because I have
already talked about the importance to protect data. But the policy
architecture needs to develop clear rules and guidelines, and the process of
creating those policies should be inclusive and transparent.

But there are layers of protection. Layers of protection are meant to say
that there are many classes of authorized users who might be able to use
information garnered from data, but that the more you get to riskier levels of
exposure, whether it is getting to partially identified or re-identifiable data
or what have you, the more you need to factor in those protections.

Then finally, this good network citizenship. You can have all the policies
in the world you want, people have to follow them. That is really the key to
this piece.

So a starting point for you, and I know this is a complex test, but like I
said, this committee has an enormous track record of very thoughtful, very
meaningful work, is to consider resetting the terminology to support the
desired paradigms, and not to perpetuate a paradigm that silos research and
public health and quality over here, and doctors and clinical care over there.
I really encourage you to think about the paradigms and the goals for a
connected health care system, and set a paradigm that will achieve that.

Emphasize that health and health care improvement depends on information
continuity and availability across health and health care in a climate of
trust. We can’t achieve a high performing health care system or a high quality
health care system unless we continue to learn what works, what doesn’t, and
apply it to the point of care.

I would engage stakeholders as you do in a constructive forward looking
process toward a shared vision that addresses both technology and policy. I
encourage this committee not to focus only on policy. There are many, many
technology options that can enforce and strengthen those policies.

There is definitely work to do in identifying risks and classes of
information misuse and the classes of technology and policy protections that
are available. I really urge that at the end of this process, once you make
those recommendations, that the framework establish the policy and technical
requirements that any federally sponsored work on population health must
achieve. This is the same data we are talking about in quality, in research, in
public health, in drug safety. This is the same data.

The example I have been using lately is, what is the difference between a
cardiovascular event after Vioxx versus aspirin after an MI? This is the same
data. We have to create an environment where everybody follows the same rules
of engagement if we are going to stop the redundant building of these silos or
masses of information and databases and have a network that is more in line
with all that information technology has to offer.

Thank you.

DR. COHN: Harry, do you mind if I jump in for just a second before we do
questions? First of all, I want to thank our presenters. I think it has been a
great start. We do have two members who have come in since we did
introductions. I do want them to introduce themselves, identify if there is any
conflict of interest. I also want to afford an opportunity for the members, who
none of them indicated any conflict of interest, to disclose their involvements
with any of these activities that we will be hearing testimony on today as a
matter of course at this point.

So Mark, do you want to start by introducing yourself?

DR. OVERHAGE: I am Marc Overhage at the Regenstrief Institute and the
Indian Health Information Exchange, and member of the work group and the
committee. I think I am conflicted on everything that you will hear in the next
day, one way or another.

DR. VIGILANTE: My name is Kevin Vigilante, member of the committee, Booz
Allen Hamilton. I don’t believe I have any conflicts. However, I do want to
point out that two of my colleagues from Booz Allen support the AHIC work
group. I don’t think there is any conflict, but I just want to state that up
front, that if anybody is aware of any conflict that might create, please let
me know.

DR. COHN: Any additional disclosures by any committee members?

DR. TANG: I can say that I am chair of AMIA, whose work is also represented
in our discussions, and also a member of Markle’s Connecting for Health

DR. COHN: Marc, before I proceed on to our Internet conversation, I do want
to query you. It is very humorous in some ways to talk about conflicts, but if
indeed there are real conflicts, you are going to be very quiet today, I
suspect. Are you dealing with conflicts, or are you just involved —

DR. OVERHAGE: I think that is a very fair point. Involved in many. I don’t
feel conflicted.

DR. COHN: A final comment, and then I will give it back over to Harry. We
are on the Internet at this point, and we want to welcome those listening in.
This is a meeting of the National Committee on Vital and Health Statistics, the
ad hoc group on secondary use of health data.

So, Harry?

MR. REYNOLDS: Carol and Clem, we put you up front to kick it off well, and
you sure did. I think you gave us not just an overview and not just a primer,
but some things to think about, and we appreciate that.

DR. CARR: Yes, thank you, this was fantastic. I think you give us pause. We
have struggled with incorporating the term secondary use into even the title of
the committee. I think your plea, Carol, to talk about all of the uses is very

But I look to Clem, because it seems like we will have all the uses except
selling data. How does that fit in with this?

MR. MC DONALD: I think because people understand primary and secondary use,
I don’t think it is a term you necessarily want to throw away. I think you just
want to keep planning that they are the same thing. It has meaning in peoples’

But I am only saying that I can make passionate appeals to do certain
things that I think there shouldn’t be barriers to, given HIPAA definitions and
how people should behave in those domains. I don’t know if that same — there
is more complexity when it is sold, that is all I am saying. I would carve that
out as it needs further detail and analysis.

It just gets more complicated. Just be sensitive to the complexities. When
you can say the patient should give their data for the purpose of helping
humankind with health care research, it might become different if they find out
that the doctor is getting a hundred bucks per record. I guarantee you, it
won’t feel the same way to them. Everybody gets greedy. So it is just a real
big caution, that’s all. I don’t have an answer or a solution.

DR. TANG: One more disclosure. Clem is the godfather of my dog. Having
disclosed that, I can unabashedly say that I think these two speakers have
absolutely captured and distilled the issues before the entire committee. I
think that we can get a lot of expertise and advice from these two.

First, I got a lot of what Carol said in terms of primary and secondary. I
think this is artifactual. It is just a way for us to sugar coat what we are
trying to do, which is prevent malicious harm to patients through the use of
their data.

MR. DIAMOND: I agree.

DR. TANG: We have tried to sugar coat this by calling it primary and
secondary. But I think Carol had an eloquent way of saying there is no such
thing when it comes to making individual care better. But we have tried to
construct this to deal with what Clem has said right out there in front, this
is the problem: The selling of data creates a lot of conflict and creates the
potential for harm and misuse.

It is really the bad apple problem. So we are going to try to fix the bad
apple by penalizing the entire lot, including the very people we are trying to
help with the consumers and patients.

Instead, I think what we want to do as this work group and vetting it up to
the committee is to find ways of controlling the potential harmful use so that
we can basically unlock all of the vast good that both of these folks have
talked about. So the only separation — I mean, a key separation that matters
is selling and not selling, because you create this tension and conflict in how
you either gain by giving up data or how you may harm by misusing the data.

One way, and it goes partly to Carol’s consent, which is another red
herring, in the sense that there are so many ways to get around it and not
really having consent or notification. One of the instruments we use in
research, and it is not that it is executed perfectly, but the whole concept of
IRBs is to look at your consent documents and your consent procedure, but also
look at the fundamentals and say, is this going to do society more good than
the harm to the individual?

In a sense, that is exactly what we are trying to assess. We need to find a
policy and mechanisms that allow us as a society to assess that on behalf of
society and individuals, rather than using all these artifacts and these
artificial ways of separating.

I think it really focuses on how do you control the potential for misuse
when there is selling going on. Let’s focus attention on that, and try to
prevent the harm and the bad apples, rather than shackle and tether all of the
good uses of data. So I think their discussion beautifully framed our entire

DR. ROTHSTEIN: I want to thank Clem and Carol for such a wonderful
overview. It gives us a lot of material to think about. But I was curious that
in your overview, there was one major player that is going to have a very
important role in all this that you didn’t discuss at all, or very little, and
that is the physician. Here is my question to you. It is not a question where I
know the answer, it is a question that I am really asking for the answer.

What do you think the likely reaction would be of physicians in the
following situation? To the extent that we get more granular information about
patients — we have got this information in closed systems for a long time, but
now it is going to presumably include all encounters. We are going to be able
to make some determinations about the outcomes in treatment for all sorts of
conditions by particular providers. And there are legal, ethical, economic,
professional, all sorts of implications of getting more information in a
provider specific form.

So the question is, in your experience and in your predictions, do you
think that such a system is likely to generate some opposition from physicians?
Not that that should necessarily stop things dead in the tracks, but it is I
think valuable to anticipate what might be coming down the road.

MR. DIAMOND: Just quickly here, this discussion has been going on for no
less than 30 years, maybe longer. The thing I would say to you, and we are now
working on a response to the AHRQ also on this very issue, the thing I would
say to you is that we wrote into our future scenario the idealized state, which
is that the physician becomes part of a system where their interests are
aligned with what we want from a high performing physician. They use the
network in order to achieve that.

Inherently, every one of us who have gone to medical school to become
doctors went because we wanted to do the right thing and help people. I think
if we get this right, the information system becomes a tool for the physician
to achieve that.

Most of the physicians on our steering group have said many times that they
would like the capacity to benchmark themselves against other physicians for
certain conditions, to learn from that, to understand what they might do
differently. We have heard that many, many times in our discussion.

I think the challenge that we have is also an artifact in the way we have
gone about quality measurement and reporting. We shorthanded it in Connecting
for Health as, you send your data to the mountain, and maybe the mountain tells
you something back. In other words, your value from that process isn’t quite
there. If anything, you might feel like, uh-oh, if somebody gets my performance
data I might get penalized for something. But the upside for the physician and
the opportunity for the physician to use this as information from which to
learn to provide better care, to know what other people are doing, particularly
in the ambulatory environment, I think is the whole point of it. And I think
most physicians recognize that.

But I do think because we have so focused on data collection and data
reporting, and less on how to get that data back to the clinician so that it is
of value to them and they can make better decisions, we have created an
environment where it is all risk. That is how it is perceived, that it is maybe
all risk, and what is the benefit to me.

I think both in terms of a research agenda and in terms of a policy
framework, there is a real opportunity to start to understand how information
about lots of patients like the one I am seeing today in my office can help me
make a better decision. It is not just performance data obviously.

That is why I am encouraging the resetting of the paradigm this committee
has done so well for so many years, resetting a paradigm that puts this in the
context of achieving a better system, as opposed to enabling data reporting or
data collecting, which is the path we have been down for many years. I think it
is a missed opportunity.

MR. MC DONALD: I’d make two distinctions. There are two ways physicians
will oppose some of this under some circumstances.

The first is when the population at large confuses delivery of data you now
have electronically with a new data collection effort. It is very blended now,
these discussions. The things that might be needed for some quality things
aren’t recorded or necessarily known to be recordable at a level that is
adjudicable. So that is one set of things.

The other one is, we had this experiment. It was called CHINS. They said,
give us your data and we will hit you over the head with it, and the guys never
gave the data. So I think you can guarantee that if you set it up that way, you
are going to have opposition, and maybe rightly so, because you have got sample
size problems, you’ve got population differences that might not be measurable.
We still don’t know so many things. In an inner city you are going to have low
usage, more than you do out in the suburbs. It all has to do with social
beliefs. You can’t get people to use vaccinations, they think there is
something bad about them. So there are all kinds of issues.

So I would argue, don’t do that part starting out. Do the part where it is
clinical value and clinical purposes, and it wouldn’t be used to do comparative
stuff, at least until we understand the game of comparisons a whole lot better,
understand what is really feasible. Otherwise you will get a repeat of the CHIN

On the other hand, docs love data, they just love it, and getting more data
about their patients and all the rest. But it really depends on who is using it
to hit them over the head, and if they are just mean people that like to hit
heads or if they are being correct about it.

DR. ROTHSTEIN: I think it is probably going to be hard to keep some payors
and regulators and licensure groups, et cetera, from wanting data if it is out
there. If it can be accumulated by these groups, then what is the effect likely
to be on physicians.

MR. MC DONALD: There are issues. Mark has got this delicate balance where
all the players are participating. But I think you have to be careful. We don’t
have anything now. We have nada, except for a couple of brilliant places. But
let’s not make it so hard.

You ought to probably talk to the people from Denmark. They have all kinds
of databases. Ten or 15 years ago, the only way you could look at a database,
you had to give up your first-born child as a hostage to the government for
three years. Then you had to go to one room, and they would strip you of all
your papers and pens, and you would go look at a terminal. But now it is very
freely used.

I asked, how did you get to that point? Well, it worked, no one did any bad
things, and good things came out of it. So any researcher can get to the 3,000
databases fairly easily now in Denmark, and they are doing quite interesting

So we have got to get an example out there that shows these benefits that
gets us over that chemical barrier, and not set it up so that it can’t work
because we are trying to give everybody their access. I wouldn’t give it access
to everybody, for lots of reasons.

MR. REYNOLDS: We are scheduled for a break right now, but we are going to
continue this questioning since we have a little more time at lunch. Kevin?

DR. VIGILANTE: Thanks for the great presentation. I had some thoughts about
the separation of primary and secondary use and some of the other things on a
philosophical level, but maybe I can get just a little more practical and
granular for a second.

On the one hand, Carol, you are saying that we should view this data as all
the same data, as expansive and connected and should be available and connected
quite freely, because you don’t want to separate, whether it is about
antibiotics and pneumonia or cardiovascular disease.

On the other hand, the consent constraints you talk about are very
targeted, limited, tailored. How do you reconcile those two objectives without
having some sort of blanket consent or having to have so many consent
interactions that it becomes eight million gnats buzzing around the patient and
the doc? That is one group of questions.

Then, when you make the pitch to the patient to give consent to enter into
this sharing, who makes that pitch? Is it the doc? Is it my doc who I go see
every day, in whom I have the most trust, and is the person relinquishing the
clinical data on my behalf? How do you envision that?

MR. DIAMOND: The reason I raised the consent issue is that I worry that it
will become the issue, the only policy issue. I think if that happens, it might
actually work against some of the other policies and technologies that could be
enjoined to create a trusted environment. It almost gives an excuse. You have
consent, you have obtained consent.

So I didn’t raise it to say this is how you obtain consent for all these
various uses. I raised it to say that consent is one issue that can help to
protect the patient in the milieu of other policy issues, like limiting what is
collected, like using only the data you said you were going to use for the
purpose you were going to use it, like thinking about access.

DR. VIGILANTE: Can I interrupt you right there? So if I am saying I want to
improve my clinical capabilities to serve you and other patients in this
community better, how would I limit it? I want diabetes stuff, I want testing
stuff. I don’t know how I am going to use it.

MR. DIAMOND: I’m not saying you get access to the data. I am saying you get
access to information. Clem was talking about one-way hashing as a way to link
data without — you were using the nurses health or Medicare data, I forget
which one you used, women’s heart study. If you want to link those two data
sets, the way it is done now, as Clem said, you go to the IRB, you get
approval, you write this big thing, you try to go through all the requirements,
and then you move one big data source into your database and you do all the
sorts to try to work it together.

What we are suggesting, and the frame I am trying to put out there is that
in a networked environment, you don’t necessarily always resort to moving the
data. There are ways of linking information that don’t require exposing the
data. Much of what we need to know about what works and what doesn’t can be
done completely anonymized. If we had real information about those things, they
could be applied to the point of care in a way that you don’t get the data.

You are not looking at everybody’s medical record, but you are getting the
benefit of that information. You are getting the opportunity to apply what can
be learned from other patients who might have had a similar course or a similar
disease. Does that make sense?

DR. VIGILANTE: That makes sense to me, but I am trying to get to the point
of where I come to see Mark as my doc. Now he is going to be collecting
clinical data on his EHR on me and lots of other people. It is from that data
that you are going to learn ultimately that this antibiotic B is better suited
for this particular strain of bacterium than the one I would usually use for
pneumonia. It is his information going into that data bank that is going to be
used, whether that is diabetes care or whatever it is.

So that interaction about him sharing my data that is collected in my
cubicle where he and I interact —

MR. DIAMOND: Which happens today. That is how we figure out what drugs work
and don’t work, or what public health worries you might need to have.

DR. VIGILANTE: But it is often in the context of a study that has gone
through an IRB, as you alluded to before. That information stays in that doc’s
drawer today.

MR. DIAMOND: But if there is research being conducted on that data, —

DR. VIGILANTE: I’m saying, now there is not. Now it is just a matter of
course that it is collected in its future imagined state. Who talks to me and
makes the pitch to me that that is going to happen? I’m not saying this to be
challenging. I am trying to understand how this works.

MR. DIAMOND: Who educates you about —

DR. VIGILANTE: And how do you comply with your objective to keep consent
fairly tailored?

MR. DIAMOND: In our model, in the common framework, one of the reasons our
network is decentralized is because we want to keep the data with the person
who has the relationship with the patient, the identified personal data. That
was the whole policy driver of decentralization. Not just because collecting
all the data in a central database necessarily might create a larger privacy
breach, but because as you said, the patient’s trusted relationship is usually
the person who collected that data about them.

So in our model, it is through that physician, through the person from whom
your data was collected, that that conversation happens.

Now, in every system this works a little bit differently. Of course, the
problem you have with health care is, you try to have one size fits all
conversations. It is different for a doc in a small practice, versus if you
come to a large integrated delivery system versus if you come to Regenstrief.
It is different in all of these settings. So obviously you have to make those

But the opportunity to participate, and the opportunity to share even
anonymized data, as we see in many of these surveys, is something that patients
understand and want, and realize that there are benefits from. I think it is
our job to create a structure and the policies and the framework that enables
them to trust that that will happen the right way, and that it won’t be

MR. MC DONALD: There are a number of points here. Firstly, the current
HIPAA rules are just right, and I worry that you are suggesting that we change
those. You don’t need consent for anonymized — the other thing is, we know
what deidentified data is. It is defined legally. I don’t know what anonymized
is, so I stay away from that word a little bit.

The second thing is, I hope also that we let a couple of flowers bloom, if
not a million, and still allow centralized models in regions or locations,
because you can make them work. Let’s let them all work and see what works.

So I guess I would assume that you don’t have to have consent to get into
some pockets of this data sharing, if it is for clinical care, which would
solve your problem of who does the selling.

I think also, if the providers have some say in the rules about what you
get to do with the data, because they have interests as well as the patients, I
think you would prevent some of the things that might go haywire.

MR. REYNOLDS: I think Justine has a followup to this discussion, and then
it will be Simon and Steve, and we will cut it off.

DR. CARR: I just wanted to make the comment that the example you gave in
the beginning of the VA patients who were comfortable with their physicians
providing their information to the researchers, just underscores the trust.
Similarly the experience in Denmark. I think trust is really a very key
fundamental in that discussion.

MR. DIAMOND: Agreed. And they trusted the VA researchers more than other
categories. We asked them about a lot of different categories.

MR. MC DONALD: The thing about the one-way hashing, the way I had it was
not necessarily the same model. The one-way hashing is just a way to avoid
having to move around the registry data. But typically, in the models I am
talking about, both sides know who the patient is, so they end up inheriting
knowledge and additional facts about the patient when they connect. But it does
make life easier.

MR. DIAMOND: You need all the underlying granular data.

DR. COHN: I think like all the other members of the committee, I am very
appreciative of the fact that you both have come and talked to us in our first
session. I think it has been helpful and certainly very thoughtful.

Carol, one very quick question, and then some longer questions. I noted
that the documentation you have describes this as draft. Can you clarify
exactly where in draft? I think you had indicated draft framework.

MR. DIAMOND: Oh, this first principle?

DR. COHN: Yes.

MR. DIAMOND: This is a reflection of where we are with the steering group.
We have had some discussion about them, but they are not final. We are still
tweaking them. They will probably stay as these nine principles, but some of
the underlying language and some of the concepts in them have either been
suggested, we punctuate or edit or what have you.

So I just wanted to indicate that this isn’t a final published set of
principles. This is still in the feedback stage.

DR. COHN: So likely during the course of our deliberations over the next
month or two, things may become final?


DR. COHN: Okay, great. I had two connected questions. Number one, Carol,
Clem almost asked you the question about, is HIPAA a good foundation, and if so
are there some further clarifications or guidance or whatever that may need to
come around HIPAA. So that is a first question for you.

The second question for both of you is this issue of trust. I agree with
you about putting an emphasis on trust, since that seems to be what makes the
world go around in this one. But how do we imbue the system with trust? You sit
next to a person who did it in Indianapolis. I don’t know whether it is a cult
of personality or whether it is reproducible. Certainly I trust Clem and I
trust Indiana University and I trust Regenstrief. I just don’t know exactly how
that moves beyond what I am seeing in Indiana. Despite all our conversations,
most of these examples appear to be more in their infancy than they appear to
be trustworthy institutions.

So the first question about HIPAA, and the other question about trust.

MR. DIAMOND: Can you say your specific question about HIPAA again?

DR. COHN: Clem indicated that he felt HIPAA was a good foundation. He would
like to see a couple of further clarifications or guidances around it. I think
you said — I’m not sure exactly what you said in terms of whether that was
your framework also or whether you felt there was a need to go back and do some
fundamental rearchitecting. So I just wanted to better understand that.

MR. DIAMOND: In our work in Connecting for Health, we don’t have the luxury
of dreaming about setting new regulatory frameworks or laws. When we did our
work, we said, HIPAA exists, let’s assume it is there and implemented and
enforced. We have state laws and they exist, and let’s assume they are
implemented and enforced.

When we developed the common framework we said, what is it that needs to be
done. At least for the common framework, we felt the need to do two things. One
is say very clearly — actually, three things — very clearly what the
principles were that should drive information sharing. HIPAA was created in a
time that we weren’t envisioning a network of networks for health information.
So we said, what are the principles that need to drive our thinking there. We
developed that set of principles looking at sharing of information.

Then we said, what are the policies for information sharing that should be
elaborated? Because HIPAA doesn’t go into some of these issues, doesn’t tell
you about how to handle notification or how to handle policies for breaches or
what they should be or what have you. So we said there are some policies that
should be specified for health information exchange as a framework for thinking
about these things.

The third thing we said was, again, maybe because we were coming from a
place where we didn’t envision having any authority, we said, if people agree
to these policies for information sharing, they have to be bound by them. So in
our model they are contractually enforced.

The entities who share information say we will agree to these policies and
we will write them into a contract. So if someone in your system does something
bad with my data, I know what is going to happen. That was our approach to
saying, let’s start with the world we have, as opposed to dream up a new one.

But I think there is no easy answer for this question. I think it is
something the committee should seriously deliberate. Even in the existing
environment of HIPAA and state laws, as I think has been said before in this
committee, there is still a lot of confusion about what any of those things
mean. I think the more this committee and others can elaborate models for
implementing or placing those intended policies into practice, I think the more
benefit there will be.

MR. REYNOLDS: Is that both your questions?

DR. COHN: I think I was looking to Clem to tell us whether the model of
trust that he sees in Indiana, is it really Clem, and Mark having been mentored
by Clem. Mark, I hope you don’t take offense at that comment. What do you think
in the world of trust?

MR. MC DONALD: If you live in it, maybe you don’t know for sure, but if one
thinks in terms of smallish, the organizations that are the major holders can
find a way to live with each other and with their patients, I think that model
could work out in a lot of settings.

I think Memphis is doing an analogous model. Ontario, all the pediatric
hospitals and major pediatric practices are doing the same. They happen to be
centralized databases also, those two or three that I know about.

So when you start saying we have got a federal this or a statewide this, it
gets scary, because they didn’t do so well with figuring out the real state
taxes in Indiana this year. They doubled them. So we are going to try to pay
you back in six months because we didn’t mean to make them go that high. So
that doesn’t give you a good trust model. But when you have five hospital
systems or ten hospital systems and that is where people go to get care, they
cut them and stick needles in them, and they are used to living with that
organization. They can agree on how it will operate. I think it has a good

So the idea of having model agreements is good. I think that Regenstrief
has publicized their contracts.

