[This Transcript is Unedited]

Department of Health and Human Services

National Committee on Vital and Health Statistics

Full Committee

June 15, 2016

Capital Hilton Hotel
Federal Room A
1001 16 St., SW
Washington, D.C.


P R O C E E D I N G S (8:06 a.m.)

Agenda Item: Welcome

DR. SUAREZ: Good morning, everyone. Welcome back to our second day of the National Committee on Vital and Health Statistics meeting. We are going to proceed and get this started. For those on the phone, we are going to do a quick name. I don’t think we need to go back to telling your entire background and involvement in the committee, and whether you have a conflict.

I think we have dispensed of that yesterday when we opened the meeting. Do we have to do it again? We have to do it again. All right. We will do it again. We will go around. Just say your name and organization you belong to. This is only, of course, just for committee members. Then everybody else will just ask you to introduce yourself.

My name is Walter Suarez. I work for Kaiser Permanente. I am the chair of the National Committee of Vital Health Statistics. I am a member of all the subcommittees and work group. I don’t have any conflict on any of the business to be handled today.

MS. GOSS: Good morning. Alix Goss, member of the Full Committee, co-chair of the Standards Committee, Review Committee, and I have no conflicts.

MR. COUSOULE: Nick Cousoule with Blue Cross Blue Shield of Tennessee, a member of the Standards Committee and the Privacy Confidentiality Committee, and I have no conflicts.

DR. COHEN: Bruce Cohen, Massachusetts, member of the Full Committee, co-chair Population Health, member of the Data Work Group, no conflicts.

DR. O’GRADY: Mike O’Grady, senior fellow at NORC and principal O’Grady Health Policy LLC, member of the Full Committee and Population Health Subcommittee, no conflict.

DR. CORNELIUS: Llewellyn Cornelius, no conflict, member of the Full Committee and the Population Health Subcommittee.

MS. KLOSS: Linda Kloss, health information management consultant, member of the Full Committee, co-chair of the Privacy Confidentiality and Security Subcommittee, member of the Standards Subcommittee, Review Committee and no conflicts.

MS. LOVE: Denise Love, National Association of Health Data Organizations and co-leader of the all-payer claims database counsel, which is a non-legal joint collaboration entity. I am a member of the Full Committee, Population Subcommittee, no conflicts.

MR. LANDEN: Good morning. Rich Landen, Harris QuadraMed, member of the Full Committee, member of the Standard Subcommittee and the Review Committee, no conflicts.

DR. STEAD: Bill Stead, Vanderbilt University Medical Center, member of the Full Committee, co-chair of Population Health, member of the Review Committee, no conflicts.

DR. MAYS: Vicki Mays, University of California Los Angeles, member of the Full Committee, member of Population and Privacy, and I co-chair the Work Group on Data Access and Use. I have no conflicts.

DR. EVANS: I am Barbara Evans. I am at the University of Houston Law Center. I am a member of the Full Committee and the Privacy and Confidentiality Subcommittee, and I have no conflicts.

DR. RIPPEN: Good morning. Helga Rippen, I am on the Full committee, the Privacy Subcommittee, the Population Health Subcommittee and the Workgroup on Data Access. I have no conflicts.

DR. SUAREZ: Do we have any members on the phone, members of the National Committee? Okay. Do we have any staff on the phone?

MS. SEEGER: This is Rachel Seeger with the Institute, Secretary for Planning and Evaluation, no conflicts.

DR. SUAREZ: Thank you, Rachel. Usually staff members don’t have to declare that they don’t have any conflict. But thank you. Any other members of the staff or other members on the phone? All right.

We want to state that we have formally established a quorum, so we can proceed with business. Here in the room, if we can have staff and members of the public to introduce themselves.

MS. HINES: Good morning. Rebecca Hines, executive secretary NCHS.

MS. BERNSTEIN: Maya Bernstein. I work for the assistant secretary of Planning and Evaluation. I am the privacy advocate at the Department and lead staff to the subcommittee on Privacy, Confidentiality and Security.

MS. SAVAGE: Lucia Savage, chief privacy officer, Office of the National Coordinator for Health IT. I am a guess today.

MS. JACKSON: Debbie Jackson, National Center for Health Statistics CDC committee staff.

MS. DEUTSCH: Terry Deutsch, CMS. I am the lead staff of the Standards Subcommittee and the Review Committee.

(Introduction of audience)

DR. SUAREZ: Thank you very much, everyone. We are going to proceed and start with our agenda. Our first order of business is the HHS updates on privacy and security. This is part of our Subcommittee on Privacy, Confidentiality and Security Subcommittee. I will turn it to Lucia.

Agenda Item: HHS Updates: Privacy and Security Subcommittee on Privacy, Confidentiality and Security

MS. SAVAGE: I am going to talk about ONC’s work with OCR on consumer education on their rights to access. I am going to refresh you about the HIPAA basics that we talked about in February and what we are doing next with regards to that. I am going to bring back to you the draft recommendations of our API taskforce of our joint federal advisory committee. We talked in February about the fact that we convened that taskforce and what its charge was. I am going to talk to you a little bit about work that we are doing to improve cybersecurity in health care.

Just as a refresher, under the HIPAA Privacy Rule, individuals have a right to get a copy of, view and to transit directly from the electronic health record their PHI in a designed record set under HIPAA and under the ONC and CMS Meaningful Use Rules in these smaller parts of data labs, current meds, allergies, et cetera. A key thing to remember, and even I had to be reminded recently about this, is this right to transmit is actually in HITECH itself. It is not a regulation. This is something Congress chose to enact when it enacted HITECH. That is a really important point for us not to forget as we go into this land of automating these processes.

What it consists of is the patients obviously have a right to access the health information that is stored electronically. They have a right to get a copy. They have a right to require that a copy be transmitted to a third party that they choose.

In OCR’s 2013 omnibus rule, they elaborated on this quite at length. They refreshed that elaboration with a lot more detail in their February and April guidances. I am hoping Rachel will talk a little bit about that today.

I wanted to give you a snippet in this slide of something that came from Jocelyn Samuel’s blog when they released the first wave of this guidance. Further as technology evolves and PHI becomes readily available via easy-to-use digital technologies, the ability to provide very prompt and also instantaneous access to individuals will increase. The Department, meaning the Office for Civil Rights, will continue to monitor these developments.” That is where we are headed. We are trying to automate this.

The last couple of points are remember that a third party can be an app according to the recent guidance. It can be a competing provider. It can be a non-traditional provider, like a homeopath or a chiropractor. It can be a friend. It can be a family member. It can be a caregiver. It doesn’t have to be a provider. It doesn’t have to be a provider with whom the discloser is affiliated.

Lastly, and we put this in our 2015 edition rule, and that is just a refresh from our last presentation, the rules really allow the patient to choose the method if the method is available. One method the patient can choose without impediment is an unencrypted email. We can have a long discussion at a later point in time about whether that is wise or not. But in fact, that is the right in the HIPAA rule. We have caught up with that in our 2015 edition rule.

As we launched all of this guidance which supports removing blocks to information, it supports precision medicine, it supports consumer engagement, OCR did a great job with its guidances. We at ONC undertook to take those guidances and bring them to life in consumer-friendly ways.

I am about to show you one of three videos that we launched on June 2nd at our annual meeting. Two of the three are available in Spanish captioning. There is an infographic, as well, on our website with a little bit more paper collateral to come in just a moment. Can we have slide four? We are going to show the movie now. For those of you following along at home, it is https://www.healthit.gov/access. When we get there, we are going to show the third movie.

This movie, since its launch two and a half weeks, between our website and CMS’s Facebook page has gotten almost 10,000 hits, unique users. It is being distributed through AHIMA to 56,000 physicians’ offices this month. We also have a couple of physician communication channels that it will go out into. We are really trying to collaborate with health care stakeholders.

(Video shown)

We did this in conjunction with the Office for Civil Rights and numerous consumer groups, including a half-day session at (video shown over her talking). If we can’t get it, we can just go on. You have the link. You can watch it. It is pretty cool. The audience we designed it for seems to like it.

It is always embarrassing when you are from the health IT agency and you can’t make it work. I am a lawyer, not a technologist. Can I have the next slide please? In the last slide I have given you on this particular topic sort of lists some other materials, the OCR materials, the blog posts and the blog post we did on patient access. This is a message we will be continuing to drive throughout the year and in other iterations.

It is fantastically important for precision medicine that patients can take their data or ask their doctor to push their data from the doctors at the EHR directly to the precision medicine initiative, which is one of the motivators behind this. This is a very strong right the patient has. There are very limited circumstances in which a physician or a hospital or a health insurance company for that matter can deprive and say no. We really want patients to be aware of this. We are looking for a lot more avenues to push this forward.

I have one more thing to say about the movies. We produced those movies between March 31st and June 1st, which is kind of phenomenal for a federal agency. The staff member who did that is on a well-deserved vacation this week. To get something from idea to execution in 12 weeks was really remarkable. We are very proud of her.

Moving on, also this spring, we have been pushing our blog series. You guys have heard about this in the fall and in February about what the HIPAA basics are. I am just reminding you about those blogs.

We have been using the information in those blogs to drive a couple of more messages. We have been doing a lot of talking out with stakeholders about traditional PHI, which is what this is illustrating between a physician and a surgeon. But we have been trying to bring it into other avenues.

We have been talking to CMS stakeholders. We have been talking to health care organizations like American Hospital Association, AMA, et cetera about what these all mean, quality assessment, case management, population-based activities, developing protocols and evaluating the performance of health care professionals.

We also have taken this to a new realm. We have been talking about sharing data for behavioral health. Those of you who pay attention to the dialogue here in the beltway will know that this issue of how do we deliver more coordinated and comprehensive care to people with mental illnesses is a hotly debated issue.

As we go through tragedies like Orlando, we are refreshed and reminded of how important it is. What my office has been doing is trying to, with OCR, drive the point that this problem, this complexity of sharing mental health data to medical providers and medical data to mental health providers is not actually a HIPAA problem. It derives from other rules that are important and protect people from health status discrimination. It actually doesn’t derive from HIPAA.

This is a slide I used recently in talking to an annual conference of behavioral practitioners, sort of how can you take advantage if you are in a HIPAA-regulated environment. That is your rule set. How can you take advantage of that to achieve this important goal of helping licensed professional counselors and medical providers collaborate in the care for their mentally ill?

I don’t have a pointer, but you guys can imagine. We have our patient. They give some information to their primary care provider. It might sit in the physician’s office. They may exchange that PHI with the behavioral health clinic, which then flows to the licensed professional counsel, who of course is completely free to talk to the primary care physician, so they can coordinate medication, appointments, et cetera.

This model is actually being tested right now in Colorado under one of ONC’s advanced HIE model plans. If there are any Coloradoans in the room, you may be familiar with it or you may have seen presentations about that. We are looking forward to the actual findings about patient outcomes in that model.

Moving onto our next topic on HIPAA basics, in our interoperability roadmap last fall, we committed to helping stakeholders really understand when is a paper consent form required or a legal consent form required. We sort of confess that we had not been as clear in all our post HITECH guidances and discussions as we could have been about what HIPAA requires versus what an organization might impose upon itself versus what is required by state law.

In our roadmap drafting, we called this basic choice, but people seemed to really like the opt-in, opt-out rubric. We have pivoted back. We are working on some materials that help describe that to people.

This is an illustration of one of the materials. Again, I don’t have a pointer, but I will kind of just do it with my hand. Sorry, those of you on the phone. You are not going to see the hand motions. There we go.

You can see the green lines are reflective of the fact that information is flowing freely under the normalized HIPAA rules. You can see that what we have tried to illustrate in the upper left at about 10:00 on this, in this little box, this organization has decided this patient needs a written consent to electronically exchange the information.

Under HIPAA, what happens when you require electronic consent to exchange, people revert to fax. That is what happens. You are allowed to send it by fax, even if the person has opted out of electronic exchange. That just seems kludge. I was with the National Health Services of England recently. They confessed to being the world’s largest purchaser of fax machines.

Yes, it is an embarrassing fact, but think about what our tally would look like if we actually added up all the fax machines that physicians and hospitals purchased in the US because they would not be able to completely electronic exchange. We have many more illustrations in the pipeline on this. We have a whole new webpage on this concept of computable privacy. I would urge you to take a look at it. We will be populating it as we go forward.

This all has a logical flow. The behavioral health and mental health situations, it is not a HIPAA thing. It might be derived from veteran’s rules. It might be derived from part two. It is most assuredly derived from state privacy laws.

You guys have all heard in the past about our funding to the National Governor’s Association to work on this issue. We are deep into phase three and moving into phase four of that project. They had a very successful expert roundtable in late April where they had interviewed 80 or more stakeholders across the country to collect information. Two days here in Washington validating that information that they collected with experts from around the country, state representatives, organizational representatives, people from ONC, people from CMS.

Now they are in the final stages of writing this interoperability roadmap for states. I can’t really tell you what the findings are right now, but I will tell you this. Definitely people understand that there are legal and business mixed issues, kind of like a little mash-up, that are really driving the lack of interoperability in the states. They definitely had some great ideas that were consensus ideas at that roundtable. I am looking forward to them being made public by the NGA.

The fourth phase, which overlaps a little bit with the third phase, is the NGA has a competitive process. I believe it is still open. I think they opened it up on May 29th. It is probably open. I am not sure. But they had a competitive process where states could apply to receive direct technical assistance in implementing some of these ideas in their own environment to improve interoperability in their own environments. That is underway right now. It is the NGA who will select those three to five states. I am very excited about that.

Moving on from the ordinary to the complicated, in February, we talked about our application programming interface taskforce. This is just a reminder slide of what the charge of that taskforce was. We have definitely found that our federal advisory committee taskforces are more effective when their scope is focused short-term. That is a strategy we have implemented for a while.

This particular taskforce was drawn from both our standards committee and our policy committee. They were asked to basically identify perceived and real barriers to the use of APIs and read-only published, meaning the specifications are public, APIs in health care, and to help develop recommendations for ONC about real privacy problems and real security problems, as well as what could ONC do to help consumers feel more comfortable using this technology. Of course, we are all using it every day as we look at our personal email on our phones, do our online banking, pull down Google maps, whatever. All that is read-only APIs.

I wanted to remind you if we are focused on real and perceived issues with privacy and security, this is a quote from the draft recommendations, which of course are available at HealthIT.gov under our FACA tab, of things that are not in scope for this taskforce. You can see that this is a lengthy list in terms of use, licensing requirements, policy formation, what does it cost for a developer to write an app to an API.

There are fees that are charged. Who certifies them, if at all? What are standards for the apps? What are standards for the APIs? How do you electronically document the consent that goes with the app if it is required by law? What if it is an API that is taking data in, a write API instead of a read API?

How do you annotate the data in the EHR or outbound to say where it came from and who captured it? What about the apps themselves? Are they any good for patient health? All of that was completely out of scope, never touched it.

Then secondly, I thought it would be useful to remind you of what it is that is in our actual role. The API on a read-only basis has to allow the app to do three things, look up a patient, retrieve part of a patient record like last week’s labs, or retrieve an entire patient record, like please give me everything you have in your EHR on this patient.

They also have required security criteria, which include the requirement that the app be authentically connected to the patient who is requesting the app be used for them. How do you control the access that the API requires that the app have certain access limitations, that the app can’t get to all the data in the system, but only the data that is authorized to get to, et cetera. There has to be an audit trail that the app leaves behind. There have to be encryption standards on the API.

This is just a timeline of what the taskforce went through. We convened it in early November. It ran through May 17th. The final recommendations were discussed in a very robust debate at our joint federal advisory committee on May 17th. You can go to the audio files if you want to podcast this. I do have people once in a while say, oh, I downloaded that, and I listened to it while I was driving. Please feel free to join in the fun.

What did the taskforce say? This is just some highlights. This is not complete. It is a many pages long document. It has many appendixes. It has not yet been finalized and submitted to the national coordinator via transmittal letter. Here are a few of the recommendations.

One, it is okay to require that an app register itself with the disclosing organization, meaning the app should say I am Acme Healthcare app. I am now entitled to use your API on behalf of Denise. Secondly, there is definitely a want to encourage the voluntary accreditation program, so that patients know which apps are adhering to what privacy standards, knowing that the apps themselves may not be regulated by HIPAA.

We also want to create a lot of space for providers and their patients to talk about apps. That is what you would have seen if I had been able to show the video. In that video, the patient says I want to use this app to help with my asthma. The doctor and the patient discuss the app and collaborate about the app. Then the app receives some data from the doctor’s EHR on a regular basis, so that the patient can do what he needs to do relative to his asthma and his heart condition.

There was a pretty long debate throughout the taskforce and its many meetings from November to the present about the security considerations here. A few things kept rising to the top. One, this is a read-only app. No data is being placed into the disclosing system through this technology at this time. That may come later. I don’t know, but at this time, that is not the case.

There was a lot of debate about that. There was a very strong recognition that the discloser, in fact, does have the right and obligation to protect its system from malicious software and security hazards. But there wasn’t clear evidence that those security hazards would arrive with this technology because of the read-only environment.

There was also a lot of dialogue about physicians making sure that patients understand that when the data leaves the physician’s system, the physician isn’t legally responsible for its security anymore and to make that really clear to the patients. There was a definite recommendation that we should continue the work we have been doing for the last two years in collaboration with OCR and FTC and other agencies to improve not only privacy literacy, but also the tools for the industry as a whole to understand the digital landscape and what are best practices in privacy and security.

There is a recommendation that we expand our certified EHR technology criteria perhaps in a future rule-making to give more explicit requirements about the audit trail that the app has to leave behind, and how that relates to HIPAA accounting for disclosure rule, which I know you always want to ask Rachel about. I haven’t forgotten you, Rachel, and I am almost done.

They wanted more clarification on how does the app get bound to an identity of an individual. I will say this about that. If you looked back at our roadmap, we also committed to doing more work to specify appropriate identity proofing processes and standards for individuals seeking access to their records. We have delayed that work pending some additional work by NIST. Obviously, we always want to work in concert with NIST. We are waiting for NIST to do some new work on levels of assurance. You can look that up on NIST’s website. When they finish their work, we will be able to finish our work.

All right, I am almost done, final stretch. Moving onto security, identity proofing, I just talked about that. Cyber information-sharing, active 2015 and ethical hacking, just pretty quick hits. This is what we said in the roadmap about identity proofing. We had hoped that by this time of the year, we would publishing information about this. These are the steps in the process, identity proofing, issuing credentials, making sure that credentials are authentic, and then authorizing the quantum of data those credentials present. We haven’t gotten that far yet. Trust me, it is a work in progress. It is in my inbox waiting for NIST.

Those of you again who have been paying attention will know that in January, Congress passed as part of its budget the Cyber Information Sharing Act of 2016. It has several requirements that rest specifically on health and human services. We are working on a few of them.

Item one, 405B1 is a report by HHS to Congress that is in the assistant secretary for Preparedness and Response will be working on that. There is the 405C taskforce, which is a taskforce of industry stakeholders that is meeting monthly to help identify best practices and how to improve cyber threat sharing in health care. That work is underway. The report is due in the spring. My staff supports that work.

Then there is an additional taskforce. The secretary is deciding what she wants to do with it, 405D, which is about basically technology and software engineering standards in health care, and how do we identify best software engineering standards for health care.

Lastly, we have also been doing a lot of thinking about ethical hacking. Raise your hand if you do not know what ethical hacking is. Ethical hacking, which is called out here by Secretary Carter, there are skilled hackers in the universe who try to find vulnerabilities in systems and report them to the system owner, so the system owner can fix them. One that has a pithy title is I Am the Calvary. It is a group of hackers. It is also called research hacking or white hacking.

