[This Transcript is Unedited]

Department of Health and Human Services

National Committee on Vital and Health Statistics

June 22, 2017

Hubert H. Humphrey Building
Room 705A
200 Independence Ave., SW
Washington, D.C.


P R O C E E D I N G S (8:30 a.m.)

Agenda Item: Welcome and Roll Call

DR. STEAD: Good morning. Welcome back to the second day of the June meeting of the National Committee on Vital and Health Statistics. We will begin again with the formal roll call starting with the members.

I am Bill Stead from Vanderbilt University. I am Chair of the National Committee; no conflicts.

MS. KLOSS: Linda Kloss. I am a member of the full committee. I co-chair the Privacy, Confidentiality and Security Subcommittee. I am a member of the Standards Subcommittee, and no conflicts.

DR. PHILLIPS: Bob Phillips, member of the Executive Committee, Co-Chair of the Population Health Committee. No conflicts.

DR. COHEN: Bruce Cohen from Massachusetts; member of the full committee, Co-Chair of Population Health, no conflicts.

DR. ROSS: Dave Ross, member of the full committee and Task Force for Global Health, Emory University and member of the Population Health Subcommittee. No conflicts.

DR. CORNELIUS: Lee Cornelius. I have no conflicts. I’m from the University of Georgia, on the full committee and the Population Health Subcommittee.

MR. LANDEN: Rich Landen from Florida, member of the full committee, Standards Subcommittee, Review Committee. No conflicts.

DR. RIPPEN: Helga Rippen, Allergy Subcommittee, on the full committee, on the Privacy Subcommittee, on the Population Health Subcommittee and the Data Working Group, and I have no conflicts.

MS. STRICKLAND: Debra Strickland, member of the full committee and the Standards Subcommittee. No conflicts.

DR. THORPE: Roland Thorpe, member of the full committee, member of the Population Health Subcommittee, no conflicts.

DR. STEAD: Members on the phone?

MS. MONSON: Good morning. Jacki Monson. I’m a member of the full committee, a member of the Privacy and Security Subcommittee, and I have no conflicts.

DR. STEAD: Jacki, I want to thank you for hanging in there on the phone. I know how unbelievably difficult it is to do that, so thank you very much.

DR. MAYS: Vicki Mays, University of California, Los Angeles. I’m on the full committee, POP, Privacy, and the Review Committee, and I have no conflicts.

DR. STEAD: We will now move to staff.

DR. DORSEY: Rashida Dorsey, Executive Staff Director.

MS. HINES: Good morning. Rebecca Hines, Executive Secretary DFO with NCHS.

MS. SQUIRE: Marietta Squire, staff to the committee, and I’m with CDC NCHS.

MS. JONES: Katherine Jones; I’m staff to the committee, NCHS CDC.

MS. JACKSON: Debbie Jackson, NCHS committee staff.

(Introductions around the room)

DR. STEAD: For the members of the committee, there are two pieces of paper that are at your place. Just hold onto them. We will discuss the first one as part of the Strategic Plan block and the second one when we get to the Work Plan. They are both extracts from the 11th Report to Congress.

Now what I want to do is celebrate the Workgroup on Data Access and Use with the help of Vickie. For the new members, FACAs have the ability to establish workgroups that are not permanently part of their charter to tackle opportunities or questions as they come up. In 2012, Jim Scanlon and the Data Council established the Workgroup on Data Access and Use within the National Committee to try to catalyze the open data movement and to try to have a way to get rapid advice around changing technologies for the Data Council. The workgroup has been very helpful in that regard and it, as you know, recently helped us put together what we believe is going to be a timely report around healthdata.gov.

Having achieved its initial purpose, we will sunset the workgroup when the terms expire in August, and I wanted to take this moment to thank the members for their service. The Chair of the workgroup, Vickie; Jim Sorace, who was here with us yesterday; Helga Rippen, Gillian Barclay, Chris Boone, Kenyan Crawley, Leslie Francis, Mo Kassal, Richard Ledbeater, Erica Morton who did the yeoman writing job on the last report, Joshua Rosenthal who has joined us for many of our meetings, Mark Savage and Paul Tang.

Vickie, would you like to add a little more color commentary?

DR. MAYS: Our existence was to be troubleshooters to some extent and then to take on projects as they arose, particularly for HHS. Our last project, as many of you saw, was really talking about healthdata.gov and what it is that we could comment on in terms of its value, its place in the data schema for HHS.

For those of you who don’t know those members, many of them are entrepreneurs. Some of them run things like Health Data Council, the Datapalooza. So we were able to benefit from some of the best expertise there is in terms of how to do big data as well as interesting things with little data.

I just want to thank them. They would come at the drop of a hat. Josh would fly himself out here to be with us to help us understand. Sometimes you have to be with Josh to understand what he’s sharing with you, so he knows we love him so I’m just making sure he understands that.

Kenyan, who is co-directing the School of Business Tech Center at Maryland, often comes and would join us at dinner.

I just want, on behalf of NCVHS, to thank them for all of the contributions they made, thank them for sometimes putting in a lot of hours and for reaching out in their networks. One of the values for us is often, as we were putting workshops or other committees together, we could ask them for names so that where we are in terms of cutting edge use of technology, as well as approaches for HHS data to be used by groups that we had never thought of — they were always there for us.