MR. DIAMOND: Absolutely. In fact, our model agreement is based on taking
the best of the pickings.

MR. MC DONALD: There are details. You do have to make sure if you give them
their data, that that employee gets the same punishment as your employee.
Otherwise you have got no agreement. But it isn’t a HIPAA invasion. I hated
that, when I read that 1500 pages when I was on the committee.

There was this network of networks proposed, the NCVHS proposal for sharing
data. So I think there are ways to do it. It has got to be consenting adults, I

MR. DIAMOND: We used the term in our work that the network is built on a
radius of trust, which is to indicate that there has to be some starting radius
of trusted participants, that you can’t top down enclose it.

MR. REYNOLDS: Steve, last question, then we will take a break. The other
thing I would mention to others, I know I had some questions and I’m sure
others did, remember, we are going to be accumulating this. So everybody that
speaks, we are talking about the same subject. So continuing to bring forward
your thoughts and your questions as they build, so not so much we just get them
to one set of people. I am having to keep that in mind also.

MR. STEINDEL: Harry, I’m going to be very brief. Two things that I have
observed with NCVHS. First of all, when we get together and we think about who
should address us, we picked two as we thought wonderful people to set the
stage for this. Like everyone else, these were marvelous talks.

The second was going to be my question, but when you wind up last on the
question list, it turns out that everybody has asked the question that you
thought of. That question was centered around trust. I think we have heard that
a lot around the room as a theme that we should start thinking about in this
area. It extends into the relation of how we move this forward from a consent
point of view to a trust point of view.

It even addresses some of Clem’s comments on, the selling of data is bad. I
think a lot of us would be willing to sell the data if it is used for good
things. So it is a matter of trust. So I’m not going to ask my questions
because I think everybody else did, and I thank the presenters for their
wonderful stage setting.

MR. REYNOLDS: With that, thanks again, really excellently done. It kicks us
off to where we needed to go. Now you get to leave and we get to stay. Thank
you very much.

It is 11:05. Back at 11:20. Thanks.

(Brief recess.)

MR. REYNOLDS: In the second group of the morning we are going to hear from
Lynn Etheredge and Janet Marchibroda is going to be sitting in for Emily
Welebob. So Lynn, if you would go ahead and start? Thank you very much for
joining us, and we look forward to your comments.

MR. ETHEREDGE: Thank you very much for the invitation. I think for those of
us who have thought about data policy and its uses, this is a particularly
exciting time to be holding this workshop.

Just to give you an example of how large data systems and their uses for
public policy and clinical research are beginning to enter the policy arena, I
point to the new FDA legislation, S. 1082, that passed the Senate 93 to one,
that mandates FDA create a national data network of 100 million patient records
for research on clinical safety issues.

I noticed just last week, the companion bill, H.R. 2900, passed the House
of Representatives, 403-16. So that also has these large data system
requirements. It also requires HHS not only to come up with a plan for how it
is going to implement getting 100 patient record database contracted for, but
requires HHS to develop plans for insuring the confidentiality of the
individual patient records and reporting to Congress on it. So I think the base
you are laying with this workshop over the next three days is going to be very
important for the Department, but also for national policy.

That underscores the theme I want to talk about here, which is, we now have
the technical capabilities Clem was talking about this morning to use patient
records that are already in electronic form in ways to address a huge number of
very important questions, 95 percent of which we could address now but we are
not doing. I specifically want to talk about an architecture or a concept that
essentially says we should get our act together and start doing this, and
create a national data system for clinical research and talk about its
development and some of its uses. I hope that will help serve the committee
here, at least give you a background from someone like myself, who comes from
health policy and Office of Management and Budget, to attempt to manage a
number of government programs.

Specifically, I am going to try to address three subtopics here. One is
this concept of a rapid learning health system. I won’t say too much about it
in specifics, but I did want to alert you, if you haven’t seen it, to two
recent reports, this one from a few weeks ago from the Institute of Medicine,
the learning health care system, which is all about how to use clinical
databases for research. It is a very important investment of expertise by the
Institute of Medicine. It is just one of a series that will be coming out. Then
the March-April issue of Health Affairs on a rapid learning system, which also
addresses many of these issues about the uses of large databases and how we can
use that to advance clinical research and for many other purposes, but
particularly clinical research, in ways that we have never been able to do
before with paper records and fragmentary data systems.

Secondly, I am going to talk more specifically about some of the uses for
these large databases that people have been talking about. That is to give you
more of a conceptual model of where one might need to go to individual records
and where being able to deal with large data group averages or predictive
models that use statistics based on large databases will work.

There is a whole series of uses that may need to be thought through,
particularly with the FDA legislation. The FDA legislation for safety research,
when you see a signal of a problem, you have got to go do some more research
and find out just what was going on with those patients or what other factors
might be going on. So there is going to be some need to go back and forth and
develop risk mitigation strategies, which the FDA doesn’t do now, it is either
yes or no, but the requirements of the law are for risk mitigation strategies
and use of prescriptions, and that requires a whole new realm of research and
uses of data to find out who is at risk and for what.

Finally, I will wind up with a couple of slides that talk about this
broader framework for how you might pull all this together into a national data
system, because what we have right now is an explosive growth, I would call a
spontaneous combustion. Pluralism would be too modest a word for the chaos that
is developing. But as everyone gets electronic health records and does
electronic health records databases, there are lots of uses and lots of things
that are happening, and will continue to. So what I would think of as a system
I think could use a mild amount of public policy as well as public support to
try to get the most benefits from it.

When I am talking about a rapid learning health system, I am focusing more
specifically for this discussion on thinking about a national process that uses
the computerized EHR databases. There are other databases, but the EHR
databases, to enable real time learning from tens of millions of patients
annually. That is somewhat visionary, but as I want to show you, we are fairly
close to that reality right now.

This would be a very high potential research environment. It is very
different from the environment we have always had for clinical research.
Clinical research has usually been held back because it is a very data poor
environment. If you are a researcher, the first thing you have to do, if you
have a question you have to apply for a grant. If you get the grant you spend
three years collecting the data, or your research assistants do, or the lab
does, and then you start to analyze the results. So there is a long lead time
between idea and research data, and being able to find out whether what you are
thinking about is true or not, or what insights you really have.

The biggest part is trying to get the data, and that is expense and time.
With these large research databases of curated data that is already in place,
one can see that research could be done quickly and inexpensively, maybe not at
the speed of thought, but certainly before anyone who would invest five years
and five million dollars to go do a randomized control trial, you would send a
research assistant to look at the database of ten million records of people who
already have conditions or reports on things you are interested in and see what
could be learned from some of the databases, and what hypotheses you could test
that way.

So if we are thinking about this as a national goal, a good system has to
have a goal; one goal, one system. I would suggest that if we are thinking
about a rapid learning health system, we could have a national goal of learning
about the best uses of new technologies at the same rate that the health system
produces new technologies. That may sound like a simple goal, but it certainly
applies to everything you are going to be discussing in the next three days,
and much more. It is a very different system than the one we have now.

In fact, today medical knowledge and technology is advancing much faster
than the clinical evidence about how to make the best use of them. So while the
advance of clinical basic research and products is fairly fast, advancing the
evidence of clinical care is a relatively slow process, and expensive. That is
unfortunate, because the technology use is our major cost driver.

One of the reasons is, we have had to rely on the randomized control trial,
which is a very important powerful tool. It has been the gold standard and
probably always will on some of the important research, but as the IOM says, it
takes too much time, they are too expensive, and they fraught with questions of

Are there ways in which we want to expand on it? One of the reasons we want
to do that is because the current evidence base built around randomized control
trials leaves a lot of inference gaps. This is Buzz Stewart’s concept here; the
inference gaps in the evidence base for clinical care. What he is referring to
is, most of the randomized control trials are on younger populations carefully
selected for a number of characteristics, single diagnosis, brief study

They leave out the typical patient. The typical patient who comes to the
physician’s office doesn’t look anything like the patient who is in the
clinical trial. A lot of what doctors do mentally all the time is trying to
figure out how to translate between the few studies they have and the actual
patient in front of them. This is getting worse as the population ages, and it
is increasingly a baby boom senior population with multiple diagnoses, multiple
medications and so forth.

For public policy making, if I can put on my OMB hat for a moment, this is
particularly a problem at the federal level, and some people are beginning to
be aware of this. It is the Medicare and Medicaid populations that are largely
excluded from the clinical trials databases. It would help if one paid for
participation in clinical trials, I would say, but it is the aged, the
disabled, kids, pregnant women, who are mostly 85 million enrollees who we have
the weakest evidence base for. The federal expenditure on that group is $600
billion annually for Medicare and Medicaid, $3.5 trillion in the next five
years, and eight trillion in the next decade with the prescription drug
legislation. So it may be about time to invest a little more in finding out
what works and what doesn’t work about medical care and how to deal with these
several hundred percent variations we find in the use of most procedures and
the continued rapid growth in new technologies for which we aren’t collecting
much evidence.

So if you want to think about users, I would put in federal policy making
is increasingly a group that we would like to have some answers for the
clinical research databases.

Let me wind up this overview here about the needs with some things we have
already mentioned. First is, and you will hear much more about the major areas
of medical care like quality and outcome measures, evidence based guidelines
and performance reporting. There are a host of groups that you will be hearing
from that are trying to do this, but it is just an indication that we don’t
have those measures yet in much of medical care, of how hard it is to do good
clinical research and pull our act together nationally to do things that are
very important to do.

One of the major reasons that is addressed by these new databases that I’ll
mention is that today’s clinical research databases are typically small,
unique, specialized, very difficult to find, access and use. They are
non-comparable and frequently proprietary. In fact, researchers build their
whole careers by getting a grant, and it is their database and their use of it
that is where their whole careers and labs are built around.

The problem here for an economist like myself is what we call the economics
of the common, which is, if everyone acts that way it would not make sense for
an individual research group to make all their data available publicly, because
they would lose whatever advantage they have in getting grants from that, but
they would get nothing back. However, everyone contributes to that in a common
database, every researcher and research group gets back a hundred fold or more
in terms of the data that they could use to advance their research. So from a
system wide perspective, this requires a systems approach, even a public policy
approach, to organize it. It is not something you can expect people to get to
operating out of individual self interest.

The most discouraging part of today’s system, the last point I would make
here, is that much of what we could learn from individual experience of tens of
millions of patients each year from our two trillion dollars expenditures is
now lost. In contrast, one example would be pediatric oncology, which for years
has recorded results of individual patients back to the professions, and has
had enormous successes in advancing outcomes of treatment versus Medicare
cancer care, where most of the cancers occur, but where most of the data that
is there and could be mined for learning is lost, because no one ever collects
it. It winds up at best in building records someplace or not even recorded.

But we are beginning to see well beyond the beginnings of a new national
capacity for rapid learning of these kinds of databases. At the moment, it is
focused in integrated delivery systems, Kaiser Permanente with about eight
million patient records, and they will have ten years of records from bringing
in some of the legacy systems and adding genetic information. Geisinger, also
adding genetic information, three million patient records, and the VA, eight
million records. So compared to the normal clinical trial of a few hundred
patients or a few thousand patients, we have very large resources here that
could be investigated.

It is not just the individual organizations that have research capacity,
but these research networks or virtual research organizations as they are
sometimes called. Most important right now is the HMO Research Network, which
has 15 HMOs, about 20 million patient records. The federal government is
already contracting with those research networks for studies across
organization lines, most importantly, the cancer research network of the
National Cancer Institute and the vaccine safety data link funded by CDC.

As you look forward, you can see a case to be made in sponsors and
databases for a rapid learning system that would have lots of different ways of
organizing it, all legitimate, by enrolled populations, by disease registries
and health conditions, by new technologies or other technologies of interest,
by geographic areas, by seniors, by kids and other age cohorts and by special
populations like special needs kids and people with disabilities.

In the eventual world we are talking about, where everyone is using the
same data standards, all these data can be interchanged, so it doesn’t really
matter where you initially collect the data or begin to organize it. You can
mine or organize it in different ways.

So that is the broad concept of the base that is already starting to
develop. Let me now mention a few things that have been happening mostly in the
last few months that are really beginning to power a broad appreciation of what
these potentials are and how they might be used.

I mentioned the FDA sentinel network legislation. H.R. 2900 passed the
House 403-16 last Wednesday. If you want to know where the 100 million patient
records comes from, maybe 25 million of that from the HMO Research Network. A
lot of it would come from the commercial and Blue Cross databases. Most of
these large insurers have databases that have diagnosis, prescription, lab test
results, procedures. They may not have the doctor’s notes, but on things like
prescription drugs and adverse results, which is the way they would begin to be
used, you have got a whole lot of data there that is being pulled together into
large databases already and would probably be part of the FDA network.

AHRQ has a $15 million budget request for developing new rapid learning
networks. A very important result I am particularly pleased with is Archimedes
that David Eddy has developed as a predictive model. Robert Wood Johnson has
decided to fund that as a national predictive model system to be available
nationally. That would allow people to take their own databases on their own
populations and feed these into a very rich biology based predictive model to
see how different interventions would work with their populations.

You will soon in a few months have a American Heart Association study
looking at 14 different interventions to prevent heart attacks in seniors. That
is the kind of thing you can do in a predictive model that I think is going to
be very important, and that will be announced in about two months.

One of the things that is very important about this model is that it brings
clinical data and basic science together in very different ways. Medicine is
almost unique in using the randomized control trial to advance science. Some
very good sciences like physics and chemistry use predictive models built out
of careful experiments, and then go and see how well that predicts their world.
If it doesn’t predict well, you go back and you try to do more experiments to
figure out how you need to adjust your science base and your models.

What Archimedes and similar models allow us to do is bring that way of
learning and advancing basic science into clinical research. So what David has
done is built his models out of randomized clinical trials out of the hard
science. He will then be able to take all these different large databases that
we are developing and make predictions about what we should be seeing, and we
can see if that works. If it doesn’t, at least for some populations it may give
us clues that there are some very important places to develop our understanding
of basic science.

Increasingly, I think we will actually start doing research to fill in the
gaps in our ability to predict these kinds of mathematical models. This
happened in economics, which is my field. I came in when in the late ’60s,
early ’70s, when we had the first major predictive model of the U.S. economy
and the thousands of databases that the federal government built around
economic statistics. Fairly quickly the discipline moved to saying whose model
is right, because different models get different results, then you can start
conceiving of what data or what research would tell you who had the better
conceptualization of measures.

Finally, this is very important for those of us in health policy in
historical terms, ways and means, how the first hearings in living memory on
clinical comparative effectiveness studies a month ago, and both Medpac and CBO
testified in favor of it. So there is beginning to be very high level awareness
that we need to and can move forward to evaluate clinical issues much more for
these issues.

I am going to speed up a little bit now in the interest of time. NIH has
got a number of things going from the cancer research institute. CMS will soon
make available, we hope, this new integrated research files with 45 million
people with all of their patient level data for Part A, Part B and the new drug
data. The EPIC users group has held a meeting recently with its user group
federal agencies.

What makes a lot of this rapid development possible is that EPIC has about
50 million electronic health records users already, so not a lot of EHRs in
patient offices, but in the large group practices, the HMOs, it is already a
well established base. We can move ahead fairly quickly.

I think you can tell from what I have sketched out so far that many things
could change quite rapidly about research and clinical research, methods,
organization, financing, collaborations and users.

Here, I just laid out a range of uses that people talk about for these new
databases, some of which evolved through researchers or government officials
being able to go back on some cases from a de-identified database to look at
the individual records. It is graded in that order. FDA wanted to go back to
these firewalls and find out things about patients who have adverse effects and
try to figure out risk mitigation strategies. Genetic research, integrated
trials. You need to know things about subgroups of the population that have
certain characteristics that predict they will have heart attacks or seven
other different diseases for example that D-Code in U.K. have talked about in
the last month.

Heterogeneity results is quite typical for most treatments. They have a
wide variation of effectiveness. We don’t know for most clinical trials who is
benefiting and who isn’t. Again, that requires a big database and being able to
then go back and find subpopulations that are doing well and not doing well and
try to understand their differences, and so on through predictive models.

We can get more into this if you want to, if it is of interest to you.

Let me wind up with three slides here on the idea of this national data
system for clinical research. I think that is where all these pieces are adding
up toward. They are all easily conceptualized. It is pieces of new data systems
that allow us to advance clinical research in other related areas much faster
than ever before, and it is useful for public policy to talk about this as our
unique opportunity that we now have because of our technologies and out
databases. This is where I think public policy can make a huge investment and
big impact.

First of all, you can tell from the rapid learning paper and some of the
discussions in the IOM, I would give one priority as developing a national
system of rapid learning networks, however one wants to organize it that cover
all diagnoses in patient subpopulations. A major gap right now is the Medicaid
population. We can find statistics from Medicare at Kaiser, the VA has lots of
senior citizens, chimerical insured populations, a lot of special needs
populations at Medicaid are ones that we don’t have good databases for yet, so
that is something we particularly need to develop.

Obviously we need some standards for certified research databases and
registries. AHRQ has just issued a report on that. We should use these for most
clinical research and to develop the kinds of evidence based quality outcomes
and measures that we are lacking in so much of medicine.

To support all the missions of HHS health agencies, each of the separate
agencies in HHS have their own missions that could be facilitated by having
data networks working with them. I think that is going to be a key component of
thinking through federal policy.

National systems, comparative effectiveness studies of new technologies.
Again, I think this is fairly easy to do over the kind of evidence development
policy that Mark McClellan put in place at CMS. When a new technology comes to
the market we could require reporting to EHR type databases, research
databases, and then periodically reassess what we are learning about these
technologies, so we learn as much as possible as soon as possible about their
best use of real world data, and feed that back into requirements for more
practical clinical trials and other research.

Finally, I would put out for discussion, I think there is a — if you
really want to advance clinical sciences as rapidly as possible, I think we
need national databases for clinical research. That wouldn’t necessarily be the
whole country, but it would be a good size. I am thinking of the economic
databases that we built for Commerce and Agriculture, thousands of databases,
actually, that would draw from existing databases, from other sampling and from
research. They would be like the Human Genome Project, and try to take
advantage of that dynamic. We create an international true evidence base, not
just Medline, the studies, but a real evidence base for clinical care, of well
curated data, deidentified, that would invite anyone who wants to, all
qualified researchers and others, to begin to use that and to see how many
insights they can develop and to work together.

By open access, I don’t mean access to individual patient records by
anyone. You would set up this database that doesn’t allow people to read
individual records, doesn’t allow you to download individual records. The
search software doesn’t product subgroups smaller than two for analysis or
whatever that number is.

To conclude, I put that on the table. By looking at all these pieces that
are coming together and what everyone is working on, that is what we are
evolving toward. I think it is now time to start thinking about what are the
missing pieces of that, how could we make all these resources work well
together from that national systems level.

Finally, the final slide is missing, but in any event, I would just
summarize by saying we have a lot of potential here, and we are going to have
to have a lot of public and private collaboration to advance clinical care as
rapidly as possible. That includes rapid learning networks for all diagnoses, a
system of comparative effectiveness studies, and then these national databases
for clinical research.

I am looking forward to the discussion and to what Janet has to say.

MR. REYNOLDS: Thank you. Janet?

MS. MARCHIBRODA: Good morning, almost good afternoon. Thanks for having us.
We are pleased to be here. I applaud this committee’s leadership and focus on
secondary use of data.

You are probably expecting to see Emily Welebob. She plays a key role as
project director in two projects I am going to reference today in providing
some insights to you, one around the development of a blueprint. She in
particular supports the blueprint committee on improving population health as
well as a demonstration project that we are in the midst of launching as we
speak around the use of clinical data for safety surveillance purposes. She had
oral surgery yesterday. Is that a privacy violation? She asked me late
yesterday to speak on our behalf, so here we go.

EHI, just some quick background information, is a nonprofit group. We are
based here in Washington, D.C. We represent multiple stakeholders. These two
slides about EHI I think are relevant to the testimony, in that we bring
together physicians, health plans, employers, those responsible for public
health, all the different consumers, actors in the health care system that have
great interest in the issue upon which you are focusing both today and

In addition, recognizing that work around moving this agenda couldn’t just
happen inside the Beltway, that you really needed to get into the field, we
made a very strategic decision about three years ago to reach out and build a
coalition of communities, most of them multi stakeholder, collaboratives that
are also thinking about mobilizing information not only to inform care delivery
but also looking quite seriously at secondary data use for a whole host of
issues around population health.

I am going to draw upon three particular projects in providing insights and
answering the questions that you laid before us. The first is an annual survey
that we conduct. The second is the blueprint that I referenced. The third is
the collaboration that I will talk a little more about, that is going to do
some learning on the ground about how one does this and how one does this
appropriately. Draw upon particularly, as we think about the benefits and the
trust, and some of the things that you talked about this morning, some research
findings from our work around value and sustainability, particularly at the
local level, some research we did with consumers, and then finally lots of
conversations with folks on the ground that are trying to make this work. So
those six things will feed into our insights.

I drilled down with one slide on each of those to give you some perspective
on where they come from, et cetera.

The first is a survey. I am going to share with you some results from our
2006 survey. It touched upon 165 collaborative efforts in 39 states and the
District of Columbia; D.C. was in there, too. Data just in. I am going to give
you some 2007 early looks at the data, but know that they are not fully
cleansed, and by the time that your work is done, I will be able to update
those numbers and validate that those indeed will go in the final report.

We asked a lot of questions about, what are you doing, who are you doing it
for, how are you getting paid and what are your policies for information
sharing. So I am hoping this data will be very helpful to your committee as you
conduct your work through October of this year.

The second, I think this was really important. We spent about six years,
and we weren’t ready. We checked in two years ago, are we ready to put a stake
in the ground about how we see this world, how we see a transformed health care
system using information and information technology. Our leadership decided in
December 1 of 2006 that there was enough churn in the system, we had learned
enough and we were ready.

So we launched a blueprint process. This will be released formally. I have
provided some draft principles in this document that need to be approved
formally by the organization and the board on September 11, and then can
resubmit as a formal document.

It is led by our leadership council, again representing every stakeholder
in health care. I want to say in particular, in going through all of this work,
to comment groups like Connecting for Health and the AMIA project which you
will hear about tomorrow, and the many works that are out there. We drew upon
heavily that work. I think in the last six months or so, and even last year
with the consensus conference or the expert panel that AMIA had, a lot of
really helpful insights into our blueprint process and the work that we will do
on the ground in the learning lab.

The blueprint is going to cover five areas. I thought I could just pull off
one of them and give you the principles, but what I found in working with our
chairs, and here is a list of the five areas covered by the blueprint, we
tackle issues around trust and secondary use of data in nearly all of the
blueprint committees. So I think as you complete your work, what we would like
to do is submit all of the principles, because they are interrelated, whether
it is about the consumer piece and the trust piece, improving population health
clearly. Even on the incentive side, John Glasser and Alan Korn are grappling
with their committee on financing as well as managing privacy, confidentiality
and security. So this process is kicking off.