I was really struck by this quote that was in Politico earlier in May, where Ash Carter had to hack the Pentagon. They invited the ethical hackers to come and help the Pentagon find vulnerabilities in its system. We don’t do this very well in health care. My hypothesis is that it has to do something with PHI and live data and patient safety. The question is how can ONC help facilitate ethical hacking while still accommodating the problems that arise from live data?

We are doing a lot of thinking and background work about that in collaboration with the FDA. They have a similar problem related to devices. It is pretty hard to hack a device in a live environment because it is invariably connected to a person. More to come on that if we get something off the ground, but that has been what is on our minds for the last few months. Do you want me to do questions now, or do you want Rachel to go next?

MS. KLOSS: I think we might do best to have Rachel report and then take questions for both of you.

MS. SEEGER: Hi, everyone. I am very cognizant of the time and the importance of the report by the subcommittee on the May de-identification hearing and the importance of having a discussion on the 2016-2017 work plan. I am going to go through this very quickly.

I am sorry I can’t be with you today in person. I would remiss if I didn’t begin my update on behalf of OCR today, if I didn’t mention that OCR has promulgated its final role-making on section 1557, the non-discrimination provision of the Affordable Care Act, the ACA. This is a historic final rule that advances health equity and reduces health care disparities.

Under this rule, individuals are protected from discrimination in health care of the basis of race, color, national origin, age, disability and sex. This does include discrimination based on pregnancy, gender identity and sex stereotyping. It also implements section 1557 prohibition on sex discrimination. The final rule also enhances language access for people with limited English proficiency and helps to ensure effective communication for individuals with disabilities. You can find out more on OCR’s website. Section 1557 has been in effect since its enactment in 2010. OCR has been open for business since we are seeing these provisions since its enactment.

Now turning to HIPAA updates, I am going to start with enforcement. There had been a number of HIPAA enforcement action since Devin McGraw last spoke, providing an update. I am going to begin with $1.55 million settlement in March that underscores the importance of executing a HIPAA business associate agreement.

This was North Memorial Healthcare of Minnesota that agreed to pay $1.55 million to settle charges that it potentially violated the HIPAA privacy and security rule by failing to enter business associate agreement with a major contractor and failing to institute an organization-wide risk analysis to address risk and vulnerability to its patient information.

I do want to say that in addition to the payment, North Memorial is required to develop an organization-wide risk analysis and risk management plan as required by the security rule. They are also required to train their employees on all of their policies and procedures that are newly developed or revised pursuant to this corrective action plan.

Next is a $3.9 million HIPAA settlement addressing improper disclosure of research participants’ protected health information. Feinstein Institute for Medical Research has agreed to pay HHS $3.9 million to settle potential violations of the HIPAA privacy and security rule. They will undertake a substantial corrective action plan to bring its operations into compliance. This case really demonstrates both commitment to promoting the privacy and security protection that is so critical for building and maintaining trust in health research.

Feinstein is a biomedical research institute that is organized in New York. It is a non-profit. It is sponsored by Northwell Health. It is formally North Shore Long Island Jewish Health System, a large health system in Manhasset.

I do want to say that the investigation was opened following the loss of an unencrypted laptop that contained the EPHI of 13,000 patients and research participants. The laptop was stolen from an employee’s car. It included all the basic EPHI, but also diagnoses, laboratory results, medical information, including medications relating to potential participants in a research study.

The investigation discovered that Feinstein Lab’s security management processes, their security management policies and procedures were limited in scope and incomplete, and insufficient to address potential risks and vulnerabilities to the EPHI. We really hope that this action will send a strong signal to research institutions subject to HIPAA, which must be held to the same compliance standards as all other HIPAA-covered entities. For individuals to trust that the research process and for patients to trust in those institutions, they must have some assurance that their information is kept private and secure.

Next is the $750,000 settlement that highlights the need again for HIPAA business associates, Raleigh Orthopedic out of North Carolina has agreed to pay $750,000 to settle charges that it potentially violated the HIPAA privacy role. Handing over PHI of approximately 17,300 patients to a potential business partner without first executing a business associate agreement.

This particular investigation was opened up following a breach report that indicated that Raleigh Orthopedic released x-ray films and potential PHI of its patients to an entity that promised to transfer the images to electronic media in exchange for harvesting the silver of the x-ray films. We have actually had many breaches related to this practice of harvesting silver out of x-ray films. We really hope that this sends a strong message to the industry of the importance of the associate agreements and protecting all types of media that contain PHI.

Next is a $2.2 million settlement with New York Presbyterian Hospital for an egregious disclosure of two patients’ PHI. They filmed prison staff during the filming of New York Med, an ABC television series, without first obtaining authorization from patients. In particular, OCR found that New York Presbyterian had allowed the agency film crew to film someone who was dying and another person in significant distress even after a medical professional urged the crew to stop. This is our second settlement with New York Presbyterian.

The case sent an important message that OCR will not permit covered entities to compromise their patients’ privacy by allowing news or television crews to film patients without their authorization. We take seriously all complaints filed by individuals and will seek necessary remedies to ensure that patients’ privacy is fully protected. I do want to say that this enforcement action came along with additional guidance from OCR on HIPAA in media that can be found on our website.

Now for some quick policy updates. As OCR updated the full committee earlier this year, we provided an overview of OCR’s new HIPAA guidance-related patients’ rights to access their health information. Lucia has spoken at length about this. In February, we issued additional guidance in the form of FAQs that clarify a number of issues, including the themes that individuals may be charged for copies of their health information and the right of individuals to have their health information sent directly to a third party if they choose.

The right to have information sent directly to a third party empowers individuals to send information to wherever they wanted to go. For example, to another health care provider, a friend, a family member, researcher or a consumer tool such as a personal health record or mobile health app. This guidance makes clear that if requested by an individual, a covered entity must transmit an individual’s PHI directly to another person or entity designated by that individual.

The individual’s request must be in writing, signed by the individual and clearly identifies the designated person or entity and where they want the PHI sent. A covered entity may accept an electronic copy of the signed request such as a PDF or a scanned image, an electronically executed request such as a secure web portal that includes an electronic signature or a fax or mailed copy of the signed request.

After receiving the patient’s request, the covered entity has 30 days, or 60 days if an extension is applicable, to send the PHI to the designated recipient as directed by the individual. However in most cases, it is expected that the use of technology will enable the covered entity to fulfill the individual’s request in far fewer than 30 days.

With respect to thieves, the new FAQ clarifies that individuals can be charged only a reasonable cross base fee for the labor and supplies associated with making the copy whether on paper or in an electronic form. In response to questions received after the release of this guidance, OCR has taken steps to provide further clarification about the amount that an individual may be charged for a copy of their PHI.

Specifically, OCR has clarified in a new FAQ that $6.50 is not a maximum amount that can be charged for all individual requests for a copy of PHI under this Right to Act. Rather charging a flat fee not to exceed $6.50 is an option available to those entities that don’t want to go through the process of calculating the actual or average cost for these requests for electronic copies of PHI that are maintained electronically as committed by the privacy rule. Entities may choose the calculation method that is most appropriate for their circumstances within the boundaries of what is permissible under the privacy rule.

The new act may be found on OCR’s website at HHS.gov/HIPAA. As Lucia mentioned, OCR has teamed up with ONC on that series of three short educational videos in English with an option for Spanish captions. We have also teamed with the ONC to create a one-page fact sheet with illustrations that provides the summary of individual’s rights under HIPAA.

Finally, a quick update on OCR’s audit program. As part of our continued efforts to address compliance with the privacy rules, I am happy to report that OCR has begun its next phase of its audits of covered entities and their business associates. The 2016 phase two HIPAA audit program is underway. It is reviewing the policies, procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the HIPAA rules.

It is an important part of OCR’s overall compliance activities. OCR uses the audit program to assess the HIPAA compliance efforts of a range of entities covered under the HIPAA rules. The audits are an opportunity for us to examine mechanisms for compliance, identify best practices out there, discover risks and vulnerabilities that might not have yet come to light under our ongoing complaint investigation and compliance reviews. They will enable us to get out in front of problems before they results in breaches.

OCR will broadly identify best practices gleaned through this audit process and will provide guidance targeted to identify compliance challenges. As I mentioned, phase two is underway. We have begun to obtain and verify context information of covered entities and business associates. Every covered entity and business associate is eligible for an audit. We are identifying pools of covered entities and business associates that represent a wide range of health care providers, health plans, clearinghouses and their business associates.

Also, we plan to conduct both desk and onsite audits of again both covered entities and their business associates. The first set of audits will be desk audits of covered entities, followed by a second round of desk audits of business associates. The audits will examine compliance with specific requirements of the rules. Auditees will be notified of the subjects of their audits in a documented request letter. All desk audits in this phase will be completed by the end of December 2016.

The third set of audits will be onsite. They will examine a broader scope of requirements of the HIPAA rules and desk audits. Some desk auditees may be subject to these subsequent onsite audits. Many more details about the audit program are available on OCR’s website. Thank you.

MS. KLOSS: Thank you so much, Rachel. Do you want me to shepherd questions? All right. I think Bill has had his tent card up first. We will start with you, Bill.

DR. STEAD: Thank you. I do want to pose a question around unencrypted transmission. You can tell from of when my tent card went up. This increases the risk of malicious introduction of information or modification of the information in transit that is not recognized. The industry seems to be largely unaware of this risk, which is likely to become as large, if not larger, than identity theft is today.

ONC’s identity proofing roadmap, I would think, would begin to address this over time. But dealing with this requirement around unencrypted transmission might be an early step that could buy us time for the longer roadmap. So my question is, is this requirement in regulation or law, and would it be helpful for NCVHS to look into this now?

MS. SAVAGE: The regulation that gives the person this right, as I understand it, and I will defer to Rachel, is specifically called out in the HIPAA 2013 omnibus rule, which derives itself from where I started my discussion, Congress’ decision that people should be able to transmit unimpeded, that is my editorial, directly from an EHR. I want to also be clear that right to choose unencrypted email is the patient’s right.

A provider cannot choose to receive data through an unencrypted email because the provider is subject to the security rule. Just to be super clear about that, the patient can choose this. That is the limitation. But my understanding is that it is directly reflected in the 2013 omnibus rule. What we have done in our 2015 certification rule is required that be a choice the EHR offers to the patient. The individual has a choice of an encrypted form or an unencrypted form. That is where the privacy and security literacy comes in.

Rachel, do you want to add anything to that?

MS. SEEGER: I think that you underscored that this is regulatory requirement quite well. This is the patient’s right to act fast. We hear you about industry concerns. We have heard those voices loud and clear during the Notice of Proposed Rulemaking. Those comments are addressed in the preamble of the omnibus rule. As Lucia mentioned, this is one of the methods of the patient’s right to access.

MS. SAVAGE: The other thing I would say is that this is what we heard from patients when this issue or things related to this issue came up in the API taskforce. The patients were really clear that, as adults, they are competently managing their data and the security thereof or lack of security thereof in their private lives for financial data and all the other data they collect.

Literally, the P word was used. A witness said, please stop patronizing us. We have to sort of look at that environment that, yes, health information is sensitive. People feel differently about its level of confidentialities. But we do trust adults to manage this in most of the rest of their lives.

DR. STEAD: This is not an issue of confidentiality. This is an issue of their ability to access valid information. The way this is being handled restricts their ability to access reliable information which I believe is not the intent of the law.

PARTICIPANT: It is in the regulations. You guys advise OCR however you advise OCR. I will leave it there.

MR. COUSSOULE: With regards to making the information available to any individual who wants it, do you expect that you would try to work through some kind of either rules or standards about what format that can and should take? Individuals could get everything from just a big jumble of text to pictures to things in PDFs to even how it would get utilized or understood or managed.

MS. SAVAGE: The way the information is displayed is a very complicated question. I will say that the omnibus rule and OCR’s new guidance gives us some great starting points. You can request it in a form that the physician can make it available, and so the disclosure is not required to create a new format that does not exist in their capabilities.

There are physicians to whom this rule applies that are not meaningful users, and keep their records in manila folders. They are not required to produce it electronically. But it is also true that there have been some dialogue about pretty it is 2016 and everyone has access to some kind of email and can get a direct protocol address pretty simply or get an add-on for an encrypted email for their system. That is one sort of issue.

The other is kind of the display issue. That usability is something that is being looked at, but is not something that was in scope for this API taskforce that is really in scope for my office. We are sort of about access use and disclosure and security. I don’t know. Rachel, do you want to add anything about that?

DR. SUAREZ: Thank you for the updates. I am always very impressed at the amount of work that is done around all this. I do want to raise the same concern that Bill raised about unencrypted transmissions. Part of the concern comes not so much from the perspective that consumers are capable, of course, of making decisions about their own choices.

I am more worried about consumers that make the decision and the choice in order to expose risks of organizations and then have certain levels of liability pursued. I understand that guidance is I think we are going to have some challenges looking how to fulfill those expectations.

My question is really more about the other big topic of the day, which is APIs. I was one of the people that listened. I was on the card while the event was actually happening. I was actually listening live. It was one of the first times really that the committees came to a very closed approval vote. It was by one or two votes that they approved recommendations from the API taskforce. That just simply chose the degree to which the industry has not yet gained a level of comfort with the whole concept of API.

My question is really about what are the type of actions that ONC and OCR can take with respect to API recommendations? Right now, we know that API is mentioned in meaningful use day three as one of the ways we understand from guidance issued from OCR that there is no forcing of organizations having to perform these types of mechanisms if they don’t offer it or they consider that the access will be against their risk assessment results. What can of actions can ONC or OCR take based on the recommendation from the API taskforce? Are there regulations that will be issued? Or is there any farther actions? 2015 edition certification is done.

MS. SAVAGE: So, obviously the recommendations are not final yet because they have not been transmitted to Karen. When they become final, we typically go through a process of doing analysis on those recommendations, what is actionable by us within our powers, what we might want to give to a sister agency as actionable within their powers and what is not within our powers at all.

We don’t have an answer specifically, Walter. I will remind you of sort of the powers that ONC has. Of course, we can write certification rules. Depending on the form at which our current proposed rule takes effect. We might have oversight mechanisms. We will have to see how that shakes out.

We do a lot of education particularly in my shop. We do a lot of bringing stakeholders together and trying to facilitate their taking the next step in advancing health IT. In fact, the fire standard was designed completely outside of our office, but with a lot of cheering by us. Those are kind of our basic tools. Those would be the tools that would be brought to bear on any of the issues that we find in that set of recommendations that are actionable to us.

We also have a dialogue with OCR. We have spent the last year and a half trying to create more formal processes, so we can say, well, our federal advisory committee said this. We think that is something that you guys should be looking at. Sometimes they come to us and say, what did your federal advisory committee say about that? We point them to the paperwork.

I know that Linda Sanchez, Rachel’s colleague, was a member of the taskforce and has probably taken every single word to heart. I will turn it over to Rachel if she wants to add anything.

MS. SEEGER: Thank you, Lucia. Just like with any federal advisory committee, the department has a number of options. One could be a policy change. One could be guidance, which is self-regulatory, an important tool in our box for compliance. FAQs, which are also always helpful.

As Lucia mentioned, what generally happens is that the recommendations are considered before a decision is made with how to proceed.

DR. CHANDERRAJ: Hacking is a big business now. I am thinking of quitting my business and joining the hacking because you can make easily millions of dollars. There are several hospitals and private physicians that I know of being hacked. They are being blackmailed for releasing the information. What is the OCR doing regarding termination of this process? What is the role of encryption in this kind of field?

MS. SEEGER: I do want to mention that OCR has undertaken a series now of monthly newsletters, if you will, via our listserv on cybersecurity. The very first one was on there somewhere. We have had subsequent communications on cybersecurity as it relates to hacking.

Certainly a rising number of breaches are occurring because of hacking. We are well aware that many covered entities are struggling with this in general, all different sized organizations. We really have tried to underscore the importance of having a robust risk analysis and risk management processes across the entire scope of the organization.

Many times, what we see when we go out and do an investigation following a breach report is that the risk management activities are specific to the EHR because of what is required under meaningful use. Anything outside of the scope of the EHR has not been addressed or has not been addressed in a robust way. But we can’t underscore enough the importance of comprehensive risk management processes to the encryption.

OCR will continue to provide updates via our listserv. These are recommendations that were communicating best practices that you have heard about through NCVHS, through NIST and through other organizations. Again, our listserv is a wealth of information. If you are not already signed up for it, we encourage you to do so.

DR. CHANDERRAJ: Is hacking reportable to the OCR?

PARTICIPANT: Yes, it is.

DR. CHANDERRAJ: I am not clear about the electronic information charges. How do we charge for the patient to request electronic information and it is only for display? That display can be presented to the physician or any of the patients surrogate.

MS. SAVAGE: If you are a meaningful user, and you have a 2014 edition certified electronic health record, you have already the capability to enable your patient to view, download and transmit. Those are all built into your system. You are not supposed to charge for them at all. It should be free to the patient.

There shouldn’t be financial barriers for a patient to get a credential to log into your view, download, transmit portal and see the data that is contained in there. That, of course, is not all the data you may have about a patient. It is the data that is prescribed by those regulations. I will turn it over to Rachel to answer the other questions.

MS. SEEGER: The fee guidance that was issued by OCR is comprehensive. It is not prescriptive. I think that the recent addendum that came out clarifies that the $6.50 amount is a suggestion. It is not a prescription.

MS. SAVAGE: And the last thing, of course, is that guidance is very clear that you can charge a patient your actual costs for copying. Taking it from your electronic health record, for example, and moving a file onto a cd rom for the labor costs involved in that and the equipment of the cd rom. But you have never been able to charge your patient for the cost of searching for the data and retrieving it from your record system. That has never been allowed.

MS. KLOSS: In the interest of time, we will go to Helga, Rich. I have got one question, and then we will have, I hope, 15 minutes left for our subcommittee business.

DR. RIPPEN: It is always wonderful to see that we are reaching out to consumers and actually providing them access to their information. I think it is an important thing. I do want to actually reinforce also the notion of there is a reason why we have HIPAA. There is a reason why we take privacy and confidentiality so seriously because of the sensitive nature of the information about an individual, about their family.

As we provide and facilitate the sharing with other non-health care sectors, businesses, I think it is important that you continue to work closely with FTC and others with regards to standards for the private sector. I remember way back when, not that long ago, Ehealth and everybody went into this business and had different views of what is sensitive and how does one actually protect personal information. Now you are not protected anymore under HIPAA or anything else.

Again, if we can reinforce the notion of use of very sensitive information, of how third parties should be allowed or guidance that is easy for consumers to understand, so that they can make an informed decision about who should they be providing it for and how should they make the decisions. Then maybe leverage contract law or terms of agreement as a mechanism to protect consumers.

Again, I commend you for the ability to reach out, working with FTC, with NIST and others for standards. But I think it is really critical that those things are aligned because there are going to be other sources of breaches that will continue to expand, especially since we know health is broader than health care, and more and more sensitive information will be included. Just a comment and a concern.

MS. SAVAGE: We work with the FTC very regularly, both on the competition side and at the Consumer Protection Bureau. I won’t bore you today with all of the things that we have released this spring with the FTC, and there is always more in the pipeline.

I will remind everyone here that the structure in which we live where ONC has some authorities and OCR has some authorities and FDA has some authorities and FTC has some authorities, is the architect of federal law. None of us can really change that architecture. We try really hard to collaborate within the scope of our authorities. The rest of it is kind of up to the American people and their representatives.