I just want to thank them and thank the committee for always welcoming them and listening to the things they had to say. We may scratch our heads and ask can you say that again in a different way — I just want to leave them knowing that they have made a tremendous contribution and we are very appreciative of all of their time because I know it took them away from their day jobs as well and their businesses.

DR. STEAD: Vickie, a special thank you to you for shepherding the complex intersection. As we have discussed, but just so the full committee knows, Vickie will stay on the Executive Subcommittee to continue to introduce the thinking about who we need to be bringing in to different things as we collaborate on the projects that are being done by the various subcommittees. Thank you.

Agenda Item: Action Item: NCVHS 6/17/2016 Hearing on Claims-Based Databases – Summary of Submitted Testimony

DR. STEAD: Now let’s transition back to Bob Phillips, with Rebecca handling the computer, to walk us through the edits that have been made to the claims-based database summary of submitted testimony and see if we are ready to take action.

DR. PHILLIPS: Thank you very much, Bill. Rebecca did yeoman’s work last night and our working group reviewed it several times last night, giving feedback, so I think we are at a point to offer this to you for your final review.

As you can see, “submitted” has been deleted from the title. The change is to the second paragraph, particularly around “this is testimony provided to the committee,” and excluding the highlighted note section and rolling that commentary instead into the second paragraph. Any questions about that?

“The Committee is aware that considerable activity has taken place since this hearing was held; thus, this summary excludes information regarding the relevant activity that has occurred since the June 2016 hearing.” So it doesn’t point to any resources; it doesn’t point to any specific NPRMs.

DR. RIPPEN: Just to offer a comment, it seems a little redundant. If you just say that the committee is aware that since this hearing — the summary excludes relevant related — it seems redundant.

DR. PHILLIPS: So you would probably just delete everything after the semicolon?

DR. RIPPEN: Yes, because you already said considerable activity is replaced —

DR. STEAD: I think it is useful to say the summary excludes information — whether we are aware or not.

DR. RIPPEN: I agree. It just seems redundant.

MS. HINES: I will read it with a fresh eye.

DR. PHILLIPS: We have added the APCD Council link after APCD, not as a reference to any specific discussion or element but just to point out that’s where you can find them.

MPCD appeared as a multi-payer claims database but the acronym wasn’t linked to it so when it appeared later it wasn’t referenceable. Thanks to Rich for pointing that out.

We’ve excluded this discussion about APCD and the list of how many states have and how many are considering because it is already mentioned.

Another editorial — Maryland Healthcare Commission. It’s noted at the end of the paragraph that that is who submitted this but it wasn’t there for it to explain the acronym. This is the lingering committee comment of many that were in here originally but most were stripped out except for this one — again, just so that we are revealing what testimony was, not what our discussion or deliberations were about the hearing.

The Gobeille case before the Supreme Court is referenced earlier and explained later, so the footnote just says the explanation for the Gobeille case appears in Section F.1. We don’t want to have to spend another paragraph explaining it here, so it makes more sense in context in F.1.

MS. HINES: If you go into F.1 you can see there’s a whole description of what Gobeille is.

DR. STEAD: You put the paragraph back at the end, that you added back in.

MS. HINES: Yes, that’s correct. We had some version control challenges, so what happened was this conclusion was added maybe three versions ago and it got lost, and I just reminded folks yesterday of this, so around the June 7th version this was added and then somehow it got lost.

DR. STEAD: From my perch, it’s a helpful back-cover.

MS. HINES: It just ties it all up. Everybody good with that?

DR. STEAD: I see lots of nodding heads.

DR. PHILLIPS: Bill, do we need a motion to accept these?

DR. ROSS: A minor question regarding the point brought up yesterday about the footer —

MS. HINES: That goes away. That’s just for me.

DR. ROSS: So we’ll be just voting on the text here?

MS. HINES: Yes, the text, not the format.

DR. STEAD: Won’t our team do some format cleanup?

MS. HINES: It’s going to go on the Web. We could do a pdf as well, so, yes, we will make sure it is formatted and gorgeous.

DR. STEAD: Do we have a motion to approve the summary?

DR. ROSS: Move to approve the summary.

DR. MAYS: Second.

DR. STEAD: All in favor?

(Chorus of Ayes)

DR. STEAD: Any opposed?

(No response)

DR. STEAD: Any abstain?

(No response)

DR. STEAD: Congratulations.


DR. PHILLIPS: Just in term of conversation we had yesterday about the future of this issue, I took copious notes about where people were thinking, and this is going to come back to Pop Health for us to discuss today and then to develop a plan.

DR. STEAD: We moved on action fast enough. If you want to say anything else now, you would have time to do it but it’s also fine to leave it for after lunch.

DR. PHILLIPS: At the risk of reopening the conversation, if folks had a chance to talk about it at dinner last evening or sleep on it and have any additional thought, we would welcome that because we are really at the early stages of development of the discussion.

DR. COHEN: I guess it would be helpful to me if we got a sense of the committee if folks have any specific feelings at this point. There seemed to be two paths. One is to explore expanding access to federal claims databases, and the other has to do with focusing more on APCD issues at the state level around standardization. I just wanted to get a sense of which of these two directions folks would like to see us pursue next. It doesn’t preclude moving forward at a later time on other issues.