Then the final, and we are just in the beginnings of this, and I can give
you some insights so far, on a cursory look at HIPAA, the privacy rule and some
of the other regulations that we have looked at. We are kicking off a
collaboration that we hope will inform your work and inform the policy
dialogue, and help other communities across our country think about very
carefully and thoughtfully the use of secondary data.

In this use case, we are going to take three safety related use cases and
test them on the ground in two very advanced stage environments, and figure out
questions like, is this feasible, is this better than what we do today, how we
conduct — and you addressed some of the FDA issues and the legislation; does
this work better, is it more effective, is it more efficient, do we get better

One of the interesting components was how this connects with the clinician
on the ground, I think one of the great interests of the FDA in moving forward.

The result of the project won’t be just technical guides and interfaces,
but we are spending a lot of time looking at the governance issues, the
transparency issues, how do you do this both nationally and locally in a way
that builds trust, leverages social capital on the ground, and enables this to
happen in a way where all those are raised. We are also going to tackle — I am
thinking about your work, and we are building model agreements for how one
would do this in different markets. All of this will be placed in the public
domain as well as guidance documents about how you look at the different rules
and regulations and apply them. So it is more of a practical on the ground

Here are some of our metrics of success. The public trust component is
probably — the technical part will be hard, the legal part will be hard, but
it is the trust piece that is the most important and something that we really
focus on throughout this project.

So answering your questions. We started out with a long slide deck and
provided some data points giving where we are in our system, in our various
work processes, that hopefully will inform your work.

The first is, now these aren’t IDNs or hospitals, these are these
collaboratives. I talked about the survey. Three years ago, most of them were
just providing data to support care delivery, but clearly there is a movement
— again, the ’07 data is draft, but more and more of them are looking at using
the information through the exchange for areas other than direct patient care.
I won’t read these to you, but you can see particularly quality performance
reporting and improvement, that is very much more on the radar screen, both
nationally and locally, and continued focus on public health. The numbers are
not going up. We are still analyzing the data and pulling together the

The other thing we asked these multi stakeholder collaboratives is, what is
hard. No surprises here; the sustainability issue is really hard. That relates
to another finding I am going to share in a minute around secondary data use,
but still addressing the privacy and confidentiality issues, are complex and
difficult. It gets to some of the actions that I think are needed in response
to the questions that you have laid out.

You can see that perhaps with addressing privacy and confidentiality, they
are at a more advanced stage, and they are realizing how much more difficult
this is, much more so than they would have answered in 2006.

Addressing your question around providing context, enablers, things that
will facilitate restrictions. I just offer some of the work in our work under a
shared services agreement with Bridges to Excellence. It looked pretty hard at
90 measures, developed a series of measures with the American Board of Internal
Medicine, and through a study which was recently published analyzed both
quality and economic impact of various performance measures.

Here is a short list. There is a longer report that you can access, but
guess what? Measures with the highest clinical and economic value, we are not
going to be able to get there unless the work of this group, the work of other
groups and our movement towards grappling with the policy issues around
secondary data use happened. As you can see from a number of these measures,
they do require data that doesn’t fit in claims databases, but actually emerges
through the care delivery process and the record.

Speaking to your first question, and I touch on a lot of projects in a
short period of time, you asked again about enablers, drivers and restrictions.
We just finished a rather substantive project. It was funded by HHS, by HRSA,
where we looked pretty closely at this notion of sustainability. Remember that
was one of the biggest issues that we are grappling with the round in NHANE and
the network of networks.

So we put together a group of economics experts, business financing and
health care experts, and took a very close look at three communities, in
Cincinnati, Indianapolis and Hudson Valley. This is what we found. I tried to
take a 478-page report and put it into one slide, what is the upshot. The
takeaway for you is, sustainability is possible, and we will get there in a
subset of markets using the transactional models that made those three markets
successful. But in order to have widespread sustainability of health
information exchange across the country through an NHANES, with the data
elements that are needed in order to transform the health care system, we are
going to have to move to a stage two model for these initiatives. A stage two
model will require secondary use of data.

So we have got to figure this out. I will tell you, many of these markets,
the timing of this is really important, because some markets are moving ahead
with data use agreements that will restrict the use of data for secondary use,
because they are nervous, they are not sure how to interpret the rules. There
is this whole need for education, conversion of this really hard stuff, and
they perceive it as hard and complex and difficult in the guides that normal
people on the ground understand.

In the absence of that, they are saying, we will think about it later.
Let’s just get this data flowing for delivery purposes. So I think this is
going to be really important as we think about the U.S. health care system
needing to make this secondary use work.

Some final points before I close, as I was thinking about enablers and
restrictions. We did do some research, public opinion strategies down in the
Gulf Coast. Conducted some focus groups with consumers, with employers and with
physicians, and we also conducted a phone survey that we wanted to get a sense
of, did health information exchange freaked people out, how do people feel
about this notion of mobilizing data electronically and the use of their data
for care delivery purposes and other purposes.

What we did find is, their response to the term — and we can provide more
background — was relatively neutral, but when we shared more information about
how the data would be protected and what it would be used for, we got a
positive response across the board in all five Gulf states.

What we did hear loud and clear, and this echoes the research that you see
coming from the Markle Foundation and others, Harris, Pew, that it was very
important to address some of the questions that you are talking about, whether
it is consent notice, how will my data be used, et cetera. So this research
supports that.

Some final points, and I am watching my time. Policy enablers and
restrictions. The multi stakeholder perspective across the board from the EHI
blueprint process reveals that absolutely more clarity is needed through
discussion and consensus on many aspects related to secondary data use which
are outlined on the slide, accountability and oversight, disclosure, consent,
access control, security, remedies, very important.

In fact, we through the privacy and confidentiality group — and I
emphasize that these are draft principles, not yet final, they haven’t moved
for about six to eight weeks. They are likely to stay the same, but we have a
formal process for approval, that talks about some principles for which we were
able to get consensus around the use of information.

They look a lot like what you are seeing from the other folks testifying
through this meeting, around transparency. We should be clearly defining,
visibly communicating how the information is used, that consumers have a right
to know how their information is used. There shall be consent. Lots of
confusion about consent, lots of confusion, so clarity is needed.

There was some conversation about this this morning. Our committee said
that consumers and individuals should be able to limit when and with whom their
information is shared. Security, no surprises there. The audit function was
very, very important to this committee as they were thinking through
enforcement and accountability and oversight, and then clearly remedies were
extremely important.

Finally, you will see this very much in the Connecting for Health work,
looking at technology in isolation without thinking through the policies for
information sharing is a mistake. We see that on the ground every week, every
day, as folks grapple with some of these issues.

Finally, while not in a survey, we worked with about 20 states in
developing the road maps. We worked with our connecting community’s membership
and just talked informally with a number of groups on the ground that are
grappling with privacy and confidentiality issues and the secondary use of data
as part of that conversation.

Again, you have heard this, but I think there is a need for clarity and
guidance, perhaps not changes in law or regulation, but how to interpret
current law and how do we get to a code of conduct around how one handles these
issues will be very, very important in the years ahead. There are concerns
about privacy and confidentiality, and moving towards this need for building
trust and consensus through very transparent processes, open, transparent
processes on policies for information sharing is important.

In the interest of time, I didn’t reference it too much, but that was one
of the key findings out of the value and sustainability work that we did, was
that social capital is the foundation upon which all of this relies, as you
think about mobilizing data. That was really clear. I think in the early days,
maybe some thought that if you build it, they will come, and we could build
this big network. We could do this absent some of the conversation and the
building trust at the local level, but where we are with our health care
system, our current payment systems, where the data resides, that is not
possible. This notion of building social capital is very important, not only
for getting things going, but also for addressing these policies for
information sharing that you are talking about, particularly with secondary

Then finally, a great need for public education and communication. Real
voids in understanding there.

You asked whether current laws provide sufficient privacy and security
protection. Currently, and through our processes, we are finding that no
changes in laws or regulations are currently required at this point in time. We
could answer more definitively post September 11, but clearly guidance is
needed, guides, methods of interpretation, clarifications are needed.

You asked what would support greater understanding. More effective — I
have to tell you, our membership is pretty sophisticated. We follow all of this
stuff. We give them detailed updates of all the policies every week. The people
can’t absorb all of the things that are going on, so translating this
incredible policy work that is going on at multiple levels of the system and
contracts into guides that people understand will be really important in terms
of moving this agenda forward. Testing things through pilot projects, and then
more collaboration among the organizations that are tackling these issues.
There is a lot of collaboration, but you can never have enough of that.

Then I struggled with whether to put this in here, but I know that the name
of the group is the ad hoc work group on secondary data use. We have a multi
stakeholder leadership, there are about 45 of them, leaders across every sector
of health care. We originally used that term with our blueprint committee and
got a really negative response. They said no, no, you have got to take that
word out.

I was talking with them about why that was, and I think it links to some of
the insights that Carol Diamond had earlier around thinking that the data is
health information, that separating primary versus secondary may not be the
right path forward, placing the terms primary and secondary value of one versus
the other. There isn’t consensus that one is more valuable than the other.

Yet, you ask what is a better term, and we really struggled with that. So
we ended up with data for population health, not good. We are still working on
it, so by September 11. We look forward to contributing to your dialogue and
your deliberations in the coming months in three particular areas, the
learnings, the model agreements and the like coming out of the on the ground
demonstration project, our consensus blueprint process, and then finally, the
survey. There are a number of questions related to this. I was nervous about
releasing them so early. The data people are still working on the questions,
and I probably would have messed them up had I released them today.

That concludes our presentation.

MR. REYNOLDS: Thanks to both of you.

DR. CARR: Thank you, these are rich and very thought-provoking
presentations. My question is, as you have heard the speakers earlier and heard
each other, are there areas that you disagree with what anyone has said this
morning, or areas that you would emphasize one more than another?

MR. ETHEREDGE: I don’t think I would disagree. I think if I was listening,
I would add probably two points to the major players. One was insurance
companies. The paradigm many of the speakers were working through were the
clinicians or the health care provider being the major source of data.
Certainly the FDA legislation, that shifted; the major data source for their
use is likely to be health plans, the HMOs, all of the large insurer databases.
So I think the large insurers have an enormous amount of data, and they are
going to be active players and need to be brought into this discussion. And of
course, there are fewer of them than there are trying to deal with all the
individual providers.

The other group that is emerging and may emerge as being very important are
professional societies, largely stimulated by CMS in their ruling that for pay
for performance they are willing to accept data from professional society
organized registries. This has produced a lot of interest among almost all the
specialty societies in thinking they could be the source of registries to
advance clinical care and measure it. American College of Surgeons, for
example, there has been discussion with ten surgical sub-specialties about
creating a common surgical data file. That would provide something that has
been missing, which is a professional reason for clinicians and health care
institutions to take responsibility for the advancement of clinical care in
their area.

So that could become an important factor in the next year or so.

DR. CARR: Just to follow up on that, in terms of what we heard earlier
about the importance of trust of patients with their providers, what might you
say about the relationship with the payors as the provider of data and that
trust relationship?

MR. ETHEREDGE: I think that is a bigger issue. Unfortunately, I think
people have a bad idea about their insurance company. They don’t realize that
almost all of the data would be — they wouldn’t want people to know about, it
could be used for employment purposes or other things if the insurance company
already has the diagnosed procedure or the prescriptions and the lab test

So there are a lot more huge databases and not very well paid employees and
so forth. I think if I had to worry about one area that is going to be — one
has to worry about confidentiality, it would probably be more in the insurance
databases than in the health world.

Trust. I think the basic rules we have are pretty good ones. I think there
should be a basic principle that an individual has the right to not have their
data disclosed, either parts of their data or all of their data. So I doubt
that many people will actually do that, but I think that should be written into
the system.

But as I was trying to lay out in terms of the uses of data, very few of
those uses require anyone to have access to an individual patient’s record.
They are all statistical use — almost all of them are statistical uses, and
one can create a database that has rules that do not allow people to view
individual records, particularly if these are systems that have well curated

What researchers often want to do at the primary level is, they want to
look at every one of those data files to find out if they have outliers, and to
find out what is going on. If you curated the data at another level, then there
is very little justification for going back or any need to go back and look at
it, for most clinical research purposes, to go back and look at individual
patient files. You can build in those kinds of safeguards.

So I think we have a good basic structure of laws, but we need to make sure
that we build those into the software, so most people can’t get at the data
through individual patient data.

MS. MARCHIBRODA: Can I say something about trust? We are seeing this on the
ground quite a bit. The markets that have effectively navigated policies for
information sharing have been neutral, they have been open. They have invited
those who agree and disagree to the table to air differences. They have
published the deliberations. They have been very transparent, and they have
used process.

They have decided as a market, and it is not clear that one size fits all
around where you will end up on your policies and your information sharing, but
given the history of the market and the level of trust already built, they
decide together with consumers at the table about how we are going to do this
in our market.

It is not clear that changing regulations or legislating something is going
to get you there, but so far, we haven’t written a paper on this yet, but we
are seeing that that is most affected. There are many examples of this.
Memphis, Tennessee is one that did a lot of work leveraging the common
framework of Connecting for Health to get there.

DR. COHN: First I want to thank all of you for some very interesting
testimony. I had a set of questions for you, Janet, but I wanted to follow up
on what you were commenting on first.

You had commented about markets, about markets that have dealt with the
issues of privacy and confidentiality. When I first heard you, I was thinking
of other types of industries. It sounds like what you are really talking about
is localized environments in health care that have in your view successfully
navigated the trust issue, is that correct? Or are you talking about other

MS. MARCHIBRODA: Thank you. When I said markets, I meant geographic
communities where information will be shared, both for care delivery and
possibly other uses.

DR. COHN: Just following up on that before I ask my basic questions, do you
have other examples of other — taking markets how I first interpreted it,
financial markets or other environments that have successful paradigms that you
might be able to reference on this one?

MS. MARCHIBRODA: No, not at this time.

MR. ETHEREDGE: I think I would say that there are some things worth looking
at in terms of other federal data systems, particularly economics statistics,
where we spend several times what we do on health statistics. Some of them
collect thousands if not tens of thousands of data series about everything in
the economy with detailed questionnaires that disclose individual companies.
But all of that is done with privacy. What emerges are huge federal databases
on the price of AIDS in every market and thousands of other factors, wages and
hours worked and productivity and so on, aggregated.

They are from individual reports, but there is confidentiality agreements.
The only thing that then gets reported for researchers and for other uses are
the level that they are legitimately used for understanding social trends and
developing models.

I was just looking at agriculture statistics. There is $150 million in
agriculture statistics collected by the federal government, more than we spend
NCHS. We can track 99.5 billion eggs in the country at a level you would not
believe, including where the breakage occurs and how much in the whole chain.
So there are large areas of data where the federal government by using
statistics, confidentiality, have been able to get a lot of individual level
company and other reporting, but is then able to turn it into databases that
are rich and very useful without violating security or the confidentiality
agreements with which the data were contributed.

So I think there is a lot that has been worked through in these other
areas. It may not be as sensitive to the corporations involved as much as the
health information is for individuals. So there are models to look at.

DR. COHN: And you have come up with some other ideas also about other
industries. I was just thinking of whether there were other industries to look
at that had also used trust models and how does it all work, just so we could
maybe reference them. If you come up with something later, let me know.

The question I was going to ask you though which I started out with
actually had to do with your financial sustainability model. I wanted to find
out a little more about stage one and stage two, stage one being the
transaction model and stage two being the infomediary model.

Can you talk a little more about the characteristics of data use or exactly
what the perception is that RIOs or HIEs or however we are describing them at
this moment, the characteristics of their data use, or however this works in
terms of secondary applications in both of those models?

MS. MARCHIBRODA: To reference your first question, what we struggled with
in looking at different markets, health care is different. Maybe my money went
to a different account, or someone knows how much money I have.

Let’s take the financial services industry. I can figure that out. There
are remedies, and I can get it back. But if I have HIV/AIDS or I have
behavioral health problems and I lose that, what sort of remedies? I can never
take it back. So I struggle personally, this is not an official statement of
EHI, but I struggle personally with how we might look at other markets.

I really do think this is different. It takes not only rules and
regulations, but a human element and figuring out how to navigate this path

Your second question. We looked pretty hard at a number of markets, 11
markets, and then three in particular. There is progress being made by a
handful of markets across our country around this notion of a transactional

Cincinnati Health Bridge and Indiana Health Information Exchange are two
examples of that, are helping to reduce costs, whether it is for hospitals or
laboratories of physician offices, around transmitting data that already gets
transmitted through other means as part of normal health care delivery
practices, whether it is clinical messaging or access to medication information
and the like. But clinical messaging is one that is demonstrated ability to
achieve a return on investment and break even, particularly in those two

This notion of an infomediary is one which we are beginning to see some
movement in different parts of the country. Mark is sitting two down from me,
and probably one of the examples that I would point to is the work that Indiana
is doing around public health surveillance and most recently around informing
how one is doing from a quality standpoint, around quality performance,
providing that data — this is the beauty of doing this locally — within these
collaborative markets, providing how physician practices are doing and
providing that information to those responsible for population health, those
who pay for health care, but also feeding that data back for improvement
purposes. So that would be an example of an infomediary model.

Your question was how — does that answer the question?

DR. COHN: Yes, it begins to. I wanted to look a little further into the
financial models to see, since you were indicating that people in stage one,
the belief was that HIEs would not be successful until they moved to stage two.
I was just trying to figure out where the financial transactions might occur or
the sustainability, who is paying for what as you move into stage two.

One hears secondarily about people taking data and deriving some sort of
financial benefit for secondary purposes. I was just trying to identify whether
in stage two that was what was happening, or whether that is a different

MS. MARCHIBRODA: There are a number of ways that service delivery under
both models convert into revenues that can sustain a health information
exchange. In many instances for the transactional model, one pays through
service fees or even transaction fees in some cases for the provision of that

The question is, how does the financial model change with the informediary
model. Currently for those who are employing the infomediary model, I could
give you factual data looking at the survey. Service fees are also charged for
such services. Such service might be the development of a report card, the
development of a service that feeds back data to a clinician on how he or she
is doing on his or her diabetes patients, and the like. So the fees are

I wanted to make a statement — when you first asked your question, I
wanted to be very clear and for the record that sustainability is indeed
possible and actually occurs with a stage one transaction model, absolutely.
But as we think about value based health care and where we want to move, in
order to drive widespread sustainability across all markets in the U.S., all
pockets that might otherwise be left behind, we believe that we will need to
move to a stage two infomediary model.

MR. ETHEREDGE: If I could just add, I think the payors have a very big role
here, if we decide as I think we should that these are national objectives,
building this into their pay for performance or pay for reporting requirements.
So there is a requirement for the data to be submitted and for a payment that
reflects those costs. If you don’t do that, you are not a preferred provider,
which is a financial incentive for using hundreds of billions of dollars to
participate in these kinds of networks.

So I agree with Janet, I think this will move much faster if we create a
national set of economic incentives to move in this direction. I think the
large payors, the insurance companies and government programs, actually have
limited power to create the payment differentials and requirements to make the
data that we need financially viable and attractive.

MR. STEINDEL: Thank you for your talk. Lynn, this is mostly addressed to
you. I am very concerned about what seemed to me an overall premise of your
discussion, in that large databases of convenience are good, and that we can
derive information from them.

I was very pleased in your response to one of the questions that was asked
of you when you pointed to NCHS and the type of statistics that they gather in
the halls of this building. Also, if you will please note to Ed Sondik that he
did note that they were vastly underfunded.

MR. ETHEREDGE: I will attest to that.

MR. STEINDEL: I think your point that you made was that if we spent the
type of time and energy in focused statistical studies and collecting data on
the health care system, we would probably be much better off than we are today.

You constantly compared this to the economics statistics gathering system.
As Janet pointed out, it is a vastly different market. In the economic system
we are dealing with business sectors that actually need this data to do what
they need to do to move their companies or their products forward. Where in the
health care industry, and we have talked about this a lot, it is basically a
set of cottage industries. There are groups working together, they are
uncoordinated, they are delivering the health care they were trained to deliver
in medical school, and we are trying to move away from that model. So it is a
totally different paradigm than what we are looking at in the economics model.

I think that is what is missing a little bit in this massive database idea.
I can say that, and I don’t know if I should say that. I am at CDC, and right
now we probably have one of the largest massive databases, convenience data
gathering going on with our biosense project. We are doing a marvelous job of
every 15 minutes collecting real time data from over 350 hospital EHRs. We are
doing a wonderful business for the disk drive manufacturers.

Now, having said that, one of the things that are constantly talked about,
and one of the things that Congress is constantly asking us about, is what are
you doing with the data. It is massive, it is large. Whenever we look at it, it
is difficult to handle it is difficult to ask questions, it is difficult to get
our hands around the answer.

Now I am hearing that we are talking about a collection of gathering 100
million records for drug studies. I know these exist. When CDC was approached
several years ago, I sat in on several meetings on this from the
clearinghouses, that are sitting there with this data right now. They have the
medical claims, they have the drug claims, they have this information coming
together, and we were interested in looking at it for looking at drug
resistance in the community.

First of all, they wanted to charge us for the data, and we found out it
was very expensive. Second of all, when we started looking at it, we found that
it really wasn’t that useful from that point of view, from looking for the
needle in the haystack. So I am very concerned about this movement forward.

MR. ETHEREDGE: At one level I agree with you. We do have a lot of questions
to be answered about which databases you can use for which purposes. I think
where we are starting, the FDA is about right; you look for large databases and
you look for things that are obvious like death, is Vioxx killing people. Those
are things that should be very fine tuned differences between competing drugs
you probably need randomized clinical trials for.

First of all, I think I would disagree with you on the economic data. I
think it is very common. Most of the firms in the country are small,
fragmented, et cetera, just like health care. That is one reason the federal
government decided decades ago it needed to create a national data system in
order to serve the entire community and all the industries and economic policy
making. So I think it is very common.

This gets into technical details. I think just collecting data and putting
into databases is nuts. People at NCVHS and CDC understand this. You really
have got to decide why you are doing it, what the sample size is you need. If
you need 10,000 patients, why collect 100 million records. You want to curate
the data, you want it to be, as you do for economic statistics, carefully
sampled so you have representative samples for what is going on.

So I certainly agree with you that just mushy data or buying data or
selling data because it is data is not something I would support. It is a waste
of an enormous amount of money, it creates a lot of garbage in the system. As
you know, if you are not careful, you can produce error very quickly as well as
truth with the big databases. So we have got a whole profession that has to
develop — and FDA is going to be wrestling with this mightily — about what is
a signal and what does it mean you have to do and so forth, and what database
do you use, how do you go back on the basis of science and try to see if it is

So I would not want to underestimate what you could do, but I wouldn’t want
to lose the real world experience. Ultimately we do want to be able to predict
the basis of health care or any science, if you do A, B, or C, what will
happen. We do need to be able to predict what will happen with real patients in
the real world.

