[This Transcript is Unedited]
DEPARTMENT OF HEALTH AND HUMAN SERVICES
NATIONAL COMMITTEE ON VITAL AND HEALTH STATISTICS
SUBCOMMITTEE ON PRIVACY, CONFIDENTIALITY AND SECURITY
June 22, 2012
Doubletree Hilton Hotel
8727 Colesville Road
Silver Spring, MD 20910
CASET Associates, Ltd.
Fairfax, Virginia 22030
P R O C E E D I N G S (9:00 a.m.)
Agenda Item: Welcome
MS. KLOSS: I’m Linda Kloss, Co-Chair of the Subcommittee and Member of the full committee.
MR. BURKE: Jack Burke, Harvard Pilgrim Health Care, Member of the Committee, Member of the Subcommittees on Population and Confidentiality.
DR. MAYS: Vickie Mays, University of California at Los Angeles, Member of the full Committee and Member of the Subcommittee. No conflicts.
MS. KAHN: Hetty Kahn, National Center for Health Statistics, CDC, Staff to the Subcommittee.
DR. SUAREZ: Walter Suarez, with Kaiser Permanente, Member of the full Committee and member of this Subcommittee and no conflicts.
MR. LAZARUS: Steve Lazarus, Boundary Information Group, we’re representing CAQH CORE.
MS. KLOSS: Anyone on the phone yet?
MS. HORLICK: Gail Horlick, CDC, staff to the Committee.
MS. CHAPPER: Amy Chapper, CMS, Staff to the Subcommittee.
Thank you. Please speak up any time you have anything to say, those who have dialed in.
We have two items on our agenda. One is to have the opportunity to review and discuss the community health data letter in person. This will be our first opportunity to work on this in person, and to talk about committee next steps and our 2012-2013 action plan, and the questions that Justine outlined for us to consider, to inform the executive committee retreat. Has someone just joined us?
DR. FRANCIS: Yes, it’s Leslie.
MS. KLOSS: Hi Leslie, we were just doing introductions, and your turn.
DR. FRANCIS: I’m Leslie Francis, and I’m from the University of Utah, and I co-chair this subcommittee, and I’m a member of the full committee, and I don’t have any conflicts. I apologize for being late; I called the other number first.
MS. KLOSS: Thank you for joining us, and interrupting your vacation to be with us.
We’ve had several versions of the letter, and I just mentioned that we really have two things to do today; review the letter and think about next steps and 2012-2013 action plan.
With regard to the letter, the version we should work on is – if you are on computer, it’s the one that came to us last evening from Paul Tang. That version includes the – it was based on the version that I sent out that incorporated Jack’s changes and some comments from Maya. So I think the one on line from Paul is our latest and greatest. I think if we’re okay, we probably are best doing this kind of paragraph by paragraph, since we haven’t – can you pull that version up for us?
Good morning, Sallie. Sallie, would you like to introduce yourself for the record?
MS. MILAM: Sure, Sallie Milam, member of the committee.
DR. FRANCIS: Talks about beach trip w/Burke.
MS. KLOSS: Okay now we are seeing the latest and greatest letter displayed.
Okay, the first paragraph sets the framework and as was suggested on our conference calls, we got right to the point and dispensed with a lot of coverage about background, and so far there haven’t been any suggested changes to the first paragraph.
DR. FRANCIS: And the plan is to have an appendix. Which we had some conversation about that; it is a different way to do it because in the past, the letters have set out more kind of by way of establishing our cred, I guess, but we think it’s better to get straight to the point.
MS. KLOSS: And there is reference to the appendix on this first page a little later.
The issue of formats of letters did come up yesterday in the committee’s discussion, and I suspect that one of the things that may be helpful is to kind of revisit some sort of standardization, or at least general outline, for letters in the future, but I think it reads better moving that background stuff to the appendix.
Paragraph two, then. We had a couple of editorial tightening changes that are reflected in there. Nothing substantive.
Again Paragraph three; it is substantive to have added reference to HIPAA’s privacy rule rather than HIPAA generally, so I think that tightened it.
MS. MILAM: Do we need to spell that out the first time and then offer it as an abbreviation –
MS. KLOSS: And what we did was use the convention of repeating privacy rule wherever it came up throughout, rather than –
MS. MILAM: I meant the HIPAA part, the Health, Information –
DR. SUAREZ: I think she means the acronym.
MS. KLOSS: Oh the acronym. Yes.
DR. MAYS: Can I just comment on one sentence? I didn’t know how to change it, but it’s been bugging me off and on. In the second paragraph, before we go on to the third. “Uses of data drawn from a community may benefit or harm everyone in the community, even those whose data were not used.”
What I’m concerned about is if the broader group will understand that, or that it seems kind of really radical if you don’t understand it, because we’re saying everyone in the community. I don’t know quite how to fix the sentence, but it’s just – it’s funny, I looked at it before and then I left it alone, I looked at it again and I guess there are two things. One, does it help us to try and instruct people as to what we mean, and then second, can we modify “everyone”, because it just sounds too big. Because usually it’s a specific group or some segment of the group, or it’s a neighborhood.
I guess what I’m worried about is that people may not understand; I mean there’s a lot in the sentence. It seems like very low key, but it’s actually the crux of one of the things that I think is important. I apologize, but I couldn’t figure how to fix it. Because it’s almost like to fix it, I was going to write several sentences, and I don’t want to do that. So I’m just going to raise, kind of, what –
MR. BURKE: Would substituting “the entire community” soften it, but not sufficiently for you?