DR. STEAD: I would suggest you consider a third possibility. As we talked through things yesterday, an additional possibility would be to step back and say — to almost do an environmental scan around what data sources are available to provide a picture of the health and changes in health and health-related services at the population level.

DR. COHEN: Do you mean what claims data?

DR. STEAD: No. I am actually coming back up. The data ecosystem. The claims database is one piece of the ecosystem, and it may well be that we would be more valuable working at two ends of the spectrum. What is the ecosystem, and direction would be — so one could think of the 2001 vision for health statistics. If you think about that, when that was done it was a visionary picture, and it’s just a picture but it’s an extraordinarily powerful picture.

One could imagine something at that level that would actually give the context to let people think about where claims databases fit and what the relative priorities are, because, otherwise, people are going to keep trying to do more and more with the claims database and it’s going to become impossible to do. The secret would probably be to narrowly deal with the claims data database and set other puzzle pieces beside it.

That is one way we could begin to look at these. It would be a Pop Health project at the level of terminology/vocabulary and Beyond HIPAA that might be a nice successor to Vitals. That would be one alternative. The other is you mentioned a very targeted look at what can we recommend about increasing access to federal claims datasets. Those are two complete ends of the spectrum.

The business of a standard data layout for APCD is sort of in the middle, and it would probably be better done after you had figured out the ecosystem so that you knew how big or little that dataset could be. That’s just one way of parsing it out.

DR. RIPPEN: Again, an example is if you think of PCORI and CRNET, they are in negotiations with CMS and others on claims databases and the regional hubs are in negotiations with state databases as it relates to the financial, So that is just an example of people trying to actually expand their datasets. It’s a question of who has what sources of information; what is the data architecture — because that’s a big, hairy thing — and who has what. We’re talking about HIEs for healthcare systems, but what about the implications of does everyone just copy everything or do you actually provide a federated — so there’s a lot.

I know it’s scary to go up because you have to go down to actually act on something. But unless you know the implications of what the environment is and some of the big gaps, we could be making recommendations that are good narrowly but might not be good when you step back.

DR. COHEN: I want to hear from everybody, but I want to respond to this general area. When we talk about health data systems, are we talking about Census data? Are we talking about survey data; are we talking about everything? We developed this measurement framework that was incredibly expansive with regard to what we think population health is. Are you talking about all of those potential data sources that would populate that framework?


DR. RIPPEN: Yes, and the thing is the role is not necessarily identifying every single data source for every single potential metric, but we can probably do an assessment of the bigger pieces, and I think based on that evaluation it will help guide us.

DR. COHEN: Would it make sense to try to use that measurement framework as an outline when we do an environmental scan around databases? Or are you thinking differently?

DR. RIPPEN: I think that the easiest might be knowing where the big databases are first and then we can always do the cross-walk to make sure that — going back to your point — that we are not missing big pieces.

DR. STEAD: You might think of the measurement framework as the scope.

DR. COHEN: Yes. When we say health database, scoping is a huge issue. It can be very narrow or it can be a black hole that contains virtually all data — in my mind when we talk about population health.

DR. RIPPEN: I don’t think the intent is to identify gaps in the data per se but, rather, what is the ecosystem currently, and what does that mean. Our intent is not to fill the framework with data but, rather, what are the datasets that are available that people are using. Then, how does that tie in. We can use the framework to assess, you know, focus.

MR. LANDEN: This is very interesting and all the testimony was interesting, and it’s kind of hard to figure out what the scope is going to be. But what I am getting out of the hearing is it’s not really about claims; it’s about the broader ecosystem, as we have been talking. Nonetheless, claims constitute a very major part of the data ecosystem that the states and other jurisdictions would be interested in for what we are now calling APCDs, and keeping in mind we may discover some interesting parallels as we get into our work on the next generation vitals.

As I listened to what you described as the two alternatives, I guess my data standards geek background surfaces saying, regardless of whether we look at the federal databases or not, the kind of minimum data structure or in transport — those are going to be issues, because essentially, we have got 50-plus potential jurisdictions moving data from many, many sources. So it is in the best interests of those jurisdictions and those data sources and the payers, whether they are federal, private or state, to have some sort of common framework to help with flowing the data from the multiple sources to the multiple data consumers.

It’s kind of that piece of looking at and recognizing that claims databases are going to be a big piece, how do we provide guidance to the industry for them. I am not suggesting that we want to do the heavy lifting; we just kind of provide a conceptual framework of what it would take, what standards and transport should be considered around privacy and security to meet the end for which the APCDs were conceived, and to minimize the burden of all the stakeholders, whether they are data providers or data consumers.

DR. THORPE: I agree with what Helga is talking about, but I would like to get a sense of which datasets. Are we talking about HHS datasets or are we talking about all federal datasets, or are we talking about private datasets as well? I would just like to get a sense when we say we’re going to do a scope of the datasets — that’s a major undertaking. If we could get some clarification on what the datasets are — is it either/or or both/and?

DR. PHILLIPS: Or you could approach it from the other direction where it starts to meet up with Shelma’s work as a follow-on to ours. What data do you need to understand the health of the population, and how do claims data fit into that ecosystem?