Again, the database of convenience, yes, I understand the database of
convenience, but let’s look at what we are contrasting this to compared to what
we would have on patient safety. FDA has been using voluntary reports. It was
getting 25 or 30 admissions a year to hospitals as a well of digoxin. They went
back to the Medicare database, which included 98 percent of Medicare which is a
pretty good sample size on 40 million people. It is subject to not a lot of
adverse selection in terms of the total universe. They were finding tens of
thousands of admissions per year easily found through the database.

So we are dealing with not a few percentages of differences. That is the
level of ignorance. In most areas of health care, where we are starting is
trying to understand several hundred percent variation and use of the
procedures, not two percent or five percent or ten percent. We should be able
to get some insights. I think it is worth checking these databases for sure to
see if we can get some insights into whether all this amount of money that we
are paying for actually is making a difference.

So I would agree with your aspersions about databases of convenience I
would subscribe to. It is why I do think, although we can’t get into it very
far here, I think we need a national data policy for clinical research that is
going to begin to shape for the public and all the users the kinds of
databases, the kinds of well constructed registries that are going to be
useful, the kinds of networks that are going to be useful. CDC has done that
with the vaccine safety data link, NCI has done that with the cancer research
network. There have been hundreds of studies out of the HMO research network.
So I think it can done. I don’t want to minimize the work or suggest that it
take place without a national policy or without a lot of professional input on
the structures that would be useful.

MR. STEINDEL: I thank you. Those clarifying remarks help a lot.

DR. DEERING: Thank you very much, both of you. I wanted to ask for a little
bit of perspective from each of you around the issues of, on one hand the
perceived proprietary value of information from the side of the various health
care organizations who own it, and on the other hand the intellectual capital
value of data from the side of the researchers who may happen to have it.

This derives from the experience, that everybody loves the idea of what you
can do with more data. The vision that everyone has pointed to, they say, oh
yes, I want more data, but does that mean I actually have to put something in.

Just to remind us of how bad it is, there is an individual who shall remain
blessedly nameless, who is now very active in this area, very proactive and
positive in this area, and whose organization is very active in many of the
groups that are represented around here, who back in 1999 or 2000 at a meeting
specifically said, there is no way we would ever give your data out to the
people across the geographic area. This is our bottom line. CAB came relatively
late to the population health activities, and it was a population health
researcher who said you will get my data when you pry it out of my cold, dead

So the question to the two of you, clearly we have begun to make some
progress in the health care provider space. Indianapolis certainly paved the
way in terms of overcoming the proprietary value concept of the data. So I want
to ask both questions before either of you answer. The question to Janet would
be, based on talking with your communities that you looked at, can you say
specifically whether there are any particular practices, incentives, et cetera,
that helped overcome their perceived or real proprietary interest in their

For Lynn, in the cancer research network, I happen to know they don’t
actually share their data, they just structure it similarly, and if you want to
do research, you send a query to one of your fellow partners and they do the
research for you and send back the answer, or something very close to that. So
it is not a true data sharing. It is because of these perceived privacy and
industrial intellectual capital issues.

So the question to you, if you are putting up the HMO research network up
there as this major source of data, what do you think, or have you already
observed practices and policies that have helped pry a little bit of that
loose. Strike that, not pry it loose, but encourage them, enable them, to make
it available.

MS. MARCHIBRODA: It is best captured in the slide. One of the major
findings of the report was that — the economic problem of health information
exchange is that given our current payment system, may militate against this
notion of a patient centric point of care data collection and use. And because
of the way we pay for health care in our reimbursement systems, it fragments
the data and it gives payors and providers a reason as you said to silo and
hold close information, and not work together.

So given where we are with the current health care system, you asked about
strategies to overcome that, which is why we talk about the need for aided with
national standards and policies around an NHIN this really needs to move from
the ground up, because given the current system and the silos you mentioned,
you need to build social capital to find that latent demand and market for
exchanging information, whether it is from a transactional basis or looking at
a stage two model.

So strategies are good old-fashioned reaching out, walking in your
customer’s shoes, building trust, thinking about the community’s good as
opposed to my own good. This is very, very difficult, and there are many
challenges in communities across the U.S. around this issue today.

In addition to social capital, which is a necessary element, what we are
finding is the human capital side, where having business acumen and being able
to convert value that emerges from the social capital foundational process into
real pro formas and business plans that actually deliver value and give you
enough funding to sustain something that really works against how our health
care system operates today.

DR. DEERING: Just one small addition. It seems to me that what has been
accomplished through the government paying people to collaborate is that it has
probably also begun to build up a demonstration that you are not harmed by
doing it. In other words, there has been no experience of harm — that is a
negative finding, but negative findings are good in science — in any of these

Now, there may not be a positive benefit as you have said, because the
sustainability issue is still very difficult. But at least there has not been
overt harm experienced by those who have tried it.

MS. MARCHIBRODA: Over the long term, and I failed to say this, we really
need to change the way that we pay for health care, and that ultimately will
line benefits and costs up around our system. That has to happen in order for
there to be widespread proliferation of this.

MR. ETHEREDGE: Mary Jo, great questions. On shared data, I think you are
right, most of the networks we have now do not share data. It is why I was
emphasizing that we do need a — I do think everyone would benefit from a
national database that is shared data. But I think the federal government needs
to create that federally and do it right for everyone to use.

At the moment, everyone who has got their own database wants to keep that
for themselves and contract to do the studies themselves. The common research
that is done is — my understanding is the same as yours — is that there will
be a common protocol that is negotiated among the HMO research network, for
example. The data is run to that common software, because most of them use the
EPIC system, and then summary statistics are reported back to the principal
researcher. But for privacy reasons as well as proprietariness of data, the
patient records never leave the individual institution.

Aside from all the other reasons, there are also some legal issues involved
with that, that came up with vaccine safety data link, as I understand it.
Originally the vaccine safety data link data worked the other way with ongoing
computers, but there were threatened lawsuits because that is used to make
decisions about insurance and compensation, and the drug industry wanted that.
So the data has been moved back to where it resides in the individual plans
behind the HIPAA firewall. So there are legal issues that come up there.

That is why I am drawing the distinction and saying if we really want to
move forward with a national data set, like the Human Genome Project, we need
to build that. FDA is going to find this. They are not going to be able to buy
the data. They don’t even have a mainframe at FDA. They want to contract out
all of this, so it is not such a big problem for them.

In terms of the researchers, I think you have captured the essence of how
researchers view sharing data. I think that is the problem. That is why I
mentioned the economics of the commons. The commons are used to this. But it is
insane for you guys not to share data among yourselves, because you will all be
so much better off if you had all these data.

So I think the government either creates an actual database, which is the
easiest way around this, or it steps in and says, you guys are all funded by
NIH; part of the conditions of your getting public funding for your research is
that not just your journals articles, which go into a common database, but all
of your data within two years after you finish it, you get to publish off it,
your data to EHR or CDISK standards goes into what is literally an NIH evidence
database. The reason to do that is, that is the most carefully collected data
that we have. Professional researchers are doing it, they are careful with the
data. There is a lot of data.

In my view, that should be a requirement of NIH funding, that the data gets
reported. That is consistent with good science which is, your whole database
ought to be open to other researchers to look at, not just your published
research summary statistics.

This goes back to what we were talking about a little earlier, which is
CDISK. Technically, what is holding that back is, NIH and FDA as I understand
it decided they wanted to work with the pharmaceutical committee on a separate
set of data that they call CDISK, that overlaps what is on the electronic
health records, but would be useful mainly for all these clinical trial data
that pharmaceutical companies have to submit to FDA, but also every other
regulatory agency in the world. Talk about negotiating standards; this is a
very difficult process.

So I think public policy needs to face up to the fact that we need to get
the research community on electronic health record standards, CDISK or whatever
merger that is. That needs to be recorded to public databases after you give a
couple of years for people to publish off it themselves. FDA needs that. There
are still boxcars almost of data, of paper, that comes to FDA. They need this
on a disk that says here is the clinical trial data, and then they can use
sophisticated software.

Plus, now when you try to look at a dozen studies that have been done or
two dozen studies on any drug, there is no evidence base to put together. You
have these summary statistics from each of the different studies, and one needs
to meld together, think how you put apples and oranges. If we did this right,
we would have a common accumulated database of clinical data that goes into a
real database on each of these new drugs, and then can be progressively

So again, that relates to the CDISK standards. I think it is an enormous
benefit. The quality and quantity of careful research level data for clinical
purposes, not ad hoc collected as some other data is, if we can get the NIH and
the FDA, the HHS to start to require that.

You set me off. Sorry.

DR. OVERHAGE: I guess this is primarily directed at Lynn. One of the
challenges that I see among many is, you talked about for example submitting
data. So the immediate question that comes to mind for me is, which data are
those to be submitted to be collected, to be standardized.

In fact, it is almost a challenge. I don’t think that is feasible, having
tried to use routinely collected data for clinical research for many years, to
anticipate what the important pieces of data for any particular purpose are
going to be, even when it is pretty well circumscribed. So how do you reconcile
the dynamic learning network kind of approach with a circumscribed set of data
in standard format? Or maybe I misunderstood.

MR. ETHEREDGE: It depends what the purpose is. If I put my OMB hat back on,
we have huge issues that need to be solved with public policy about variations
of hundreds of percent in heart disease, cancer, diabetes, high blood pressure.
We actually have good measures for those in databases that get recorded.

There are a lot of things we could look at. We have a lot of drugs that are
supposed to be used for those. We discovered when you look at the Medicare
data, there are huge variations in the use of drugs in Medicare for all these
different kinds of common conditions. We are going to want to know if there is
a difference in the effectiveness of these drugs in different populations.

So I think we do have a number of cases where we have good measures of what
we would like to look at where we don’t need new data. Where we will need new
data is on new technologies. There we do need a national system of deciding a
research program for new technologies, of what data need to be collected, we
think need to be collected, who is going to collect it, how is it going to be
recorded, the kinds of things that Medicare deals with in coverage of evidence
development. Then we look at that periodically and decide if we are collecting
the right data or if we need more data.

DR. OVERHAGE: If I can follow up on that because I would like to clarify,
you used the example of hypertension and treatment and even reference to Part D
data that may become available through Medicare at some point. But the
information may not be there.

First of all, as Janet outlined, clinical measures aren’t there routinely
and are not available in very many of these large databases. So even simple
measures like what is the systolic blood pressure are not routinely collected
and available.

But even if those were, the thing I was trying to get at is, even for the
quote-unquote simple thing, what other data about the patients would be
relevant to help decide what the optimal choices are. For example, it might
turn out to be a particular genetic characteristic of the individual and their
ability to metabolize a drug. It might turn out to be the fact that they are on
other drugs. It might turn out to be — the list is endless of data elements
that you might need in order to do that simple question of how do we eliminate
variation in treatment of hypertension if we don’t understand the details of
why one individual responds and another doesn’t for a particular therapeutic
regimen. I don’t know how you bound the data.

MR. ETHEREDGE: I think those are excellent questions. One implication of
that it is one thing to have a national health data policy, a sophisticated one
to begin to address these issues. I think it is not feasible to say we are
going to change the standard for all electronic health records in the country
to collect the following 25 new elements for each hypertensive patient. Those
become enormous burdens, and it is very controversial.

To my mind, I see these general use electronic health records but then, I
would like to see a whole development of specialized rapid learning networks
with registries, so the physicians who treat hypertensive patients, there would
be a registry just as there is for bypass surgery right now, or cardiology.

You probably know much more about this than I do, there are always problems
with those. But I do think that we need to be thinking about a network of
registries and data systems rather than try to think that every electronic
health record or Kaiser or Geisinger are all going to be collecting all the
data that we need.

But there are some areas that just cry out for it. I mentioned cancer,
where we are losing huge amounts of data. Pediatrics; I have been talking to
people about a rapid learning system for children’s health. A lot of drug use
is off label, so there are gaps in data. There are lots of special needs kids.
Most pediatric practices, even pediatric practices, are small. They don’t have
a large enough database to do good research on their own. Even the EPIC users
group with Childrens Hospital in Philadelphia, which is a genetics database for
their patients with Kaiser and Geisinger, all of whom are getting genetic
databases. You would have an ability to do very sophisticated research in
organizations that would have leading edge data.

DR. VIGILANTE: A couple of things. Awhile ago, Simon said something about
trust models from other industries. Yes, there are some interesting trust
models in medicine. Christine shared a paper with me last year by David Tome.
He looks at trust in physicians, in measuring it; he has a scale.

There are three elements of it. One is competency, are you capable of
operating on my brain or not; agency, whose side are you really on, are you
limiting my care because you are working for the HMO or are you really my
agent, and the third was communication, do you communicate with me in a way
that engenders trust and gives me the information that I need.

He has applied this not only to individual physicians, but to institutions
as well. It struck me as an interesting construct with some analogs in what we
are doing here. If you were to say competency is your capability of protecting
my information and being the appropriate steward of my information in a way
that doesn’t put that information at risk, whether it is through policy,
procedures, technical capabilities, audit capabilities, whatever they may be,
that is the competency leg.

The agency leg is really very important. Whose side are you on? Are you
doing this for profit, or are you doing this to get your name on a paper so you
can promote it and get tenure? What are your motivations for collecting and
sharing this data? So the agency question is central.

And communication. I think what we have heard is, people really don’t
understand what our motivations are or what we mean by consent, or how this
data is going to be used, or whether you are going to be at risk or not. The
manner in which you communicate that either can engender or undermine trust.

I haven’t really thought this through, but it is a tantalizing model to
think about in addressing what is a fundamental issue in this whole

Getting back to your presentation, like Mark, I think you could think of
tons and tons of barriers as to why this would be a challenge.

MR. ETHEREDGE: I knew you guys are the toughest audience.

DR. VIGILANTE: No, no. You talk about data issues; I think there are
cultural issues. The randomized control trials have been called one of the five
greatest scientific contributions of the 20th century. A whole generation of
people were raised on it. We can’t even absorb that information. Now we are
going to be churning out information much more quickly. How are we going to say
who is going to be the arbitrator as to what is good and what is bad.

But that all said, I do think it is a good thing. I think it is a way that
we need to move. I think the speed with which we provide evidence on which we
base our decisions today is much too slow, and it is not based on generalizable

So it occurred to me that what this really is about is not just a national
data set. Maybe it is more about patient centered research. This notion of
patient centered care; maybe this is really about research that emanates from
patients that are more representative of your patients rather than being
filtered through exclusion and inclusion criteria, and then is available more
rapidly for the treatment of patients through real practitioners.

It is just a random thought, not fully thought through, but something to

MR. ETHEREDGE: I think that is excellent. It is what I think, and some
other people, mainly people who build predictive models think the same way,
because I have seen them used in economics. People are getting overwhelmed by
data that is so complicated that they can’t process it, and now there is a lot
more coming up.

We need to move toward useful predictive models that help people make
decisions. Ultimately it isn’t about our data, it is about turning it into
predictive models and decision assistance, so that at the point of decision by
the doctor and the patient, we have a tool that encapsulizes the best available
science and data in a useful way that they can use it at that point in time.

So yes, I think it is not about the data. It is about finding ways to make
it useful.

DR. SCANLON: I’d like to go back to what Mark and Lynn were talking about
earlier. I want to go there in part because I want to draw up some boundaries
for what we are doing, and also because I think maybe it involves mixing some
of the old world and the new world.

The Medicare database, when we add Part D, is going to be an incredible
improvement in the Medicare database, but it is still kind of old world. I
don’t like the term administrative data. This happens to be clinical data, but
it is submitted with a claim, is what it really is. There is richer clinical
data elsewhere, but still, there is a lot of clinical information that is in

But I would like to know how much further you envision these databases that
are going to be built in terms of going beyond what the Medicare databases are.
When you talk about a Kaiser or a Geisinger, it is very easy to say they have
got electronic health records and they are a single entity, and every time some
information comes into the electronic health record it is available to them for
research within the organization. That is an easy concept to grasp.

Now, when the FDA goes to put together something to comply with if this law
passes, they are potentially back into the administrative data. They are almost
like that person you described getting a research grant, going out and
collecting information. They are going to have to go solicit data that is going
to come in. It is going to become for the moment a fixed database, and then it
can be updated. But it is a whole lot less in terms of potential than a Kaiser
or a Geisinger, where you have got this rich electronic health record.

So do you see us moving beyond the old world on a national basis? If we do,
I think this comes back to the first panel discussion, then what about the
issue of consent and trust? It is a whole different thing when we say to you, I
am treating you and I am passing along everything to some other entity that
they are going to use in a variety of ways, which we don’t know what they all
involve today.

MR. ETHEREDGE: I think those are wonderful questions. I think I would just
stop with your questions. Literally up until two weeks ago, I was talking about
rapid learning networks, and I said, you know what I think this really is, when
I got the invitation to speak here? I think this discussion needs to be about a
much broader longer term enterprise, which is, what is the national data system
for clinical research, how do we develop it and how do we use it.

So I don’t know where I am going to be in another couple of weeks, but I
invite you and the committee to answer the questions. I would love to see your

DR. TANG: I really liked Janet’s social capital. I think in a sense that is
what Clem and Mark did for over a decade, and you can’t replace that. You can’t
even buy it. So I think it goes back to the trust thing.

The other one is, you get what you pay for, to address Lynn. It ties with
Mark and Bill’s question. Just like we say multiple data doesn’t make
information, numbers don’t make even data. I worry about the billing data
because just aggregating more of it, you said it yourself, we will just make
mistakes faster. I truly worry about that. We will come up with false
conclusions and harm patients, absolutely.

MR. ETHEREDGE: That is why I particularly talked about using electronic
health record databases. I have tried for decades to use the Medicare claims
data, which is why I think this is maybe — EHR may be the 21st century

DR. TANG: But it seems we have to always qualify our statements about the
value of all this practical experience and all this free — you get what you
pay for. Even Mark’s example of the hypertension drugs, you don’t even know
what the drug is being used for, on label or off label, let alone all the other
contexts. So I am a little nervous about having a free range discussion about
value of large data sets without the qualifiers, that’s all.

MR. REYNOLDS: That’s all the questions. I’d like to make one comment.
Simon, you mentioned earlier what are the markets and other things. As you
listen to this discussion, we always tend to talk about health data

If you think of those of us who give speeches, you ask a number of people
in the room that do Internet buying, where as long as that screen comes up and
says that it is a secure network, you are willing to give them anything.
Everybody uses a Kroger card or something else, and everybody calls an 800
number to buy something and give them all the information.

So I think in this world that we are dealing with, as all the speakers this
morning have said where are we going, and you have set us on a journey. There
is inherent trust for some reason in buying on the Internet, but nobody signed
anything, nobody said anything to each other, but yet, Americans are giving up
their data hand over fist. The Home Shopping Network, the senior citizens
getting on the Internet or talking about their health care are buying stuff
like crazy given an 800 number.

So we also have to keep in mind that this whole discussion of trust we get
ourselves wrapped up in, how can those same people lose it, and as long as that
screen comes up that says you are entering a secure network, give up a bunch of

So I’m just asking that we make sure we take every paradigm that is out in
this current world, and as we think about how trust is getting afforded,
because the Internet in many ways may be the most dangerous place you could do
your personal business. But on the other hand, people do it without hesitation,
the same people that won’t put their hand up when I am making a speech about
whether they want any of the health data.

So as we look at this, there is a world out there now that is acting in
many different ways, and at least we have to think about it as a filter, so
that we don’t get stuck in the same paradigms that we have always been in
before. That trust has almost been automatic and with no concern. On the other
hand, we get really freaked out on some other stuff.

So it is something to think about, because it is the actual person that is
giving the trust to somebody they don’t have a clue. As we talk about a network
of networks, and we talk about privacy, this whole idea of where is the data
going, it could be stopping in other countries and you don’t even know about
your data, but for some reason we have bought in.

So just a thought, not anything other than a thought.

With that, it is 1:12. We are scheduled to be back at 2:30, so I will see
everybody then. Thank you.

(The meeting recessed for lunch at 1:15 p.m., to reconvene at 2:35 p.m.)

O N (2:35 p.m.)

Agenda Item: Clarity of Current Law Relative to Uses
of Health Data

MS. MC ANDREW: We are being rebellious here, and we are going to let Dr.
HIPAA start us off.

DR. BRAITHWAITE: There is always one rebel in the crowd. What we are going
to do is tell you what we are going to tell you, tell you what we told you, and
then really tell you what we told you, because you now have three people here
at the two-seat panel session. I am going to try and give them our
philosophical overview, and Sue is going to get down into the HHS position on
some of these issues, and then Julie is going to focus down on research as a
subtopic that we are working on here.

Almost every time I talk about HIPAA I have to say this. You heard this
several different times in different ways, that the concept of privacy is based
on the principles of fair information practice, which were generated by the
U.S. government, it turned out, in 1973, used as a basis for the Privacy Act of
1974, and thereafter used as a basis for virtually every privacy law that was
passed in other countries, but never ours, since then.

So these are not exactly word for word of what you heard before, but this
is my personal distillation of what these principles of fair information
practice are after the many years I have been working on this. They are
basically three, with a couple of supportive ones.

The first idea of notice is that the existence and purpose of recordkeeping
systems must be known to the subjects of the information in those databases,
the choices involved, that information can be collected only with the knowledge
and permission of the subject, used only in ways relevant to the purpose for
which the data was collected, and disclosed only with the permission of the
subject, or some overriding legal authority like a public health law that
balances the individual’s privacy versus the public good.

The third and last of these is, individual rights to see the records and to
go through some due process that assures the quality, by which I mean the
accuracy, completeness and timeliness of the information in that database, is

None of those three things can be maintained unless you also have security,
by which I mean reasonable safeguards for confidentiality, integrity and
availability of the information in the databases, and enforcement of both the
confidentiality principles and the security principle that result, where
violations result and reasonable penalties and some mitigation.

So that is the basis. These principles in fact are the basis on which the
HIPAA privacy rule was written. It is not written down anywhere like this that
I remember, but Congress told HHS, do a privacy rule because we can’t pass a
law. After three years of trying they couldn’t do it. So we did it. We wrote
these rules based on those five principles.

At the highest level, it is important to understand that there are only two
cases where HIPAA requires disclosure, when the individual wants their record
and when HHS wants to investigate the record to determine compliance.

Everything else under HIPAA is permissive. This is both a good thing and a
bad thing. The bad part of that is that covered entities can and do provide
greater protections if they want, preventing uses and disclosures that HIPAA
allows. Not only can they do that, they often blame HIPAA for the restrictions.
So it is a double edged sword in that respect.

Not in the slides but important to notice is that what is protected here is
individually identifiable health information in the hands of a covered entity,
someone who is covered by HIPAA, or their business associates. This does not
include people who are not covered entities, and it does not include
information that is not individually identifiable. So if you deidentify
personal health information, it is no longer covered by HIPAA. If you buy
Tylenol in the Safeway store and check out at the cashier, that is not
protected health information. But if you buy the same bottle of Tylenol in the
pharmacy which is a covered entity, it is. So there are some nuances there that
have to be kept in mind.