DR. FRANCIS: I think we could make it two sentences. It could say “Use of the data drawn from the community may benefit or harm anyone in the community. Inferences might be drawn about the community and its members, even those whose data were not used as a basis for the inferences.”
DR. MAYS: I like that. It’s the inferences issue that then – that sets people to understanding what this is about. Because I think we know, but I don’t know that some people appreciate this, and they often think it just has to do with a racial/ethnic issue, or a trage, but it has to do when you identify a neighborhood, when you call a city as being “obese”, it was just a lot of things that.
MS. KLOSS: Well then let’s go up and help us capture that.
DR. MAYS: Leslie, that was great.
MS. KLOSS: The paragraph just above the last sentence, “uses of data drawn from a community –
DR. FRANCIS: “may benefit or harm a community and all of its members. This is so because inferences may be drawn about the community and its members, even though it says data were not used in drawing the inferences.” That needs to be prettied up a little bit, but that’s the idea.
MS. KLOSS: So uses of data drawn from a community may benefit or harm everyone in the community – anyone in the community –
DR. MAYS: And it was the inferences, you had inferences – because inferences might be drawn about anyone in the community – it was the interferences. You had inferences in –
DR. FRANCIS: In the next sentence, it would say “this is so because inferences might be drawn about anybody in the community, even those whose data were not used.”
DR. MAYS: So Leslie, inferences may be drawn about individuals –
DR. FRANCIS: In the community, even those whose data were not used.
MS. KLOSS: Inferences may be drawn about the community, or its individuals? Even those whose data were not used. That’s good, thank you. I’ve got the end of that. Anything else on paragraph three?
And then we get to the highlighted paragraph, which Paul’s comment on that was stylistically, this seems to come out of nowhere. And I think it’s just probably the use of italics. One of the simple ways we solve that coming out of nowhere is to take the italics off, although I did it for emphasis. Because this – the preceding three paragraphs built up to this thought, which I think came out loudly on our call, that HHS is certainly leading efforts to encourage innovative uses of health data. At the same time, the committee recommended HHS develop and promulgate guidance on stewardship practices for use of the health data outside the protections of the HIPAA privacy rule. Let’s add that.
DR. FRANCIS: You know, Linda, I think that the HHS is leading –- if it went before “these initiatives most often –- subject to HIPAA’s privacy rule.” I would lose that paragraph that starts “HHS is leading efforts to encourage innovative use of its health data”. I would leave that up before “these initiatives”, and I would say, “HHS is leading efforts to encourage innovative uses of health data, including those by committee meetings.
DR. MAYS: I was going to suggest for that, “HHS is leading efforts to encourage innovative use of health data for consumers and communities.”
DR. FRANCIS: That’s perfect. And then to move that up, but thinking of the privacy rule –
MS. MILAM: Do we really want to limit it to the privacy rule? I think there’s –
DR. FRANCIS: No, that’s why I thought we would want to move it up.
MS. MILAM: I’d rather leave it at HIPAA and include all of it.
DR. FRANCIS: Yes, but if we move it up before these initiatives, we’ve got the more general, so it doesn’t look like it’s just dropped in there. And it puts the HHS role front and center.
MS. KLOSS: Well, so we will take that paragraph, and move it before the third paragraph.
DR. FRANCIS: Right.
MS. KLOSS: We’ll obviously have a chance to all read this after these changes have been made, but I think that’s helpful. So what about the use of italics?
DR. FRANCIS: I wouldn’t.
MS. KLOSS: You would not?
DR. FRANCIS: I wouldn’t.
DR. MAYS: Can I raise one more thing about the chain of trust? Again, I’m not sure – I may be out of my area here, that’s a kind of common usage. In the last sentence of that paragraph, where we say “data subjects to understand the chain of trust required to be effective stewards”, and I just want to make sure again that people understand what we mean by the chain of trust.
MS. MILAM: I think we’re using it pretty loosely to include a lot of things. I think that’s our intent, notice and consent, agreements –
DR. MAYS: Would a parens then, giving some examples of what you mean, be useful? Especially if we take it out of being italicized, then I think we could. I think if it was italicized, we should leave it alone. But would it help to just have some examples of what you meant?
MS. KLOSS: Or add a modifier that makes it really clear that we’re using it broadly.
DR. MAYS: Well if you do that, “to understand broadly”, I think it’s fine, because then people can read lots into it. But I just think, like it was a term that you were using, and I just –
MS. KLOSS: And if we look at what our stewardship principles are, we are taking a pretty broad brush on the chain of trust.
DR. MAYS: That’s good, then, to broadly understand. I like that.
MS. KLOSS: Okay, now we are to, I believe, if there’s sort of some transition issues between paragraphs since we reordered, don’t worry about those, we’ll catch those in editorial mode. But the next paragraph is, “The NCVHS Subcommittee on Privacy, Confidentiality and Security held a hearing –”, and any comments on that.
DR. MAYS: Well there’s Maya’s comment over here.
MS. MILAM: I’m looking at it on my iPad, which doesn’t show comments.
DR. MAYS: I’m sorry. The comments said, this really isn’t how the hearing was organized; we decided to build on the stewardship idea after hearing the testimony.