DR. THORPE: Yes, but I guess the question still remains what is the ecosystem and what are the datasets that make up the ecosystem. That’s the question I’m asking. I understand what you’re saying, but I’m looking for a little clarity. We were using the word datasets. It’s a simple question. Are they going to be HHS datasets? Are they claims datasets? Are they DOJ datasets, or Department of Education datasets? That’s what I’m asking.

DR. COHEN: I don’t think we have gotten far enough down the road to know what the scope is. I think this discussion is a kind of preliminary laying out of what the parameters could be, and it will be our job in Population Health to come back with some options about approaches.

I could see this being gigantic, small, or somewhere in between, but I think you are absolutely right. We need to be very clear and explicit about what the scope of this investigation is, else we will get totally overwhelmed. So I think your point is well taken and we need to do more work to figure out what that scope is.

MR. LANDEN: If I may just jump the queue, the total universe of datasets would include Medicare, so, HHS, Medicaid, the states, private payers whether they are commercial health plans, whether they are ERISA-exempt or not, VA, DOD, Tricare, federal employee health benefit programs — the list goes on and on as potential data sources. Which of those will be selected depends on the needs and the resources of any particular state.

DR. COHEN: Rich, I would submit that what you’re describing is really the tip of the iceberg because it focuses only on medical care delivery issues.

MR. LANDEN: We were just talking about claims, and that’s the standard insured patient approach.

DR. STEAD: Vickie, and then let’s bring it to closure so we can move on target.

DR. MAYS: I just want to build on what Rich and Helga are saying but I take a little bit of a different perspective here.

I get very nervous when we keep returning to this issue of doing an environmental scan. One, those are kind of moving on, in terms of environmental scans. People are focusing a lot more on assessments as opposed to scans because what happens is you just build a whole lot of stuff of what’s there, but really what you want to focus on is what is needed and where are you going.

So I think, instead of the data leading us, we have really got to identify what is the problem and our bailiwick that we want to try and make a difference on. And I think that’s what we have not done and that’s why the scope is too large.

I think, Bruce, when you started out about what data, it’s like, okay, we started with APCD. It’s like, do we need to go beyond that, do we need to take everything on? Can we have a follow-on to that? Or is it that we’re going to just be very large? In the data ecosystem, it doesn’t mean we have to do the whole system. It may be that we’re going to do a piece and then build on another piece, which for our bandwidth makes sense.

I just don’t want to see us keep doing all these environmental scans because they get dated, and then what happens is that they are open to criticism. We’re starting to do health assessments as opposed to these environmental scans.

PARTICIPANT: I think you have given us good fodder for the planning. Thank you.

DR. COHEN: I assume everyone on the Population Health Subcommittee will be involved. If there are folks who are interested in helping us define what the scope of this activity would be who aren’t primarily affiliated, you are welcome to play in our sandbox.

DR. STEAD: Bruce, always the recruiter, and very effective. Let’s now morph to the follow-up discussion on the Social Security removal initiative. Lois, are you on the phone?

DR. SERIO: Yes, I am on the phone, and we have a group of people here ready to take any questions that you may have.

Agenda Item: CMS SSN RI Follow Up Discussion

DR. STEAD: You will recall that when we had the presentation overview of the initiative in February we asked a number of questions and the CMS team was kind enough to give us written responses. What I wanted to do was — and the Standards Subcommittee has taken one pass through this, but I wanted us to see whether these answers put our questions or concerns to bed or whether we have additional questions that we want to bring to the attention of the team as we continue to try to work together.

MS. DOO: This is your opportunity to ask any clarifying questions or other questions. Lois was kind enough to bring the experts to the table.

MS. BEBEE: This is Suzie Bebee from ASPE. I have two questions, one that you probably can answer and another that is maybe just a pondering question.

I understand, getting down in the weeds, that CMS is working through a workgroup with X12, and I’m wondering what the progress of that is in relationship to the standard that is in current place and the next version for the next HIPAA standard.

MS. KOVACH: This is Diane Kovach. We are actually not working with X12 for any changes related to the SSN RI program. The new Medicare beneficiary number will go in the exact same place that the HICN goes today, so we are not making any changes to the standards at this time.

MS. BEBEE: I thought there were going to be some changes, from my conversation with Stacy Barber from X12, so I must have misunderstood that.

MS. KOVACH: There was some conversation or questions regarding an indicator —

PARTICIPANT: You’re talking about the NM108 segment indicator?

MS. KOVACH: The member ID, right, and we are not asking for a new indicator for the MBI.

DR. STEAD: The answer to question one, which as a generalist I interpret as basically saying that since we are not doing a hard cut-over, because both numbers will be acceptable for some period of time and because the nature of this change is not as complex, is that we don’t need to do end-to-end testing, in essence.

I just wonder if — I am hopeful that that is correct, and I don’t know enough to say that it is incorrect. I am a belt and suspenders person when it comes to dealing with things that are cross-connected, and I would love to have some way of walking through — if it was only walking through some use cases that would give comfort that that is, in fact, correct and that we are not missing something that’s going to break. We’ve got people that know a lot more about whether the transaction processing ecosystem could break. Question one is really about can this break the transaction processing ecosystem.