So in addition to that permissiveness, HIPAA only allows, only gives
permission for disclosure in four cases. It is that simple. Sue is laughing,
because of course none of the four cases are simple, but there are of course

The first is for treatment, payment and health care operations. If you
notify the patient what you are going to do with their information, it is
assumed that if they show up for treatment that they understand and are giving
permission in an implied sense to use the information about them to treat them,
to get paid for doing that, and for doing other things that allow them to stay
in business, because without those things they would lose their license and
they wouldn’t be able to provide care. That is the underlying concept of TPO.

The second area is uses and disclosures that involve the individual’s care
or directory assistance. These are more casual uses of information for the good
of the patient. But those cases require that the patient get an opportunity to
either agree or object to those uses. If they object, you can’t do it.

There are specific public policy exceptions, where the public through their
legal process usually has made a decision that this is more important than the
patient’s privacy, so you can do that. Everything else needs a specific
authorization from the individual patient.

Every one of these four things has a complex set of procedural
requirements, based on which use or disclosure we are talking about, which is
why Sue was laughing. When you apply the five very simple principles through
these four very simple mechanisms to the most complex human endeavor in
history, you end up with a complex set of rules. So let’s try and go one more
layer deep to talk about these four mechanisms, and a little bit about where it
gets more complex.

I have talked about the implied permission. The notice of privacy practices
is an attempt by HIPAA to make sure to make sure the patient knows or can know
if they bother to read it, about what is going to be done with their
information, what is implied by coming to the provider and getting care, and
what is going to be done with their information.

Making a good faith effort to get a written acknowledgement is a little
extra thing added on after the draft was first written to put a little hammer
in front of the patient to say, really pay attention because you have got to
sign something when you have gotten this. Acknowledgement is not required if
there is no interaction with the patient. So health plans, clearinghouses,
indirect treatment providers like labs and so on don’t need it.

Health care operations. Are these secondary uses? It is a question that
everybody raises. In fact, HIPAA makes no distinction about what is a primary
use and what is a secondary. You could maybe read into the language that TPO is
the primary use and everything else is secondary, but HIPAA doesn’t make any
distinction there. It takes all of the uses and puts them into these four
categories, and then gets very specific about what the restrictions are or what
the process is for using it in each of these cases.

You can read the examples for yourself. They are the kinds of things like
accreditation and certification and licensing that every institution has to
participate in, or they can’t continue to practice.

The opportunity to agree and object is simple things like telling your
spouse or your significant other about your condition so they can help with
your care, posting the fact that you are in the hospital and your condition is
stable in the hospital directory, that sort of thing.

There is also a third one, which is the disaster relief services.
Information can be released to the Red Cross for disaster relief purposes. Is
that a secondary use? I’m not sure. I would think the first two of those three
are almost subsets of the primary use.

The public policy exceptions. There is a long list of them, each of which
have specific processes you go through, usually pass a law or go through a
legal process to make these kinds of things happen. These are I presume
secondary uses, but they have been judged by some public process to be for the
public good, and we will get into more details about what each of these things

Then authorizations. Covered entities have to obtain an individual’s
authorization before using or disclosure their PHI for purposes other than TPO
and the other, a couple of minor things. Most uses and disclosures such as
therapy notes have to require authorization, even though some people think that
should be part of the TPO. It is unique and separated by HIPAA, and some
marketing and fundraising might require authorization, depending on how that

So virtually all other secondary uses that haven’t been explicitly labeled
in HIPAA require an authorization from the patient. Business associates can
only do under contract what the covered entity could do, with one exception.
That is, they can collect identifiable information from more than one
contractee or contractor under their business associate agreements, and
aggregate that information for TPO purposes. A covered entity could not do this
itself because it involves getting access to protected health information from
other covered entities without the patient’s permission. It is not used for
treatment, and it can’t be used.

The outsourcing paradigm of using business associate contracts essentially
must follow the same rules, with that one exception.

Just as an example, because I know we are going to focus deeper on this, I
wanted to point out that there are seven ways under HIPAA that you can use
protected health information for research purposes. You can deidentify it in
three different ways. You can get an authorization through three different
mechanisms, or you can get the authorization directly from the patient. Plus,
there are other things being done with this patient’s information that are
exactly the same as what you would do if you were doing research that is not
meant for generalizable knowledge distribution, and those things happen under
health care operations, public health and sometimes things required by law like
registries and reportable diseases and so on. So it is just getting more and
more complex as we go deeper and deeper.

But I have come up with a rule of thumb, and I use this rule of thumb when
I talk to people about, what does HIPAA really mean and when do we have to
worry about whether it fits one of these categories of things we are allowed to
do or not. The basic rule is, don’t surprise the patient. If you use or
disclose information in a way that the patient doesn’t expect or shouldn’t know
to expect, then they might be upset, and it violates the principles of the
patient knowing about all the things that could be done with their information.

So to make sure that this rule is followed, you have to tell the patient
about all the uses and disclosures that are part of the normal operations of
your organization. You have to give them the opportunity to object to limited
disclosures that are in common practice for the good of the patient but which
are not included in those things you have to do to stay in business. You can
follow the procedures for the public policy exceptions, and because they have
been discussed in the public in some form by lawmakers or whatever, they should
know about this, like the reporting of contagious diseases, or you get their
explicit permission, in which case they know about it. So that is my personal
simple rule of thumb that applies HIPAA to everything else.

So my conclusions from my personal perspective on going through this
process is that uses and disclosures come in many flavors, and labeling some as
primary and some as secondary I think is a bad approach, because everybody
thinks about those terms differently and it is going to lead people astray and
cause a lot of arguments that are unnecessary.

The HIPAA privacy rule is in its intent to protect individual privacy while
allowing most current practices to continue with transparency, because many of
the health care practices that have been going on in the past were not
transparent and the patient didn’t know about it. Although in writing the rule,
we judged that most of those practices are in fact beneficial to the patient
either primarily or secondarily, not to confuse the issue, but that they were
poorly understood by the patient, which is why transparency was emphasized.

At this level of detail at least, the HIPAA rule is very clear. The
complexity of the health care environment however, and the diversity of the
desired secondary uses makes it difficult to take these simple rules and apply
them. People are confused, and they use HIPAA as an excuse for all kinds of
stuff that is going on out there.

As a last point, it is important to make the point that HIPAA is a privacy
rule, but the reason that people are concerned about their privacy in this
country has a lot more to do than their concept and sense about their
confidentiality. It has to do with discrimination mostly, I think. They are
afraid they will be discriminated against if somebody at their job finds out
about their health status. They will be discriminated financially because they
won’t get a raise or they won’t get a job improvement or they won’t get a loan
or their mothers will be called. Lots of rumors about what has actually
happened out there in these areas. They are worried about their reputation
because they might be discriminated against.

There are a very, very small number of people who are worried about the
intellectual property of information about them that they would like to profit
from if somebody else is selling it. But that turned out to be a relatively
minor concern based on the feedback we have gotten.

Thank you very much. We will turn it over to Sue.

MS. MC ANDREW: I am happy that Bill went first. This is the way we planned
it. I won’t repeat, and some of the material in the slides I will not go over;
it will just be there for your reference if you need more detail about how
HIPAA works. But I would like to pose a couple of questions in terms of the
scope of the issues before this work group, talk a little bit about how HIPAA
approached the problem of secondary uses or primary uses or all uses in
disclosures, as it turned out, and what from that might be useful to your
consideration in this forum. I will probably not go through the individual
crosswalk of how HIPAA would treat some of the secondary uses, although I may
point out a few things. I would like to build on some of the things that Bill
went over in terms of which of the current areas of HIPAA may fall within this
vague concept of it as a secondary use, so you know at least where the HIPAA
marker may be as you consider these things. Then I will just make a brief
comment on pre-emption. There may be much more about what privacy looks like
from the state perspective later on today.

The first scope question that came to mind as I was putting this together
is how you are defining the what, what is a secondary use. I was a few weeks
ago at the AMIA discussion about secondary uses, and there some of the bleeding
began in terms of what the concept of secondary uses really was. Elemental I
suppose is this concept of a primary use, direct care, treatment. Some of the
comments here today would challenge whether or not even that is a definable

On one level, yes, you can think about primary care, direct treatment uses
of the information, the purposes for which it is collected, translate that into
a health plan, it becomes a different conversation. Then what is a secondary
use. If you aren’t quite sure what a primary use is, you are really going to
have a hard time on the secondary use. But even assuming you think you know
what a primary use is, then the secondary use questions are — is everything
else a secondary use? Is it really just these close to but not quite treatment
related stuff that is going on, like payment and quality assessments and
improvements and patient safety and research? Or are you going to go to the law
enforcement areas and the judicial and administrative proceedings and all of
the uses that the individual can prescribe an authorization for, which is
boundless. So if you want to take it all on, you have more energy than I do.

Somewhat out of that conversation at AMIA that I have been hearing from
other sources, maybe some things fall out of secondary use because they are
hyper important, or there is a sense that there is more required and embedded
in the practice than one would want in terms of what may appear to be a more
discretionary consumer controlled permission to go into secondary use.

The examples usually come up in the area of public health. It is not clear
to me from some of these conversations whether they are focusing on that
portion of — that they will take public health out of this conversation
because it is required by law in some cases. Is that the only time you take it
out? If you are going to take public health out because it is required by law,
are there ranges of other disclosures that are required by law, so are you
taking required by law out of the conversation about what is a secondary use.

So it seems to me that it is important for this group to spend some time in
identifying exactly what is the what.

In addition, in talking about this, the question is, why are you having
this conversation now. The balance was struck in HIPAA in terms of legislation
not all that long ago. It was only 2000 when it was first regulated, and has
only been in operation since 2003. That is not a long history as things go. So
whether we are here revisiting secondary uses because of workability problems,
need for greater clarity, if so is this a general conversation or is it just
about a few aspects of HIPAA.

I think it was encouraging both this morning as well as in other
conversations around this issue that there is a great deal of acceptance of
HIPAA as the baseline, that there is little point in going back and starting
from scratch and trying to reinvent all of this over. So energy would be best
served by starting with HIPAA and trying to focus in on what may need a little

But why would you even tweak it at this point? Is it that the NHIN may be
giving you pathways to achieve some of the things that HIPAA started out to
achieve? So where the markers went down in 2000 may be moving somewhat because
of the technology and the capabilities of the technology, and is that a reason
for going back and deciding what the rules ought to be about secondary uses.

If that is the case, then it seems to me that some of the hard questions
that we have been dealing with on different topics but for the same reasons
around the NHIN in the privacy context, is, what are those unique factors about
the NHIN and the exchange of information that causes one to want to reconsider
where the privacy balances and tradeoffs are.

I would like to spend some time talking about how we came to the original
HIPAA balances. As Bill said, HIPAA does not have primary and secondary uses.
We were charged with coming up with them all, so we did. We built our little
buckets and poured in as much as we could find.

So we didn’t come up with primary and secondary classes of information, but
we did come somewhat close to that in terms of the concept of core functions,
treatment, payment and health care operations. Even within those, treatment
being clearly the primary core function, the rule does as little as possible in
terms of regulating treatment and treatment exchanges of information.

We spend more time, we do put more conditions on payment, although we do
consider payment to be also a core function. Health care operations is even
more regulated than payment, because it is another step away from treatment. So
even within the core functions there are shadings of importance.

So from the discussions, it would be that if treatment is equivalent to a
primary use in this context, then payment and health care operations could be
seen as secondary uses. On the other hand, if you are looking at core
functions, I think all TPO from the privacy rule would be the first primary
uses of the information.

The public policy uses and disclosures are the true secondary uses. Some of
them, because we dealt with a whole range of them, may actually even be beyond
what for this group are secondary uses, if you are going beyond the quality of
care, public health, research, internal operations as the entity dynamic.

But when we were trying to figure out how to regulate for privacy that
allowed for these uses and disclosures, we were in the business of trying to
balance and maximize actually individual control of the information, versus the
feasibility and the need for the information within the entities and the people
that were reliant on the information, as well as the feasibility of
administering any kind of regulatory regime to guarantee individual control.

So we tried to be value neutral with regards to the disclosure. If we
required an authorization, it wasn’t because we thought that was a bad use. You
weren’t being punished because your use required an authorization. It was
simply that the case was not made that your use was so important and so
compelling, and the ability of getting individual authorization for that use
was so impracticable, that we had to give you a regulatory permission to use
that information about the individual having a say in it.

So that was the balance. Whenever it was feasible to do so, whenever there
was a sufficient opportunity to obtain individuals’ information, whenever there
wasn’t a compelling need to do otherwise, we would put that in the
authorization. So the public policy balances were lining up with the research
uses and disclosures, the health care oversight uses, all the places where the
entity was — where there was some public purpose for the information, and it
would just be impracticable to get the individual’s consent. In lieu of that,
we relied on the notice of privacy practices to generally inform the individual
about what was going to happen.

So to recap briefly, in TPO there is no consent, no authorization required.
The one exception would be marketing, which may require authorization in some
cases. Treatment would line up generally with primary uses and would not
generally be the subject on the table today. The secondary uses even within our
core would be payment and some of the health care operations, analysis, patient
safety measures, quality improvement activities, provider certification,
accreditation, and then marketing and other business or commercial uses of the

I don’t think we need — this just tells you what the rule includes under
payment, and health care operations. I think the only thing to point out in
health care operations is that there is a limit in terms of the ability of two
covered entities to share information for the health care operations of the
other. That is, we do ask that they both have a relationship with the

Where that does not occur, but there is still some need for the exchange of
information for the health care operations of the other, this is one of the
areas where we provide for the use of a limited data set, where information can
go to another covered entity with the direct identifiers removed, but more rich
patient data.

DR. COHN: Sue, I apologize. Maybe you will explain it
further. I find myself getting a little confused by the last — is there
further discussion on that second bullet? Are we talking about a patient or are
we talking about an institution or a provider? What are we talking about?

MS. MC ANDREW: What HIPAA permits is for hospital A to disclose information
about its patients with hospital B, provided that the patients about whom they
are sharing information have a relationship with both hospitals. So clearly, if
I am following up with the patient that has transferred to another hospital, or
that may come up in the occasion of being transferred to a long term care
facility or some other, there is this common relationship. It is not a general
ability to give your identifiable patient data over to some other covered
entity simply for that entity’s health care operations.

So that clearly can happen for treatment purposes. So this is purely where
this is just for the operations of the other. This comes up a lot in terms of
sharing quality care information.

The part of health care operations that lined up with some of the areas
most often talked about as secondary uses is the quality or the patient safety
activities that is in the first paragraph of the definition of health care
operations, the accrediting and certification of providers that is in paragraph
B. Some disclosures that were talked about in terms of quality, particularly
when it is reporting to a governmental oversight agency or to the states, that
is covered not so much by health care operations as it is a permissible
disclosure for health oversight purposes when it is going to a government
oversight entity.

MR. REYNOLDS: Sue, could I ask you a question on that? Again for
clarification, in the first bullet, is that secondary use within the covered
entity amongst covered entities and business associates or anybody?

MS. MC ANDREW: It runs the gamut. This is just within the definition of
what is a health care operation. So it is a health care operation to use
information for quality or patient safety activities. It would be a use if it
is done within the facility. If it is being disclosed for a health care
operation purpose, then it can go for quality and patient safety. You can hire
business associates to do your quality assessments. You can share, subject to
the limits we have talked about, with another entity for quality purpose. You
may be sharing with a state hospital association information. As Bill
mentioned, it may be a business associate relationship that is doing some
aggregation across hospitals to come up with quality benchmarks and things like

I presume from the point of view of the topic that you will be doing,
whether it is done within the entity or being shared with a public authority or
within or amongst a private consortium, that it would still all be a secondary
use of information.

In addition, there has been some focus on commercial or commercial-like
uses. This comes up again within the definition of health care operations in
our business planning as well as business and administrative activities of the
entity. This is where what would be — it is a little unclear what was meant by
a true commercial use of the information, but to the extent it is used
commercially within the entity to run its business, that would be a permissible
health care operation.

DR. CARR: Sue, another question. I think we are finding it helpful when you
are giving us examples. I think what will help keep some of us grounded is, as
you get to each of your points, if you would say, here is an example of
something that is permitted, here is an example of something that is not
covered or not permitted. I think that will help us keep us — thanks.

MS. MC ANDREW: Marketing was an area where we come close in HIPAA to a
concept of commercial use. This is where the communication is about trying to
tell a product or service to the individual. It also includes those
arrangements where a covered entity is disclosing personal health information
to a third entity so that that entity can market to the client, to the patients
of the covered entity or the beneficiaries, if it is a health plan.

The marketing definition does try to draw a line between what we would view
as a commercial use, the selling of information or the giving of information
for the pure commercial use of another, and communications that the entity
would be having with the individual about its own products or services, or
about alternative treatments or other treatment-like communications. This was a
hard line to draw, but we didn’t want a hospital not to be able to tell a
patient about care that it was able to deliver. We didn’t want a health plan
not to be able to describe its products and what docs are in the plan to the
beneficiaries. They had to be able to talk about the health services that they
were providing.

So that was all carved out of the definition of marketing. At the same
time, we didn’t want providers selling patient lists to pharmaceutical
companies or others, so that those drugs or those products could be marketed
directly to the individual. So this is the line we were trying to draw between
what we viewed as marketing or commercial use and what would be okay within an
entity and individual communication.

I think this has greatly simplified the earlier definition of marketing.
I’m not sure that — there is a commercial element about this that has troubled
many people. It is not clear to what extent any of that commercial use of
information even for the entity’s own commerce would be looked at in this
context as a secondary use. But if it is marketing, it does require an
individual to sign a valid authorization before the entity can use it, and the
authorization must disclose that the entity is being paid for that use of the
individual’s information.

That was the best lineup we could do with what has been talked about on
secondary uses in the commercial context.

As to public uses, I won’t try to go through our entire list of permissible
disclosures. The primary public purposes that come up in this conversation
include research and public health. Julie will talk about research, and Bill
has gone through the pathways in HIPAA that allow the information to flow for
research, so I will not dwell on that unless there are any particular
questions. But it can be done with patient permission, if there is an informed
consent for the research purpose. It can be done with a waiver through an IRB
or a privacy board. Then there are a couple of exceptions, limited exceptions,
for when you don’t have to have either a waiver from the privacy board or the
IRB or a patient’s permission.

With public health, I think there are only a couple of things to point to.
One is, as I said, there is some discussion in the public health realm that
either ought not to be in the same discussions with other secondary uses
because it is so important, or maybe that is only because so much of it is
compelled by law and therefore falls outside of what we would consider to be
subject to patient control or agreement.

But I think before it is excluded from the conversation, one needs to —
one thing about primary use, you think you know what public health is, but you
don’t want to quote too deeply, because it turns out to be one of those
concepts that can include just about anything. It is hard to cabin what is
truly public health and what is not.

We have tried to do so by pointing to types of situations in which
information can be shared. Our public health disclosures are limited to those
that are to public health agencies. It can be to the FDA, it can be about child
abuse, which is kind of an anomaly of the legislation. It can be two
individuals when they are at risk of exposure to a communicable disease, and it
can be in an employer work force surveillance type of environment.

DR. DEERING: I’m sorry to interrupt, but could you give me an example of
what you mean by being given to an employer for work force surveillance?

MS. MC ANDREW: This is, the employer is responsible for reporting to OSHA
or — I’m forgetting the initials of the other guy. There are some governmental
required reporting regimes. These are often done through occupational health
services provided at the employer. There are other conditions on this,
including a special notice to the individual about what happens with this
information if it is using one of these occupational health advisors.

MR. REYNOLDS: Sue, I notice you have got about five or six slides left. I
want to be sure we give Julie enough time. I know there are going to be a lot
of questions.

MS. MC ANDREW: Yes. This is a list of some other non-direct care
disclosures that are usually part of this conversation, but you may want to
consider them. I also included a list of other disclosures that seemed to be
outside of peoples’ general conception of what a secondary use is, unless you
are doing the HIPAA thing and you are including everything else.

Just a word about pre-emption, in terms of looking at what law you need to
look at. That is of course a reminder that HIPAA only pre-empts state law that
is not as stringent as HIPAA. So where there is a more stringent state law, a
more protective state law, that would need to be considered. Most of these are
in particular specialized treatment areas. We do permit as required by law,
where there is a state law that may require a particular disclosure, and we
often get involved with state law in other determinations like parental rights.

Just a quick note. This is a short list of other federal law that may come
into the privacy conversation, and through which HIPAA has room to live side by
side with.

And our usual logo.

MR. REYNOLDS: Thank you. Julie?

MS. KANESHIRO: Thank you. I am going to switch gears a little bit here and
talk about a different federal regulation that can pertain to the secondary use
of data as well, and that is the Department of Health and Human Services
regulations for the protection of human subjects.

I have been asked to give you a pretty broad overview of the regulations,
but focusing specifically on how they pertain to the secondary use of data.

These are the six topics that I wanted to cover with you in our brief time
this afternoon. First, to give you a sense of what the U.S. federal regulations
are that pertain in this area as they relate specifically to research, what the
scope is of the common rule, and I’ll tell you more about what the common rule
is, for those of you who don’t know, how the Department of Health and Human
Services regulations, which are codified for our Department at 45 CFR Part 46,
relate to the common rule. Also how an institution or an investigator goes
about determining how or if the common rule applies to their particular
activity. Then to focus specifically on some of the informed consent provisions
under the regulation, and then a waiver of informed consent is permissible,
since I know that has been a topic of interest to some of you.

These are the three key federal regulations that can pertain to the
research use of information. The HIPAA privacy rule you have already heard a
lot about from Bill and Sue. There is also the FDA regulations that we are not
going to talk directly about today, but they also can be pertinent to the
discussion, and then the common rule, which is the set of regulations that I am
going to focus in on in my minutes with you.

So in terms of the applicability of the common rule, the common rule
applies to what is called human subjects research that is either conducted or
supported by a federal department or agency that has adopted the regulations.
So this would be research that is either funded or supported by CDC, by NIH, by
AHRQ, just to give you some examples, or even human subjects research that is
conducted by those agencies.

Another way in which our regulations can apply is if an institution
voluntarily elects to apply these regulations to any human subjects research
conducted at their institution, regardless of the source of support. So even a
human subjects research study might be purely privately funded can have these
regulations apply if they voluntarily elect to do so via what is called their
assurance of compliance that they develop and submit to our office for

What if the regulations are determined to apply? There are essentially
three core protections that the regulations provide. They require what is
called an institutional assurance of compliance. This is the assurance that I
have already referenced. Another core requirement is reviewed by an
institutional review board, which is a body that is convened to look at the
ethics of a study and determine whether it is approvable given certain criteria
under our regulations. Then the third prong of protections is the requirement
for informed consent, unless the requirements that permit a waiver of informed
consent have been met.

This is what the common rule landscape looks like. There are 19 federal
departments and agencies that have adopted the common rule. You will see here
that I have highlighted our Department of Health and Human Services. The office
that I work within, the Office for Human Research Protections, is the office
that implements and enforces the HHS’ codification of the common rule, but
there are 18 other departments and agencies that have also adopted this

In addition though, I wanted to note that our Department has adopted three
other subparts, as we refer to them, that pertain specifically to vulnerable
populations, so-called vulnerable populations. This is in addition to the core
protections that I have mentioned of the federal-wide assurance, IRB review and
informed consent. These requirements pertain to research involving pregnant
women, fetuses and neonates as well as to prisoners and children. They require
that the research meet additional conditions or fall into certain categories in
order to be approvable by the institutional review board.