MS. KLOSS: And that’s why I added in red, “and governance models”. Remember, and I made that point yesterday, reporting to the full committee that we started with privacy as the headers, and we came out of the day with an understanding that the organizing principle was stewardship, more broadly. But I did, and I agree with Maya, that we didn’t start out to organize the hearing on stewardship. I didn’t think it mattered.
DR. SUAREZ: I don’t think it matters.
MS. KLOSS: Because this letter is based on what we came out of the hearing from, not what we went into it with, so I thought that the way to solve that was just to add “and governance models”, which just broadened it a little bit.
DR. SUAREZ: That was the output. That’s the important part.
DR. FRANCIS: So another way to do it would be to be really general, to say “have a hearing on appropriate protection for data used in community health initiatives, including stewardship, governance models, unique issues of protecting small groups, et cetera.”
MS. KLOSS: I like that. It makes it more precise.
DR. FRANCIS: Makes it more general.
DR. MAYS: I think it makes it community friendly as well, because then I think they can see something there that was of interest to them, so as we give this back to them, that’s the issue they really raised, was about protection. So I think that would be really helpful.
MS. KLOSS: Now Leslie, can you repeat that slowly, so we can catch it?
DR. FRANCIS: Appropriate protections for data used for community health initiatives, or appropriate protections when data are used for community health initiatives, including stewardship and governance models, the unique issues of protecting small groups, et cetera.
MS. KLOSS: Okay, good. Let’s jump to the stewardship framework and guiding principles. Any comments?
MS. MILAM: Do we need to have a period at the end of that quote, before six stewardship principles?
MS. KLOSS: Yes.
MS. MILAM: At the end of health data?
MS. KLOSS: Yes.
MS. MILAM: We have a comma and we need a period.
MR. BURKE: Instead of the phrase “personal health data”, the first three words on that line – is that a period or a comma?
MS. MILAM: It’s a comma but I think we may need a period.
MS. KLOSS: There is a comment from Paul in that first sentence. He is questioning whether it should be “The Committee defines stewardship as the responsibility of ensuring the appropriate use of personal health data”.
Now that’s what came out of the stewardship primer, that’s where I got that quote. But he’s questioning whether could it be application, comma, use, comma and protection, which may now be our current thinking, but that isn’t what we said. So perhaps we revisit that when we think about whether it’s time to update that primer. So I’m in favor of leaving it as it is, because it is a quote from our current –
MS. MILAM: Could we say stewardship includes, so that we – I guess if we defined it that way, we missed a lot.
MS. KLOSS: So – includes the responsibility of insuring the appropriate use – that’s good. We’ll rework the beginning of that sentence, thank you. I think that is better.
Okay, now we’re to the meat, starting with participatory governance. The first new comment we have is under bullet two, so I don’t know if there are any comments on the header or bullet one. And on two, Paul is suggesting communities with formal governance structures, and then at the end of that bullet, must consult governance and honor the decisions made.
MS. MILAM: What’s he saying to do with that?
MS. KLOSS: He’s saying to add communities, then to add “with formal governance structures”.
MS. MILAM: You know what, on the iPad, it’s not reflecting additions, so I’m reading it with all the changes Paul’s made. I like what he did.
MS. KLOSS: Yes, I like what he did too, and then after the e.g., he added the “must consult governance and honor the decisions made”.
MR. BURKE: So if the construction has the communities feeling obligated to consult their own governance structure.
MS. KLOSS: Those with formal governance requirements, yes, which we certainly heard of from –
DR. FRANCIS: Yes, it’s awkward, though, to say “must consult governance”; it should say “must consult these governance structures”.
MR. BURKE: Yes, that’s where I was headed.
MS. KLOSS: Must consult these governance structures and honor the decisions made?
DR. FRANCIS: Yes.
DR. MAYS: I don’t understand it. Maybe I’m being just not awake enough this morning or something. But in the American Indian communities, they oversee their data, so when it says they must consult governance, what does that mean?
DR. FRANCIS: It means these formal – respective governmental structures, and I tend to think that it should say – one form of governance is to have a government, and try to have governance.
DR. MAYS: But are you saying that they have to consult with the Federal government?
DR. FRANCIS: If you’re going to use tribal data, you have to get the OK from the tribe.
DR. MAYS: I guess the only thing is the “must” word. It’s like telling them what to do. They have a –
MS. MILAM: Maybe we should say something like “utilize existing governance structures where they are in place”, or something like that. But I guess I want to take a step back. You know, this is looking – our discussion on the call was that some research may not trigger a participatory model and that it certainly takes resources to engage communities, and as I’m reading this, it looks like it applies to all research, and I’m not sure that’s what we are intending.
MS. KLOSS: What, this bullet? I think this –
MS. MILAM: Well this whole section needs some limitations, I think.
DR. FRANCIS: Well it’s true, they have to.
DR. MAYS: Well that’s what I am struggling with, is what kind of research, who – it’s really; to me it’s really putting a lot of bounds that I’m just uncomfortable with.
DR. FRANCIS: I think what we should be saying is that it needs to be considered as appropriate. And that includes making any relevant rights and responsibilities explicit.
MS. MILAM: We heard some testimony on a few times when it’s appropriate; we heard when you have governance structures for communities like the Indian tribes, where they’ve found need to have this governance structure in place and they want to be consulted, and so we know about that. We’ve heard about some small groups; is there any additional – are there any additional areas that we feel like we could give guidance, because just saying as appropriate is pretty broad.