Question two is more about does it break the analytic research infrastructure. And question three was is there anything we could build into the process that would reduce the error rate. At a high level, those were the three questions.

I just want to know whether the people on the committee who are more specific content experts have concerns about the response to either question one or question two, and whether there is anything that we could ask that would help allay those concerns.

DR. COHEN: Yes, I have those concerns and several other concerns as well. If someone walks in and presents a card with an MBI on it, is there any immediate way to tell whether that’s a real MBI or not?

And I’m interested in what the impact will be on the use of the Social Security number in other kinds of research and venues. There are current restrictions in using the SSN now in states for identification and for linkage. If the SSN is no longer linked to CMS uses, does that have an impact on other uses of the SSN? Those are my questions.

DR. RODGERS: This is Patricia Rodgers and I will address your first question about if there’s a way to tell whether an MBI is real and active.

When a patient comes into an office, the office can submit a query to the eligibility transaction system and get a response letting them know whether the BMI is eligible for Medicare and all of the other information that comes through with that 271 response. During the transition period, you can either submit a HICN or the MBI, and then, after January 1, 2020, it will be the MBI that providers will use to check eligibility.

DR. SERIO: As to the question of the use of the SSN in research and whether this will have any impact on it, we don’t believe it will. Much of the research, frankly, that is done using CMS data has masked information for the beneficiaries anyway. The other researchers can certainly ask for information that links the MBI to the HICN for longitudinal research, and that would have to be approved through our normal procedures.

DR. COHEN: Thanks.

DR. PHILLIPS: That second question, second response about requesting linkages, speaking from experience, it doesn’t give me much comfort. You’re creating a linkage process that puts your MBI at risk, which is the thing we’re trying to remove, so I suspect there will be many firewalls around that. I guess I would just like some reassurance about what that process will look like. Is it at the RESDAC level? Is it at the CMS level? Where is that authority going to happen?

The second question is completely different. How has organized medicine been involved in or discussed the concerns about the point-of-care issues that this is going to develop? I appreciate the response about it, but this will throw clinical care into some chaos for a little while, and I just wonder what concerns they have raised and how those have been dealt with.

DR. SERIO: To your first question, it will be the RESDAC process, as it is today.

MS. KOVACH: Bob, for your second question, we have been in contact with multiple types of Medicare providers and provider offices ranging from their billing staff to their front office staff to providers themselves, meeting with them and asking them for feedback, asking them how their processes work today and how the new MBI, the new card, will impact their processes in the future. We believe we have been meeting those.

Most recently, we committed to making available a secure provider look-up tool in the instances where a beneficiary doesn’t bring their card into the office, and that has allayed many fears of point-of-service care disruption, knowing that the providers can look it up and get information to be able to bill, which makes it able to see and provide a service for those beneficiaries.

DR. PHILLIPS: Is there going to be any test roll-out? Are you going to do it in a limited way to see if there are unexpected consequences before it goes national?

MS. KOVACH: Test roll-out of what?

DR. PHILLIPS: Of the MBI and the whole look-up process just to make sure that it goes well for a small number before it goes to a big number.

MS. KOVACH: Of course, we’ll be doing our internal testing to make sure that everything goes smoothly. We do have that lengthy transition period where, if a provider cannot look up an MBI then they can use the HICN. But our internal testing — of course, we won’t roll it out until we’re sure that it’s going to work.

MS. STRICKLAND: Debra Strickland. I do know and appreciate the amount of work you all have put into this. I know, being a part of a lot of industry groups, you have reached out at length to have discussions about the potential issues, and I think that is where this look-up table came from. I know people were asking before to have these MBIs in advance and how is CMS going to distribute them. There were all kinds of logistical issues. So I think it’s great that you’re going to have an application for look-up, so thank you.

My question still remains, though. I’m concerned about historical claims data and getting to that historical claims data, whether it be on the fly or having it needed for research or what have you. Are you making sure that your Medicaids and your systems are linking the SSN and the MBI in all of those systems so that you can go back historically to pull that information in case you need it?

MS. KOVACH: Yes. The MBI will be linked to the HICN, which is the number that is on all the claims data to date, so we will be able to link claims history to current claims.

MR. LANDEN: Hi, Rich Landen. I am looking at the first question in the testing plan, and the first three sentences in the answer describe it as a robust testing system. Then it goes on to say the plan excludes end-to-end testing. That lack of end-to-end testing concerns me, because if I understand right from the reply you gave earlier to Suzie Beebe, you were using the same field as the HICN for the MBI and the same X12 indicator. That means, in that field, the system will be sending either the HICN or the MBI, and that means there’s an assumption that both the transmitting and the receiving systems will have internal logic to figure out which one it is.

So, besides the longitudinal things, without end-to-end testing, I am not sure that, other than the lengthy implementation window, you’re really testing for what you don’t know. It seems reasonable that you have tested for everything you know about it, but without end-to-end testing I am not sure you’ll discover if there are complications of which one is unaware in foresight and will only come up in hindsight.

Can you talk a little bit about why you chose not to do end-to-end testing and if you’re planning on using the implementation window, the dual submission window, as that testing period? Maybe explain that a little bit.