How do these regulations apply? There are three threshold questions to
consider in determining whether the HHS human subject protection regulations
apply. The first is, does the activity involve research. Secondly, does the
research activity involve human subjects. If you have answered affirmatively to
the first two questions, that yes, you do have an activity that involves
research and human subjects, the final question to ask is whether the human
subjects research activity nevertheless is exempt under the regulations. What
exemption means is that even though it is a human subjects research activity,
if the research meets one of six exemptions under our regulations, the
requirements of our regulations essentially are not applicable.

What is research? This is one of those terms in our regulations that is so
fundamental and yet causes a lot of discussion and debate. Research under our
regulations is defined the same way as it is under the privacy regulations,
defined as a systematic investigation included in research, development,
testing and evaluation that is designed to develop or contribute to
generalizable knowledge.

Now, there is a lot of interpretation that is required in these words of
the definition. Our office is in the process of developing a draft guidance
document on this very definition, and we are hoping that it will go out for
public comment sometime in the next year.

One thing I did want to note about the definition, because I know this is
an issue that your committee may decide to grapple with, is this overlapping of
activities that might be called non-research. They might be called quality
improvement, they might be called registry type of activities, they might be
called public health. But the way that our office interprets our definition is
that the consideration of whether an activity meets the definition of research
should not be looked at by the label on the activity. You have to look at how
the activity is designed. It is our office’s view that even some activities
that might be called quality improvement or quality assurance might actually be
designed in such a way that they would also meet our regulatory definition of

These activities with a dual purpose perhaps, or maybe even a primary and
secondary purpose of research being one, but also maybe quality improvement or
public health being another, if it is designed in such a way that it is a
systematic investigation designed to develop or contribute to generalizable
knowledge, then we would say that meets our regulatory definition of research.

So the second threshold question that I mentioned is whether the activity
involves human subjects. Under our regulations there are two ways in which
someone becomes a human subject. The first is through some kind of
investigative interaction, intervention with a living individual for a research
purpose. This might be the administration of a survey or the administration of
an investigational therapeutic as part of a clinical trial.

The second I think is probably the most pertinent to your committee’s work.
That is the obtaining by the investigator of individually identifiable private

What does individually identifiable mean under our regulations? The
definition of human subject goes on to elaborate on this point, and says that
the identity of the individual subject either is or may be readily ascertained
by the investigator or associated with the information.

Note that this is a different standard of identifiability that exists under
the privacy rule. This is a readily identifiable kind of standard to the

I wanted to say a few words more about this. We believe our definition
relates to the use of coded information or specimens. Oftentimes researchers
will need access to coded information, but not necessarily individually
identifiable information as defined under our regulation.

Our office’s view is that in general, coded information should be
considered to be individually identifiable information under our regulatory
definition. However, there are exceptions, and they are important to note.

The first thing to keep in mind is that you can have a research use of
coded information and have it not be considered human subjects research, if the
private information or specimens were not collected for the specific research
purpose, meaning they were either collected for a clinical purpose or public
health purpose or even another research study, but not this specific one that I
am now contemplating. Also, that the investigator is not able to readily
ascertain the identity of the individual to whom the information pertains.

One way in which some institutions have gone about putting this
interpretation of our offices into practice is to say that if there is a
written agreement between the provider of the coded information and the
recipient investigator, in which the recipient investigator agrees never to
have access to the key to the code that would enable him or her to re-identify
individuals to whom information pertains. We would say that the information is
not individually identifiable to the recipient investigator and therefore,
provided there hadn’t been the interaction or intervention to get the
information from the study in the first place, that this is a research activity
that would not meet our definition of human subjects, and would fall outside
our regulatory purview.

Our office issued a guidance document that discusses this issue in much
greater detail in 2004, and you can find this on our website, because the
issues are rather nuanced.

Just a few words about how the creation or use of a research repository or
database can constitute human subjects research under our regulatory
definition. It can be done either by creating a research database through
intervention or interaction with individuals. This would be purposely for a
research purpose going out and collecting data about individuals to populate a
research database.

Secondly, another way in which you might be conducting human subjects
research is creating a research database pulling from other sources of
individually identifiable information, information that is already
pre-existing, but now you are gathering it all in one place to facilitate
research uses of that information. That might constitute a secondary use of the
data that you are contemplating.

Then thirdly, the obtaining of individually identifiable private
information from one of these research repositories or databases, is a third
way in which an investigator might be conducting human subjects research.

As I mentioned, there are three questions to consider. The third one here
is only asked if you have determined that you do have in fact a human subjects
research study. This is a question of exemption.

I just wanted to mention one of our exemptions in our regulations, because
I think it is the one most on point for your consideration. That is exemption
four. What exemption four says is that the research would not fall under our
regulations requirements if the research involves the collection or study of
existing data, documents, records, pathological specimens or diagnostic
specimens if either one of two conditions are met, either that that existing
information is publicly available or that it is recorded by the investigators
in such a manner that the individuals to whom the information pertains cannot
be identified either directly or indirectly by the investigator.

What is meant by existing? Existing means that the information ought to be
created or existing at the time the research study is proposed for a
determination of exemption. Meaning that all the information should have been
collected respectively before an investigator is proposing a study to the
institutional official that proposes to use that data.

The idea here behind the intent of this segment of the provision is that it
is trying to prevent investigators from being able to manipulate the collection
of information prospectively that they know they are going to use secondarily.
The idea is that the requirement that the data be existing would prohibit that
kind of manipulation of the system. That is the rationale behind that

By publicly available, remember, this is one of the conditions under which
this exemption can be used. OHRP generally interprets this to mean available
without restriction, but we do think that that could include a fee.

I am skipping quickly because I want to leave time for discussion.

In terms of what is meant by the recording of the information in such a way
that the investigator can’t identify either directly or indirectly the identity
of the subject, keep in mind that this actually precludes an investigator from
recording the information in a coded fashion and having to still meet the
exemption for requirements.

Finally, I wanted to focus now on one of these core protections, the
informed consent piece of the protections of the regulations. Under our
regulations, informed consent is generally required if the research study
involves human subjects, unless the waiver of informed consent provisions that
exist under our regulations have been met.

If informed consent is indeed required, these are the basic elements of
informed consent that need to be included. The purpose, duration, procedures of
the research activity, the risks, benefits, alternatives, confidentiality
provisions, the compensation for injury, whom to contact and the right to
refuse or withdraw without penalty or loss of benefits to the individual.

In addition, there are some other required elements if the IRB investigator
determines that they are pertinent to a research study.

One thing to point out about our informed consent requirement is that there
can be under our regulations informed consent for the establishment of a
research resource such as a repository or database, even where it is not known
prospectively what the specific studies will be that will access this research
resource in the future. But there certainly can be this broad general informed
consent under our regulations for this kind of a research activity.

One thing to keep in mind though is that the less specific the informed
consent document is, the less likely it is that that informed consent document
is going to remain valid for the future research studies that become specified
down the road that now want to use this research resource to conduct specific

So it is somewhat of a double edged sword. You want to have an informed
consent document for the creation of these research resources, but oftentimes
it is not knowable what specific studies will be conducted utilizing this data.

Keep in mind though that informed consent can be waived under our
regulations as well. I have only put out this one provision for the waiver of
informed consent that I think is most relevant to this type of research that is
the subject of your considerations. That is the provision under 45 CFR 46.116D.

This is the provision for the waiver of informed consent that is the most
similar to the waiver of authorization provision under the privacy rule. That
was intentional. The Department, in considering what the waiver provision
should be or authorization, looked closely at the common rule’s provision and
tried to model the waiver provision on the common rule. The research can’t be
any greater than minimal risk, waiver alteration won’t adversely affect the
rights and welfare of the subjects, the research could not practicably be
conducted without the waiver of informed consent and finally, when appropriate,
subjects will be informed or debriefed after their participation.

One thing I wanted to mention about the FDA’s regulations, even though I
have not focused at all on them, is to mention that the FDA’s requirements
don’t include a comparable waiver of informed consent provision. So if you have
a research study that is regulated by the FDA’s set of human subject
regulations, this waiver provision is not an option.

With that, I will just end. I have left you with some resources on where to
get additional information and the specific website for some of the guidance
documents that I thought might be most relevant to your group.

MR. REYNOLDS: Thanks to all of you. I am going to start the questioning. If
we could all stay focused on not redoing privacy, trying to ask questions that
relate to our task at hand as we go forward. Simon, you start first.

DR. COHN: I would jump in here and say, first of all, I want to thank the
three of you. It has been a very expansive review of privacy. I kept looking at
Mark Rothstein; I know he lives and breathes all of this. Bill Braithwaite and
I were together during the period of time where this HIPAA reg came to be. It
has been awhile since we have gone through this, so I think it is helpful.

I do think that probably our time is best spent talking — this is an area
where we probably do want to drill more into the quality aspects of all of
this, as opposed to completely reconsidering the entire privacy rule.

I have two questions. One of them has to do with the issues around quality
improvement and the relationship between research and operations. Some people
told us that this is a little unclear. For me it is a little unclear. If there
is to be as much about what department you are in and what your title is, or —
I don’t know, and I am asking the question, or is it that you at the get-go
indicating that you are going to be publishing an article. Is this where the
definition is here? Would there be some value if we could somehow sharpen this
up or make the definition a little more precise. I’ll ask the three of you, and
then one followup question.

MS. KANESHIRO: I’ll take the first crack. You are absolutely right, this is
a definition that we are grappling with currently in my office. We are trying
to provide some clarity around the definition through this draft guidance
document that we are developing.

But the reason why we want to put it out for public comment before we
finalize it is to get input from those who are currently operationalizing the
definition, and getting some feedback from the research community and the
quality improvement/quality assurance communities and others, to see whether we
are drawing the lines properly.

I can say that our office doesn’t think that an intent to publish is a
reliable indicator of whether or not an activity meets our regulatory
definition. First of all, it is hard to know prospectively sometimes in the
absence of knowing what you will find, whether it is publishable. Also, many
research activities are not published for proprietary reasons or others, and so
we just find that to be a faulty indicator.

What we are trying to do in our guidance document is to focus on all the
key terms in the regulatory definition, what constitutes a systematic
investigation, what does it mean to be designed to develop or contribute to
generalizable knowledge, what is generalizable, what does that mean. Does it
mean generalizable just within an institution? Does it mean generalizable to
all of mankind? Or somewhere in the middle?

Also, the final piece that we are grappling with is what kind of knowledge
it is that we think meets the regulatory definition, because arguably, any
information could be considered knowledge, but is any kind of new information
the kind of information that our regulatory definition ought to capture.

So it is a good question. We are hoping to put out something that would
stimulate public discussion about this, and hopefully inform our own
interpreted efforts.

MS. MC ANDREW: I would only add that from the HIPAA perspective, we were
aware when we were doing the regs about this slippery slope or area of overlap
and clarity between what was a study or a quality endeavor which we would
consider a health care operation, and what was a research project that would
need to go through a much more stringent either IRB review and waiver or with
individual consent for the use of that information.

We decided to take the path of least resistance at the time, which was to
not make the HIPAA rule the driver of what became research. So by and large, we
would consider most of these endeavors, quality studies, to be within the more
generous realm of health care operations.

In the preamble we had a discussion of this in the course of developing the
study. The light bulb went on and said, I’ve got something that is really
generalizable here, or it has somehow segued into a research endeavor that you
could at that point go and get your research authority, but you didn’t have to
go back and try to get them retroactively for the activities you had
legitimately started as a health care operation. We figured that that way, we
wouldn’t be forcing things down the research path if the institute didn’t
itself identify it as research, but it wouldn’t preclude anyone from taking
that more rigorous research path, if that is what they wanted.

So that is how HIPAA has dealt with it. We have been participating in some
of the discussions with the research community in terms of where this
definition needs to go.

DR. ROTHSTEIN: Keeping in mind your expectation to focus on secondary uses,
I want to violate that very briefly, not so much for the record but for our own
plan of going forward with this work group.

We heard this morning and again this afternoon statements to the effect
that, why should we be considering other models or other approaches when HIPAA
is sort of dandy. I don’t think that is the view of the committee or the work
group. It is certainly not my view. There are five years worth of letters from
the NCVHS to the Secretary to that effect, in which we pointed out dozens of
areas in our judgment where the privacy rule needed to be either rewritten or
reinterpreted or enforced differently or what have you. That is especially the
case with the NHIN.

So last month in our letter to the Secretary, we pointed out all the areas
in which changing the scope and the scale and the mechanism of the NHIN would
put unsustainable pressure on the privacy rule, mostly because of the limited
definition of covered entities in the statute, something for which the
Department has no fault in. It is not a question of finger pointing, it is a
question of, this is the reality, and the statute simply doesn’t cover many of
the new entities that are being created for health information exchange, as
well as entities that are going to be receiving information. That is why we
have in 2006 as well as 2007 in our June letters pointed that out.

I don’t want to go through the array of this, but I just want to make sure
that the work group members and others realize that we are in effect on record
as suggesting that the current regime is just not adequate.

Another example would be, in our 2006 letter in June, we suggested that
individuals should have the opportunity to exercise a choice as to whether they
wanted their records available and disclosed by the NHIN. That is inconsistent
with the privacy rule’s position, where there is merely a notice of proposed
privacy practices and acknowledgement where there is a direct treatment

So I just want to get my views out there so that people understand this. It
is not a criticism of people or rules that anybody has drafted so much as a
statement to bring the history of the statute, where it came from and what it
was intended to do, and my view of the need for thinking about new approaches.

MR. REYNOLDS: I had put my name on the list. I had a quick question. We
have de-identified, we have PHI, but we hear continually anonymized, pseudo
anonymized, fully de-identified this morning. Do you still stand behind —
playing off Mark’s comment, do you stand behind that it is either de-identified
or it is PHI?

MS. MC ANDREW: Bill may have an additional perspective, but that is where
the rule is. I will say if the information is de-identified through a
statistical method or through what we call the safe harbor, stripping of
potentially identifiable information, the rule would not protect it.

This is an area that really is the subject of much debate, not all of which
I have fully kept up with, mostly because I tend to glaze at certain of these
statistical discussions. But I think there is a sliding scale, and everyone
uses a slightly different nomenclature to get at this same idea. But I do think
there was testimony this morning, and it certainly has been part of these
secondary uses debates. Whether you use the HIPAA de-identified standard or
some other standard in the community of de-identification or anonymization,
there needs to be a way of measuring at what point you have a reasonable
confidence that the information can be given out publicly without fear of the
individual who is harmed by it. I think all of the quality uses and much of the
research uses do rely on the ability to disseminate statistical analysis and
other kinds of data aggregation and analyses in the public forum.

I think there is a great fear that an overly strict standard for
anonymization or de-identification is going to make it either economically
impossible to produce this kind of data or analysis and share it, or it will
never be met. So there needs to be some agreed upon tolerance that allows this
information to be flowed in the public domain for these good purposes.

The HIPAA stab at that was considered at the time to be the most specific
articulation of what it took to anonymize the data. I have no doubt that the
science has moved on.

DR. BRAITHWAITE: I could just add, because I am the person who did the
research and the writing for that section of the rule, that it was a compromise
in several directions.

First of all, I invented the term de-identified to distinguish it from
anonymized, with the assumption that anonymized meant that nobody could figure
out who this was. De-identified was uniquely labeled because we knew that it
wasn’t anonymous. De-identified is taking enough of the identifiers out to make
it generally usable with the probability of someone being identified to be

When I tried to quantify how small is small and what are the statistics to
go with that, I found a bunch of different answers. From this building I got
the answer that every individual should not be distinguishable from a
population of 100,000 people. But when you try and say is size of zip code, how
many people are there in a zip code or how many people are there in a
three-digit zip code, it turned out that there were even zip codes that had
populations of less than 20,000, just using the three-digit zip code.

Well, could we go to a two-digit zip code? Nobody knows what that means and
nobody uses it. And a lot of decisions like that, some political, some science
based and some just pulled out of the air as being the best we could do at this
point in time, with the understanding that the technology for identifying
people, given just traces of information about them, especially when we get to
DNA, is going to overwhelm this totally, but the technology for getting closer
to anonymous data that is actually useful for analysis are going to increase,
such as those databases that can take queries that modify the ability of the
database to answer a query based on previous queries so that you can’t over
time figure out who the people are. Those kinds of technologies are coming and
will come.

So I expect that these rules will have to change to accommodate as those
things bubble up.

DR. TANG: One quick clarification from Sue. You said if it starts out as a
QI and then turns into research, I didn’t get the punchline, unfortunately.

MS. MC ANDREW: It’s okay.

DR. TANG: You would then go back and apply for a limited data set use or

MS. MC ANDREW: It depends. By and large, at the point that you conceive of
what you are doing as research, going forward with the use or disclosure of
that information, you would then have to comply with the research permission.
But we didn’t require that you go back and undo what you did under health care
operations and apply research retroactively.

DR. TANG: So here is where it fits in with the quality. I don’t know that
you have the answer, and I think you all said you don’t have the answer to this
research definition thing. I have seen it both ways. One is the health care
operation will strip the research limited data sets, et cetera, by calling it
QI. Then I have also seen third party non-covered entities try to call what
they do generalizable research, meaning they can sell it to any customer in the
world and call it research. Therefore, they can take your limited data set and
go off and resell it.

What you said is, we don’t have the answer for that, because that is the
secondary use for resale, and that is one of our real troubling areas. That is
probably a common way that third parties try to give out — and they probably
convince a number of organizations to do that because they have bought into
that argument and they cite the section, et cetera.

So possibly your silence is saying that there is no current law, whether it
is HIPAA or the common rule, that would preclude that, or even offer the
covered entity a defense, to say no, we actually can’t do that.

MS. MC ANDREW: Julie may have a take on this from the research side. I
think there is another aspect of this that goes to in part the covered entity
limitations in HIPAA that Mark had referenced. That is, in HIPAA the
protections don’t follow the data. The protections go to the entity that is the
keeper of the data and that entity has to be covered for those rules to apply.

So to the extent the rules would permit the disclosure of the information
for research, and it goes to a third party that is not covered by HIPAA, then
the covered entity hasn’t done anything wrong if they have abided by the
research permissions in the rule to give out the data. Then HIPAA stops.

So what the recipient of that data if it is not a covered entity can do is,
from HIPAA’s point of view, somebody else’s problem. I don’t know from the
researcher’s point of view if there is any other obligation externally imposed
or internally imposed that would prevent somebody coming in for commercial.

MS. KANESHIRO: From our regulatory requirements, we would not just look at
the label but the activity. So even if it cast as a quality improvement or
quality assurance activity, it might still well meet our regulatory definition,
but the devil is in the details there. We have to talk about specific
activities in order to give you a definitive answer as to whether it really
meets the research definition under the regulation.

Of course, remember, our regulations also talk about human subjects, so it
also has to be research involving human subjects, and the research has to be

DR. TANG: Obviously it is going to have identifiable information, so it
automatically gets approval in human subjects review.

MS. KANESHIRO: There was another point I was going to make, and I just lost
it. Oh, the other point I was going to make was in terms of regulatory scope.
In that respect, the considerations are similar to the ones that Sue mentioned,
in that our regulations only pertain if it is HHS conducted or supported or if
an institution has voluntarily elected to apply the regulations to all the
human subjects research conducted at their institutions. So I imagine that some
of the activities that you are talking about are not HHS supported and are
likely being conducted at institutions either who never get HHS support or even
if they do for certain studies, they are not extending their assurance.

DR. SCANLON: Paul’s question confused me more, but I’ll go back to my
question, which was triggered by one of Bill’s slides which made the
distinction between guidelines and research, and talking about research being

Concerning me was the idea, are good guidelines generalizable. If I know
this drug works better than the other drugs and I know the physiology is the
same among people with a certain condition, wouldn’t they always want to use
this drug.

That leaves me in a situation of, can I argue that all things that involve
interventions, drugs, procedures, imaging, et cetera, are those things all part
of operations, even though once I learn them that is generalizable. But then
Sue complicated it by saying that after we find out that something is
generalizable, then maybe it becomes research at that point.

So I’m not sure where to draw a line here when it comes to things that
involve health care, and health care is all these different interventions, and
are they all under operations of some sort or another, or is that not a useful
case to make.

DR. BRAITHWAITE: It is another restatement though of the same problem. Let
me take a stab at it from the HIPAA intent perspective. We couldn’t define what
was research and what wasn’t, and we awaited the thing that Julie’s department
is working on for a definitive answer to that.

So we took a very philosophical perspective, which was, if you are doing
this, and it is research, for purposes of improving the quality or the
efficiency of your own institution, then it is health care operations. The
minute you decide to use that to improve the quality of efficiency of somebody
else’s institution.

DR. TANG: Now organizations that want to combine data from different
groups, they call that TPO. Is your definition codified clearly in HIPAA?

DR. BRAITHWAITE: No. I think that was the original intent on how to divide
this baby, because there is virtually no way to write language on the reality
of it, and so we have three years and four years of study. I think the
exception you brought up very clearly was that multiple covered entities can
hire a third party, who can aggregate the information from all of those parties
and then feed back to them information for their own improvement.

But it is done under operations. It is done under a business associate
contract, which says that that third party except for the aggregation part,
can’t do anything with that information that the original covered entity
couldn’t do.

DR. TANG: Except for what Sue mentioned, which is, once it is out of the
hands of a covered entity, they have their interpretation of what they can and
can’t do with what has been derived from the information they got as a B.A.,
and it goes on and on and on.

DR. BRAITHWAITE: And I might point out that there are several bills on the
Hill right now that add classes of covered entities to HIPAA. The rules that
currently exist for the different classes of covered entities under HIPAA don’t
apply to these folks. So a whole set of new rules would have to be/ written. If
you have health information exchanges as a new kind of covered entity, there is
going to have to be a totally new set of rules written for them, because
nothing that is currently there makes any sense except in the general
philosophical perspective. But maybe Sue is already working on it.

MR. REYNOLDS: Simon, you have got the last question.

DR. COHN: I think it is probably good that I am asking this question after
Paul. I think a number of the issues you are bringing up, some of which I
understand, some of which I don’t understand, to be quite honest. I’m glad that
Margaret is here to capture them all, so we can look through them and identify

I will first of all say that this is probably not the last privacy
conversation we are going to have, but maybe going to a simpler question, which
was going to be my follow-on before I suddenly realized how difficult it was
based on Paul’s comment.

When you talk about quality, and when we talk about this issue of moving to
this future which Paul was describing and I think we are all contemplating, in
the world of quality measurement, quality reporting, maybe quality improvement,
in the world of more data, the NHIN, much beyond what I think was initially
envisioned by HIPAA.