MR. LANDEN: My question actually combines and builds on the unencrypted email and the APIs that Dr. Stead and Dr. Suarez talked about earlier. Understanding that the new law and the new regulations are real clear that this is the policy direction we are going in. Intellectually, I have no difficulty with that.

But culturally, as a product of the health care system for the last 30 years, this raises all sorts of red flags. It potentially puts patients at risk. I don’t know actually, but potentially it does. It runs counter to the culture that has been instilled upon me, both by my mentors and by my own research into earlier state and federal laws and regulations about somehow enabling the disclosure of the information.

I think this is health care systems. If we are judging from a person in the street level, and assuming a rational individual, this is all well and good. The patient can make rational choices. Consumers can. But as I said, this is health care. If an individual comes to us, we don’t know mental status. We don’t know pharmaceutical status, whether that pharmaceutical was purchased on the streets or something that we ourselves prescribed. The patient is always capable of making rational choices. That is kind of unique to health care. I don’t see that included or allowed for in what I have heard this morning.

Nonetheless, as I said, I see the intent and the purpose, and support the law and the policy. But I look to ONC now in terms of the safety center concept, the good work of Dr. Andy Gettinger and his predecessors. Part of that safety center concept is evidence-based. So my question for both offices is since we are going into brave new territory, we have got what we think is good policy.

But we do not know yet the unattended consequences on individuals. Is there anything being thought of to monitor and to produce the evidence over time that would allow us to either say, yes, the potential for harm to patients is minimal. We don’t have to worry about it. Or conversely, we come say, yes, there is a category of patients, a minority, if you will, that is adversely impacted by this policy decision. We need to take appropriate steps at whatever time to fix it.

MS. SAVAGE: We do have things in the pipeline that are sort of in this bundle that we call sync for science, which is our collaboration with the industry for precision medicine to test the ability to move this data according to standards out of traditional environments and into these precision medicine environments. There will be many things looked at there, including how are patients interacting, the integrity of the data security will be on the docket, et cetera.

I am not an expert on that. That would be John White. You would have to have him come and tell you more about that. There is a lot of information on our website and WhiteHouse.gov precision medicine website about sync for science.

The other thing I would say is that what we are trying to do is create capabilities. We have an environment both where under the electronic health records systems that we have, obviously the government has created incentives for important policy reasons that Congress voted on. But we have plenty of people who have chosen not to be meaningful users and people who choose to go to physicians that aren’t meaningful users, and people who choose to go to health care practitioners that aren’t licensed physicians. We have, kind of in that respect, a lot of free choice in this environment.

I think that I completely imagine a world where some people will really want to take advantage of this. My young adult children remind me all the time. We just did a POLST for my mother, and my sister said, why can’t the EMR company get this electronically? I am like, we haven’t gotten there yet. We are working on it. All of that is happening.

But there are many people who don’t want to take advantage of electronics in this environment. I don’t think that the advent of our API and the advent of our choice for an unencrypted email requires them to do something other than what they would choose to do, which is go get a photocopy. If a photocopy is what you want, and the physician can produce it, that is what you get when you ask for your records. I don’t know, Rachel, do you want to add to that?

MR. LANDEN: Specifically, I am thinking if a patient comes to a hospital and asks a physician or asks the hospital to release information to an unencrypted, to an email address in Romania, or a patient authorizes use of an app that we, as an organization, either suspect or know has malicious applications, under the current guidance and law, we can’t do anything. That’s the patient’s right.

What I am asking really is more on the patient safety center area. Are we going to be able to track our experience under this new policy and see is there a patient population who makes these decisions contrary to our better judgment that is resulting in harm to the patient? It is really how do we generate the evidence to know whether the policy decisions has been a good one or not.

MS. SAVAGE: You will have to have Andy come and talk about the status of the safety center, which has not been authorized yet. We do not have an appropriation for the safety center.

MS. KLOSS: I have one question. It gets us back to practical manners of the recent guidance for patient access, which I think everybody welcomes and supports the notion of full patient access without barriers. There is an unintended consequence that I am hearing a lot about. Maybe it is kind of ANIC data, but there is a lot of it.

That are some attorneys that are using that as now a rationale to see patient records, even unauthorized, in saying that this is now allowed, and sending very threatening notes to a lot of providers saying that they are going to be reported to OCR if they don’t release the record to the attorney under these circumstances. OCR was great about clarifying guidance on fees. My question is, is there going to be any further guidance on authorized third-party disclosure. This is really an issue that is causing a lot of angst and unintended consequence. I am going to let Rachel answer that one.

MS. SEEGER: I don’t have any information to share. But we are always hearing from industry and other applicants. We are always updating information based on different voices that we hear.

MS. KLOSS: Thank you. Maybe we will take it up as a subcommittee and see if we can’t dash off a letter articulating what kind of guidance might be helpful because it is really a daily problem for many health care provider organizations. We are going to change hats. We have five minutes now, six minutes.

MS. HINES: You have longer because they are not ready. You can go as long as they are out of the room.

MS. KLOSS: Lucia and Rachel, thank you. As always, we could spend a whole morning on these really important issues. We look forward to hearing about in September the state interoperability roadmap report. I think that will be fascinating.

With the minutes that we have, what we want to do as a subcommittee is just tackle three brief things. First of all, give you a little overview of what happened on our recent hearing on de-identification in HIPAA. That was held May 24th and 25th. Preview what will happen at tomorrow’s hearing on minimum necessary guidance in HIPAA. Then briefly touch on what I think seems like a reasonable roadmap for going forward over the balance of the year.

I want to acknowledge the members of the subcommittee and thank everybody because we have worked hard to prepare two hearings in short order. Bob Phillips, Nick Coussoule, Walter, Vicki Mays, Barbara Evans, Helga, Sally Milam, who is no longer on the committee, but her last participation was at the hearing recently. Terrific subcommittee, and we are just so happy to have had new members and everyone on board over this last period.

Our lead staff, Mya and Rachel, who really teed up the design and the development of the de-identification.

MS. BERNSTEIN: It is really Rachel. I was on detail at another agency for the last eight months and just got back after Memorial Day. Rachel was on detail at ASPE, as you heard her introduce herself as being from ASPE, during that time and basically almost solely, I mean with the help of the subcommittee, planned both hearings. I just want to acknowledge her really great work and thank her for taking up that position, so that I could also have the training opportunity that I had.

MS. SEEGER: Thank you. It was my pleasure.

MS. KLOSS: Absolutely, and our terrific staff, Rebecca, Janine, Geneva, Marietta, everyone who helped make this possible. Susie is going to be our lead staff tomorrow through that hearing because Mya and Rachel both have other commitments.

It has been a well-orchestrated machine working hard behind the scenes. I think all of us who have participated in the de-identification hearing just wish that the whole committee had been there. It was a fabulous group of scientists and practitioners and lawyers and thought leaders in this field. We really had the best. It was terrific.

Our objectives were to learn this data, what is going on, how things have changed, understand the requirements in light of these new practices, and then see what would come out of it that we could tee up in terms of recommendations. I have got slides in the book that summarize what we did in the last several hours of our two-day meeting to pull together overarching themes and then to summarize what we learned from each of the four panels. The panels addressed policy interpretation, de-identification challenges, approaches to dealing with those challenges and emerging models.

Now, they weren’t neat and tidy in terms of staying in those topics. I am not going to go through all of these slides, but they are in your deck. I think our purpose for teeing up this today is to say that we are going to need everybody to kind of come up to speed on this fairly complex, but very interesting topic.

If you go to the NCVHS website and call up the agenda for this meeting, the links to all the testimony are still there. They are really quite fascinating and I think germane to the work of everybody on this committee. I think on behalf of the subcommittee, I really ask you to do some homework. We are going to be back on this topic in September and back on this topic in November.

What we learned in terms of overarching themes is that we are at kind of a collision point. One of the people who gave testimony called it just we are in a data world. We don’t have the privacy policies to deal with it. I think we just had an hour discussion that bears that out. We are at a collision point.

We were told, and I think many agree, that there isn’t any such thing as a permanent really de-identification. We have two methods of approved de-identification, one of which is probably overly simplistic. The other one is so complex, that there aren’t enough experts to really carry it out.

At the same time, each data set, we learned, really has its own de-identification challenges. That is not how the world is working. There is good data science available, but it is not spread. It is not out there. It is not being taken up in current practice. We have got a real gap in knowledge of these techniques. A lot of value cases for improving education. Then some areas where further guidance is just really needed.

There were so many interesting things, but the idea that de-identification should stand alone without a solid kind of policy infrastructure behind it. The analogy was given to a security regulation. Sure, there is technology that aids security, but there is a whole set of policies and policies that surround it to make a capable security program. We need something similar for de-identification. There is some of the science and technology for de-identification, but then there is a policy process that is lacking almost everywhere.

We had a set of takeaways which I am kind of not going to work through. I think that kind of highlights it. I think we all came away thinking there is plenty of grist for teasing out some useful recommendations in the short term. Even these may need to be staged because this is complex.

We aren’t sure yet whether there are some areas where we need to probe in more deeply. We aren’t sure that we would make a decision to hold off making short-term recommendations in favor of that, or if we look at this in phases. But that is the work that the subcommittee is going to take up after this meeting. We just polled the subcommittee to do a series of meetings over the summer.

MS. BERNSTEIN: I was thinking with deference to our chair that when we get those meetings schedule, if there are other members of the committee who want to participate in those meetings, I think that would welcome to do so. It is a complex issue. I think, as Linda said, it is going to take some time to get up to speed on it. I think the more members of the committee who are participating in those conversations over the course of a summer, the more helpful it will be to when we get to the full committee meeting in September and November to really tackle the issue at the full committee.

MS. KLOSS: So there is a whole series of slides that just summarizes where we are at. As I say, we are going to start digging into the hard work after this.

Tomorrow, we have a rare opportunity of having the members of the full committee join us for tomorrow’s hearing. This, too, is going to be an interesting hearing because I think it has turned probably not surprisingly that the topic minimum necessary, which has its roots in fair information practices, isn’t a very well understood topic.

Those who are coming to testify understand this topic. But we invited a number of industry organizations who, I think, just declined because they don’t know enough about this. I think that, in itself, is a learning, not a surprising learning. But those who are coming are well prepared to educate us. I think again this is a topic that we can have some impact on.

As you know, both of these topics, de-identification and minimum necessary, are high priorities for the Office of Civil Rights. That is why we have accelerated our hearings and our work in offering guidance. These are topics that OCR is looking forward to hearing from the committee on. We are feeling that sense of urgency.

Timeline, we would have kind of thought that we would have the de-identification hearing and then move into that letter. But what we have decided to do is, based on tomorrow’s hearing on minimum necessary, is push forward the development of a letter on minimum necessary. Our goal at this time is to have a letter to the secretary available for action in September and have a discussion piece for you in September, kind of an outline or a preliminary outline of our de-identification thinking, but with a letter coming to the committee in November.

Our goal would be to have two letters by the end of the year, but accelerate minimum necessary. Again, this is at the encouragement of the office. I think that is the way we are doing the work. What you learn tomorrow, we are going to be synthesizing hopefully turning around into a letter of recommendation for action in September. It is great that everyone will be able to participate.

With that, we are only five minutes into the standards time. Any questions?

MS. BERNSTEIN: In order to get that letter on minimum necessary ready for committee action in September, we normally have the executive subcommittee have to approve what is going to the full committee. That means we are going to try to circulate something to the full committee electronically for your comment before then, and have you be able to participate. We rely on your reading and actually sending us your comments in advance, if at all possible, so that we can anticipate correct, change, amend, whatever we need to do so that we can be ready for the full committee in September.

DR. SUAREZ: Fortunately, the September meeting is at the very end of September, so you have some extra weeks. Yes, that is the sequence we have to get the letter to the executive committee, and then distribute it to the full committee. All right.

One question on the work plan, so the development of the plan for the initiative to look at health information privacy and security, so the larger view in the next iteration, I guess, or next generation or next phase of development, it starts in November is what you are thinking?

MS. KLOSS: That is what I am proposing given the focus that it is going to take to do a good job on these two letters. But I think as we look at the agenda for November, what we may want to think about doing is carving out some time for an embedded roundtable during the committee meeting to do some thinking, a facilitated session. I think what we want to do is gather everyone’s thinking before we decide what that initiative really looks like. But it didn’t seem logical to try to do that in September.

DR. SUAREZ: There haven’t been any thoughts about any topics for 2017.

MS. KLOSS: I am thinking that the topic for 2017 comes out of that November. I think we heard a lot of evidence through the de-identification that this idea of taking a broader look at privacy and security futures is really needed. Any comments or additions from the subcommittee?

DR. SUAREZ: I look forward to the hearing tomorrow. We are going to move on to our standard subcommittee session. I am going to turn things to Alix and Terry. Ob, I don’t know if you are on the phone. Ob, are you on the phone?

MR. SOONTHORNSIMA: Yes, I am. Can you hear me?

DR. SUAREZ: If you could introduce yourself.

MR. SOONTHORNSIMA: Hi, Ob Soonthornsima, CVS Health, no conflict.

DR. SUAREZ: Raj, if you don’t mind introducing yourself and stating your conflict or no conflict.

DR. CHANDERRAJ: Hi, I am Raj Chanderraj, private cardiologist. I am a member of the full committee and no conflicts.

MS. GOSS: To give us a little framework for the standards subcommittee perspective, today we will be starting with our review committee table of contents. We will then move into the attachment letter, then the phase four letter. Then we will briefly touch upon our work plan as a launch off point for discussing. Then we will talk about how we want to frame up.

Sorry, I totally lost my train of thought. Our final discussion topic today will be in a round robin discussion on how we want to proceed with establishing predictability and establishing a roadmap for standards adoption as we move forward in response to our February 29th letter to the secretary. We are waiting at this point.

MR. SOONTHORNSIMA: Hi, Walter, this is Ob, no conflict.

DR. SUAREZ: Thank you, Ob. Go ahead. Sorry, I think we missed your introduction. We might have lost you again.

Agenda Item: Subcommittee on Standards: Action Item (Letters)

MS. DEUTSCH: Good morning, everyone. I am going to start off talking about the review committee report to give you an idea of the direction that we are planning to go into. That includes the table of contents, but also we derive some of the ways that we are addressing this report.

You have within our packet the PowerPoint slides. If you look at that, and it is also on the screen right now, the purpose of the report and the discussion we are going to have is we will go over the purpose of the review committee report, the table of contents, highlights of what will be in the report and then the next step, so you will have an idea of how we are planning to progress through this.

What we are talking about now is where we have the statutory authority for the review committee. It was an ACA. It was that the secretary was to establish a review committee and that hearings would be conducted no less than biannually, and that there would also be a report generated after the hearings no less than biannually. The purpose of it is to review all of the adopted standards, which includes code sets and identifiers and the operating rules that have been adopted.

In this letter, we did send a letter to the secretary on February 29th to highlight our recommendations for HHS. The report that is going to be followed is going to include what was in that February letter and also includes any recommendations, findings, barriers, et cetera for the standard development organizations, for the operating rule, authoring entity, the industry, payers and different entities on what the findings were and what recommendations we believe and recommend in order to respond to those findings.

The report at this point is laid out that we will have an executive summary. There will be a background. The background has about the legislation for administrative simplification, the review committee legislation, the structure of the review committee and the purpose of the review committee. It talks about the review committee hearing. We only had one hearing, our first one in June of 2015. In the hearing, we talk about what the intent of the hearing was, the structure, the objectives, the questions that we raised for the panelists in the two-day hearing in June, then a list of the panelists or the testifiers.

Then we also included the evaluation criteria. The evaluation criteria are the same criteria that we talked about yesterday when we addressed the two letters, the attachment and the phase four operating rule evaluation criteria. We then go into the general findings and the recommendations. Then we go through the specific HIPAA transactions with the findings and the recommendations.

Then there is an appendix that will have a list of all the testifiers, both those that provided written testimony and those that provided their verbal testimony, and any other individuals who submitted written testimony. We had about 100 written documents, so those will all be listed.

If we talk about the report itself and the general findings, we felt that this was a significant step towards administrative efficiencies. We talked about the fact that what was highlighted and what was pretty consistent was the fact that it was inconsistent and variation in the implementation. That was pretty much across all of the transactions. There was a need to be responsive to the evolving technology in the health care delivery system.

In the February 29th letter to the secretary, we had eight recommendations. One of them covered the non-covered entities in our recommendations to HHS for that. The need for broadening education, the need to ensure consistency, the need to enforce compliance, the need to adopt an acknowledgement transaction. The need to provide predictability in adoption and to ensure responsiveness to evolving changes to health care.

Then we put the transactions. We went down the different transactions. The transactions are, just for everyone’s review, health plan enrollment, disenrollment and premium payment, health plan eligibility, benefits, inquiry and response, prior authorization, health care claim or equivalent encounter information, coordination of benefits, health care claim status and electronic fund transfer and electronic remittance advice.

Our plan at this point is that the draft report will be finalized sometime this month, and that the standards subcommittee would have an opportunity to review it initially in July of 2016. We are very optimistic. You can see that we have the executive committee review in August, and that we would then present it to the full committee in September. Are there any comments or questions on the structure that I have outlined?

Just a point that I would like to bring up now, the report is highly technical. The recommendations are highly technical. Based on what was presented at the hearing, the way that we determine we should address it is that we should be specific to different entities of how they would or should and how we recommend that they rectify the issues that are causing the barriers. It is very technical. The executive summary won’t be technical. That will give you highlights of the information.

DR. SUAREZ: The report contains recommendations that are referencing the recommendations we made to the secretary in our letter in May. It includes recommendations that we already made to the secretary in the letter we sent her. Then it includes recommendations to the industry that are not part of the letter.

MS. DEUTSCH: Correct. Any questions or comments?

MS. GOSS: I have seen a draft beyond the table of contents outline here. I really want to acknowledge Terry is really trying to synthesize an encyclopedia down to a core set of critical components for us to articulate in this next report. She is right. It is very technical. I think her approach in the executive summary will help with a larger theme and imagery that we are trying to convey in this report.

For those of you who are technical, it will be a really good read. For those of you who are not technical, you may solve your insomnia. But it is really good. As I looked at the initial draft in working with Terry, I thought about how to streamline it. She has done a phenomenal job. It is going to be really tough to get it any more condensed without losing any meaning. Just keep that in mind as you are looking at it. Thank you again, Terry.

MS. DEUTSCH: I guess there are no comments on it. I hope you won’t fall asleep when it is presented. Maybe we should do it at the end of the day, so they can go to sleep. We are now going to go to the first letter. We are going to start with the attachment letter. I am just going to go through, once we have it up.

There were some edits done. I will highlight. None of them were substantive. None of them change any of the recommendations. It was just some clarification in some areas where we needed to clarify how we cited some of the labeling. I can’t tell you by pages because we have different pages. I will try to show you where it is. It will also be on the screen hopefully.

The first one is on the first page. It is the last recommendation, the fifth recommendation, the one above that. It is the fourth recommendation. We got a comment that it wasn’t clear if we were saying two different things. In one part of the report, we indicated two years. In this part, we said five years. What was added to this is that it is no less than five years inclusive of rule-making. The two years that are referenced later on means post the regulatory process. We thank you for that comment.

The last one on that page is it said broadening. It has just changed the word to broaden just to be consisting. We got a list of comments from ASCX12. One of the recommendations that they requested is that we remove the word eligibility throughout the document because the standard does not address the attachments for eligibility. Throughout the document, wherever there was the word, eligibility, it was removed. It starts on background. It is the second bullet and the third bullet. I will go and tell you where it is in the rest of the document as we go along.