MS. KOVACH: Sure. We implement four very large quarterly releases every year in our Medicare fee-for-service systems, and we implement very big projects all the time — things ranging from implementing new prospective payment systems to new legislation to anything else you can think of that we do in our systems to ensure that claims are paid properly. And we do this without end-to-end testing because we do have this very robust testing process for our quarterly releases.

It involves testing at three levels. Certainly, the contractors that do the coding have their own internal testing that they do. We then have a single testing contractor that does testing across all systems including a very large regression test deck they have that looks for unintended consequences of changes.

Then we have user testing that is done by our Medicare administrative contractors which gives us yet another level of testing for those local systems and any other issues that they might find from a MAC perspective. This works for all of our quarterly releases.

We believe that, given the nature of this change, although it is a large change, it is much like other large changes we have done without end-to-end testing. The only time we have done end-to-end testing was for ICD-10. As we mentioned in our response, that had many more internal systems implications in the sense that we had specific edits, more than just accepting the number. We had specific edits related to diagnoses that we had to ensure worked properly at both the national and the local levels. There were hundreds of edits that needed to be updated in that case.

We do think that we have the right level of testing to ensure our systems are working. But, as you mentioned, we then have a 21-month transition period, so, if we do find an unanticipated issue, we have plenty of time to fix it before we get to the point where we will no longer be accepting HICNs.

In addition, we’re going to be looking at the usage of the MBIs throughout the transition period, and we will have the ability to extend the transition period if the need arises.

DR. STEAD: This is Bill, the generalist, again. As I hear that the testing is, in fact, internal to the federal systems, I think the thing that bothers me — and my sense is maybe some of the others around the table — is that this change interacts with all existing provider systems. It is not like adding a new capability that provider systems are beginning to use, such as a new payment mechanism that is new. This is, in fact, about changing existing interactions.

We will need, as a national committee, to sit down and decide whether we want to make some form of recommendation. With this conversation, I think it’s helpful to make sure that we have shared the fact that I don’t think you are alleviating that concern on our parts, to the degree that is helpful information to you.

Are there any other questions or comments? Rich.

MR. LANDEN: I will just echo what Dr. Stead just said, that the testing sounds totally appropriate and within pragmatically what your experience is based on. But it’s the implications to the entire provider ecosystem that seem to be not systematically addressed here in the testing, and I think that is the concern.

I understand you have thought this through and I applaud you for that, and yes, there is a 21-month window.

Just one last question. In your ICD-10 testing, the end-to-end testing, did that end-to-end testing turn up anything that the comparable internal testing did not identify?

DR. SERIO: There was one issue that was identified via the three rounds of end-to-end testing. I can’t say that it would not have been found during our internal testing at some point, but it was identified first through the end-to-end testing. It was a very limited — it was for one provider type, but there was the one issue found.

I will also mention that, certainly, acknowledgment testing can be done. Just if you want to be able to test that, you can send and the MAC can receive the MBI, and that’s something that you would just need to contact your MAC to schedule.

DR. STEAD: Thank you. I think that you have addressed the questions you can address and I think that you have heard our concerns. We really appreciate you marshalling such a team of experts to talk with us. Thank you.

DR. SERIO: Thank you so much. We are here if you have any other concerns or questions or if you want us to come back at any time in the future.

DR. STEAD: Thank you.

We have got about 10 minutes before we switch topics. It seems to me that we need to get a sense of the committee as to whether we feel that our concerns are such that we should capture them in a letter with a short recommendation to get that issue more formally on the table at this juncture. I think that is what we’ve got to figure out.

The cut-over is when? The start of the transition period is April. I remain concerned. I would be more comfortable if, in some way, we formally asked or recommended that somebody consider some form of, at a minimum, tabletop or something that got into an end-to-end view of what might happen just in case there are things that people have not thought about, because this is a big change.

If I am the only one with that concern then I will continue to live with it. If it’s a shared concern, then I think we should probably ask the Standards Subcommittee, because I think that’s the logical place to draft a recommendation. I know all the challenges of this, but given the urgency of this, if they did that, we may need to figure out a way to huddle, to somehow approve it and get it to CMS or get it to the Secretary.

MS. HINES: What I would suggest is that you have a discussion, take a census and see if everyone agrees with that, and then we’ll figure out the details.

DR. STEAD: This is a good suggestion. You’re saying try to get something agreed to here so that that is what we’re anchoring our agreement to. Okay. A little bit like we did with the letter in the fall. Okay. Perfect.

MS. KLOSS: Bill, I recall that at one point the Standards Subcommittee expressed an overarching kind of principle that for any major release, there would be end-to-end testing. We talked about that at some length as a best practice at the time of ICD, and I think that went forward in a letter and we can find reference to that and reference to that discussion from the past. I know Alex and Nick aren’t here, but I do recall that we said specifically this was a best practice that should be applied regardless.

I think there is one other piece that we may also want to assert as a best practice, and that is what we have learned time and time again, that you can’t communicate enough, and that a more visible testing process is also a way of communicating and giving visibility to this so that this doesn’t just come on the industry like it’s sneaking in the back door. And I think that is part of our concern. That’s another reason to do it, frankly.