The question is, and Sue, maybe this is a question I have for you, is are
there areas that — Paul can argue about whether things are being handled right
or wrong, but are there areas of ambiguity based on our current regulation or
guidance that has been supplied around the regulation about how some of this
data is handled? Or is it that we really have the answers, we may just not like
them all?

MS. MC ANDREW: It is D, all of the above. I do think there are a number of
questions that exist around the edges of some of this information sharing even
today, in terms of the involvement of — how can groups of covered entities
come together in some sort of consortium to share information for their mutual
benefit. The rule is a little cumbersome in that kind of environment. Even
where you wind up with these endeavors that are going forward on a
public-private partnership role, I think when the rule was written, we made
ample provision for government oversight, the government role in public health,
role for private parties to the extent that they were agents or under contract
with these public authorities to do these activities, but less comfortable with
private parties acting in these areas without that kind of directed agency or
contract with a public authority.

So the extent there are more private actors today in the quality arena or
in an information management arena in the RIO setting, I think you do come up
with situations where it is cumbersome to make the rule work. I am not prepared
to say it can’t work, but clearly it is not the most efficient mechanism, not
the most elegant mechanism in some of these broader collaborative kinds of
endeavors, particularly those that are dominated by private parties.

So hence, our heavy involvement with ONC and AHIC in terms of working
through these issues. In that arena we are partnering more and more with AHRQ
and CMS in terms of some of the quality issues. Whether there is a solution
under the current rule or it is going to take a change, I would say the jury is
still out.

There is clearly also the other edge of this, again coming back to what to
do with the entities that are just totally outside of any conceptualization of
a business associate relationship or a covered entity status. How do you
enforce against them, how do you control what they are doing, what is the hook
which you can get to their activities if you wanted to control them, that is
going to be much more problematic.

MR. REYNOLDS: Paul has a followup comment.

DR. TANG: Thank you, Mr. Chair. This actually is a very — because we have
three of them in the room. We and others have proposed that the protections
follow the data. Would your life be easier if that were true?

I think that is the right question to ask this group, because we are
saying, what do you have for us?

MR. REYNOLDS: You have asked, so they can answer.

MS. MC ANDREW: Yes and no. In a way it would take away the relatively
artificial barrier in terms of where the protections are. I think the downside
of it however is dealing with identifying the legitimate uses of the
information held by what would now be anybody at large, and what would be their
rules, because their need for the information, or the intended use, or even if
it was given over to them with the authorization of the individual, what does
all that mean in terms of what they then can do, what are their obligations
with respect to that data, and how do we conceptualize the purposes for which
the permission was given to them, or the data was given to them.

HIPAA struggled as it is in trying to identify health care operations and
permissible uses, conceivable uses, within one context as broad and complex as
it is, the health care industry. Now, are we writing a privacy rule for police,
are we writing a privacy rule for courts, are we writing a privacy rule for
newspapers, are we writing a privacy rule for banks and drugstores and
neighbors. Everybody who has this information, to whom can this information
legitimately be given? What do we want those people to do with it and not do
with it? So that is the downside.

MS. KANESHIRO: It is something that certainly Congress has grappled with in
the past in regard to our regulations, because of the limited purview. There
are gaps in coverage currently. Research can be conducted in a completely
unregulated environment currently. We don’t know the scope of the problem, but
we know it occurs. But it has been difficult to get bills like that passed
through Congress. It depends what the metric is.

Certainly we couldn’t do it with our current office. It would have to be
certainly an expanded office. I think there would be difficulties in trying to
figure out what the hook would be in terms of the scope of any such new law
that would authorize overarching regulation. I think it is doable. It is always
a balancing in terms of the benefits of this kind of activity.

Many other bodies have recommended that there be such a national law. The
Institute of Medicine has said it many times. The President’s National
Bioethics Advisory Commission said it. I know there have been many others, but
it has just been difficult to make happen for a variety of reasons, politically
as well as the difficulty practically of implementing such a thing.

MR. REYNOLDS: Thank you. Excellent discussion, and we needed to make sure
we got all those questions in.

The next panel will start in five minutes, so please return. Thank you.

(Brief recess.)

Agenda Item: Health Information Security and Privacy
Collaboration (HISPC) Findings

MR. REYNOLDS: We want to really respect the time of the people who are
going to be presenting to us since we have delayed them somewhat. Our next
group is on health information security and privacy collaboration. The first is
going to be Steve Posnack. Then we will have Linda Dimitropoulos and then
William O’Byrne.

So Steve, welcome. You’ve got the floor.

MR. POSNACK: Thanks. I guess we are on — I wouldn’t say typical NCVHS
time, but I realize that we are a little bit behind, and we will do our best to
try to keep everything at the five o’clock deadline.

My name is Steve Posnack. I work in the Office of the National Coordinator
in the Office of Policy and Research under Jodie Daniel. I am the project
officer for the privacy and security solutions for interoperable health
information exchange contract. John White, who is on the docket tomorrow, is my
counterpart at AHRQ in terms of the co-project management of this initiative.

Just a brief summary of the contract. Many of you know about the contract.
It has been going on for quite some time. We started in the fall of 2005. It
was originally slated to form the health information security and privacy
collaboration. That in turn yielded 34 state subcontracts. I should clarify, it
is 33 states and Puerto Rico, although collectively we just refer to them as
states. They were recognized by their governor, so there is an endorsement by
the state for their participation, whether it is through the actual state’s
public health or any other part of the state health department or another
entity recognized by the governor in the state.

Another myth that I would like to try and dispel while I have an
opportunity publicly is that it wasn’t a study of state law, but rather an
assessment of variation at an organizational level of business practices and
policies and the underlying state laws that made those business practices and
policies take place.

That was a first step of the 34 states assignment. The second step was to
identify and propose practical solutions to the identified variations that came
about in their state, an the third was to develop a detailed implementation
plan to better address and implement some of those solutions.

So that gets us to where we are today. As many of you know, a lot of the
final deliverables from RTI are coming up. I am happy after reading many of
them and reviewing them and redlining them with Linda, and she is on the phone
and can attest to this, they are going to be publicly available very shortly.
She is going to come and present on the 31st at AHIC, and we are also planning
on having a couple of states present as well. So there will be three reports
available, the final assessment of variation and solutions report, the final
implementation plans report, and a nationwide summary report.

The other additional note about where we are today. We awarded RTI an
extension to the end of 2007 to do two tasks. That is pretty much my last
bullet, which is where we are going.

For the next six months, give or take a couple of weeks, the states will be
implementing a foundational component of their implementation plan, so we
increased the funding in the RTI contract to give states a jumpstart on the
activities that they propose in their implementation plan. Then the second
step, which is a jump through a new phase, is to foster the formation of
multi-state and regional collaboration to develop solutions for these
multi-state or regional collaborations.

The idea is — and one of the constructive criticisms that we heard our of
the work that has been done to date is, I want to know how to exchange
information, and Bill is here from New Jersey, with New York. I want to know
how to exchange information with Connecticut. If I have snowbirds going down
from New York, I want to be able to exchange information with Florida, and how
do we get that to happen.

So the next phase of this contract development is, RTI is going to be
preparing the multi-state and regional collaborations. It gets to the states as
laboratories. There are going to be a bunch of states forming together to
propose a couple of solutions that they want to address as a collaborative. In
calendar ’08 we plan on funding those initiatives. The idea is that if three or
four states can get a solution that works right for them, maybe it will work
right for a lot of them.

It is not going to be uniform solution for all of them, but I would say
that two or three answers that everyone can agree to is better than no answers.
So there are going to be a lot of potential avenues to get these collaborative
solutions out.

I have had a lot of discussions with John Lumpkin. We are going to continue
in terms of the interaction with the Nationwide Health Information Network
trials and how best those collaborative solutions can inform those. We are a
little off timing wise, so they may be an auctioneer type exercise. Obviously,
how the AH successor organization pans out, and the role that solutions can be
fed to that organization, and finally the State Alliance for E-Health, which is
under a contract that we have with the National Governors Association.

I will then turn it over to Linda now, and Bill will follow. I am going to
be driving the slides while she speaks. Linda, are you there?

MS. DIMITROPOULOS: Yes, I am, thank you, Steve. Steve, if I might add one
bit to that, the collaborative work group will be involved, representations
from the states that have not been part of the project thus far, so the
outreach will be to all 56 states and territories.

MR. POSNACK: That is a great point that I missed. Thank you, Linda.

MS. DIMITROPOULOS: I will try to skip some of the earlier slides and get to
what we can offer this committee. I think I will preface this with, many of the
states we have worked with are pretty advanced in their thinking, and have been
working on these issues for awhile, but many of the others have not. So some of
the conversations as they started in the states were at the level of discussing
expansion of information for patient care, and really did not get into
discussion so much about secondary uses.

So with that in mind, I would just like to walk through briefly some of the
— a couple of the assumptions underlying the methodologies for those who are
not as familiar with the project and the process that the 33 states and Puerto
Rico followed.

The basic assumptions underlying the project methodology was that decisions
about protecting privacy and security needed to be made at the local level, and
that discussions needed to take place at that community level to understand the
current landscape of where things stood.

So in many states where we were opening these discussions and talking about
electronic health information exchange, some of the stakeholders would say, we
have nothing to add to this conversation, because all of our business practices
are on paper. So the discussion would be, but even if you are exchanging
information on paper, you are doing it based on your practices and policies
protecting the privacy of that paper, so you need to think through those issues
and what element of those policies you want to move forward and are relevant
for electronic exchange. So we are talking about getting to some very basic
discussions in many of the states.

In terms of the process, it really was a community based research model,
where the states worked with their own stakeholders to own the issues and raise
them, to raise the discussion and discuss the outcomes. They were cast as
engaging a broad range of stakeholders within their states to work through
these issues. We will have numbers coming out in the report, but there are
thousands of people who have actually contributed to these work groups in
working on these decisions.

All the state privacy teams followed basically a core methodology to frame
the discussion. So for that, we used a series of 18 scenarios and framed those
discussions in terms of the nine domains of privacy and security which are on
the next slide.

The nine domains are provided to focus the discussion as key areas that
needed to be addressed. But the teams weren’t limited to these nine, but these
were offered so that we could be sure that at least these nine areas were
discussed as the state teams worked through the scenarios.

The next slide provides an overview list of scenarios. There were 18
altogether that were developed by AHIMA, to be relevant to a broad range of
stakeholder organizations and groups, and based on the 11 practices that you
see on the next slide. They were selected because they were most likely to
surface and engage discussion of systems and policies that state laws that may
be underlying those policies.

The focus overall was, the discussions focused on primary uses in patient
care, to some extent the payment scenario focused on how do you limit the
information that you provide for payment, but the discussion did not get into
deeper areas and discussion about secondary uses.

There were public health scenarios that we used, including contagious
disease or biosurveillance, newborn screening, but we didn’t consider the
public health scenarios as secondary uses. In most of the conversation around
those were pretty clear, in that pretty much all of the state schemes, the
guidelines around public health and notification for communicable diseases was
pretty straightforward for them. So they didn’t have a lot of discussion around
the public health scenarios.

So if we look at the next slide, the next few slides that you have, some of
the information from the state discussions around a couple of the other
scenarios. There was a real scenario that involved a regional health
information organization that requested to access patient identifiable data
from all the participating organizations and their patients to model the
incidence and management of diabetic patients. The RIO also intended to monitor
participating providers to rank them for the provision of preventive services
to diabetic patients.

In response to the scenario, all of the states, all 33 and Puerto Rico,
agreed that sharing de-identified data with the RIO for disease surveillance
was fine, but they felt that IRB approval was necessary for identifiable data,
as would be informed consent. The hospitals and the participating entities
would need to have appropriate agreements in place with the RIO before they
would send any data.

Some of the states in fact were unsure about the function of the health
information exchange, especially related to data collection and research. They
were unsure about the legal status, so the conversations again didn’t get very
deep. It was clear that there wasn’t a lot of understanding about that.

The next slide, Steve, is the scenario around the research data uses and
state government oversight. The research data use scenario involved a research
project with children under age 13 to test an ADD/ADHD drug. The researchers at
the medical center had IRB approval, but were asked by another researcher to
use the data. They wanted to extend the tracking period by six months, and then
further analysis that would be part of the original protocol. Again, all of the
states felt that the IRB had control over this and that approval was necessary
for the additional study, and informed consent if the researchers were going to
use identifiable data.

Overall, when the state teams discussed research they reported that if a
project could get approval from an IRB, then they didn’t see it as an issue
with using data for research purposes.

The next one involved a law enforcement scenario that involved a
19-year-old brought into an ER after an auto accident. They ran blood alcohol
and drug screens, and the law enforcement agency came in to investigate the
accident and asked for the records. The parents came in and asked for the
records, a complex scenario here. Most of the states in discussing this agreed
that the hospitals needed to receive a formal service of a subpoena or some
other document before they could release the blood alcohol information.

But there were a couple of states that said they were aware that there is
some variation in hospitals complying with the requests. There were a few
organizations who said that depending on the incident, you might see
information from law enforcement on a verbal request, but there seemed to be
some variation around how providers and law enforcement understood what the
rules were of exchanging information with law enforcement.

All states agreed that no information would be provided to the parents of
the patient, since the patient was over 18, although one state in their
discussions did note that the parents were likely receive an explanation of
benefits from their insurance that would probably provide them with some
information about it.

A couple of other relevants there were the health care operations and
marketing. There were two of these, and these I’ll admit got more reaction from
folks, although not a lot of focused discussion. One of the scenarios involved
a hospital marketing department request for identifiable data on all
deliveries, including mothers’ demographic information and birth outcomes, to
insure that they made contact only with deliveries that resulted in healthy
live births. So the marketing department could use the patient information to
provide information on the hospital’s needs, pediatric services, and solicit
registration for the hospital’s parenting classes. Then there was an additional
service to sell the data to local diaper company using marketing services
directly to parents.

The second scenario involved a request from an integrated health delivery
system that had critical access hospitals, and asked them to submit monthly
reports containing patient identifiable data to be analyzed for patient
encounters and trends for three rehab diagnoses and procedures. They also were
requesting the same information along with individual patients’ demographic
information to be provided to the marketing department. The marketing
department plans to distribute it to the individuals highlighting the new rehab

Eight of the states reported some pretty lengthy discussions about the
exchanges, although the stakeholders primarily agreed that using the data for
quality improvement which they considered internal operations, would be
permissible use of the data. Other stakeholders from the same states said they
wouldn’t exchange data given the circumstances of either of the scenarios.
Others felt that quality improvement could be accomplished with de-identified

Then most of the state teams were certain that using identifiable data for
marketing purposes wasn’t permitted at all without some sort to patient
authorization. Then there were four states that explicitly stated that they
would never sell data for third party marketing, and that doing so was

As we have been going through these masses of data that we have gotten from
the state teams, trying to get the main reports out, as Steve was noting, it
has been a pretty aggressive, huge task in a short time period. I think that we
do have the opportunity to go back and look into some of these areas in a
little more depth.

I think that the biggest takeaway from looking across the state teams was
that the use of patient data for purposes other than direct patient care and
public health is really not well understood. I think that raises a number of
issues certainly.

I think there are a couple of things going forward that the HISPC states
and the collaborative work groups can do. I think they can continue their
discussion with regard to the secondary use of data. I think that it is also
going to be important as they develop the various programs in education. We
have a number of states working on programs of education and outreach that they
work to increase public awareness and discussion of the benefits and the

The secondary use of data I think agaIn is not well understood. The
reactions of some of the stakeholders to some of these that are in practice now
were pretty remarkable and pretty strong. So although it was a fairly small
group, the reaction was notable.

On the last slide I put the links to where you can find more information as
it rolls out from the project.

So with that, I’d like to turn it over to Bill, who is working on some
excellent projects in New Jersey. He may even talk about some of the work they
are going to do with New York.

MR. O’BYRNE: Thanks. My name is Bill O’Byrne. I am the coordinator for
electronic health record technology and development for the state of New
Jersey. It is a pleasure to be with you today.

The last time I was before this group, the NCVHS, was in 2000. We were
talking about transactions and code sets, and the fact that somehow we had to
make 837s and 835s, and we did it. It is hard to realize that by 2003 a lot of
that was really happening when we were looking at it in 2000. So I am
encouraged by the fact that we achieved something very spectacular in the
transaction and code sets, and I feel given some time and effort we will do the
same thing with electronic health records.

What I was called upon to do was to enter a proposal. I brought along with
me the final result, and I will present it to this committee for your
consideration. This is the binder that we have assembled, which contains our
final implementation plan report and the final assessment of variations
analysis and solutions report. It basically blueprints a way forward in New
Jersey. I only brought one, because as you can see, it is rather heavy. But I
also will tell you that you will find that the contents of this and these
reports are at my website, which is listed at the end of my PowerPoint
presentation, so you can always get this that way as well. So I will leave this
for your consideration.

I wanted to tell you also that coming at the end of a long day, I feel a
little bit like the caboose. You are probably glad to see it coming but you
can’t wait to see it roll by. I’m not going to take too long. I told people in
the beginning that I could do this in either 40 minutes or seven minutes, and
that it depended on how much time I had. So I will try to be brief, but yet
cover the most significant points.

New Jersey is blessed because we have a state law which is called HINT, the
health information network technology act, which gives New Jersey state
government a role in how to make these things happen on a state level. It
designated my department, DOBI, which is the Department of Banking and
Insurance, as the lead agency for transactions and code sets and for creating
of electronic health records.

Incidentally, you may wonder why; it is because when we speak we can bring
the players to the table, and the professional board is not able to do that.
The health and senior services can’t, and human services necessarily can’t
bring the private payors to the table, but when we invite them they show up and
they bring their checkbooks, so that has always been quite an inducement to get
a lot of activity on things that we undertake, which has been very valuable for
New Jersey.

We are deeply involved in electronic health records, as you can probably
tell from my involvement. I am going to slide through these so we don’t get
bogged down on any particular one. We have been involved in national provider
identification numbers. We use our involvement to try to encourage an eclectic
group of people in the business of health care, whether they are payors,
providers, clinics, clearinghouses, vendors, whoever it happens to be. We bring
them all together, put them into a melting pot and try to come up with some
good answers.

That is what we did, by the way, when we were awarded the contract for
HISPC. I immediately reassembled the group that I had created for the
transaction and code sets and for the NPI implementation, and I brought them
all together so I had a cross section of academics, payors, providers,
hospitals, the medical society, vendors, clearinghouses, everyone that you
could possible name, they were all at a table like this, and we launched upon
an investigation of how we could complete our work under HISPC.

We looked at it as a business opportunity, because it was going to allow us
to study the business barriers that were created which would interfere with the
flow of electronic health information. We dropped quickly the word electronic,
because we found out that there were a lot of barriers to paper transactions as

So we started looking at the barriers that existed, and that took us all
over the state, from Northern Bergen County, where there are very high income
suburban living people there that work in New York and they have extremely high
incomes, to lower income families in very disadvantaged urban areas, to
non-English people down in South Jersey, to retired people that live along the
shore. We went to all of them.

We went to their institutions and we presented the scenarios that Linda
talked about. These groups looked at those scenarios and gave us their
feedback. I used Rutgers Center for State Health Information Policy to record
their responses, and we reduced all of that to reports that we submitted that
became part of those binders that you see. There is another one that we
assembled for the interim reports that is equally as large as that one.

We distilled all of that information, and we were able to arrive at those
things that were interfering with the flow of information. One of the things
that we found out was this idea of consent management, how do you know whether
the consent that you get by way of a fax is an accurate consent. If I check in
for treatment while I am down here in Washington, how does my doctor know in
New Jersey to release my information.

All of these issues came up in the consideration of the scenarios. One of
the big questions that we faced was consent management. One of the other areas
was resolving the issue of misunderstanding and mis-application of HIPAA. I sat
back and listened for the last hour and a half prior to my coming up here about
discussions you were having. I really admire the degree of quality assessment
and the high level that you were able to give to this subject.

That is not what happens unfortunately on the operational level of how
health care is provided to people. It is just not happens. What happens in the
emergency room, what I found out is that all the rules pretty much go out the
window, and they are more looking at what do we need to do to treat the
patient, and these elaborate concerns and rules regarding what is permitted and
what is not permitted may not necessarily be applied if it interferes with the
high quality of care that is being demanded by a particular patient.

I’m not sure if that is right or wrong, but that is what happens. You find
that the doctors out there, they want to help people, and they spend a great
deal of time — not that you don’t, but they spend a great deal of time trying
to figure out how to give care to people who need it.

I also found out from our studies that a lot of people make up rules as
they go along. I don’t know how to tell you, but we would ask people in clinics
and in hospitals, why do you have people sign that form sending the information
from one place to the other, when it really has to do with the payment of a
claim, or has to do with the treatment. The answer is, I don’t know, we always
do it. So what you have is a giant mischegas of misunderstanding,
mis-application and it is unfortunate. But it gets done, so I’m not sure
whether it is working right or wrong, but no one has been deprived quality
health care because of the application of the rules as I saw it. So I don’t
know if it is right or wrong, but at least people are getting treated and they
are getting good quality care.

Identification of patients, one of the big issues. There is a reticence to
get involved in master patient indexes. What we are trying to work on now is a
probablistic match in which we create large sections of information about
people, and then use that as a way to get into a pigeonhole of information
where an electronic health record is stored, rather than just jumping into a
master patient index.

One of my pet concerns is identification cards. Unfortunately,
identification cards don’t have a bar code on them, and they don’t have a
picture on them, and they don’t have any really usable information other than a
bunch of numbers. What normally happens is, you walk into the doctor, they
photocopy this thing and then somebody has to type it out, and invariably they
screw up the numbers or they mis-spell the name.

I got an ELB where it was rejected because my daughter’s name, who is
Margaret Ann O’Byrne, became Rita Able O’Byrne, or some strange name. It was
completely transposed. I don’t know why we don’t do it the way they do in the
VA. I am a disabled veteran, and this is what they do in the VA. They should
have higher education cards that look like this, in my estimation. That is what
I am going to advocate in New Jersey, one that has a barcode on it and has the
electronic information on it, and you don’t have to go through this process of
photocopying and relying on somebody typing and plinking in the information.
You can just run it through a scanner, and you have got everything you need.

So there are better ways of doing things that are quick fixes that we
intend to introduce in New Jersey.

One of the things that I am most encouraged about is this. HISPC just
didn’t die when that report was issued. HISPC is still alive and well. We are
calling it HISPC-2 now. What it has evolved into is an interim period now from
July 1 through to the end of the year in which we are going to be meeting in
groups to look at how to actually take some of the plans that are in that
report that we circulated and make them happen.

One of the things that I am doing is working very closely with New York
State and New York City. On June 1 we have already met with New York City and
New York State. It started because of a meeting at a national conference we had
in Bethesda at the end of HISPC, in which we found out that they wanted to
encourage regional groups to emerge.

So I grabbed the representative from New York State and I said, we really
have a lot in common here; what can we work on, what can we develop between New
York and New Jersey that will help the people that we are trying to service.

We thought about it for awhile, and we finally agreed to meet on June 1,
and we did meet on June 1. We focused on initially the public health registry.
Why that? New Jersey has an eliminate reporting public health registry. First
of all, we have an immunization registry, but we have eight or nine of them,
and this information is coming in routinely. It is very good information, it is
all electronic.