DR. FRANCIS: Well, I think we, depending on the level of sensitivity, and the possibility of identifying individuals, or drawing inferences about individuals, we may – participatory involvement may be appropriate. It’s clearly not always appropriate.
MS. MILAM: I think that would be good if we could capture what she said, Leslie.
MS. KLOSS: But I think the thrust behind this, the guidance, is that whatever the governance model is, it must be explicit. I think it’s the first sentence that drives this. And so what we’re getting are examples, either community initiatives where there isn’t a required formal governance, that are using a variety of mechanisms, and then other communities where it’s spelled out; they don’t have a choice as to how they approach this kind of study.
But regardless of how formal or informal it is, it needs to be explicit. That was what I was trying to frame this.
MS. MILAM: If we are using the highlighted bullet, the participatory governance, that conjures up other images well beyond what our first sentence says about being explicit, so maybe we need to change the bullet, because that clearly – it shapes the rest of the paragraph and how I read that first sentence.
Being explicit is also known as notice.
DR. MAYS: Right, and usually the way, at least in research, we would do it is through informed consent. So there’s not really a big participatory with the whole community. I think this is what – it would go back to at the individual level. We’re talking about communities, but the process we really follow is an individual one.
MS. MILAM: I thought we heard a new level. We know about individual consent; we didn’t hear as much about that, but we heard about a new concept of community notice and community consent, but we’re not really talking about them in those terms.
DR. MAYS: Right, so what I’m trying to get a sense of is like, how would one do that when you’re not necessarily funded to do that? So either to say it as an aspiration; it would be a great best practice to develop, and then by making it a good best practice to develop, you might then get the Federal government to want to fund that, people could cite this as why they should do it –
MS. MILAM: Or to have researchers evaluate it based on the criterion guidelines of whether it’s appropriate –
I talked with some researcher friends of mind to get their take on this, and they said, you know, in some instances, it’s very prohibitive(?) It is certainly not done across the board. It’s not a question that IRBs are asking. So maybe it could be, should be, but it’s certainly not something that folks are going to want to put the money into in every research project.
Sometimes it’s needed and sometimes it’s needed more in certain situations than others. I’m not sure what we have is matching what we heard.
DR. MAYS: I think what you said is probably like we need some more sentences about rights and responsibilities – that first one can say should be made explicit. An evolving approach to research that evolved in the hearing is that community level consultation.
So something like that, as a sentence, or something, before, and then something we need to say about not when appropriate; it’s almost like as often as possible, or as much as can be done, because I think when appropriate, then people will narrow it down, but instead something that says about wanting to make this the standard when possible. I should say standard here.
MS. KLOSS: So if I’m hearing it, as to what we’re saying is that we need to do a more conclusive job of kind of paraphrasing a definition of participatory governance that more broadly covers the range of circumstances.
DR. FRANCIS: Well it should be about governance, and in some circumstances, that means participatory. But not always.
DR. SUAREZ: Is there stewardship without participatory governance?
MS. MILAM: If you think about government’s use of its own data, and the analysis that it undertakes, those data holders would argue that they’re good stewards of data, by the safeguarding that they have in place, and following all of the laws that they’re required to follow.
DR. SUAREZ: But I mean in the context of community, not, I mean, organizations, Federal government, yes. They do have data and they all claim to be good stewards. I mean, with health plans and all organizations have the data and they handle the data.
But this is about stewardship of community-led data initiatives.
MS. MILAM: I think it depends on how you define community. Some of the communities that we had come to our hearings for the CHIP report, were government led activity, and so I don’t think you have the same requirement on them.
MS. KLOSS: But even if you don’t have the same requirements, I think the spirit of this stewardship model is that there are efforts you need to take to be more participatory regardless of whether you’re obligated to do that.
DR. FRANCIS: Well one example that I was thinking of is, there are uses of de-identified data, lots of uses of de-identified data, and we are – it’s not necessarily participation that would be the model. But it certainly is oversighting that the de-identified data then don’t get wrongly used or used in a way that would reidentify, so their governance isn’t about participation, it’s about transparency and oversight, and following up transparency and accountability.
MS. BERNSTEIN: Are you looking for the phrase “to the greatest extent practicable” – typical lawyer speak, but it might work for you. That is, not always, but as much as you can get.
MS. KLOSS: As much as you can get. I think that’s the sense we had in all the relationship dynamics testimony we heard.
MS. BERNSTEIN: Does that capture it, Leslie, or is that too much for you?
DR. FRANCIS: Well I think you need to ask Sallie, but I wasn’t sure we were going that far. I was clearly going enough to say, what we heard, but it was really important in any case to have information be available about the uses that are being made, and to have some opportunity or have it going beyond oversight. Here’s where one participatory model would be an opt-out model. We encountered controversy about that, and I thought we wanted to say if we encountered controversy about that.
MS. KLOSS: We’ve covered that under privacy, confidentiality and security; principle five. I guess as I pull this first one together, it was more a description of the attitude and the behaviors of the people who are leading these efforts and their understanding of the uniqueness of this application.
DR. FRANCIS: Okay, that does make it – if we’re focusing just on community data uses for community health, then it’s not going to be all of those research ones and so on.
MS. KLOSS: So well, we’ll work on broadening that description of participatory governance in this context ,and then align the bullets in that – because I think what the bullets do is show the range of practical alternatives that communities are working with, and that’s fine. But even where there is formal governance, the spirit of participatory governance should still be exhibited, I guess was the thought I had.