DR. SUAREZ: There is no request for additional information through attachments when conducting eligibility, right? Okay. It is more on the prior authorization process when some of these happened. During the eligibility check, usually before, the patient is going to come to a clinic or an event. That eligibility process doesn’t include any attachment.

MS. DEUTSCH: That is how ASCX12 addressed this. The next correction of removing the word eligibility is under section B, where we talk about the February 16, 2016 hearing. It is the last bullet. The same eligibility is removed on the following page under Roman Numeral two, recommendation one. It is on the last line where it says, as a claim and eligibility was removed.

The next ones, and I am not going to read these out. I think you will see it is where the nomenclature of the different parts under recommendation three adopt the recommended standards. We had to change some of them to put ASC in front of all of the X12. Some of the X12s have the capital letter and some have C, some of the titles. Those were changed. It was changed under query, response and acknowledgements. It was the labeling part that we needed to make those changes.

It continues on for recommendation number five, where we needed to add under the second bullet X12, obviously included ASCX12. Then additional information to support a health care service or encounter, so we added the word or encounter.

On recommendation seven, we got a request from NCPDP to change the language because of the fact that they wanted us to indicate that HHS should indicate the NCPD script standard version to a 16071 prior authorization transaction as the adopted standard for the exchange for prior authorization information. We changed the wording to reflect that. There are also a couple of wordings changed in the paragraph that proceeds the recommendation. We removed the bullets from that recommendation.

Just going through the pages to see if the eligibility was removed under Roman Numeral four, recommendation 13. There were a couple of typos. I am not going to go through that. That is it. Those were the only comments we received. Nothing changed other than a few clarifications and nomenclature. I will turn it over to you.

DR. SUAREZ: Thank you. Any comments on the modifications made to the letter? I just want to say I think personally, this is one of the most comprehensive, complete letters about one of the new transaction attachments that we have ever written. It really builds on all of the accumulated experience during several years of listening to testimony. In some cases, arguing and recommending to the secretary that the standard wasn’t ready to be adopted, and so let’s wait.

I think this particular letter brings all that together in one single set of recommendations that goes from start to end, including the definition of an attachment and then all the standards. We were fortunate to work with the industry to identify specific areas, such as how attachments apply to pharmacy, to dental care, very specifically and others. I think I feel very pleased with these letters. Thank you for your leadership and all the work that you did. Are we ready to take action on the letter? Do we have a motion to approve the letter? Anyone opposing the letter? We have got approval, thank you.

MS. GOSS: I am going to move on to the next letter. We also received feedback. We have, as you know, yesterday during public comment, received hard copy feedback from CAQH CORE. We also received some feedback from ACS Xerox. We have reviewed all the feedback that we have received in the discussion that we had yesterday. The committee members worked long and hard with staff support through last night and this morning. We have been able to come to a consensus on what changes that we need to make. I am going to walk you through those.

We really appreciate everybody’s input, responsiveness. I am glad we posted the letters in advance and also had some of the additional calls with folks to make them aware of what was coming down the pike. I would recommend from a process perspective, Rebecca, that when we post the documents that we add a new process for if you want to submit your comments, you need to get them in by a certain date and time.

It is not quite right for us to be running around trying to do this at the right minute. That is a collective royal we, especially because as a committee member, I would rather be sitting in the sessions hearing things and trying to do all of this on the fly.

I particularly want to thank Terry and Rich for late-night wordsmithing to reflect the consensus that was brokered last evening. There were a handful of changes that it am going to walk through that reflect what we have discussed. Initially, we had on page one our first bullet that we supported the voluntary adoption. We have updated that to be consistent with our other narrative within the document to be that we strongly support the voluntary adoption.

We have on page two, we ran out of time a little bit to incorporate a suggestion from CAQH CORE, but plan to do so within this second paragraph right here. We are going to add the sentence that says NCVHS does recognize, however, that the use of digital certificates in the industry is becoming a best practice and understands digital certificates are already included in existing HHS regulations pertaining to mandated phase two, three operating rules. Meaningful use stage two, ONC health IT certification criteria, with a little bit more context, and electronic prescriptions for controlled substances.

What we want to do is insert that text into right here. We would add it because it is a reflection. What it would do is just add the national landscape perspective that even though we are having issues with digital certificates or have had some industry comments of concerns with certificates, the direction is going that way. We are just trying to incorporate some of that national landscape perspective.

I am going to keep rolling unless you stop me. We had a suggestion to modify a title in the connectivity section to remove the inconsistencies in the connectivity requirements, and just call it connectivity requirements. We made that change. We are going to add the word, safe harbor, in front of connectivity in this opening paragraph. We had a suggestion to modify recommendation two. There was a suggestion to modify it. We have done so.

Now, it is a little bit more expansive regarding the recommendation which now reads CAQH CORE should address inconsistencies in the direction and interpretation found in the connectivity requirements of the phase four operating rule, including the rationale for a compatible change in safe harbor. Safe harbor already allows for other connectivity methods. We have incorporated their recommendation related to consistencies.

Recommendation three, we had some suggestions from CAQH CORE in regards to modifying 3.1 and 3.2. What we decided to do is actually we flipped the recommendations. What was 3.2 is now 3.1, since we thought we should have HHS adopt the acknowledgement standard before CAQH did anything about it. In response to what is now 3.2, we incorporated many of CAQH CORE suggestions, so that at such time when the acknowledgement standard is mandated through regulation, they would then immediately determine what adjustments might need to be made and that we, in the interim, support them advancing voluntary adoption of those.

Moving on to recommendation four, which is our next recommendation, we had a suggestion. This one is not shown here. We are going to delete this one. We are not going to have recommendation 4.2. It did not seem appropriate in the absence of a larger context.

Moving to number five, CAQH had made a suggestion, which we incorporated the concept of it in indicating that to reinforce industry understanding that all operating rules, mandatory and voluntary system availability requirements and business agreements can be more stringent than the requirements in the proposed operating rules, but may not be less than those specified in the operating rule.

Under 7.2 is the next place I am going to, 7.2.3 in particular, we are going to delete that recommendation because it was sort of unnecessary at this point in time regarding removing the single authentication requirements as specified because it was a larger conversation regarding connectivity and safe harbor. We are going to take that one out. That was also supported by CAHQ core’s comments.

What we have done is we have responded. We have processed the request from Xerox and CAQH CORE. As a committee, we have come to a consensus on the recommendations. Clearly, we will need to do a little bit of proofing and tightening up after this meeting. That letter would then go back to Walter, assuming that we can garner consensus from our discussion and voting effort today. But there would be a final proofing and clean-up, which we would do.

Then Walter would sign it, if you would endorse that. I would ask that you would approve the modified letter as presented today for adoption and submission to the secretary. I am looking for a second.

DR. SUAREZ: Thank you very much for reviewing all of those points. Any comments or any questions? Are we ready to take action on this letter? We have a motion and a second. Any additional discussion or questions, any other comments? Anyone on the phone? The motion passes.

MS. GOSS: So, thank you for that. We will make sure to get you the final copy once we have completed that. I think the next thing we are going to is the work plan. All the members have this in their eBook in advance. As you are aware, through our strategic planning efforts and workload management, we have a work plan that we have been developing across our subcommittees and for the full committee.

The standards and review committee have a pretty robust agenda. We are making our way through it. However, we need to have some discussion today about what is next for us. We can put a finer point on our research management, hearing schedules, product development, et cetera.

We have through our review committee discussions identified, as I mentioned earlier, the need for predictability and a roadmap for the industry related to standards adoption. What I want to do today is to have some conversation around what we think that looks like and how we think we want to frame up that effort. That will then help us refine our work plan detailed events.

Additionally, as we heard yesterday from CMS, and we have also heard from Walter, an ACA section 10109 hearing is something that they would like us to move from Q1 possibly to the fall. I think for leadership to get our arms around what is feasible and what is not, we need to have a conversation. Then we will tweak this and work with the subcommittee to refine our detailed strategies.

Walter, how much time do we have?

DR. SUAREZ: 10109 is a provision in the Affordable Care Act that asks the secretary to look at other opportunities to improving the administrative processes, the administrative efficiencies in other areas beyond the ones that we already are working on at HIPAA, all of these administrative transactions. They gave examples.

For example, the claim audit processing in health plans standardizing or looking at some ways of improving the efficiency of that process. The movement of workers comp and property casualty into the use of the standards, both workers comp and property casualty are not considered covered entities and were excluded in the original HIPAA law. There are ways and considerations about how they can move into the same standards. Some of them, many of them, in a number of cases have actually moved and started to use the standards. I think Alix is showing on the screen the provisions of 10109.

Truly we had not realized it. But we found out that we have to do a periodic review of this at least once every, I think, three years or something like that. The first time we did this, which was the last time, was right after they passed the Affordable Care Act and started implementing it. I think it was in 2012. It has been a little over three years. We have been requested by CMS to consider bringing this into this year’s calendar. We had this already, as Alix mentioned, on the schedule. That is the background, so I will turn it back to you, Alix.

MS. GOSS: I am going to talk about what I see as two interwoven, yet very separate, topics. We have talked about the need to create predictability and efficiencies in the standards development and adoption process. Some of you may have been around long enough in various capacities to be familiar with a document called proposal for modification of the HIPAA transaction implementation specifications adoption process.

In full transparency, Margaret Weiker, Lynne Gilbertson and I started working on this in probably I think 2003. I think we submitted our first version of it in 2006. I went off into state health information exchange land. Somebody did a lovely update in 2009. I am assuming it was the same three standards bodies.

This white paper reflects a lot of collaboration with the designated standards maintenance organizations and the various SDOs, in creating detailed recommendations on how we can make the process better across all of the various constituents. We think that we need to go back to this letter and this thinking with those players and have a detailed conversation. Validate is it still good, is it not good? Where are we at? What has changed in your world? Make sure that we have got a current baseline of how the process is working and where we think the efficiencies are.

Walter and I have done some additional work, based upon my translation of this multi-page white paper, effectively into a spreadsheet for discussion. That is one conversation topic that we need to plan for.

But there is a larger picture that we need to do, which is the overall standards framework roadmap and a guide path for development of what the industry needs to know when they need to be paying attention and allocating resources and implementing.

The end goal, as I am proposing it in this discussion document, and that is all this is. I am trying to get you rubble roused and engaged in some discussion. To develop an orchestrated framework, roadmap and glide path for the next wave of adoption and implementation of standards, code sets, identifiers, operating rules and the associated implementation time tables and processes. Here is the kicker, while reducing the current state of competing priorities.

The industry is overloaded. They need things to settle down, and they need to understand how the pieces fit together and what is coming at them in the future and how to plan for it.

We, I, with some other people’s influence, propose that we define a process for the next six months, so the rest of this calendar year, for developing that roadmap and identifying the development and adoption improvement opportunities. I have some suggestions about what that scope could include. We can walk through those.

As you have already seen, we wanted to explain some background. We wanted to review the purpose and the scope outline with you. I want to solicit your input. I want to have some brainstorming and capture ideas. If time permits from this because I think we may be running out of time, but I am not sure, so keep me honest here. If time permits, to narrow down the larger brainstorming conversation into some very actionable items.

If we can’t do it today, then I propose that the standards subcommittee would regroup based upon some analysis and collaboration of leadership and to propose a game plan that we could then enable us to identify a detailed work schedule for meeting content, prep facilitation. I think we have got one level of activity among this standard subcommittee. We have got another level of engagement activity with other stakeholders and some meetings. The stakeholders very clearly include the federal partners because they have got a big part of this predictability and also efficiency opportunity.

DR. SUAREZ: We do have 30 minutes, so we can have the committee input on this. Just to add to what Alix is pointing to, we have some progressive stability in terms of the HIPAA standards adoption process and all that over the last few years basically. Just a quick recount, we adopted in 2003 version 4010 and started the whole process. In 2010 with up to 5010, the next version. Last year, we adopted ICD10. Some of the major buckets have been moving and put in place.

I think what Alix is pointing to is sort of the next cycle of this process in the adoption of standards. We expect that sometime next year, we will hear about the recommendations potentially to move to the next version of the standard 7030 and NCPDP and maybe even dental and others. There is going to be another wave coming in next year. I think what this is going to help is prepare us really to align that with appropriate sequence, if you will.

MS. GOSS: Thank you. That was a very critical component of this conversation, Walter. I am going to pause. I see one tent card up. Bill, do you want to ask a question?

DR. STEAD: My recollection, at least in my tenure on the committee, we began to talk about doing this in maybe our first year. Then it really did resurface again in the review committee. It is extraordinarily important. I think the challenge we will have obviously is scope. We will have to figure out how do we get the high level that lets us show the real connection points, and then maybe insert layers, if you will, under it. My sense is it may be in this six months, we could really get our hands around how we could tackle the roadmap and guideline within the scope of standards.

At the same time, we are beginning to discuss the privacy data collision, the future of surveys versus data mining and the futures of vitals, each of which are going to be creating dramatic change, the combination of predictability in the face of dramatic change. If we could really get clarity around the scope of standards in a way that then could let us reuse the method almost to step back and begin to insert those other layers, and then bring them back. This could become a really important vision and practical guidance that NCVHS a combination of that intersection we could provide. I am really glad you are headed this way.

I think the other thing to be careful of is that I believe we will have another review committee hearing next summer. The trick will be to get far enough along with this, that then the review committee stuff plugs in. You have almost got a magic window.

MS. GOSS: It is dual. Plus, it is the SDO timeline and the fact that I expect the designated Standards Maintenance Organization’s next version to come forward. I want to make sure I captured this correctly. When you said that the high level components within the standards, and you talked about the parallel, et cetera, you had a very concrete something. You want to get your arms around the standards? I need a little bit more refinement of that.

DR. STEAD: What I am thinking is if we could get a picture of the roadmap and glide path from the perspective, the limited perspective, of standards, then we are going to have at least two big C changes. One is the privacy data collision that Linda has been surfacing. The other that began to surface yesterday and I think is going to continue to surface in pop health. The collision between our historic approach to surveys and data mining, and how do we make those two things work together. Both of them are going to affect comeback and feedback and affect change the standards roadmap.

Maybe since standards is a little better developed than at least some of these new things we are moving into, you could give us an example of a method and infographics that we could actually then use to layer these other things into in a way that could then let us give the industry some understanding of the predictability problems across all three. Otherwise, we will discover the others coming like a tidal wave, and they totally disrupt what we just did.

DR. SUAREZ: This is sort of like we have public health 3.0 reinventing, if you will, regenerating public health. Standards and electronic transactions and EHRs and all that is part of that. We have privacy 3.0, if you will, which is what Linda will be looking in and sort of the next evolution of privacy. Now we have sort of our HIPAA standards administrative processes 3.0 also because we were like in the third major wave.

I think the three are aligning, if I am interpreting correctly what you are saying, Bill. I think we have really a window right now between now and June to do it.

MS. GOSS: The idea is roll up our sleeves, get a process, a methodology and tools, and then those other subcommittees could possibly leverage that. That would then enable us to have the larger picture. Thank you. Other comments?

MS. KLOSS: It seems to me that what the subcommittee might do first is go back to this roadmap charge because we have talked about it in numerous hearings and so forth and really clarify that. I have a little concern about how you sequenced. Rolling the process for developing standards and all of that, it seems to me that is still a secondary issue. We need to think about the roadmap in terms of the applications it supports first and then look at the process. I think if we start digging into the standards development process, we will get into the weeds. You had shown that as number one.

Then number two is the roadmap. I think I would separate those and start with a really clear picture of what we mean by the roadmap. When it surfaced before in hearings, I have had one vision that it is kind of the trajectory where we wanted to go and how we sequence things to move along adoption. But then, we kind of took a sharp turn. I recall we started looking at the roadmap in terms of the CMS roadmap.

MS. GOSS: Are you talking about when we were doing that 11th report to HIPAA, that whole vision section? Is that where you are thinking?

MS. KLOSS: I just think the subcommittee, as a committee, we need to crystalize what we mean by a roadmap. Get that nailed down to all of our satisfaction before you dig into secondary processes. Or I think we will just get really bogged down again.

MR. LANDEN: I am very supportive of the concept of moving forward. I think this side of the industry is mature. We got our start back in ’92, ’94, with the first WEDI reports and then HIPAA institutionalize it in ’96 under administrative simplification. We have added operating rules since then and a ton of other updates and modifications through other legislation and CMS and ONC initiatives.

But I think we are mature enough where it would actually be very beneficial to the industry to have some concept of predictability around this. That would give them the ability to preplan budgets, resources, know which of their skill sets they needed to have onboard when for these cycles and thus free up those resources for the other chaotic things coming at them on the clinical side or on the health care delivery system reform initiative sides.

I think that would just take one little thing off of everybody’s plates, providers and health plans alike. I see resurrecting, what was that, a 15-year old paper that you were holding up before? I think it is time to dust that off and start applying the learning that all of our stakeholders have done, SDOs alike, in the last 10 or 15 years.

DR. RIPPEN: I want to thank you and your team for the phenomenal work that you guys did. That was a pretty big effort, so congratulations for really doing an amazing job. With regards to the roadmap, I guess I just want to echo what everyone said in that again, I guess, I want to just make sure I understand scope. Standards that touch health care is pretty broad. I think of it in maybe buckets and some are related to standards and some influence standards. You have the data. We heard the survey. We heard the demographics discussions with census. We talked about public health, kind of what their needs are. There is a data component.

Then there is change of data, which is more the transactional that you have highlighted. That also includes then some of the interface standards and even kind of how are we going to do the API, right, so the standards around that. There are going to be standards around security. I think that is going to become increasingly important because again vulnerability leads to mistrust, which actually will have other implications.

Then obviously, then the policies, and we talked a little bit about those as they relate to privacy and kind of this combination of things. Then the business drivers because again, as they overlay everything, which goes to the whole question of ACOs, performance-based, which is more at the public health level, and then also for research because we talked about the PMI.

You have multiple levels to reflect on that might provide you then kind of the frame to make sure that you have addressed everything. Obviously not going to into details of everything because you will never get anything done. But at least providing kind of the construct, and that is just for consideration.

MS. GOSS: I think you are touching upon something that I have been concerned about, which is we are looking at this from a very standards-based perspective, at least that is how it all started. Now I feel like it is the full committee. It goes back to Bill’s comment. To me, it is starting to feel a bit overwhelming. We want to look at things from a standards subcommittee perspective. But we have got to figure out how to link it together to Bill’s process question.

Beyond that, there are things that we can recommend, things that we know are in the pipeline. But we are almost going to have to also have our federal partners really sit down at the table and talk to us about where they are at for more of that policy overarching perspective. I think I can anticipate. I know the topics that are coming out from a standards perspective. But when you look at the larger policy and reimbursement implications of what may be coming out of the feds, I think we have to be really careful about what scope we set and what is out of bounds.

DR. RIPPEN: Totally. I think that as long as we can articulate and that we are aware of it, I think that becomes really important. Again, if we are saying this is kind of the roadmap, well, let’s just go for the roadmap and how beneficial is it. I think as long as we are clear on that. We can’t solve everything. We don’t have jurisdiction over many things.

But I think that at least to understand that, so that when we describe what the focus is of what it is we are doing, we have actually covered and can refer people to, okay, this is the scope. This is kind of the context, so that people can actually understand how it applies. Even what is out of scope because again that is in our jurisdiction because if there are competing approaches for different agencies, our ability to understand that there might be kind of a disconnect is important, too. You will hear about it in the political venue otherwise.