New York State has exactly the same information coming into New York State,
and New York City has exactly that same information coming into New York City.
We also found out that 47,000 men went from New Jersey and were immunized in
New York. So there is this great population that is going back and forth across
the Hudson River. Unfortunately, their information doesn’t travel across the
Hudson River as easily as they can.

So what we are focusing on right now is trying to figure out ways to
harmonize the electronic public health registries. We are meeting again on July
25. We already have a draft charter and draft plan of operation which we put
together. So we are making concrete steps to move this forward.

Now, are we going to stop there? One of the things that I intend to do next
is to assemble people from Pennsylvania, because we have the Delaware River,
and a lot of people go from New Jersey to Pennsylvania, Delaware, Connecticut,
Florida who I have already met with, and Puerto Rico.

You might say, why in the world would we go to those other two places,
because we have a huge Hispanic population that travels from South Jersey back
to Puerto Rico. They come up and back either for migratory jobs in the farming
industry or they come in for vacations. So they do need an electronic health
record or at least immunization and vaccination that will go back and forth

We are doing the same thing for Connecticut and Florida and New Jersey and
New York and New York City. So that is one of the very real benefits that is
coming out of HISPC, the project that I am involved in, which is to harmonize
these public health registries and to expand it to other states and regions.

I can also tell you that there is another group from NISPC working on a
national consent form. I can’t speak as directly to that because I am not on
that committee. However, I am hoping that they will come up with a national
consent form and that it will address the fact that some things should take
place no matter what.

For instance, a release executed in Maryland should be recognized to
release information in other states, in my estimation. If I am driving a car in
Maryland, I am subject to the laws of the state of Maryland, and therefore I
would expect that if I signed a release in Maryland to have my medical records
transferred back to New Jersey because I had been seen here, that it would be
honored. I would also expect that there are certain kinds of protected health
information such as drug and alcohol abuse, such as SGDs, mental and emotional
health that may be controlled by the state where those treatments are rendered,
will be control by that state’s laws and they will never become part of an
electronic health record.

So there are different ways that these issues are being looked at from the
practical point of view. I don’t mean to suggest that these are not things that
you should be doing, but I am letting you know that we are also looking at them
from an operational practical point of view.

Is there anything else that I wanted to talk about? Oh, the last thing that
I want to tell you is that HISPC is an ideal opportunity for my state to use as
a jumping off point to start legislation rolling to create a statewide
electronic health record structure.

There is a bill that passed the Assembly. It will be modified slightly, and
reintroduced in the Senate and the Assembly. You may see at the end of this
year some legislation regarding an electronic health record structure that will
be linked to the payment of claims in New Jersey. We are very proud of that
process. I think that all of it will be because of having assembled the people
from all over the state to work on the HISPC project.

So that is all I have. I told you the caboose would fly by before you knew
it. But I have covered everything, I hope.

There is the website where you can find these reports at the top. Just put
in HISPC. That is my name, that is my e-mail address, and that is my phone
number. I am always available for you if you need me.

MR. REYNOLDS: You need to write down mischgas or whatever you said.

MR. O’BYRNE: Mischegas.

MR. REYNOLDS: And what it means so I can use it at home.

MR. O’BYRNE: A giant mischegas is something that I learned when I was in
the Marine Corp. I don’t know what it means. It might be very bad.

MR. REYNOLDS: Questions from the group?

DR. COHN: I don’t really have a question, but I just wanted to state my
appreciation for your testimony. I remember your testimony back in the year
2000, and I remember specifically that New Jersey was a can-do state. You were
at that point coming forward and saying you were going to do HIPAA a number of
years before the formal implementation date.

MR. O’BYRNE: I can tell you, I talked to Horizon Blue Cross Blue Shield
about a week ago in preparation for this, and I found out that they do not
receive any paper claims anymore. They are totally electronic; they only
receive 837s. So I guess we are doing the right thing.

DR. COHN: Well, my congratulations.

MR. O’BYRNE: Thank you.

DR. CARR: I would also like to say a wonderful presentation and terrific

I am wondering, as you have met with different states, what are the
features that you have in New Jersey besides you and the other features that
make it work so efficiently and so productively, and what could other states
learn from you.

MR. O’BYRNE: I always advise — and I don’t know why other states don’t do
this — but you will find that there is a dynamic involved here. Departments of
insurance have the ability to regulate what the payment of claims look like,
medical claims. That is not a function of the department of health, not a
function of Medicaid. It is totally a function of the National Association of
Insurance Commissioners.

What New Jersey did was, in 1998, we passed a law called HINT, health
information network technology act, which I referenced in my presentation. What
that did was, it said that my department, which has authority over what clean
claims look like, can say that a clean claim will be one that looks like and is
an 837 claim. So now you had a linkage between what a clean claim is and the
federal standards.

We have always assiduously followed the principle that if it is a federally
recognized claim, then that is a clean claim in the state of New Jersey. As a
clean claim, it is entitled to be paid in a more efficient and faster way.

So that immediately got the attention of the hospitals and the providers,
because they found out that we would say to payors, if you get an 837 claim in
the front door, electronic claim, you must pay it in five days. I put another
hook on it. I added a 277 acknowledgement of receipt. We adopted the 277, and
Bill will tell you this, back in 2001. I don’t think the feds have even adopted
it yet.

The 277 was the thing that made this whole thing work, because what it said
was, here you are as a doctor sending your claims in, and one of the biggest
complaints I ever heard was, I never know. I send these complaints in the mail,
I never know whether they got them or not. Then I wait a month, I didn’t get
paid, so I figured they didn’t get it, I send it again.

Well, the 277 is an automatic electronic form that is automatically sent
back by the system, not by the operation of the payor, and basically says, we
got a claim and it appears to be a clean claim.

So what you had was, January 1, Dr. Carr sends in a claim, January 1,
Horizon Blue Cross Blue Shield got that claim and they took it in the door and
a 277 came flying back. Now Dr. Carr has proof that they got the claim. They
have to pay it in a timely fashion. If they don’t, they are assessed an
interest charge on the outstanding balance of unpaid claims. And we make them

So there are ways to do this, but it is a business function. Everybody has
looked at this as a health care issue. We tend to look at it as a business
function, and frankly, every rule that I have written over the years, I always
look at it as a business function and what the economic imperative is for all
sides. That is how I view it.

MR. REYNOLDS: Any other questions? Linda, did you have any comments? We
can’t see if you had your hand raised up or anything.


MS. JACKSON: You mentioned the business function and that you are solidly
based on the terminology of that. You are talking head to head with New Jersey
and all. How do you transfer that with these other states and Puerto Rico,
Delaware and Florida, where they may not come at it with that same kind of
strength and intensity that you set up for your core?

MR. O’BYRNE: I come at it because I have the help of the federal
government. I come at it because I appeal to the other states and I say, you
know what, the only way we are going to get AHRQ and the National Coordinator
interested in us, defend our efforts to help us out here, the only way we are
going to do that is if we join together. They have told us in no uncertain
terms, they will help us if we join together in regional efforts.

So I spent at least one day a week reaching out to other states. I just
finally got a contact in Pennsylvania. They are not a HISPC state. I reached
out to Governor Rendell’s office and finally got a contact in Pennsylvania. I
sent it off to Linda yesterday, correct, Linda?

MS. DIMITROPOULOS: That’s right.

MR. O’BYRNE: My point is that I know what they want, meaning the feds, and
I know what I need to do to get it. I go out and I find other states that will
work with us, that’s all.

MR. REYNOLDS: Thanks to all of you. Excellent presentation. What we are
going to do now is spend the rest of the time with some open discussion amongst
the committee. So with that, the floor is open.

Agenda Item: Work Group Discussion

DR. COHN: While we await Margaret figuring it all out, we will give you to
our second hearing tomorrow to figure it all out, I do just want to observe —
and this is going back to our earlier conversation, beginning to have people
think about a structure to the work we are doing as well as recommendations.

I do want to recognize that today, we talked about issues related to an
overall conceptual framework. Without making a decision on this one, I do want
to observe that at least we heard a fair number of people describing
alternative frameworks about how we ought to describe all of this, people
wondering whether even secondary uses are the right way for us to be describing
some of the areas of discussion that we have had.

I think we need to hear more before we reach a conclusion about how we want
to frame it. The name of the ad hoc work group is the name of the ad hoc work
group, but how we frame all of these things is something that we will need to
be thinking about as we hear additional testifiers, and figuring out what we
are framing all of this is most useful. So I do want to note that.

I do want to also talk about the nature of our recommendations a little
bit. I think our charge is to try to once again advocate for a framework that
helps create understanding. We are a little bit early in terms of figuring that
one out. That is really the purpose of the framework.

But beyond that we are asked to be giving guidance to HHS on issues related
to policy, guidance, possible regulation and/or public education efforts in
this area. I would also suggest based on things that for example Mark had
commented on, there may be a need for us to be suggesting that the Secretary
and HHS advocate for certain potential types of new laws.

As I say all of this stuff, we need our own minds to be clear about which
of our recommendations are which. Indeed, given that we do have a reputation
for actionable recommendations, we just need to be aware that if we are
advocating for the Secretary or HHS advocating for new legislation or new
legislative authority, we don’t want to hang our hat on something like that
just because that is typically much longer term, and given the Congress’ track
record on privacy legislation, it is a little less likely to happen as a near
term activity. That may be something that we decide to do, but we need to be
aware that there is in all of this going to be opportunities and perhaps
suggestions for public education as well as that there are things that we can
do either around guidance to regulation or potential clarification around the
edges of legislation. Obviously that becomes much more doable by the Secretary
and might be much more applicable in the near term.

So I’m not saying what it is we should be recommending out of all of this,
but at least to begin to stratify and clump some of our recommendations as we
begin to identify them.

DR. CARR: I just had a couple of comments of themes that I think came
through today very powerfully. I think that the whole issue of what is primary
and a much broader definition of what is primary, and the way we think about
quality, the theme came through where it used to be something that somebody
outside of clinical care was in charge of, and now we are hearing very much how
it is a part of what we do. It can be incentivized through these decision
support — that quality is not an external entity, it is part of the fabric of
what we do.

I am impressed, how many permutations of trust we heard about today in
every single thing. The success stories always began with trust and with
appropriate transparency, accountability, with attention to de-identification

Then when we got to the regulations, I think we find that there is still
confusion, and that it doesn’t go as easily. Somehow the stories that began
with trust seemed to be moving ahead and moving very successfully, and the
stories that began with regulations are still struggling on definitions. I
think that is an important lesson.

I also think further on that line, the story of what is research and what
is quality improvement is a very important topic for us to understand and to
rethink and redefine. It gets back to primary and secondary as well.

Then finally, the financial incentives that we just heard about and that
link to collaboration, another theme that we have heard. It was interesting to
me that the success stories resonated through everyone’s story and the
stumbling blocks seemed to reappear repeatedly as well.

DR. TANG: I agree with Justine. Going back to my always simple approach, I
think the messages were very clear and started off from the first panel. We
basically want to do good and achieve and maintain public trust, so that is our

The other caveat is to say, explain it to everybody and have them
understand it and act like adults. I don’t think we can expect, when it takes
us so much background and experience to even fathom the stuff that is being
talked about with regard to use of an individual’s information, that it is part
of the public good that we, this body, make recommendations for how to adjust
this problem on a systemic basis rather than let every consumer fend for
himself. So that is another piece of it.

We also heard today and in the past that consumers and patients trust their
doc. They trust the researchers that work with their information. They trust
the government. There is a lot of trust already built in at the default
position. I think we need to just cut to the chase like our first two
presenters talked about, and go after where it is clear-cut people have lack of
trust, and that is around the payment for their data. We need to build the
protections that are necessary without each individual having to study the
issue themselves that would prohibit the default that folks can acquire the
data by a passage of funds and do whatever they want with it. We have heard
from the legal folks that right now, there is no clear-cut law or regulation
that would prevent that once it gets outside the HIPAA covered entity.

So in some sense, I think we are dealing with trust. I think we do have to
watch out for the public good by creating regulations that deal with the
specific areas. That is how it gets simple that the public is most concerned
about, that is, the exchange of data for exchange of funds.

It isn’t so much about controlling research in public health, because that
has not been either a concern among the public and it is quite well protected
by the existing regs.

So that is my upshot of what we heard today.

MR. STEINDEL: We hear about regulations and the confusion coming in, and
also the problems between when it is quality, TPO and operations and when is it
research and differentiating between them. I think we need to explore that.

What I don’t resonate with, Paul, I’m sorry, is the absolute bad about the
sale of data. I don’t know if we have people that are talking about various

Harry made a very good point earlier about how many of you buy things on
the Internet. People are willing, if they get proper compensation — and in
this case on the Internet it is an easy way to buy things. Sometimes you don’t
pay sales tax and you don’t have to go anywhere to get something. So you are
willing to give up a chance that your data may be misused.

The same thing is true with how many people have various types of marketing
cards, like with the groceries and stuff like that. For some type of
reimbursement you are willing to give up some information. I don’t think we
have explored that.

So I don’t think we can say blindly that the sale of data is bad. I think
what we have to do is explore what type of constructs should we put around the
sale of data.

DR. TANG: That was my point. In other words, focus our attention on just
the area of concern. I didn’t say it was all bad, but that is where the area of
concern is. That will limit our scope and perhaps get us closer to coming up
with concrete recommendations.

DR. VIGILANTE: I generally share the perspective about being simple. I
think the research issue is not simplistic. I think that there are well
documented perspectives on research, particularly among different racial and
ethnic groups and socioeconomic groups that have varying levels of trust of
research and researchers, and it influences recruitment to clinical trials on a
fairly consistent basis.

I think that when you think about this concept of agency, what you are
going to do for the data, there is the perception among some people and there
is the reality in other cases that the goals of research are often driven by
egocentric motivations to promote and publish.

So I do think while there are levels of scrutiny that different activities
deserve, commercial being the highest, I do think research itself is not a — I
don’t think everybody embraces it as something completely low risk or no risk.

The other thing I would say is that I agree with the perspective that all
this data is the data, this holistic view of, whether you are talking about
getting the patient taken care of or whether you are talking about whether they
are on aspirin or Vioxx or something, and that there is no distinction between
primary and secondary data per se.

I don’t know that I share that perspective so completely. I do think that
there is something very special about the perspectives of the patient. When you
close the door, there is just the doc and the patient or the nurse and the
patient talking about what their issues are. That data is being collected, and
that patient has a sense of where that data is going to reside. It is different
than the data that gets aggregated among many, many patients.

While I understand that the distinction is maybe artificial and rooted in
the past on certain levels, peoples’ perspectives are rooted in their past. I
don’t think we can discount that as being irrelevant.

MR. REYNOLDS: As I have looked at this today, I think there is no question
that in many cases the rhetoric alone is creating significant confusion
everywhere, because one person’s consent or one person’s anonymization or one
person’s de-identification.

So I think one thing the committee could really help do is drill down on
some things and set some clear definitions and discussions about what is really
what. As we sit in here and listen to these words bandied around, picture the
public. They are still trying to deal with HIPAA, and some of them haven’t even
gotten as far as de-identified as far as how their data is going. So I think
trying to make that simpler.

I think the word secondary probably continues from a number of the
testifiers to be a lightening round, as possibly a situation where, is it just
the data and what is secondary and what is primary, and what does that mean and
how do we deal with it. If we use the word secondary, then how we deal with it
and what we clearly state it to be as part of what we are trying to help
directly get done.

The other thing I was intrigued with was, during the more in-depth
discussion of the privacy law, and I thought I was fairly familiar with it, but
I got a brand new education today. I was surprised to see that the word quality
was kind of almost taken care of in there, a little more than I thought it was,
as far as how it was defined.

Again, we are looking at a cross section of everything that is going to
happen. But as we drill down in quality, it may be in there a little more than
I thought it was, as far as a consideration, which is news to me. I’m not
trying to sell anybody; I’m just saying that was a different look to me when I
saw those slides and heard that discussion today.

The idea of keeping track of an end game. We need to be looking at the
current and we need to be looking out a little bit, because working on the
HIPAA privacy law, that was quite awhile ago in terms of how fast things are
moving, not in numbers of years, but in how fast things are moving and the
number of RFPs that are going out on HIEs and everything else. So we have got
to make sure we keep that end game in mind pragmatically.

So those are some of the things that seemed to hit me today.

DR. DEERING: Actually that was a very good segue. I wanted to address
issues related to communication and say that since from the very beginning of
our conversations, since the conflict of communicating all these issues has
been something that we have talked about, I wanted to be very precise about a
few areas where communication considerations might or might not be used by the
work group in reaching whatever decisions it reaches.

The first, to pick up on what everybody has said about secondary, I think I
would go so far as to say it is almost as if secondary is the equivalent of the
word amnesty in the immigration policy debate. So from a public policy point of
view, it may actually be counterproductive.

DR. TANG: Would you state that again? We didn’t hear it. What word did you
use? Amnesty?

DR. DEERING: Amnesty, in the sense that it is a very loaded term that is
used by people on — or it could be. I’m just throwing that out as one
possibility, that it could conceivably be a counterproductive term. We can go
there later if we want to.

The other has to do with the word sale, the sale of our data. That is an
extremely loaded term. I do think that in some of our testimony in August we
will hear from those people who might be accused to selling it, but they would
call it a business case.

If you are going to analyze it, it is a service. Somebody else said that
there is a fee for service that someone will contract out. Yes, I would like
you to analyze my data. They are not going to do that for free. There is going
to be a business relationship. So I think that calling something a sale, do you
want them to sell your data, might not be as helpful from a communication point
of view. What we do with it may come later.

A third area was, we have often talked about trust beginning with the
doctor-patient. I think we ought to realize that one of the problems with the
health care system that we have today is that decreasingly, the doctor and the
patient are actually having time to talk. So I think that requiring that
doctor-patient encounter to be the vessel within which all of this meaningful
exchange and explanation takes place is decreasingly likely to happen,
especially as more and more of it migrates to the Internet. So again, that is
just a construct.

The fourth was something that I think I only shared with Margaret. Visuals
can be very helpful. I know that NCVHS deals in words to the Secretary. I have
now joined an organization that is entirely visual. As Kevin knows, everything
is by PowerPoint. I understand that one of the faults of the training for the
war in Iraq was that it was apparently planned at the PowerPoint level.

I think some of us hark back to that wonderful graphic about the valley of
interoperability. I think there are ways to depict things in quasi-cartoonish
ways that are very effective. I was suggesting to Margaret that we might
consider, if we had the skill or knew how to do it, is the path of a piece of
data from the point of collection — maybe two or three scenarios, here is
where it starts, here is where we would like it to end up. Some are good, some
are nefarious, and at each point along the continuum, maybe the current laws
either enable, permit, preclude for better or worse something happening, and
what is the actual step that needs to happen in order to bring it to the next
step. That is in the current world.

Well, is that ideal? Does it actually get it there, or has this data that
you wanted to get there gone over there, or as it gotten there and you didn’t
want it to go there just because there was a loophole? In the future vision,
what would happen to that point of data along the way?

I think it would be a fun exercise. I was just thinking about a case that
you have been talking about. If we could capture that visually, I think it
would help a lot of people understand the significance of what we are trying to
deal with.

So those are some communication perspectives.

MR. REYNOLDS: Before I turn it over to you, one other word. We heard sale,
and I think employer fits in there, too, as part of the whole trust scenario,
which came out this morning in some of the surveys. It is not only that
somebody might sell my data, but will my employer get it and will it affect my
employment status.

DR. ROTHSTEIN: Just a couple of quick observations. One of the things that
I think we ought to consider including in our report and recommendations is
some discussion of what we mean by quality improvement analysis. If we don’t do
that, then we are going to be falling in line with all the people who have been
using words that nobody knows what they mean by them.

What are the kinds of things we are talking about? Are we talking about
outcomes research, are we talking about utilization review, are we talking
about procedures that are being analyzed, and so forth.

Next, I think we need to recognize that a system that we have designed to
facilitate quality improvement analysis could very easily be used for other
purposes. I tried to raise that point this morning, about how that information
might be used by regulators or licensing boards, et cetera, for controlling
physician privileges and so forth. There are other uses that come to mind, such
as the ability of pharmaceutical companies to engage in tailored marketing to
physicians based on analyzing the data, you are not prescribing this as much as
that. There is state legislation as you all know that has been enacted
specifically to deal with that.

One can imagine very granular kinds of report cards that can be developed
on individual physicians and institutions that may or may not be valuable to
consumers, but nevertheless could be developed from this.

Another point I want to raise very quickly is that we have heard today
about the desire for removing identifiers, the thought being, if it is
anonymous or de-identified, whatever you want to cal it, either it is not
research or it is not subject to the privacy rule or whatever.

I think we need to recognize that even data in its most anonymized state
are not necessarily risk free in terms of harms to individuals. This is
certainly the case with root based harms from genetic research and all sorts of
other environmental studies.

DR. TANG: Could you elaborate on that?

DR. ROTHSTEIN: Yes. I am a researcher, and I don’t have the names of
anybody who I analyze, but one of my findings is that people of XYZ national
origin are much more likely to have mental illness or alcoholism or whatever.
So now there is a whole group stigma.

Finally, the last quick point is that as we go forward with this, I think
it would be a really good idea for us to keep in mind some of the other
studies, documents, recommendations that NCVHS already has put out. Our NHII
document, our 2006 privacy letter, and to the extent that we can tie our
recommendations with regard to these uses that we are talking about in this
project to the other things that we have already outlined, I think it would
make our recommendations more logical and stronger and more likely to survive.

MR. STEINDEL: I just wanted to react to Mary Jo’s comment about the
visuals. I would like us to be very cautious in that area.

For one thing, Carol Diamond showed us that very cute cartoon that she had
about the one case, and it had multiple cartoons in their report. They had the
text for each one of those simultaneous with the report, and I found the text
much more absorbable.

Another comment. They say one picture is worth a thousand words. Sometimes
it takes 10,000 words to get something across, which may be one of the problems
with the Iraq war. So I think we need to be very judicious and careful when we
start thinking about it. If it does help the report and helps get the
information across, definitely, but I think our reports have been very
effective in the past, and they have textual, basically.

MR. REYNOLDS: I am a little bit where Mary Jo is. There is the whole reason
we did the axis of interest and a few other things, that it helps frame some
thinking. I don’t think it will be the end product, but I think we need to use
every capability we have and every opportunity we have.

With that, I know that we are holding staff to be with us. Is there
anything else that anybody wants to cover today before we close?

MS. JACKSON: We are not on the Web tomorrow, if there is anyone who is
listening and expecting to call in, unfortunately. There is a telephone number
for the NCVHS staff. Leave your name and number and we will try to plug you in
on a telephone line.

MR. REYNOLDS: Anything else today? We are starting tomorrow again at nine.
Thanks for everybody keeping up your energy and listening. We wanted to kick
this thing off on the first day, and I think we did. Thanks a lot, everybody.

(Whereupon, the meeting was adjourned at 5:45 p.m.)