DR. SUAREZ: What’s the status of the second bullet, again?
MS. KLOSS: I think we were finding Paul’s suggestion that we add the “with formal governance structures”, but that we need to do a little more work on that last phrase, because it seemed to be telling them to do what they already were obligated to do, as it’s written now.
MS. MILAM: I think we mean we want researchers to utilize those governance structures.
DR. SUAREZ: I’m struggling with the highlighting of – the groups that we highlight. First of all, I think the more appropriate way to describe some of the groups are Indian nations, and that seems to be a nation, not a community. It’s a community, but – I was struggling – I thought when we were looking at communities with formal governance, I would have thought of the communities that have brought in a nonprofit entity that facilitates the community-led data initiative. I wasn’t thinking of minority populations or segments of our country, but more – I think this might become a little – well not only prescriptive, but somewhat presumptuous on our part to be mentioning something like this to communities that are – in some cases, they’re independent nations.
So again, my thought was, this was describing more of the approach where communities have – like in the state of Minnesota, they created a community-led initiative by a public-private partnership, nonprofit entity. That’s the formal governance that had been established in that community to facilitate and to implement and to have decision-making authority over data initiatives.
So that’s what I thought we were referring to, but not really Indian tribes, Alaskan natives, Hawaiian natives – what is the difference between Hawaiian natives and Minnesota natives?
MS. KLOSS: Maybe we don’t need –
DR. FRANCIS: Hawaiian natives have a formally recognized government structure.
DR. SUAREZ: I understand that –
DR. FRANCIS: Alaskan and Hawaiian and Indian tribes come under the same rubric.
DR. SUAREZ: I understand that, but it’s too –
MS. MILAM: What if we just make it more general, but -– the flavor, where communities have established for themselves governance structures, researchers should work to identify and respect them and utilize them. Something like that.
DR. MAYS: That’s a great sentence.
MS. KLOSS: Say it again.
MS. MILAM: Where communities have established governance structures, researchers should become aware of those structures, utilize them and interact – should respect them.
MS. KLOSS: How about using that phrase that Paul suggested, researchers should consult these governance structures and honor the decisions made.
DR. SUAREZ: And I would keep the “with decision-making authority over matters such as data use”.
MS. KLOSS: The third bullet. There we just inserted uses. Okay, accountability.
MS. MILAM: Let me ask something. That third bullet under the first one, is that really saying that city government or county government should get more involved in health care? Is that what we’re saying? We’ve seen that done in other places, I wonder if that’s what we’re saying. Our community leadership, when I think about who that is where I live, it would be our city council.
MS. KLOSS: Yes, and I think we’re – that goes back to the problem of defining community as broadly as we are in this discussion, where the community actually just may be – I don’t see it as government, I see it as whatever form the community takes, whether it’s a – it’s defined by the community. So I didn’t see it as government.
MR. BURKE: It’s defined by each member.
DR. MAYS: Can I just do the fourth one also, and say “community members should be kept informed about how data are used” instead of telling them what they should do? So it’s on the other person –
MS. KLOSS: Well this really was putting some obligation on the members themselves, so if the other bullets talked about obligations of the leaders, remember that discussion, Leslie? Because the original way this letter was organized was the obligations of the sponsors, or leaders, and the people whose data might be reported. So we were saying “heads up to you if you’re a good citizen of this particular community, you should be participating in –”
DR. MAYS: Can we just say that in a different way, then? Because I think the “should” is bothering me. Something about engaged stewardship also entails that community members participate and be informed about how data are used”. It’s the should that bothered me. What a community group will tell you, or some others, that this costs money, sending a staff person, reading things that they don’t particularly want to read, so I’m trying to do it in a way in which you don’t get the pushback because of the cost. I mean, I understand having both be responsible, so it’s almost like to me, it’s the dual responsibility that they have to hear.
DR. FRANCIS: I think that bullet is misplaced in this section, because I don’t think it’s about governance. Governance is about what the data managers have to do.
DR. MAYS: Then how about accountability? Because that fits with – the “should” then is almost okay, if it’s under accountability.
DR. FRANCIS: Yes.
MS. KLOSS: Yes, good. Now on to accountability.
MS. BERNSTEIN: So you want to move this to the next section?
MS. KLOSS: Right. Any comments?
MS. MILAM: The only comments I have is our heading in accountability is talking about the whole lifecycle, and we focus on two very narrow, discrete components of that lifecycle, without touching the rest, and that just seems kind of imbalanced to me.
MS. KLOSS: So we should define it more broadly?
MS. MILAM: Or do we have other testimony, are there other important things to say, about more components of the lifecycle? I think the whole lifecycle is important, I just think we need to pull some more –
MS. KLOSS: Sure, we can extend that definition.
MS. MILAM: I’m thinking about like collection, minimization, and those sorts of things. I don’t know if we heard that, but we have other letters we could draw from. Or is the focus more about the disclosure?
MS. KLOSS: Are there any other notions of accountability that aren’t captured? Maybe the issue is that lifecycle management is one aspect of accountability and that again, as we did in the other, we need to look at how we define this attribute a little more broadly, including lifecycle, but not have it be – not have it lead off with that and make it seem like that’s – so we’ll work on that.
MS. MILAM: When we talk about safeguarding in the first bullet, just to make sure I understand when I unpack that, I guess I include appropriate level of de-identification, and then a lens of appropriateness of result, when I think about the community, and what that result looks like? Are those the components of safeguarding that we are meaning?