MR. LANDEN: To be brief, I have a level of discomfort or ill ease about the lack of end-to-end testing, but I don’t have the experience to backseat drive on the issue so I would support the suggestion to punt this to the Standards Subcommittee. It’s too bad that Nick Coussoule and Alex Goss are not here, the co-chairs, but I would presume then that we would go out and ask — who do we have here, WIDI, the Blues, AHIP — to see if they have any information that they could quickly give to the Standards Subcommittee on whether there are concerns on this transition from their end that would address our uneasiness

DR. STEAD: Again, one of my little challenges that I’m trying to have us deal with is the logistical fact that we don’t meet again until September. If the committee thought it appropriate, much as we did with the recommendation around the vital standards where we got the input to make sure that the detail was correct before we, in fact, released the letter, but we got agreement amongst the committee in advance to the principle, which in this case would be — following Linda’s — we previously recommended that a best practice of major changes was end-to-end testing and communication maybe, and we recommend a plan — I think the running room CMS could have would be — they may be thinking the level of end-to-end testing we did with ICD-10.

Doing some level of end-to-end testing that lets us know whether we’re discovering unusual problems or not — there should be a way to do something like that which would be far short of what was done with ICD-10, but would still give us some reason to believe that we could scan for things we didn’t know. That is at the heart of it. It’s identifying things we don’t know from provider workflow, well, from patient-provider interaction through the transaction processing systems.

DR. PHILLIPS: I think it’s worth saying upfront that we agree that we think this is actually a good idea, getting off of people’s cards. The conversation we had last time — I’m still disappointed at the missed opportunity that they’re sending out paper cards when you could do a very different media and solve two problems at once. But I understand the cost constraints.

I didn’t hear it here, and they can let me know if there is such a thing, but I almost think they need ombudsmen — someone for patients, someone for providers and someone for researchers — so that you know where to call or where to look on the Web to talk about the problems you’re experiencing and what the potential solutions are, because it’s very hard to figure out who to call when you’re having a front-line problem.

DR. STEAD: Rich, then Deb, then Dave.

MR. LANDEN: I think I like the approach and I’m trying to come up with language. Such a motion would be that the committee would plan to send the letter voicing its concern unless the Standards Subcommittee comes back after hearing from affected stakeholders and says such a letter would not be required or necessary.

MS. STRICKLAND: I have an appreciation for how difficult a full pilot testing would be, including what has been suggested for the next HIPAA standards. However, in this case, they already have a plan for rolling out these MBIs, and what they could potentially do is call the first several months a pilot and don’t roll out hundreds and hundreds of thousands but roll out something that’s manageable, that you can follow, that you can see, that you can actually start seeing how it’s affecting the entire system. You know, contact the providers, do some outreach and figure that out.

So I think that there are some manageable, reasonable ways to do this where they don’t have to create a parallel system to do this at a cost which is extraordinarily impossible, too.

That said, I think it’s reasonable for us to go back and ask them to consider an end-to-end pilot or testing process that could actually be what the system is — resulting in the production system at the end.

DR. ROSS: I share all the remarks that have been said. I would remain very anxious at the opportunity for some things to go wrong if I was in CMS’s shoes. Maybe I wasn’t hearing correctly or don’t know enough to know if all this universe of stakeholders have seen the testing plans. We have been assured it has been rigorous. But all I know from systems work that I have done in the past is testing, testing, testing, you can’t do enough. And this is an opportunity. There are so many avenues for problems, so I would share all the concern.

But I don’t know enough about this to say how to go. I think Rich’s recommendation is a good one.

DR. STEAD: And I think the challenge, as I hear it, when you really go wrong in this kind of a decision it’s because you framed the question wrong. And I think right now CMS has framed the question as this is an internal system change to CMS. And what we’re really saying is we recognize that view, but this is an internal change that affects the whole process through the ecosystem. Therefore, we need — and I think Rich’s processes suggestion; I think Debra’s example of how this could be done in a way that was not really disruptive and yet, if an early pilot shows no problems, fine.

So I guess the question is — and the ombudsman idea, better communication. So, do you want to make a motion?

MS. HINES: And that way it lays the ground work for a letter to be written should the conditions all —

DR. STEAD: Should the Standards Subcommittee verify that our assessment of the state of play is correct?

MR. LANDEN: I move that the National Committee on Vital and Health Statistics draft a letter to the Secretary voicing its concern with the lack of incorporation of end-to-end testing in the MBI roll-out plan, and that the committee ask the Standards Subcommittee to gather input from key stakeholders and come back to this committee with such a draft letter incorporating the concepts that Debra Strickland voiced about potentially altering the first part of the transition phase and the other concept of ombudsmen and any other information as the Standards Subcommittee thinks appropriate.

DR. STEAD: And should that come back to this committee or come back to the Executive Subcommittee?

MS. HINES: I think it’s fine to come back to the Executive Subcommittee, should the Standards Subcommittee decide to move forward. Either way.

DR. STEAD: What I am trying to avoid is the need for a full FRN.

DR. MAYS: Do we want to start it off with what Linda said, that we think we have this principle, so it might be a good thing to start with that and reiterate that as the frame for why we are even writing this letter.

DR. STEAD: And that we support removing Social Security numbers.

We have got a motion.


DR. STEAD: Any discussion? All in favor?