MS. GOSS: My sense is that this conversation is resonating because I just saw there tents go up, and I am not sure who went up first.

DR. COHEN: Alix, thanks for giving us an opportunity to do strategic planning. That got eliminated from this afternoon’s session. That is essentially what we are talking about. It is convergence of the work streams for the subcommittees and the work that we are doing jointly as a full committee.

Standards is a really interesting word or concept that can be applied to all of the activities that we do. Essentially, the recommendations and the projects that we work on are trying to create a baseline and extend. I see them, rather than as roadmaps, as lenses that we are looking at a variety of things through.

The work we are doing in population health, we are creating standards for our framework for community data. We could call it that. Certainly, what Vicki is trying to lead in terms of the data workgroup is coming up with standards to understand how the feds organize their data. Standards for me is really a useful lens to look at a variety of our activities through.

I think it creates a convergence in my mental map of the work that we are doing and that we share. I don’t really understand the roadmap that you are describing yet, but I am sure it will evolve. I don’t know whether it is focused on the specific activities of your subcommittee or a general, broader highway system for how the committee moves forward. This is a really productive discussion to get us all to think about how our work converges and separate, but convergent, as well.

MS. GOSS: I think we are living in both of those worlds right now, the standard subcommittee as well as the larger conversation. I think it really chips back to a lot of the other comments we have had before. I think that we will figure this one out as we continue to discuss.

MR. COUSSOULE: Bruce’s point about there is a huge amount of overlap in a lot of the things that we do is very real. In some ways, the things that the standards subcommittee derives is almost a number of things that the rest of the industry kind of must do. A lot of them have prescribed into either timing or already into regulation as opposed to things we would like to do or might want to do. Those have to come together, though.

I don’t think they can be looked at in isolation. I look at the roadmap as more as getting some clarity and understanding as to what is coming to the point, I think, that Richard made before about some predictability and all of our worlds, it would actually have to live and implement these things on a regular basis, so we can plan our budget and timing and change management exercises and all the other challenges that go along with actually running business on a day-to-day basis.

I think being able to provide some of that kind of clarity, again whether we call it a roadmap or we create different semantic views of that, I think it is necessary to create a reality of what is there today, talking about what else is coming on top of that, and then trying to guide our efforts into how we can make a difference and communicate that effectively. That is my two cents worth. I think it is really a good exercise. In some cases, there are things that need to be done in isolation that may be very technical. Lots of work can be done. But I don’t think we can do all of it in isolation. I think it is going to have to be done on a broader scale.

MS. GOSS: Maybe what we do is we start with a standards thought process, but really work to figure out how that leverages all the work plan and strategic planning that we have already done in coming up with an overarching process and how the pieces all fit together. This is sort of what I am hearing.

MR. COUSSOULE: Bill really hit on it here. He started looking at all the aspects of it, even the things that we covered. I am new at this. I have been here now for seven months. But even I can see the kinds of things we are talking about and the different things come up in the different hearings.

There is a lot of overlap for good reason. There is a lot of impact to the things we are talking about doing across the industry. Now, it is not 100 percent, so there are certain things that could be done in isolation pretty readily. But I do think it needs a bigger picture to make sure we are trying to create that level of visibility into what people then need to be accountable for on a day-to-day basis.

MS. GOSS: The timing is good. If we can get our arms around this in the next couple of months, then during the rest of this calendar year, we can really get all the pieces to be pulled together and get the larger picture, which will be good during the transmission I am sure we are about to all undertake. I think we are over to Vicki.

DR. MAYS: My comment is similar to what Bruce was saying. I think we are in the situation now where the committee as a whole and the subcommittee things are starting to kind of break down to some extent. As some of the hearings even go on, it is interesting. You can see pieces that one of the subcommittees probably could have inserted. Then we kind of don’t have that voice as a testifier at the meeting.

We are at a crossroads, I think, where we have to start maybe planning differently if we want to do it. I am not quite sure. I was sitting here being very overwhelmed because I was trying to think of what the process would look like, either what needs to happen is when quote standards is doing work that there is a representative. In the workgroup, it helps us to have like somebody that represents the particular subcommittee. Then we know we have that voice and we have that person to go back.

I am just wondering as we do the hearings for our different subcommittees, if you want to have as part of the planning to have somebody from some of the other groups to make sure that all these pieces that we keep talking about can get in early rather than later after we are hearing the results.

The other thing is maybe it is time, Walter, to think about whether or not the executive committee needs to have a retreat. This is to Bill’s point and to think about is there a different approach or structure that we can engage in that can be kind of ongoing?

As we were talking, I was thinking about, well, maybe standards can be like a platform. I kind of have to do the work, but a platform where you build off of it. You enhance things. So that as we do something, you ask is there a standards question to this? Is there a pop question to this?

But that we start interrogating what we are putting forth as to the pieces. Then somebody speaks up and then, instead of staying as a planning group where it is just the whole privacy or pop, you may have a different group that then needs to do that particular hearing. It might be useful. I just don’t know, Rebecca, if we have time, money, et cetera.

MS. HINES: I don’t think there is bandwidth for everyone to do everything. That is why we are organized the way we are organized. I do hear your point. I think it is good. You have got representation from others on the data workgroup. Ideally, every subcommittee would have someone from some other subcommittee there to serve as a connector.

MS. GOSS: One of the things I think we have done is really try to engage non-standards committee members in our process. For instance, your participation in the review hearing was an eye-opening experience, for you and for Bill. We do have some good cross-pollination. But I also feel like we have been trying to do some of what you are speaking to by elevating things to the full committee. I do think the executive committees also are working sessions are calls that we have. I think they provided me with a really great understanding of how things are linked and enable us to do that cross-pollination.

But I think part of what we need to evaluate in all of this discussion about the standards specific roadmap and the repeatable methodology that may be produced for the other subcommittees is taking it small as in small steps to try to ensure that we don’t bite off more than we can chew right now, and that we bring something of value in what we do. I would think that what we would pursue within the standard subcommittee would naturally bubble up to an executive committee conversation and probably make sense between now and September if we do any work that we should have, if not a retreat, a touch point to ensure that we are getting that broader picture. There is a bandwidth issue of who can attend calls and that kind of stuff.

DR. MAYS: There is one place that I am saying that I think you also need it, and that is when a hearing gets planned. It typically is planned by the group and the staff with the expertise. It is not just our participation. But it is like making sure that who comes into give testimony, has that kind of contextual piece to it that represents the other subcommittees. It is in the planning of the hearing.

DR. SUAREZ: In some ways, we are already doing the concept that you described. Every hearing, for example, we now have pretty much representation from all the groups. There is always some perspective in the hearing or in questions even. Just for example, tomorrow’s minimum necessary hearing, we are going to be talking about privacy, but also standards. Maybe there is going to be some questions about the impact of this for population health data.

There is somewhat, in many ways, already some framing of that, even though the lead of the activity, whether it is a hearing, a workshop or something else, is one of the groups. There is always that complementarity. I think in most of the subcommittees and the workgroup, we have someone from each of the groups that I think already are achieving some of that.

MS. LOVE: Is there a way to think about all the universe of data? We can’t take on all of that. There is overlap. There is a Venn diagram of some sort, and identifiers are a big deal. No matter whether you are talking utilization data, provider data, or public health data, then you have got personal identifiers, physician identifiers. Smarter people than I am here, but sort of a Venn diagram of what is the overlap and where the priorities for the standards coming together instead of this huge universe of data.

DR. O’GRADY: I like very much what you are talking about here and a chance for industry and government and keep the proper firewalls, but allow a conversation that just clears up and hopefully has some sort of consensus. The caution I would have on that is I also sit on something called the Maryland Health Care Commission. Maryland, for many of you who don’t know Maryland, is a very regulatory state. It is a very consensus. That has many advantages.

One of the disadvantages, if you are provider, it is a hard state to break into. It is what we in economics think of as a guild. If you don’t have the union card, you don’t work there. It is the same ten hospices and 15 hospitals and that sort of thing.

As we move forward here, we want to kind of have a more rational sort of process. What government does is sort of make sense to industry. What industry does is in line with what government is hoping they would do, those sorts of things.

But I just want in the back of our minds, and sometimes in the front, this idea of we don’t want to lock this into only the big boys and girls get to play. There are new people who will come into these fields. We don’t want, what I will repeat 100 times, the Maryland effect in terms of any of these kinds of things where it just the guys who all went to Hopkins together decide.

MS. GOSS: So, we have run the table. I have gotten some feedback. I have taken some notes. Hopefully you have seen what I have captured. If you haven’t, I can share it with you. What I am going to do is digest this, work with my co-chair and executive leadership to figure out what is next and start to put a plan together with Terry’s support, and how I need to manage it.

Are there any parting words or thoughts? Walter? Ob, you good, if you are still with us?

DR. SUAREZ: Thank you very much. We are only two minutes behind schedule. We have a break right now. We will take the break until 11:00 when we come back. Thank you.

(Brief recess.)

Agenda Item: MACRA-MIPS Update and Discussion

DR. SUAREZ: So this next part of our session, we are very excited to be able to have Pierre Yong from CMS and have him present and talk to us about the now next new most-used word in health care called MACRA-MIPS. Whoever remembers what meaningful use is, right? It is very exciting to have him here. I am going to turn things to him. I think we are going to have some time at the end for questions.

There is a lot of work. I am sure he is going to highlight a lot of work being done to inform and educate people about this program recently. Comments are due June 27th. I know there are a lot of activities. In fact, tomorrow at HHS, there is a listening and discussion session with several CMS leaders on this specific topic of health IT and MACRA-MIPS. Unfortunately, we are going to have our hearing here and won’t be able to attend that. There is a lot of that type of information being shared right now and a lot of interest around this.

Certainly as I was explaining to Pierre, our perspectives that he had a chance to hear as we were going through this morning are very much related to a lot of what he is going to cover. Welcome, Pierre, to our National Committee. The floor is yours.

DR. YONG: Thank you for the opportunity to comment and share some information about specifically this morning around MIPS, the Merit-Based Incentive Payment System, which is one component of this larger statue which was the macro, which is Medicare and CHIP Authorization Act. The other big piece relating to the clinicians in MACRA is APM, so the Advanced Payment Models. I believe my colleague is going to address that in the future.

I am going to specifically focus on MIPS today. As Walter said, there will be some time for questions at the end. My goal really here is to give you a broad overview of MIPS and what we have put into our proposed rule. The comment period for that does close on the 27th as far as noted. I am sure many of you are familiar with this, but in case you do want to file comments, we welcome them.

Overall, we have termed the overall sort of program between both MIPS and APMs as the Quality Payment Program. This, in general, does a couple of things. MACRA itself repeals a sustainable growth rate formula that was the formula under which clinicians were paid. It streamlines multiple quality reporting programs into a single new merit-based incentive payment program. Those quality payment programs which are streamlined in include PQRS, the Physician Quality Reporting System, the Value-Based Modifier for clinicians, as well as meaningful use for clinicians.

I do want to clarify, meaningful use for hospitals and cause, this still does exist. That has not been affected by MACRA. It is the meaningful use piece that affects clinicians that gets rolled into MIPS. I just want to make that clarification. Then this program also provides incentive payments for participation in advanced alternative payment models.

We view this as a very exciting step at CMS. It is really a fresh start to these programs. Each of these prior programs was set up in various statutes and sort were set up fairly individually, though we tried to align policies and make them work across programs as much as possible. We see this as a great opportunity to really sort of bring everything all together for clinicians into a single payment program.

We have been taking a very active and sort of user-informed approach to the design of the QPP and really talking both not only to associations representing clinicians, but also to many frontline clinicians, as well. We believe this will ultimately lead to a better, smarter Medicare for healthier people. Our desire is to pay for what works to create a Medicare that is enduring and really leverage health information that needs, in order to be flexible, open and user centric.

As I mentioned, MIPS does streamline three independent programs to work into one and hopefully ease some of the clinician burden between previously needing to report to three different programs. It also really adds this exciting fourth component to promote ongoing improvement and innovation in clinical activities.

There are four domains in which clinicians will be scored on to develop their MIPS composite score. Those domains are quality, resource use, clinical practice improvement activities and advancing care information. Advancing care information is leveraging health IT or previously was known as meaningful use. We believe the proposals we have made provides clinicians with flexibility to choose the activities and the measures that are most meaningful to their practice to demonstrate the performance.

Prior to MACRA, as I mentioned, we had PQRS, we had VM and we had meaningful use. The major provisions we wanted to highlight for you that are in our proposed rule relate to eligibility, performance categories and scoring, data submission and performance period and payment adjustments.

Who is eligible to participate in MIPS? In the first two years, you can see on the bottom left-hand side of the slide, it is physicians, PAs, nurse practitioners, clinical nurse specialists and certified nurse anesthetists. Beginning in year three, the secretary of HHS has the authority to broaden the types of clinicians that can be included into the program. Examples of those are below on the right side of the slide, including physical therapists, occupational therapists, social workers, clinical psychologists, all of these groups, if the secretary chooses to authorize that authority, would be done through normal rule-making process.

There are certain categories which are not eligible to participate in MIPS that we want to highlight. Those clinicians who are in their first year of Medicare Part B participation, those who fall below a low patient volume threshold. What we proposed in the rule has a definition of that low volume threshold, are those billing charges less than or equal to $10,000 a year and provide care to less than 100 patients in that single year. The third category of people who would not be eligible or subject to MIPS would be certain participants in advanced APMs or alternative payment models.

Just to give you a sense of the timelines, the first MIPS payment adjustments would go into effect for clinicians in 2019. What we have proposed is a performance year that begins and ends in 2017, so using a calendar year. Then using 2018 for the data collection period, as well as a calculation of scores, a review of scores providing feedback to clinicians. That is the general timeline that we proposed in the rule. The payment impacts actually go live in 2019.

How much can MIPS adjust payments? There are both positive as well as negative payment adjustments that are possible or neutral. You can see here they scale up over time. Beginning in 2019, it begins as positive or minus 4 percent to start. Then it goes up to plus or minus 9 percent in 2022 and onward. There are some nuances to this, which I will cover in a little bit, but that is the general gist. I think the main point is that folks can either get a neutral payment adjustment of positive or negative depending on performance.

This is just another slide to depict who will be subject to MIPS. Those not in APMs, alternative payment models, which we suspect are many particularly in the beginning as we launch MIPS. We certainly hope over time, more and more folks will be participating in advanced APMs. Those on the right side would not be eligible and subject to MIPS. We really see MIPS as a way to gear folks over time to really participate in advanced APMs.

Clinicians can participate both as individuals or as groups. We have defined groups as TIN MPI combinations. But that is consistent with what we have done also in PQRS. So just to review the categories which somebody will be scored, quality resource use, clinical practice improvement activities and advancing care information. These are the weights which were described in the statute in MACRA.

At the beginning, the first year when we launched MIPS, quality gets 50 percent of the overall score. Cost or resource use gets 10 percent, CPIA, 15 percent, and advancing care information, 25 percent. Over time, these relative distribution of weights will change. Eventually, quality will go down and cost and resource use will go up potentially depending on the amount of adoption of certified EHR technology. Advancing care information, the percentage for that category may shift, as well.

In terms of the quality category, we in the rule have proposed a number of different quality measures from which clinicians will be able to choose and which measures they would like to report on and count for their quality score. We propose a selection of six measures from about 300 or so.

We specifically also proposed to require one cross-cutting measure and one outcome measure, or another high-priority measure if an outcome measure is not available. Another high-priority measure could be a measure addressing patient safety, care coordination, population health, for example.

They would select individual measures. We have also identified specialty sets, specialty meaning clinical specialty sets. For example, we have identified measures related to internal medicine care, ophthalmology care, surgical care.

Population measures, we also have automatically select calculated because they are claims-based measures. These changes are reduced from nine measures to six measures with no domain requirement. Then the year one wait for the quality domain is 50 percent, as I said.

Resource use, the goal here is to compare resources used to treat similar care episodes and clinical condition groups across practices. These are risk-adjusted. They are claims based, so there is no additional burden on clinicians to submit information to CMS for calculation of these measures. The key changes is that we have added 40 additional episode-specific measures to address specialty concerns. The year one weight is 10 percent.

CPIA, or clinical practice improvement activities, examples of these include care coordination, shared decision-making, safety checklist, expanding practice access. Clinicians will need to report to us what we proposed in the first year what CPIA activities, from a list that we have included in the rule, that they have participated in. They would receive credit for each of those CPIA activities.

They could participate in things like the transforming clinical practice initiative or Partnership for Patients, for example. It could be participating in or use of a qualified clinical data registry for quality improvement activities. There is a list of over 90 activities, which we have included in the proposed rule, which folks can report on and select from. This is a new category, as I mentioned. The first year weight would be 15 percent.

Finally, the last category is advancing care information. The eligible clinicians again can participate in this category as individuals or groups. Those not eligible would be facility-based providers, acknowledging that facility-based providers may not have as much control as a community-based provider on selection and use of EHRs within their practice. An option for 2017 includes MPs, PAs, clinical nurse specialists and CNRAs.

Overall, as I mentioned, there is a composite score. We have four domains. Then we need to come up with an overall score and then translate that into payment adjustments. This depicts the overall sort of score for the ACI category, which is advancing care information, where we have a base score of 50 percent for meeting certain criteria and performance or activities related to EHR use. Then the optional score of up to 80 points for doing additional activities such as reporting to registries example, and then getting bonus points on top of that.

The base score counts for about 50 percent of the points for a total advancing care information. To do that, physicians and other clinicians would need to provide numerator/denominator information and yes/no for objectives and measures.

These are the objectives and measures which you are probably familiar with, protecting patient health information, electronic prescribing, patient electronic access, coordination of care through patient engagement, health information exchange and public health and clinical data registry reporting. As I mentioned, you could get up to 80 percentage points additional towards your ACI category score by engaging in additional activities in the patient electronic access area, coordination of care, as well as HIE.

Just to summarize, this scoring, we believe, provides more flexibility to providers and really promotes care coordination for better health outcomes. The change we have proposed is dropping an all or none threshold for measurement, which is something we have heard a lot about from clinicians that wanted more flexibility. We removed redundant measures to alleviate burden. We have eliminated the CPOE, the clinical provider order entry and the clinical decision support objectives, and reduced the number of required public health registries to which a clinician must report. In the first year, weighting for this domain is 25 percent.

Between the four categories, here is just a summary which shows the relative weights and the number of points you can earn within each category. Ultimately, you come up with 100 points after you do the weighed summation between the four categories.

All the MIPS performance categories we proposed are to be aligned with the performance period of one full calendar year. That first year performance year, we propose to be 2017 with a payment year in 2019.

How do we then translate that into payment adjustments? We propose that there be essentially a linear relationship between the score and payment adjustments, which I will explain a little bit more. What the law has described is that a CPS below a determined performance threshold will yield a negative payment adjustment, while those above the payment threshold will yield a neutral or a positive adjustment.

Specifically, it says that a composite performance score less than or equal to 25 percent of the performance score of the threshold will yield a maximum negative adjustment of 4 percent. That is 4 percent for the first year.

A score that falls above the threshold, at or above the threshold, will yield a payment adjustment of anywhere from 0 to 12 percent depending on the degree to which the score exceeds the threshold and the overall distribution of the composite performance scores. Then to make that even more complicated, but to provide additional incentive for exceptional performance, there is an additional bonus opportunity not to exceed 10 percent to be applied to payments on top of the payment adjustments to eligible clinicians with exceptional performance where CPS, the composite performance scores, are equal to or greater than the 25 percentile of hospital values above the threshold.