MS. BERNSTEIN: When I think about accountability, I think about not the safeguarding per se, but enforcement essentially, of some mechanism for redress, or enforcement, of what the principles are. I think the safeguarding of the data and DID and all that stuff is important and goes in a separate section, but I think Privacy people think of accountability generally as another item that’s important, along with protecting the data, responsible collection, not using something collected for one purpose for another without going back to the original party, that sort of thing. Accountability usually refers to what administrative or technical or other kind of controls I have to make sure that I’m actually following the rules I set for myself, rather than the rules themselves.
MS. KLOSS: So we have some more work to do on this one.
DR. FRANCIS: Yes, I think my updated accountability, write.
MS. KLOSS: Okay – shall we move to –
DR. FRANCIS: But the sensitive information point needs to be in – maybe that should be moved to openness and transparency, also.
MS. BERNSTEIN: Where – which section?
DR. FRANCIS: Where data are sensitive or results might be troubling, the first bullet under accountability?
MS. MILAM: You could also move it under your last one, since it’s a lot about de-identification and cell size.
DR. FRANCIS: Yes. I mean all the points that are here are important. And actually, maybe the lifecycle point is a more general point that should go at the beginning.
MS. KLOSS: You know it could be its own principle.
DR. FRANCIS: I don’t know that the lifecycle point is its own principle, it’s something – it’s an important background that explains a lot about all of the principles. The stewards have to know that data has a lifecycle.
MS. KLOSS: Hmm, I have to think about that, because I think downstream, if we look at this model we’re creating as sort of six pillars or something, we don’t want too many of the guidants to sort of be outside that framework, so that’s my thinking, that if we can – if we add another pillar I’d be more comfortable with that than having a lot of modifiers at the beginning.
MS. MILAM: Well, and we’re going to do some work in changing accountability around; can we just flag it and when we restructure, maybe it will be clearer?
MS. KLOSS: It’s 9:32 and we’ll be adjourning, I imagine, in about 15 minutes, so I think it would be useful to move ourselves through the rest of the letter and highlight areas that you’re uneasy with that you think need more work, and we’ll certainly take them up in the next drafting. But I want to take this opportunity where we’re together to make sure we’re gathering all the good thoughts.
So if we could move on to number three, openness and transparency.
MS. MILAM: I’m having trouble differentiating openness and transparency from number one, participatory governments.
DR. FRANCIS: So openness and transparency is having it be very clear what you’re doing, and participation is being able to have input into what’s going on, so there could certainly be openness without participation. I don’t think there can be a participation without openness, because it’s going to be pretty meaningless.
MS. MILAM: Well if we look at our first sentence in participatory governance, which the whole thing is keyed off of, is rights and responsibilities with regard to how data are collected, managed and used, should be made explicit.
DR. FRANCIS: Yes, we build a lot of transparency into the participatory –- initial participatory thing should be just that there needs to be somebody, some designated entity, that’s responsible. And that there’s too much content packed into Number One, and one of the things they’re responsible for are appropriate levels of participation. Another thing they’re responsible for are appropriate levels of openness. Maybe another thing they’re responsible for are data across the lifecycle.
DR. SUAREZ: Yes, I do think they are different; I think the current first sentence in participatory governance is really part of openness and transparency, which the first sentence in openness and transparency sets out the rights and responsibilities and practices – “should be available to all stakeholders” should say, really, “rights and responsibilities regarding how data is collected, managed and used should be made explicit”, and then following right there, “and be available to all stakeholders”, so it combines the two first sentences but puts it under the openness and transparency.
MS. MILAM: when I look at the bullets under openness and transparency, they speak participatory governance to me. They talk about ensuring broad and balanced input, they talk about ensuring that you have rotating terms, it’s all really about – it’s about the people participating –
MS. KLOSS: Yes, I think we got it flipped.
DR. SUAREZ: Yes.
MS. KLOSS: Good point, because as I’m thinking about participatory government, it’s the people and the relationships, whereas openness and transparency is the process.
DR. SUAREZ: Exactly.
MS. MILAM: It’s your consent and notice mechanism. And I thought what we heard at the hearing was in addition to – in some cases, individual consent may not be adequate, or individual notice is not adequate, we now need it at the community level, and that’s a new concept, that we heard people had a lot of value from, and that’s what we want to really bring out, that I think is maybe not shining as brightly as it could.
DR. MAYS: But see I think that’s the essence of what new and innovative – it’s almost like whether they’re trying to fold it into bullets, it needs a whole – it’s almost like it needs to be up front as part of the introduction to this.
MS. MILAM: That’s a good point.
MS. KLOSS: Underscore that as the unique framing –
MS. MILAM: The openness part, you mean.
MS. KLOSS: The community part.
MS. MILAM: Needing two levels of application of these stewardship or privacy principles.
MS. KLOSS: Ahh, that’s a good way to do it. So that really needs to be in this paragraph right after stewardship framework and guiding principles.
MS. MILAM: I think so and we can even take it a step further; when you think about who this would be important to and how they’re applied in the system, it’s important for the researcher to evaluate the need and appropriateness, but I think it’s also appropriate for us to suggest maybe some change to IRB regs; you know, that would identify this as a factor to be included in their review. Whether the review is waived, whether it’s not waived, whether it’s approved.
MS. KLOSS: How well they’re attending to the community aspect.
MS. MILAM: Right, because now, as you all know, you can get a waiver of IRB review if the folks present information that it’s – present a research project that’s not identifiable, but we heard clearly that even with de-identified data, there can still be community issues, so –
DR. MAYS: See I just think that, like things that you’re saying, are really the things that are the beginning of this letter, and then the specifics. I think it would make all the difference in the world to have probably a couple of more paragraphs in the beginning –
MS. MILAM: And I still – I think we heard a lot about stewardship, but for the application, I think we need to be clear where it really is privacy. I think we’re muddying it a little bit in some areas to try and keep it the stewardship.
DR. FRANCIS: Yes, stewardship is much broader than – privacy is one aspect of it.
MS. MILAM: But when you think about the people who apply it, like at the IRBs, and the researchers. I think we need to use the terms that resonate with them and the Secretary. Whatever they might be. I think we just need to figure that out, so that it gets the traction that we want it to.
In my world, it’s odd to talk about openness when I mean notice; or if I want people to agree to it, I collect consent; I don’t call it all this other stuff. You know, if I want somebody to have consent in a project, I’ll tell them, get consent. If I want it de-identified, I’ll say de-identified, I won’t tell them to safeguard the data.
DR. FRANCIS: Yes, but what we’re saying is that just telling them to de-identify it isn’t enough; you need to be telling them to de-identify it and make sure it stays de-identified, for example, or you ought to be telling to de-identify it and make sure that they aren’t untoward inferences about community from the de-identified data.
MS. MILAM: I think what we heard was that traditional concepts are just not adequate today, given the abilities of data.
DR. FRANCIS: Exactly.
MS. MILAM: I think we heard traditional concepts of individual consent, notice and deidentification are a starting point, but now we have community consent, community notice, community participation, and additional protections over and above de-identification when needed.
DR. FRANCIS: Boy you said it exactly right.
MS. KLOSS: Maya’s got you grabbing that.
DR. FRANCIS: The more I’m thinking, I think we did surgery that was a little bit too radical on the beginning introductory part. Some of these things need to be back in the introduction, before we have the stewardship principles.
MS. KLOSS: Okay. It’s good. That’s why this process is so crucial.
DR. FRANCIS: So crucial, yes.
MS. KLOSS: Let’s grab comments on integrity.
DR. FRANCIS: Linda and I, by the way, are going to have a lot more time to work on this than we did between the phone call and now, with the goal of having this be out from the September meeting.
MS. KLOSS: Yes, that’s what I said yesterday, that we would be wanting to have it voted on in September.
DR. FRANCIS: Perfect.
MS. KLOSS: Any comments on integrity? I’m moving us along before we get booted out of our seats.
MS. MILAM: How does auditing the data fit under integrity?
DR. FRANCIS: Audits should be back in accountability.
DR. SUAREZ: Where do you see that?
MS. MILAM: I’m working from Paul’s version; maybe Paul wrote it. All of my red lines are gone.
DR. SUAREZ: The first bullet –
DR. FRANCIS: Accuracy and error management are about integrity, but audit is more about accountability.
DR. SUAREZ: The fourth bullet under integrity says, you must be able to audit the data.
DR. MAYS: And “they” is stewards, right? We should say because “they” could be interpreted as community.
MS. MILAM: Well when I think about individual rights, I don’t know where we – the openness and transparency, I wondered if we were going to have anything along the lines of traditional individual rights in these models, where you give the community members an opportunity to see their own data. So are we talking about consumers auditing their own data – so that would sort of influence where we put that, who we mean by the auditors. Or everybody – it may be accountability, but it’s typically viewed from a consumer standpoint as an individual rights element –
MS. KAHN: A redress issue.
MS. KLOSS: It is interesting, and I think of that as a data integrity issue, square on, so I think it depends on what lens you’re looking at it.
MS. BERNSTEIN: I think of it as supporting the integrity of the data that is the individual who is the subject of the record generally has the best notion of whether the record is accurate, timely, relevant, complete, and it’s not. The reason that they have access to the record, or the ability to amend the record, is so that you can keep the integrity of your records. They’re tied together, but they’re not the same thing.
DR. SUAREZ: You know, what you just said, Sallie, made me think that we should – I’m looking at the data, health data stewardship primer that we put together back in December 2009, and that one, we actually divided principles of stewardship into individual rights, and we had five or six responsibilities of the health data steward, and we had a number of things there; security and controls and then accountability and forfeit of remedies. It was just a way of organizing.
DR. FRANCIS: That’s actually the organizing that the last draft was done off of, and they then decided not to do it that way. See, the last draft had – though it wasn’t quite that way, it was responsibilities of stewards, responsibilities of community data subjects, and then responsibilities of HHS, and there should have been something more about auditability and accountability, but now we’ve merged it, so we’re not separating out the roles of data stewards and data subjects.
DR. SUAREZ: Leslie, I wasn’t meaning we should go back to that, what I wanted to suggest is to reference the data stewardship document primer and mention that in there, we identified a series of principles on individual rights and responsibilities of health data stewards, and that will be a hook to all the individual rights, principles, like access – basically we see, an individual should have access to his or her own data and an opportunity to correct their own data, and we talk about transparency, so I think it’s already there, so by linking in the letter as a framing, as a context kind of statement, these principles that we already had identified as –
MS. KLOSS: So we need to bring back some of that introductory paragraph stuff that did do that description and talked about how this community viewed changes that – we were going to move that to the appendix, but we need to bring some of that back=-
DR. SUAREZ: Yes; I would suggest, I mean, it’s not like a half a page, even, just a paragraph that just –
MS. KLOSS: Okay, privacy.