This may help you understand this a little bit better. Essentially, there is a positive or negative adjustment. In the first year, it is plus or minus 4 percent. The positive 4 percent, there is a scaling factor. That can go up to three times. There is a factor, so potentially the maximum is 12. Then on top of that, there is an additional 10 percent adjustment factor which can then be allocated for recognition of exceptional performance.

There is a pool of funds about $500 million that are available each year from 2019 to 2024 for that exceptional performance category that can be distributed for those exceptional performers. I think the other thing to note is that the law requires it to be a budget neutral redistribution of funds beyond the 500 million. That will impact the size of the adjustments, especially on the positive end because of the scaling factor.

Those are all the slides that I had for this morning. Hopefully that gives you a sense and quick overview of this new program. I am happy to take questions.

DR. SUAREZ: Thank you. We have a few people already starting? Mike, I think you are first.

DR. O’GRADY: A couple of questions. One, on your last point about it being budget neutral, so the Office of the Actuary has kind of gone through this and assumed. I am not critical. I am just saying as they think about this, they have assumed that there will be as many good performers as bad performers, so you can go plus or minus four, plus or minus five, and still be budget neutral at the end of the day, even though cost is not heavily weighted in the phase. Is that correct? When you had like your multiplier factor, where a really good player could get 12 percent, it looked like it made it pretty tough to be budget neutral.

DR. YONG: We have to determine the performance threshold. What we proposed as a performance threshold is approximately half of clinicians in the program would be below the threshold.

DR. O’GRADY: By kind of construction, you are trying to make sure you do that. You move the average up by doing that. Excellent.

The other question I had, for those of us in the past who have done various work on claims data. You use claims data a lot here to sort of take a look at the case, whoever the provider is and those kinds of adjustments. It also means one of the concerns, and the actuaries always have a very good reason for it, is the lag. You can’t get it for about two years.

Part of that is, at least in the old days, they used to say that was a lot of adjudicated, especially the very expensive ones. They don’t really want to close that fee for service file for at least 18 months. It is more like two years before there is public use tapes.

You have also now added a little extra lag here, not so much in terms of ICD-10s and things like that, but in terms of looking at the payment amount. In your example of 2017, we are going to see claims going on. Maybe some of the stuff you will do about judging these people will be based on 2016 claims or something like that to do it.

After 18 months, so kind of mid-2018, they close those files, the adjudication is hopefully pretty much wrapped up. The actuaries are comfortable. But we won’t see a payment effect until 2019. Again, totally understand it is going to take that long to analyze this data and figure these adjustments. It means that we won’t really get a final file with correct payment for some time after 2019.

I don’t think it is an intended. I think it is an unintended consequence. That sort of complete file, we know what the diagnosis was. We know what the procedures were. We know how much was paid. We know what the beneficiary paid. We know what the government paid. That has really now kind of all moved back under this scenario, at least the way I interpreted your presentation. It is sort of like when you do drug data. Until you see the rebates come in after the fact, you don’t really know the final dollars. Is that a correct interpretation of what is likely to happen?

DR. YONG: Say that you are right that there are claims-based measures that we use. For example, research use is totally based on claims data. You are right that there needs to be a run out period for the claims because of adjudications and waiting for claims to come in because you don’t need to necessarily submit the claim immediately. We need for a lot of claims to settle out before we do those calculations in order to make sure that the calculations are as accurate as possible.

The intention here is, in late summer, to be distributing to participating clinicians information about what their scores are based on our calculations and what their potential category for adjustments are. There is a period that we propose in describing the rule for review. They can request review of their scores if they believe it is inaccurate. But ideally, they should have that information before the payment adjustment is going into effect in 2019. Beginning January 1st, before that date, it is our intention that providers should have that information and know what their scores are and what their payment adjustments will be for 2019, so payment to the payment year.

DR. O’GRADY: Is it a backward-looking adjustment? It is saying yes, we paid you $100.00 for this in 2017. But really, you owe use five bucks because you didn’t do a very good job?

DR. YONG: No. The payment adjustment would then be for the calendar year 19 payments. Your performance is in 2017. We would share information in 2018. Your payment adjustments then go prospectively into account for the calendar year 2019.

DR. O’GRADY: It is the same sort of lag in terms of close the file, adjudications and what not. Which is, in many ways, similar to the way you see it in Medicare Advantage. They sort of size up things and do their final risk adjustment and things like that. Then there is a little, for the budget neutral parts of it, they don’t do a look-back. They basically just say, you are getting 3 percent less this year because of your past behavior. Good, thank you.

DR. SUAREZ: We have Rich and Denise. I will add my name to it.

MR. LANDEN: Dr. Young, can you talk a little bit more about the budget neutrality? I think you said basically it is budget neutral, but it was over some threshold. Then there was another 500 million for exceptional performers? Go through that again.

DR. YONG: Put aside the 500 million for exceptional performers. The distributions will be the plus or minus 4 percent plus the scaling factor, that is all budget neutral. Those adjustments are all budget neutral. The law provider for an addition 500 million between fiscal year 2019 and 2024 for exceptional performance. That is not budget neutral obviously. That is in addition to the adjustments that would take place in a budget neutral fashion.

DR. CHANDERRAJ: Did the advancing improvement measures, does it conform to the guidelines that are being assured by the societies? What are the performance industries for advancing improvement measures.

DR. YONG: Advancing care information? Advancing care information is the use of essentially certified electronic health records. Are you talking about clinical practice improvements?

DR. CHANDERRAJ: Clinical practice improvements, advancing improvement measures.

DR. YONG: I don’t have a table with me for the CPIA. There is a list in the rule that we proposed of activities, including things like participation and initiatives like working with our QIOs, our quality improvement organizations, on initiatives like Partnership for Patients, which is a safety initiative. Participating in transforming clinical practice initiative. It is an initiative from the Innovation Center, which is trying to prepare smaller practices for value-based purchasing programs.

It could be referencing or participating in an activity to improve anticoagulation sort of rates and outcomes for those on Coumadin. It could be participation or checking in opioid registries within states. Those are the kinds of things that we included in that list. Hopefully that helps clarify a little bit.

DR. CHANDERRAJ: As far as the quality is concerned, how far from the incident event that you judge a quality of an outcome of an incident event?

DR. YONG: Well, there is a wide range of quality measures. We have process measures. We also have outcome measures. We have a few functional status measures. It really depends on the measure. These are all clinically based measures. It could be something like functional status after a hip repair. That is sort of based on your patient population within that calendar year.

DR. CHANDERRAJ: Is the payment of the incident tied to the quality?

DR. YONG: The general concept here is we want to increasingly tie provider payments to their performance on not just quality, but also resource use, CPIA and advancing care information. We generate this score. That informs where you get your score relative to your peers. That translates ultimately into a payment adjustment. Yes, the ultimate goal is to tie these payments to how you perform on these four categories.

DR. CHANDERRAJ: Last question is have you figured out the legal cost involved in this?

DR. YONG: Maybe you can expand on that a little bit. Legal costs for who?

DR. CHANDERRAJ: For the provider.

DR. YOUNG: Can you elaborate on your concerns?

DR. CHANDERRAJ: Most of the payments that have traditionally been for all the physicians included a part of what it costs for the patient, for the provider to provide the service. But right now, these MIPS, does that include this cost evaluation?

DR. YONG: Certainly in the rule, we have the regulatory impact section which we elaborate on sort of the burden from data collection, et cetera. I don’t have those specifics specifically in my mind, but those are in the rule.

DR. SUAREZ: I think it is fairly clear from the presentation, there are two different programs. One is MIPS, the other one is advanced payment models. They are really separate programs and activities. The MIPS built on those four elements that provide this score by which providers will receive an adjustment up or down. That is kind of the general concept.

My question might be more related to the advancement in models. I am not sure. You can tell me maybe that is the case. It has to do really with the concept that right now our quality measurement process still is very much focused on a fee for service type basis. We measure quality of services delivered based on, in some ways, the volume of services and the type of services. What are the efforts being done to create sort of the next generation of quality measures that will support not so much a fee-for-service model, but a pay for value type model. Again, this might be more applicable to the alternative payment models.

But I don’t know how much that fits into MIPS. MIPS, basically the quality measures are still the same ones that are currently being used, correct, the ACQMs? Are there any efforts to really create a new generation of measures that will look at more like population-based measures. At the end, that is what we will be looking for in terms of payment.

DR. YONG: Certainly there is acknowledgment that population health is important and that we ultimately do want to include more population health based measures within the program. What I can say is that in MACRA, there is specific attention paid to quality measure development. That is something that CMS is currently working on.

MACRA provides funding in the amount of $15 million a year until 2019 for measure development activities. CMS put out a draft, MIPS and APM quality measurement development plan in December of last year for public comment. We issued the final measure development plan based on over 600 comments received in May of this year. This initial plan outlines at a high level some of the PDRs, including population health measures, including safety measures, including outcome measures, including areas where we know there are not many clinical measures for certain subspecialties, for example. We want to make sure that there are available quality measures for all clinicians participating in MIPS.

We are currently thinking through further plans about how to approach the measure development. I expect over time, hopefully we will get to the goals that you sort of outlined and certainly welcome comments if you have any ideas to share about the kinds of measures you think would be useful and to include in such a program.

DR. SUAREZ: One thing I have always been concerned about generally is the degree to which we need some sort of an advisory body on the quality space. We have an advisory body on the health IT policy side. We have an advisory body on the health IT standard side. We have an advisory body, us here, on data policy. It feels like quality is the future. In fact, it is the present. It is a big thing. It seems like there would be some benefit.

Our committee used to have actually a subcommittee focusing on quality. It seems to me that there is some need out there, at least I see it, that there be some sort of an advisory body to define this type of program, this national approach to measuring quality under this new transformed system. I don’t know.

Certainly CMS has been developing this proposed rule and all the program internal activities because it is a CMS program. It is a Medicare program. It is not a national program like meaningful use that is not only Medicare.

In any case, I just wanted to express that. Certainly, the National Committee has had that role in the past of advising on quality. Not on health IT and quality, but on the quality agenda in general. I just wanted to mention that and offer that as a thought. I don’t know if you have any reactions. Maybe other members of the National Committee have some thoughts about that, too. Any thoughts from your perspective?

DR. YONG: In our measurement development process, we try to be as transparent as possible. We have put out an update that is regularly ACMS measures blueprint, which we follow. It is a fairly standardized process in which we undertake to develop our measures. It involves significant engagement with external stakeholders.

We convene technical expert panels for each of the sort of measure development efforts that we undertake. We put out summaries of those, as well as specifications from measures and measure concepts for public comment. We have made that a priority as a way. We believe it is important to get external input. Oftentimes, those comments are very helpful in highlighting things that we may not have thought of in the measure development process or highlighting potential unintended consequences. But we do take the input seriously, and that is part of our normal process.

DR. O’GRADY: First on the quality question, AHRQ has certainly made quality sort of their portfolio for a very long time and the National Quality Forum. There is a whole community there on quality. The thing I would disagree with you on, Walter, is the long-term where this is going. If I interpret what you said right, in the early years, we are going to focus a lot on quality, 50 percent of whatever the bonus is. Sort of no matter who wins the election, given the two people we have, cost is, I mean, you want to go easy. You want to phase in. You want to make sure quality is protected. You certainly don’t want any loss of quality.

The looming Medicare budget deficit that kind of drives the entire budget deficit. They don’t want to have a major Medicare reform. I think in terms of using the tools they have got like this, either party is going to have to figure some way for a gentle glide path. You just can’t maintain spending 4 percent more than your GDP, your growth rate. You can’t have your income grow at 5 percent and your spending grow at 10, and keep that up for a long time without at least major crowd (indiscernible).

I think when the current administration talks about Triple Aim, and that is fine. But when you think about what is that going to look like five or ten years from now? I think you are going to look at an attempt to slow cost because the budget is in real trouble. At the same time, you would at least hold you own, if not improve quality and hold your own if not improve access. I have to believe the real driver.

I don’t know that CMS has an awful lot of outside opinion because, in terms of payment policy, they have a tremendous amount of in-house expertise on payment policy. But I am not sure that we should think of this as a quality-first kind of an initiative.

DR. SUAREZ: It is called a natural quality program. The other argument is really that all of this is expected to, intended to, reach the triple aim, which includes better care and lower cost and better health.

DR. O’GRADY: All I guess I am arguing is the weighting between those three. I think it is more like 50 percent cost, 25/25. You don’t want to hurt it. But I think there are these outside forces that are just crushing.

DR. SUAREZ: I mean, my argument was really more about the fact that we are putting so much effort in a national quality program and a quality initiative so big, transforming health care, helping contain costs. Granted, there is a lot of effort being done by CMS to be very transparent about the development of measures. It seems like there is less of a role for an advisory body. That is what I was pointing out.

DR. O’GRADY: This isn’t whatever it was 10 years ago when there was the Institute of Medicine report about, whatever, 80,000 unnecessary deaths because quality was in the dumper. That process has gone on. I guess in terms of just being realistic about what they are going to face, what we in terms of thinking about data.

I thought your earlier point about the idea of it is great that you guys are trying all these innovations. What part of it is still on an old fee for service sort of thought process? All the stuff coming out of the innovation office, Patrick and those guys, it is all disruptive. It is going to be disruptive in good ways. It is just going to kill the time series on spending and different things like that, too, and where we end up with that. That, I think, is more of a well within our kind of portfolio of issues.

How do you make sure that the data that is necessary for both research and policy-making and these other needs? How can you maximize the amount of innovation you can experiment with, with the minimal damage to these long-term ability to actually access and make informed decision-making about what direction the program goes in the future?

MS. LOVE: So I agree with you on the cost issue. I am also concerned about the burden issue for the providers on providing the data. At the risk of sounding like a one-trick pony, I want to say that I would ask CMS to look at the states that are developing all-payer claims databases. That would take a huge burden off providers for being responsible for a population that moves in and out of their network and they may not know. Whereas states like Vermont and others, who have put practice profiles together and benchmarked them, that episodes of care is one thing to get at the cost and the quality.

We all know that it costs more to provide bad quality care. The length of stays are longer. The readmission are more frequent. Episodes and then also, I lost my train of thought here, there are a few other measures that states can promulgate on behalf, the benchmarks for readmissions, other things. How is this practice doing with keeping their people out of the EDs and the hospitals? Some really basic measures that doctors don’t have to abstract, pay for, get a consultant to consolidate.

I think CMS has made some good strides with both the societal grants and the sim grants to stimulate data development in the states. I think that is one way to do a win-win here on the states that are developing those databases and the providers who need the data.

DR. YONG: I think burden is a huge concern that we are recognizant of and we are conscious of. We have tried to reflect this in some of the policies we have proposed. We have decreased the proposed number of measures that a clinician would need to report on from nine to six, for example.

We have also identified and said in our proposals that clinicians can report to us in a variety of number of different ways. If they are in large groups, they can use the web interface. They can also use registries, clinical data register. They can use EHRs. To provide lots of options in order to try and minimize the amount of burden that any single provider may have to bear to do the reporting. Though you are absolutely right that there is still burden. That is what we are conscious of and are trying to work through, as well.

MS. LOVE: But at the same time, those same physicians are increasingly being reported on by their states as far as their experience, their utilization and their metrics. To the degree that we can somehow in the future come together and align some of those, I think everyone, consumers, the public and the physicians will benefit, but also more comparable data back to Medicare. We look forward to pushing that vision.

DR. SUAREZ: Alix and then Mike.

MS. GOSS: This is really not directed at you, Pierre. It is more directed at we have an industry with multiple payers in it, who are all looking at quality measures. There isn’t a lot of alignment. Providers are heavily burdened on how to manage all the quality measures and all the reporting aspects, and whether the base EHRs can meet their needs by payer, can give them the data content that they need anyway for quality measures, the whole QRDA1 and 3 issues are pretty notable with the meaningful use quality measure reporting structure.

Above and beyond that, when you look at the non-Medicare/Medicaid payers, it is the wild west out there. I have heard a lot of concerns from the provider community on how they are managing all the different quality programs. It is timed back to the reimbursement and their survivability and delivering care especially for some of the smaller entities in rural communities. I think to your point, I am still grappling with the larger industry issue and what it means to provider burden. I am not sure if we can do something about it. It is a real world pain.

DR. O’GRADY: Intentionally, you are changing the incentive system that you see with these physicians. Most of my research is in diabetes. It is only anecdotal at this point. But we are seeing with disease management programs and different incentives, and you are probably at 20 percent of enrollment. You have a lot of people with diabetes. It is a big driver of cost for you, certainly much more than any other insurer in the country.

With some of the incentive programs that have gone on in the private sector, we are starting to at least hear. It is just anecdote. Now there is an incentive. The anecdotes are Mrs. Jones goes in. He keeps talking to her about bringing her A1Cs down. She is not doing it. He finally says, I can’t have you as my patient anymore. He is going to get killed on his scores if Mrs. Jones doesn’t kind of come into the ADA guidelines and sort of hit her markers and stuff like that.

Given the population you have, both with its high rate of diabetes and its sometime recalcitrant, shall we say, patients, just a heads up that I can see this one coming out where all of a sudden, you have an access problem that isn’t sort of the access problem you might have expected. You have set up a set of incentives for providers for all good intentions and with the right intentions, I would argue. But the only thing they can control is saying, I will see you. I won’t see you. They have an on-off switch. They can’t make her bring her A1Cs down, but they are going to lose money if she doesn’t. Just something to keep an eye on.

DR. YONG: Thank you for calling that out. Certainly it is something that we certainly need to pay attention to. I just want to go back to the prior comment, if I may for a second. That is a concern that we have also heard that CMS is not the only payer out there. There are many other private payers out there.

I just wanted to highlight one activity in case folks weren’t aware of it. For the past two years, CMS has been working with AHIP, the American Health Insurance Program, the association for the insurers. It is the private insurers. They have formed what is called the Core Clinical Quality Measure sort of collaborative. In this group, it includes 70 percent of covered lives in the US, CMS, private payers. We have also included participation from many of the clinical specialty groups.

In February of this year, we announced, in conjunction with AHIP and the participants, the first set of what we have called core measures. These are measures in which everybody came to agreement on between the payers as to measures to align to in terms of both for CMS perspective and for our programs, as well as the measures that the private payers would use in their contracts with providers, to specifically try to start to tackle this particular issue.

We are quite proud of this initiative and sort of really thought this was a very positive first step forward. This issue is a very real one for providers, reporting measures to CMS and then X number of measures to another private payer and then yet another set. I really thought this was a really positive step forward. It will take time to obviously realize we have included the measures in these core sets within our proposal for MIPS as our first step. I am looking forward to seeing that unfold on the private payer side, as well.

DR. SUAREZ: Could you say a few words about the waivers for MIPS? Are there any waivers involved in the MIPS program?

DR. YONG: There is a low volume threshold. We haven’t made a proposal for that less than a certain dollar amount and seeing less than 100 patients per year. If you meet those thresholds, if we finalize those thresholds, and you don’t meet the thresholds, you would not be subject to MIPS payment.

For the various categories, particularly for use for certified electronic health record technology, for example, if you are a facility-based clinician, you have less control over the choice of which EHR system that you may use and that your institution may implement. To recognize that, we have certainly implemented proposals and sort of exceptions around that.

MR. LANDEN: Some components of this look elegant and I think achieve some of the intended simplicity that was envisioned with the elimination of the sustainable growth rate. But there is also some stuff financially under the surface here that I am starting to think I see in terms of you have got MIPS. But if you are a clinician who was also seeing Medicaid patients, you may be an EC for MIPS and still be an EP for Medicaid meaningful use, which continues until 2021 I think is the final year.

Also, there is a number of other programs, the APMs. I don’t think you talked about those, but some of the APMs would essentially supersede participation in MIPS. Others would not. From what I have been hearing in some of the other listening sessions, there are some of the APMs where an eligible clinician really won’t know whether he or she is going to be paid under the APM or under MIPS until after it is too late to make any adjustments for that.

My other observation is that the cost of participating is not factored in the payments. The payments, as you mentioned, are going to be essentially budget neutral. But it is going to cost the providers something for the ACI, which is essentially maintaining the MU-certified technology. It is going to cost them something to engage in clinical practice improvement activities, something to engage with the quality and reporting.

The average cost per Medicare visit is going up, but the reimbursement rate is not going up. Then there is still going to be adjusted up or down based on a curve. I am not sure that the graphic behind you presents an accurate picture from a clinician financial viewpoint. Those are just observations.

DR. YONG: Many clinicians are already participating in these programs or participating in the existing programs. Those would be sunsetting. MIPS will be replacing meaningful use for eligible professionals, PQRS and the value modifiers. Yes, there will be cost and burden on the provider to participate in these programs. But ultimately those programs are also sunsetting. Hopefully there is not additional burden.

The new category, CPAI, certainly we hope that clinicians are already doing many of these activities. For example, as part of either their maintenance of certification requirements or other requirements that they have within their states and continuing education efforts. We have heard that there is a burden associated to participation in these programs and are very conscious of it. We take that feedback to heart. Thank you.

DR. SUAREZ: I think we are on time. There are no more questions. Thanks so much, Pierre, for coming and presenting. It was very informative. Thank you so much again.

DR. YONG: Thank you for the opportunity.

DR. SUAREZ: We are two minutes into our lunch. We are going to take our lunch break. We have a 45-minute lunch break. We ask that if you can come back at 12:45, and then we will start with our population health session. We will see you back at 12:45.


Agenda Item: Subcommittee on Population Health (From June 14)/Committee Planning Session

DR. SUAREZ: I think we want to get started. Maybe we can wait one more minute. I am going to turn things to our co-chairs of the Population Health Subcommittee.

DR. STEAD: Thank you, Walter. I am going to lead off our time. First, I want to just thank the members of the committee who have been working through monthly calls and a planning group that has been working through weekly calls since we last met, trying to refine the community health and well-being measurement framework and develop the plans for how we fully vet it and do the workshop in the fall.

To kick off our discussion of the current version of the framework, I want to read the summary that Dave Ross prepared after he worked with the leaders in the DeKalb County, Georgia, with the framework. It provides a concrete example of a community and how they are taking advantage of it. We have passed that out, but really, we want to take the time to read through it because we think it says a lot about what we are trying to do.

As Dave describes, for the past year and a half, the taskforce for global health has been in conversation with several Atlanta metro area county governments about their option for developing a health promotion agenda. Our draft framework gave him an opportunity to explore its utility as a tool for helping community leaders focus their attention on health problems that need action.

He offers the overview of the related discussions as an example of how it can be important. He begins the discussion back in 2015 with the DeKalb County chief operating officer and the chair of the DeKalb County board of commissioners. DeKalb County is the home of CDC, Emery, the Carter Center, CTSE, the National Association of Chronic Disease directors and the taskforce for global health. They are rich in health expertise. Yet as a county where local leaders have almost no readily available data to help them improve and protect the health of the citizens.

The county’s chief operating officer oversees daily management of government operations while the chair is an elective official responsible for establishing overall direction and for guiding the county’s commissioners. They rely on the public health department to advocate for health improvement and to provide necessary population health protection.

The great recession led to significant reductions in county government staff, including the health department. Consequently, when they think about health improvement initiatives, they confront a staffing and funding challenge. The recession has resulted in a county that has stalled in its understanding of health disparities, opportunities for prevention of interventions and stalled in having an active connection between the health departments and the county’s political and management leaders.

They are seeking a logical and efficient way to establish a county health improvement agenda. They are fully aware of the social, behavioral, economic, education and other factors that play an important role in determining individual life course, as well as population health status. They also understand that the county is not monolithic. It is highly diverse, with economic subgroups, ethnic enclaves and neighborhoods. They are aware that the county faces health issues that are not simply resolved by a visit to the doctor, like a high prevalence of overweight children, increasing deaths due to gun violence and asthma caused by bad air.

They know that the burden of these problems is not uniformly distributed amongst the various subpopulation and community that make up the county. Despite this awareness, they have little evidence that motivates an action agenda. The health department has been reduced to offering basic mandated services. Absent data that paint a clear and compelling picture of the county’s needs in a tool that shows sub county level data around social and behavioral determinants, they remain paralyzed to act.

In the course of our discussions, I showed them the draft framework under consideration by NCVHS. They recognized the logic of the domains and the inherent validity of the subdomains and example indicators. They understood that having sub county data on these subdomains and indicators would open a view of the county they govern that has heretofore been invisible to them.

They quickly provided examples of subpopulations they know about, such as a section of low-income Hispanic and aging communities that abut a high-income, high-education neighborhood. Presently, they only have access to state data or at best county aggregate data regarding only a few heath metrics. They know they need sub county data to make visible inequities in health and/or opportunities for health promotion.

I asked them a simple question. If the NCVHS measurement framework existed as a simple to use computer tool, and the tool was able to access sub county level data for their county and possibly surrounding counties, would they use it. Their answer tells a story. Without reservation, the answer was yes, and they added an emphatic, when can we have it?

Based on these interventions with the framework guiding us, we are mobilizing county government officials, the health departments of three counties in metro Atlanta, healthcare provider organizations, public safety officials, business sector leaders and boards of education to form a health planning taskforce aimed at understanding where health needs exist and formulating proposals for action. Problems these leaders know exist in general, yet lack the facts to act in specific ways or in specific populations, include early child violence prevention, land use planning to promote walking and bike-friendly environments, field deserts and substance abuse.

The framework has provided a straightforward, easily understood means for seeking the data that will highlight problems and indicate possible directions for intervention. Most importantly, the framework has given the confidence that this tool will lead them toward a county health advocacy agenda, which they presently lack. That is the story Dave would have told us if he was able to be here. He sent that with an email that in essence said, in his experience, it is the simplicity of the framework, the clarity of a few indicators in metrics for subdomains, that make sense to them. It is the perfect tool for action. It is critical that we do it now.

With that introduction, they are going to walk us through what we are calling almost version two of the measurement framework.

DR. COHEN: Thanks Bill, and thanks Dave for really giving us a real world context to what we are trying to do. What is the framework? The framework really is a planning tool targeting three discreet, but connected, audiences. The first audience is the data collectors, feds and the go-here’s to try to help organize and simplify thinking about data collection and estimation strategies that could be successful at small geographic levels or for subgroups in the population.

Clearly, the second target for the framework are communities themselves. There is an overwhelming massive number of indicators out there, and our goal is really to try to make sense out of these, so that communities can more easily use them and think through what their priorities are and find the data that they need to move forward.

The third audience is the data intermediaries and the foundations who have already done an enormous amount of work in this area generating indicators and gathering information. Our goal is not to recreate what they have done, but essentially create a structure and then turn over this structure for the experts and those who have already done this work to move forward to populate these domains and subdomains and provide the data at the smallest geographic level possible.

Our goal is really to create a broad consensus around what this structure looks like. That is essentially the primary purpose of the workshop that we are going to be having in the fall. Out of that workshop, there will not only be a report, but will develop recommendations to the secretary of what the federal role can be in helping promote this vision, the clarity of this vision.

That will include recommendations about data collection. That will include recommendations about estimation where direct data collection might not be the easiest or most efficient way to go. Certainly it will include recommendations related to the ability of the federal government to provide resources and direction to help communities and subgroups in the population collect and generate the data that they need themselves.

That is really what the framework is about. The full framework is given the agenda book on pages 81 to 90. I thought what I would do is just highlight what we consider the foundation of the framework. Then I will turn it over to Kate for a little more explanation, and then we will open up for discussion.

The guts of the framework really are the nine domains and 23 subdomains in this version 2.0 to be modified. Essentially, we got to these nine domains and 23 subdomains in several different ways. First, building on the workshop that we had in November of 2015. Secondly, Dr. Denise Koo developed version 1.0 of a framework, working for Dr. DeSalvo as they had begun to think about data for public health 3.0.

The next thing we did was give Parish, who has worked with the committee before and who was a vital part of the first workshop, to do an environmental scan. Here the goal was not to focus on the usual health suspects, but look at indicator datasets from enormous broad perspective, looking at the work that has been done by other federal agencies, looking at the work that has been done by community organizations and by foundations. That environmental scan is a tremendous resource that is now up on our website. If you haven’t had a chance to look at that final version, please do so. Please circulate it to your colleagues who are interested in this area.

Then the fourth input for this measurement framework version 2.0 has been the ongoing feedback that we have gotten from many of you and from colleagues in this area who have helped us refine some of these words and some of the domains and subdomain names. We are not pretending that this is a finished product. It is a point along the road. Our goal is over the summer to work to develop this framework to finalize version, I guess, 3.0 to be available prior to the workshop in September and try to create consensus from the next iteration.

I think there are a couple of key things going on here. Most of the indicator datasets that we saw had a set of domains followed by a detailed breakout of indicators or variables to populate the domain. I think the conceptual breakthrough that we have had that has resonated with folks that we have discussed this with is creating a structure that has a broad set of domains and then a subset of subdomains.

This creates the breadth and flexibility to populate these subdomains. But it also creates an explicit structure, so folks can find themselves in the areas that specifically interest them. I think this approach really sort of coalesces some of the ideas that we have gathered from the literature review. I will stop there and turn it over to Kate.

KATE: To add to what Bruce just said, we are very aware that this is a framework and not a prescriptive set of indicators. Many of the health frameworks that are currently out there from the health side have created a set of measures that can be collected for all states or counties or whatever geographic area they are being targeted to, with the specific idea of comparison and/or ranking.

What we were trying to pull away from saying, this is a tool for counties to look at themselves, to not necessarily look at the counties or the communities around them, but to really address their own needs. Therefore, allow them to populate the metrics, the actual items that measure some of these subdomains from using things that speak to them.

It will make our job of talking about how to get all these indicators more difficult because obviously now we don’t have a set of 100 indicators to them make available. That is probably something we will need to address in the future. But in the meantime, and this came a lot from looking at Gibbs environmental scan that many of the communities used many or most of these domains in their framework. This was what the community indicator projects were doing.

It is also breaking us out a little bit from the mindset of health versus all of those social determinants of health. It is not an either or. It is health and environment and housing and economics because all of those are equal. That is what we have heard from the communities who were at the workshop in November was you can’t put health and then food or health and then air quality because those are different levels of domain. Air quality is a subcomponent of the environment. Environment is equal to health. That is why when you look at this framework, we made domains and then a sublevel of subdomain. The subdomain then hopefully is all at an equal level, and all the domains are at an equal level.

Do I need to go through anything else on this?

DR. STEAD: Another thing we attempted to do was to make sure that each cabinet agency could see themselves, or if not a subdomain. But we tried to get it at the level of the domain. It is clear success here is going to be able to align people, help people align themselves to work at goals they are already measuring and makes sense to them in a way that comes together collectively to affect health. That was a piece.

Then the other thing we did in the exemplar measures that you see in the written piece is we noted examples, and in most cases, we could find an example where somebody had been able to access or to collect to estimate at the sub county level. There are some examples where people were successful. There are also clear examples of gaps, things which are important in these domains that at least so far we have not come across sub county metrics.

Our goal here is not actually to resolve those. They are there simply to help us understand, have we begun to get the right domains and subdomains. When we are describing the measurement framework for the purpose of the consensus in the fall, we are only talking at the level of domains and subdomains. If we can get them right and get consensus around them, then you have actually got a guiding tool that will help people work on metrics.

It will let us then looking at the gaps help say, given the fact that this is sub county level, what can the federal government do to either make data available then or, equally maybe more importantly, help communities, et cetera, deal with those gaps. This is the ultimate of an attempt to give a framework that enables multi-sector collaborations across public and private. Our job in many ways is to really keep HHS there as a key part of the public and the recommendations that we put forward.

We need to know what resonates or doesn’t resonate at the level of the domains and subdomains.

DR. COHEN: Vickie was the first one I saw.

DR. MAYS: I really liked the way you started with the story that came from Dave. It helped to illustrate potentially a user group. Part of what I am interested in is kind of in terms of these domains and stuff, who you see as the user group at this point. Or not who you see because you might see the world, but who is it that you have kind of run these domains by that is excited.

I could see that at the level of county officials who of course have staff and resources and analysts and all that, that they are good. I want to see who else you have run it by. Two, if you have a sense of what you think are the users that aren’t covered yet in this. That will help us in our workgroup. We are trying to go through this user stuff. I want to know more about who to be excited about and who to be concerned about.

DR. COHEN: We want to cast a wide as possible net to get feedback from as many folks as we can at many levels, certainly communities. We are going to send this framework to everyone who was involved in the workshop. We are going to reach out to organizations that we know of. We would love for you to share this framework with the organizations and the groups that you are aware of.

We are going to target again. There are these three piles of folks. They are the communities themselves. They are the folks who produce the data. Then there is this group in the middle that has worked to facilitate this conversation.

We want to get as many folks as we can to comment on the framework before we put it in the ultimate stage to give out to workshop participants, so that they will have the benefit for all that feedback. If there any folks that you know of, just let us know. We will give you this framework document, which I think is very good with an introduction that explains the process and with the measurement framework in its current status. I cast a wide net.

MS. HINES: There is a draft letter that Kate has put together that would go with it, explaining what we want people to review and who to send the comments by when to. That can be made available to anyone. Maybe we will just send it to the whole committee.

DR. MAYS: That is helpful because I didn’t know if we are ready. Once you did the story, whether you also had other groups or you still have groups to do. We will help you then in terms of with some of the groups.

DR. LANDEN: I love the letter that you introduced this with because building something is always a little bit of, is this a build it and they will come project? To hear people in the trenches saying, I get it. I understand it. It is useful to me. By the way, why can’t I have it yesterday? It is a pretty good thing for these types of projects. I am very pleased with that.

My question goes back to November, the discussions we had. I remember that the subject of nutrition came up in several guises and perspectives. Specifically, I remember somebody, I don’t know who it was. My apologies if it is somebody in the room or on the phone. But I remember one of the data sources was suggested to be driving or walking down the street, looking in a store. Seeing if the produce shelves in that store were full or empty.

My question is I looked at the matrices here. I couldn’t find a place for observations like that, nutrition. It wasn’t stated anywhere. I couldn’t figure out what category it might go into.

DR. BRETT: This is the sort of thing where maybe nutrition could fit into several places. This is another thing that we saw in the scan is that the same indicator can fit in several places. The built environment is where you are going to see a measure of are there stores that sell produce. How far away is the grocery store that has a certain number of people who are employed, which gives a certain size.

On the other hand, there could also be the measure of what percentage of people are eating fruits and vegetables. That is a health behavior. That would go in the health behaviors subdomain. The built environment subdomain could talk about the availability of nutrition.

MS. LOVE: I think we are really close. I counted up the domains of the project that I worked with for the California Health Care Foundation. We have nine domains, as well. The slicing and dicing, I can give you some of the ideas. But there are some gaps on this one that I think would fit nicely.

Getting at Rich’s comment, we put environmental factors. Then that gets at not only air, water, crime rates, parks, recreation, housing density, lead exposure, food sources. I think we are really close, but there are some maybe broader domain labels that then would plug in.

Where I saw gaps on this, and of course, our was for county supervisors for planning, so a little different than a public health department. We put in a whole category for health planning because they wanted to know their facility level information, number of hospitals and nursing home beds in a county facility, capacity and occupancy rates, ER capacity, trauma levels. But again, that is more of a structural overlay.

Another area that could fit under health care, I am just trying to fit this in, was a big one was cost, procedure pricing, RX cost, hospital cost, mental health service cost, insurance premiums. Workplace injury, I am not sure where that shows up, but that was another priority for them.

I think the domains really mesh nicely. I wanted to offer our domains up and see if we can reconcile those. There was another one that was really good that they liked. I circled it not only foreclosure, but food source, but also number of school lunch subsidies. I don’t know if it was WIC. Anyway, we were getting at the economics in that way. Then we had SES factors, unemployment rates, government food assistance rates, foreclosure rates and Gini index. I will make that report available to you.

My other question was, is this vision of this for prepared indicators that the government would make or data sources? Ours was more pointing them to data sources with geographic drill down capabilities. They could go into the data source and look at it, rather than indicators. Are these prepared indicators that would be like a menu or data sources?

DR. STEAD: Our thought is it can be any of the above. It is clear we have got to go from domains and subdomains that then we assume that if we can get consensus there, then our job will be to then generate recommendations of what HHS would do to enable that presumably as part of a public-private coalition or collaborative effort. Therefore, people could work different prepared indicators or simply data sources, which could be linked.

As Kate said, unlike efforts which have really been around developing a harmonized set of metrics, it could be used to compare things across the country. What we are looking for is ways to let the leader of a small area easily begin to identify the disparities within that small area, side by side, where they can just slightly redirect their resources and make a difference.

We are not trying to reproduce any of the comparative work. We have tried to harness that in the environmental stand. The things that are developed in that could be plugged in as main use of indicators or metrics within a domain somebody could pick from. But we are not trying to constraint the indicators or metrics at all. We are trying to constrain the number of domains.

MS. LOVE: Community assessments are very useful for that reason. But I, as a data person, think they are very useful for another kind of disparity. That is communities that don’t have access to data because their states have very horrible data access and release policies, or they don’t have the capacity. As you mentioned, they have been starved to death. That also speaks to these gaps that are huge. Why can this community measure this, and we don’t even have data on that? The disparity cuts even deeper in my mind. Thank you. Good job.

DR. BRETT: To go back to the beginning where you were talking about some of the factors, like health care planning and infrastructure. That is an interesting one that I do think we missed. Other things like school lunch subsidies, that is actually the metrics. That is the next level down.

The Gini index would definitely go in the economic section under income and wealth. School lunch would also probably end up being.

MS. LOVE: That seemed to be important because their beds were not enough. They had a high elderly mix. That was just something.

MS. KLOSS: I kind of dropped out of this effort for six months. I felt like I left it in November and reconnected in reading the eBook. I was really amazed at how far it has come and kind of being clear what it is for and scoping it. It was really well done.

I was curious, though, if you would just wax a little bit on when you think about version 3.0, and I know you have probably gone off and thought about possibilities. How might it be made easily usable. I imagined that it worked very well because Dave was there to kind of take them through this and help them see the possibilities. As you think about 3.0, how might you envision it being packaged to be just that intuitive?

DR. STEAD: By version 3.0, we are not talking about going from public health 1.0 to 2.0 to 3.0. Version 3.0 is the next iteration of what you see before you. What we are hoping to do is we are going to make whatever corrections come out of the day. We are then going to broadly send that. We are going to ask a set of questions to get vetting back because we are trying to fully vet this before the workshop. When all that stuff comes back, we will make another set of edits. That version will be 3.0, I believe packaged very similarly to what you see in front of you, but with the content hopefully a little bit better.

Then we will take that into the workshop. Then what we are going to need to do in the workshop is identify the recommendations. What can HHS and other federal agencies do to go where you are talking about? What are the gaps? What can they do?