MS. MILAM: It seems odd to me to have privacy in a bucket when a lot of it is sprinkled throughout. It seems like we have duplication within duplication here. I really think we would benefit by using an established tried and true framework instead of creating our own, because it just seems crazy; it seems like we’re not getting as far as we need to.
MS. KLOSS: And what would be the tried and true?
MS. MILAM: Well, you’ve got a ton of them; you’ve got FIPPS, you’ve got OECD, you’ve got – I mean, you’ve got hundreds of frameworks you can look at. Mark took FIPPS and made it apply to the HIE environment. You can take any existing framework and tweak it. To have a bucket for privacy, when you discuss notice and consent elsewhere, it just – then you get into de-identification down there and you have de-identification above.
MS. BERNSTEIN: So privacy, all the things that we’ve been talking about in the other bullets are privacy issues. Integrity, accountability, all those things make up good privacy. It’s not the same as confidentiality, which is only one, sort of, aspect of it in my view. So keeping the data confidential is not the same as – so the way I think – a good synonym for me for privacy is fairness, and fairness encompasses all these different things that we’re talking about, not just the confidentiality of the data, not just notice, not just consent, but integrity, accountability, all those things.
DR. FRANCIS: Confidentiality is clearly the much more narrow concept about ensuring that information about individuals doesn’t get transferred to the wrong hands or disclosed in ways people wouldn’t want.
MS. MILAM: If you think about a hierarchy, you have a framework for privacy, and one of your privacy principles is always security. Confidentiality is a component of security.
MS. BERNSTEIN: I don’t think of it that way but okay. I think of it the opposite way, in fact.
DR. FRANCIS: I think of security as making sure that whatever confidentiality fixtures are in place get actually honored.
MS. BERNSTEIN: Yes, that security is a tool to get you some of these other things. Security is usually defined as the administrative, technical and management – well, you know, different –
DR. FRANCIS: Physical –
MS. BERNSTEIN: Physical, technical, thank you, administrative controls on data for the process in order to get those other things that are in your list of –
MS. MILAM: Right, it’s security is physical, administrative and technical controls to assure your confidentiality, integrity and availability of data. And so security is one principle. Depending on your framework, security is then one principle of many principles that make up privacy.
MS. KLOSS: Wow. All right. It sounds like one of the contributions this subcommittee could make is to settle on a framework, that would be huge. We are all – we see it. So we’ll go back to –
DR. FRANCIS: There is just so much confusion, particularly in the term – the terms confidentiality and security, I think, are pretty well understood. The term privacy gets used to mean just about anything. It’s used very, very broadly.
MS. MILAM: Several years ago the NGA had a task force that studied privacy frameworks from around the world, and it’s possible that those slide decks are still on their website. I don’t know, but there was an organization, ISTPA, I think, that had references to hundreds of these frameworks from around the world, and organized them, and I think they – I don’t know if they still maintain their framework, but at least the NGA had brought in a lot of those people, so we could, in one place, easily see the variety of privacy frameworks that exist.
MS. BERNSTEIN: Actually Bob Gelman has a collection of them on his website, and has a discussion of how they differ and which pieces -– incorporated into each and stuff, which is kind of interesting. The basic ones, from the original HEW ones, through OECD and the ones that the Department has done more recently and so forth.
MS. MILAM: The Federal enterprise architecture is a good one.
DR. FRANCIS: For example what the European Union has is a, quote, “data protection director”, which includes lots of these principles, but the general term for it is a data protection directive.
MS. BERNSTEIN: Yes, it’s a very European term.
MS. KLOSS: All right, so we’re going to do a little model study, right? Framework study, and figure out what’s going to work best for this, putting this forward. Let’s just take a few minutes and look through the current list of recommendations that we have at the end of the letter for HHS. And right now I guess there are four, but there’s some misnumbering, I think.
DR. FRANCIS: I think that what we should be leading with is the idea that attention to these stewardship concerns needs to be built in to HHS’s data sharing activities. We don’t lead with that. We lead – so community, all the health data initiatives need to be guided by appropriate stewardship practices.
MS. KLOSS: Okay, we’ll work on that header also. We need to adjourn because the full Committee is due back in a few minutes and we need to do setup. I’m thinking, well Leslie and I can regroup, but I’m thinking we probably should think about a subcommittee conference call, not too long from now, to do some look at models and also to do some work on subcommittee planning, which we didn’t get to today, but Justine wanted some work plan that we could take forward to the Executive Committee, so that –
DR. SUAREZ: It looks like the retreat has been scheduled for, I believe August 9, or least the first part of August, so we would want to do a conference call in July.
MS. KLOSS: So should we send out a doodle on that? And we’ll do two things at that workgroup; plan and look at models, and if we do that, then I think we can –
DR. SUAREZ: So we probably would need like a 90 minute call at least.
MS. BERNSTEIN: I can circulate some of the other models, or whatever, Sallie.
DR. FRANCIS: I can help you guys with that too.
MS. KLOSS: Well thank you very much, this is terrific, and it just shows how rich it is when we’re actually here talking about this stuff instead of on conference calls. Thank you.
DR. SUAREZ: Thank you.
(The subcommittee adjourned at 10:00 a.m.)