We are making a deliberate attempt to have the right multi-sector partners and other players in the room, so that hopefully the collaborative effort will be on a roll by the time we come out of the workshop. That would actually create the resources to do something. Our challenge, as we have in all our work, is NCVHS is not an operating arm. Our goal is to get this over that line in September.

DR. O’GRADY: You talked about kind of additional things that might be added here. The one that struck me is kind of a two-for both in terms of partners and kind of additions. When you look at obesity, RWJ did fund county-level modeling of diabetes, as well. That is done out of Virginia Commonwealth. The last I heard, it was a good team and things like that. That is one that would be available.

Also to your point, Bill, about the idea of kind of we can take this right up to the end of the diving board. But we are not really the ones to hit the water. That idea of thinking about those sorts. I mean, it is RWJ who has thought a lot, certainly at the county level at this point. Maybe we don’t want to put our nose where it doesn’t belong. But at some point, there is going to be a handoff.

When I was there anyway, HHS and RWJ had some very good examples of where there were six tasks that were part of the demo. The feds would do one through three. RWJ would do three through six. It was almost always something that would be some sort of data collection that if the feds did it, it would be a year and a half. RWJ could do it in a month, those kind of practical things.

This is great stuff. Like you say from the DeKalb County people, it whetted their appetite clearly. But I would hate to see it be one of those that we kind of think through, and we have a kind of structure. We have, okay, here are the indicators you have already got in-house. Here are some that would be really good to start collecting. No fed is going to walk up and down the aisles and count vegetables.

But other things that are maybe more, like you said, SNAP enrollment in your area, things like that that are doable. That would be very nice. I would hate to be just that we never get out of the planning stage and we don’t think about who we need to get excited about this to hand it off successfully.

DR. COHEN: Hopefully out of the workshop, we will build the momentum. There will be organizations that really see themselves as the folks to whom we hand this baton to and this structure to. That is certainly our goal.

I think what the feds can do, I agree with you, they are not going to be collecting data at the neighborhood level for an incredibly large set of indicators. But they can promote synthetic estimation. They can develop tools that communities can use if they want to do barefoot BRFS in their communities or youth risk surveys in their communities. There is a lot of technical expertise that the feds can give if they focus on sub county uses of information that is generated at higher geographic levels. We hope to stimulate that conversation as where we want to go with this, as well.

DR. BRETT: I wanted to just add that one of the things that we have seen is that there is a lot of players in this particular field. For example, CDC and RWJ are working on the 500 Healthy Cities project where they are going to do I think it is census-tracked estimates in 500 cities based on BFRS data.

It is tapping into all of these other projects and getting them all in the same room together, and building a coalition that can then not only do the health, but the HUD people who are very interested in doing this kind of work and the transportation people that are very interested in doing this kind of work, getting us all working together. Then the outside people who can take it because we are feds, and we can only do so much.

DR. O’GRADY: I don’t know how much the Department of Agriculture collects. They may not have the grocery stores, but they may have kind of catchment areas of what kind of farm production feeds into what sort of locality. They may have it on the supply side not demand. I have to believe that those agencies also, by seeing the other agencies’ data, it is not that they are almost solely contributors to this process, that they get something out of it, as well. The HUD guys get to see all that other data that they don’t normally get to see.

DR. COHEN: That is a really good point that we didn’t emphasize enough. In the environmental scan, I think we realize that there are other executive secretariats that are much farther down the road than HHS with respect to focusing on community-level and small area data. Department of Agriculture, certainly HUD, EPA, so part of our vision is that the secretary will engage them, as well, in this process, so this fits everybody’s needs. We won’t have to reinvent the wheel to populate a lot of these domains and subdomains because it will seamlessly integrate with the projects that they already are engaged in and are well established.

MS. GOSS: Ultimately, are you looking to have something that is just a methodology in the written word? Or are you looking to actually enable a process tool for sub county community leaders to use? Then how does that link with the larger data extraction functionality? Is it something that you leave to the marketplace or something that you are looking to sort of provide support, as well? It is kind of a bifurcated question on what is after we agreed to the how.

DR. STEAD: That would definitely be our long-term dream. I am not reading Rebecca’s lips.

MS. HINES: I was just going to say that is what I wanted to speak to, so you read my mind. I will just take a second. Fifteen years ago, HRSA developed the community health status indicators that did this for the county. What has happened in the last 15 years is, as everyone knows, the county is not a monolith. We are now down at this level. Let’s say everything goes like clockwork. At the end of this process, we have defined a really super set of domains and subdomains.

Right now, there isn’t even a portal where a county that has two staff or a city that has two staff could go and even know where to get a measure under each one of these. To your point, this is why when they show you the roadmap shortly, you will see there is a hand-off to ensure a public-private partnership where they are going to identify the federal gap that hopefully could be fleshed out further, not just at HHS.

EPA and others really have done more work in this area. Get the RWJs and whoever, someone to take the lead on creating a portal that HHS did 15 years ago at the county level. I don’t see. There is no home. This is sort of the take-home for me. There is no home in HHS for local data. It doesn’t exist anywhere at HHS, at CDC, at HRSA. There is no home for local data anywhere in HHS. Therefore, there is no portal. There are sets with different pieces. What is really called for, if I am one of two staff in a metropolitan area, is I need someone to not only give me this framework, but a link to where I can go get some data for each one of those.

That is sort of what we are going to be putting out there hopefully in this roadmap. We are going to say, hey, this is the next step. Lots of foundations have the resources. They have done a lot of this work. But what we are doing is basically sort of catalyzing the federal folks to step up and then hopefully meet the private sector folks.

DR. COHEN: The closest thing that I have seen in HHS is the social vulnerability index developed by ATSDR that generates census track related data all from the census and creates indices of economic, housing, transportation and language that sort of summarizes the vulnerability within small areas. I doubt whether it would be expanded using our particular framework. But I think the goal is to create interest in having a public-private partnership to ultimately house the tools that will allow communities to access data in these domains and subdomains.

DR. SUAREZ: I have been listening to this whole discussion. I think what I needed to understand better is really when do we consider this framework version 2.0 finalized and decide to move forward? I think in the cover of the framework, it says something like once this gets approved and acted on and we move forward. When would you see this being defined and final and basically approved? Do we have to take action on it?

Then the other question is, I think, more related to what Alix was pointing to, which is the ultimate product. The framework, plus a series of tools or resources, so if you could describe a little more. Once we have the framework, which is the domain, subdomains and this concept, approved, let’s call it that way, then what do you see would be the other deliverables, the other tools or resources? Maybe I am missing that.

DR. STEAD: This is the answer to that. I think, Bruce, it is fine if you want to capture the tents first.

DR. COHEN: The roadmap creates where we get off and we hail an Uber.

DR. RIPPEN: I thought it was really brilliant to actually organize it based on what people see themselves as fitting especially because what we are talking about is across all the departments that do touch on things that impact people’s lives, which is all of them. Kudos, I thought that was brilliant.

I do think, though, that some of the challenges with the example of food and nutrition, given that it is core and I know it can fit in a hundred different places, there needs to be something that people can see. It is such a core component of health these days.

The other question is this whole thing about policy. It depends on how you view policies and rules and regulations. At the local level, they have impacts. Again, if you are just looking at what is happening at a community, they might know all the policies. But if you really are thinking about it in a very more global perspective, too, with regards to what makes a difference, the ability to also consider policies is an important one. If you do look at the determinants of health, they do have a category under policy. It does influence lots of different things. You won’t interpret things maybe incorrectly.

I guess how I think it fits in with the data working group, and hopefully Vicki will confirm, is what we see is you have the major categories as far as the important things to capture. What we are calling the matrix is really then the description of the data elements and the granularity that someone could look at quickly to then assess is this going to be useful for me or not. I see it actually integrating really well.

DR. COHEN: That is our hope, as well. Raj?

DR. CHANDERRAJ: I was wondering if you could include the disability in your subdomain or domain thing. It is a big factor among all the health factors, the disability is one of the most important things. When I first came to the county, it was like 16 percent or so disabled. Now 46 percent of the workforce is disabled. This 54 percent is dragging the 46 percent on. Soon, it will be the majority will be disabled and less will be working. I think if you can improve that process of collecting disability in the workforce, it will be very important.

DR. COHEN: Raj, disability is a really interesting concept. It is one of these concepts, and clearly an important one, that can fit several different places in our construct. If you look at health conditions and diseases as the subdomain, disability can go there. But more recently, people use disability as a key demographic indicator, as well. Depending upon how folks, communities or policymakers see disability, it will certainly appear at least in one place as we get to a metrics to population the subdomains.

MS. LOVE: That is where tags and labeling could come in. When we did our database, so if I am interested in workforce, it would pull those indicators from those domains for those irrelevant data sources for workplace injury or whatever metrics are in there.

DR. COHEN: Initially, when we began these discussions, we spent an enormous amount of time discussing where this goes or where that goes. That was less productive than coming up with a structure right now, where everybody can see themselves and have the task turned over to folks with more expertise to have those discussion that we can’t resolve right now. But cross-indexing is really going to be key.

DR. MAYS: I just wanted to go back to a point that Denise was making. It may be something to think about doing at the workshop or when you send the stuff out. One of the things that is important is for people to be able to see what they are interested in. See, now I am not talking about like the district people in DeKalb. They can articulate it however and go tell their people to go find it.

But when you start getting down to community organizations and neighborhood groups and all that, they don’t sometimes use these same terms. Like say the word, social cohesion. One of the things we often talk about in being able to find data is that it needs to have social tagging where people begin to give it meaning, so that other people like them begin to find it.

One of the things I am going to suggest you think about is how to take the first two columns and to see if you can’t do a social tagging game with people. So that you can get a sense of how other people would call this, so that when you hand it off, it can come further down to communities and consumers.

Part of what we are trying to do, and I am getting back to what Helga was saying, is that for us, you are already talking about the frame. Then I think what we do is to say to people, well, here is how you get it. Our job is actually to make recommendations to make it easier to get it.

Rebecca, I actually disagree with the notion that there is not a lot of data. If you think of NCHS data, then it is all federal data that is at this national level. But HHS has the data for NIH. It has the data for NSF. It has the data for the clinical trials group. It can be a city base. I would see the workgroup as trying to help the secretary to figure out how, for example, to have that data be made available for people to use. I don’t think that is a public-private. If we can get it straight, and to think not just about the big surveys, but all this data. People will tell you, I didn’t even know this NIH study was in my backyard.

MS. HINES: Or conversely, San Diego said, we know we have all this HRSA funding coming in. We can’t get the data from HRSA that says where our Ryan White funding is going.

DR. MAYS: I think that we do want, on this local data, to also realize that we can make comments to the secretary about how to make it more available and what format to put it in for people to be able to access it.

DR. COHEN: Lee gets the final word. We will have hopefully five minutes, so Bill can go through the roadmap and sort of pull it all together.

DR. CORNELIUS: Just a quick comment. To the extent that we end up doing this dance around disability measurement and so on, we want to tap into Jennifer Madden who has been doing international work on this for a long time. She will help us not reinvent the wheel.

DR. STEAD: The roadmap is on page 94 of your agenda book. It was also the last page of the report from the fall workshop. It evolved after that workshop to reflect what we learned.

You will recall last November, we were right here, step two. We had version 1. We said what is our consensus. Answer, no. Clear consensus we needed to do this, but we weren’t yet ready. We needed to do the environmental scan. We then needed to refine the core domains in step four. Then we needed to identify if there were metrics that were at the different levels, identify gaps.

Right now, we are sort of at the end of step six. As we work into the next little bit of time, we need to present the domains and determinants from the three perspectives of determinants, equity, life course, which is step seven. I think that is a place we can build simple examples of how multiple metrics from the different domains or multiple indicators from the different domains could come together to paint those three pictures for a few representative sets. People could help us do that, and it would be step seven.

Then this business of broadly circulating this version two and vetting it broadly, which is step eight. Then that brings us back to step nine, which is the November work. We are once again going to ask the question, do we have consensus. Hopefully this time, if we do the vetting right over the course of the summer, we will get a green light at that juncture.

If so, we then bring it down just a bit. You then see we cross this color boundary. NCVHS is not an operating arm. We have done what we can do by ourselves. As we cross the recover line, we can continue to play a part, if you will, emphasizing the public part of the collaboration or partnerships. If it is going to be successful, it is going to have to come out with legs.

The next steps would then be to curate a menu of measures. This would begin to give us something that could be done in web form to then identify gaps. Then you need these loops on the roadmap. One of them is around a set of work that will be development of methods to access, collect and estimate at the sub county level. We won’t do that. We don’t have the resources. But we need to engage with people such as RWJ to do that work. Then to catalog the tools to support measurement at the sub county level, again identify gaps, then to develop more tools. Then to implement pilots and to capture successes and learnings.

We are hoping that Dave is going to continue the DeKalb County work, and that we will actually be able to bring it its then current state as a use case into the start of the workshop. We are hoping to do that with three other communities. That is just showing the piece of paper is useful.

As we go further, as we make it through those different loops, I think we will end up at the point that Linda and Alix would like us to get to. That is a high-level view of how we plan to carry this forward. Thank you.

DR. COHEN: So the outputs will be the results of the workshop, which will hopefully be a consensus framework, plus recommendations to the secretary for next year, a workshop report and strategies to engage and hand-off this work to other organizations that want to partner with the feds to continue populating the subdomains. Then ultimately, we don’t know. Hopefully it will go in the direction that Bill just described.

DR. SUAREZ: Thank you. What do you see in terms of the work plan of the sequence of steps?

DR. STEAD: — develop a workshop report probably early in the next calendar year to finalize recommendations, so we might approve them at our February meeting. The parallel with that, Bruce has been engaged in the work with standards around the public health data standards and vitals hearing. We have been working with the health data framework presenting it to the HHS idea leads. We are talking to Vicki about how the possibilities of that becoming driven more by the workgroup than by pop health.

Then what Bruce and I have been assuming will populate the next step of this is when we talk about the work plan in November would be something around the future of vitals and something around the future of surveys and the intersection of data mining. Those would really take us to fit into the sort of discussion we had with Alix and the full committee a little bit ago around standards.

DR. SUAREZ: Wonderful, really great. As I see the NCVHS moving into 2017, I think we are going to be positioning the committee to look at the future of several things actually. The future with public health, vital statistics, privacy and on standards actually. I think it is going to be a really great 2017. We have got to move on.

DR. STEAD: I just want to say one more thing before we close. Kate has been a godsend. The real progress you have seen since our February meeting and before, largely Kate. So thank you very much.

DR. SUAREZ: We have got to transition to your meeting.

DR. MAYS: In the curated menu of measures, I think one of the things you really need to do is that there is a lot of work going on right now by NIMHD about measures that are needed. I think we should have a write-up in this section that really covers it. It is called methods and measures. They are doing this as part of their strategic plan.

If you are trying to push this out the door of social determinants, it will be yesterday’s news if you don’t integrate this new thinking that is coming out by NIH on new approaches. These measures won’t have those approaches yet.

DR. SUAREZ: We are going to be closing our National Committee meeting in just a minute. I have three quick announcements to make. First of all, on the standards subcommittee, Ob has stepped down as the co-chair. He has been quite engaged in his job. He has been having trouble putting some time and supporting the work.

The first thing I want to say to Ob, I know you might not be on the phone, but we are very appreciative of all the work that you have done through the last several years. He will continue to be a member of the standards subcommittee and on the full committee. We have been fortunate to have been able to appoint, and he has accepted, to be co-chair as the standards subcommittee, Nick. Nick, welcome to the new position.

MS. GOSS: Ob deserves his own round of applause. He has been working very hard to balance all of his responsibilities. He cares very deeply about this work. That was the motivation for I need to step down and let someone else really take the lead here. He really believes in the work we are doing. He is not going to leave. Thank you, Ob, for all of your leadership.

DR. SUAREZ: So, similarly on the Privacy, Security and Confidentiality Subcommittee, as you know, Linda has been carrying the workload for the last several months, if not year or more. We have been fortunate now that we have our full complement of members of the National Committee to approach and she has accepted approach, Barbara, as our new co-chair of the privacy.

Lastly, I want to just say a word about a member of the National Committee that ended her tenure. She ended in May. It was coincidentally that she ended her tenure as we were holding a hearing on de-identification, the Privacy and Security Work Group, a subcommittee that she was involved with for all her tenure. Sally Millam, as you know, left the National Committee at the end of May. I wanted to acknowledge her. I did say a few words that day at the hearing but I wanted to say it here on the record at the National Committee.

We really appreciate all her years of work, her leadership, her incredible commitment to privacy and to consumers. You might not all know, but she was the first privacy officer at a department and then at a state level in the country. She is a privacy officer of West Virginia. She was the first one appointed as such in this world of privacy officer that we had. She was incredible. She was quoted and cited in a number of publications and recognized nationally. I wanted to really express that.

MS. KLOSS: Walter, not only was she an invaluable member of privacy all these years, but you may recall that she co-chaired pop health for some time, too.

DR. SUAREZ: She had her fingers in many different letters. I think I made account of how many letters she participated in. It was more than 35 different letters that we wrote and reports that we wrote, where she had input. It was incredible. Thank you, Sally.

Agenda Item: Public Comment

Now to close, we are going to go for any public comments. I know we are ending our session, and we always end with any public comments. If anyone wants to come forward with any public comments, on the phone, anyone?

(No response)

DR. SUAREZ: Debbie.

MS. JACKSON: This is the second day of four that this team has pulled together. I just wanted to make sure you got a chance to meet Geneva Cashall(phonetic), our new team member. She got thrust right into privacy. A very astute, learned, a very skilled person from Committee Management at CDC. You have heard her voice. You have been getting her emails. She has jumped right in and off we go, so thanks.

DR. SUAREZ: Really, we wouldn’t be able to do all the work we do without the staff. In all the subcommittees, I want to acknowledge certainly Terry from our standards subcommittee for all her work on putting together all these materials and letters and helping the subcommittee work. Terry, thank you very much.

Certainly Rebecca, I know Rachel was assigned temporarily to us. She worked with Linda on the Privacy Subcommittee. Rachel, she is not on the phone anymore, but thank you, Rachel, also. Mya, welcome back. We are going to have our hearing tomorrow on minimum necessary. All of you certainly that are going to be able to attend and stay, we look forward to that important hearing. Then on Friday, we are going to have the hearing on claim-based databases and APTDs, so a very exciting time.

For tomorrow, I think it would be helpful if we distribute all the materials here. Linda?

MS. KLOSS: That is what I was going to say. They came to you electronically, but there is a hard copy, too. I think it might be good to have it distributed, so you can start perusing this evening. That will help. But bring it back because there aren’t extra copies.

DR. O’GRADY: On that kind of stuff for the next two days, if we have the sort of links and the uploads, and the different things that are necessary ahead of time, let the staff have them. This sort of trying to debug of downloading a movie while everybody is sitting here is just not fair. If they can have it ahead of time and be sure that they can sort of bring everything up and figure out where it stumbles and fix it, that I think would just make the whole set of meetings just move a lot smoother.

DR. SUAREZ: Yes, indeed. I think this time around, we had to actually scramble to find a place even. We created some challenges for our staff to coordinate downloading. Usually, testifiers tend to give us testimony to date.

DR. O’GRADY: I guess I would put a 24-hour. It is just clear. If you had a second to play with it, you could fix it.

DR. COHEN: I just want to acknowledge all the support staff for pulling this together under such difficult circumstances. Thank you all. We couldn’t do our work without you.

DR. SUAREZ: Okay. We are adjourned.

(Whereupon, at 2:03 p.m., the meeting was adjourned.)