(Chorus of Ayes)

DR. STEAD: Any opposed? Any abstain?

(No response)

DR. STEAD: Thank you. We have gone over time but this is time sensitive and it’s really important. So this shifts us from asking questions, so, unless input we get from the industry suggests we don’t need to, we are actually going to forward our concerns. Okay.

Agenda Item: Strategic Plan

DR. STEAD: Let’s switch to the Strategic Plan. You have the Strategic Plan in front of you; it’s one page. To give our new members context, back in summer almost two years ago, the Executive Subcommittee and then the full committee worked through a process where we stepped back and agreed upon a vision statement, a mission statement, and a set of four goals, each of which had three objectives which follow a pattern.

At the time, we used this to begin to test the idea of a grid where we would then have each subcommittee and the workgroup say what they were trying to do and put their work plans into the grid so we could see how they came together.

My scar tissue at least was that that resulted in something too complex, so, what I did was simply go back to the grid and pull out the base content. And what I wanted to do was have us walk through it and see whether the current committee feels that this still frames what we are about. If so, we would like to put a new date on it and bring it forward. If not, then we will want to have a process for thinking through what changes we want to make and how that might influence our work plan. Let’s just sort of walk through it.

Vision: Improve the health and wellbeing of the people in the U.S. through visionary advice about health information and data policy. So, our focus is on health and wellbeing of the people in the United States, and we do bring long-term vision into that while, as we get into the objectives, make timely recommendations that reflect that long-term vision. Are people comfortable with the vision statement, particularly, Deb, Roland and Jacki since you are new to this process?

DR. MAYS: Aren’t we responsible — this is an Office of Minority Health Question. Aren’t we responsible for also some things in terms of health in the U.S. territories? So it’s not just the states, but I think there is some data stuff that we’re responsible for — territories and —

DR. STEAD: What we have in the statement was U.S., and I don’t know whether that includes the territories or not.

DR. MAYS: Exactly, that’s what I’m saying. I think that we have some data responsibilities in territories, because I am in Region 9 and Region 9 often is working with some of the territories and we have had hearings where we have included the territories.

PARTICIPANT: Guam, Samoa, Micronesia, Marianas.

PARTICIPANT: You want to modify it to say U.S. and territories?

DR. MAYS: Yes. Whatever it is we’re responsible for.

DR. STEAD: What is the appropriate term?

DR. MAYS: It’s U.S. territories, and I don’t know whether we add Commonwealth or not, but it’s U.S. territories and something.

DR. STEAD: So we will make a note and somebody will bring us back the correct language. I don’t sense that anybody is concerned about the concept.

Anything else on the vision?

Mission: Assist and advise the Secretary of HHS — so the Secretary of HHS is our primary customer — on health data, standards, vital and health statistics, privacy, confidentiality and security, national health information policy, and the Department’s strategy to best address these issues. The committee’s recommendation shall also inform decisions about data policy by states, local governments and the private sector.

So the key idea here is that the Secretary is our primary customer, and yet, our recommendations should also be relevant and useful to the other players in the health ecosystem that are necessary for HHS to achieve its mission broadly. Are there questions, suggestions or concerns about it? We have Debra, Roland, Bob and Bruce with tents up.

MS. STRICKLAND: My concern is about the customer. We’ve talked here even in this meeting about other customers, so is this just limiting our work to what HHS asks of us? I mean, it doesn’t. The statement seems limiting. It says our customers, the Secretary of HHS, but it sounds like we’re getting requests from a lot of other areas with hypothetical questions, hypothetical situations that we need to research. It seems it’s boxing us in a little.

DR. STEAD: I will let Rashida and Rebecca try to help add commentary around that,

DR. DORSEY: I would suggest that the committee look to the charter in terms of who your audience is, because the committee does advise the Secretary. There are times when there are others — like OS, Office of the Secretary, the Department — who may find a use for products that the committee is developing, but the primary audience is the Secretary. Even when you’re developing recommendations, they are still to the Secretary.

So I think that this, I would say, is the appropriate scoping and framing based on what your charter is.

MS. HINES: Yes. And I think the second sentence, “shall also inform decision-making about data policy by states, local governments and the private sector…” picks up the charter piece of it.

One thing to be aware of is that — and I have been involved for two years and have seen this — some of the committee’s work is instigated by when the Department has a need. We need a letter on minimum necessary. And some of it is the committee sees a gap or assesses a gap and says, hey, HHS, we have identified a gap. So it’s not like everything is top-down; it’s more of a collaborative process where the committee definitely wants to be responsive to the Department when there is a policy issue or question, and the committee also — because it’s really an independent group of people that can provide unbiased guidance — can say, hey, you’re missing this point.

DR. DORSEY: Right. Just bringing information up to the Secretary that the Secretary needs to know.

MS. HINES: Yes. Like the APCD thing that came up. The Department didn’t ask for us to do that.

This mission, I think, does not exclude that, but wordsmithing, of course, is always a possibility.

DR. STEAD: I personally use as one filter if we are thinking about something on the workgroup and it is not clear to me that it would be actionable to HHS and the Secretary, then it doesn’t rise to priority in my processing. We are most effective when it’s actionable to the Secretary and to other parts of the ecosystem. That’s where we are at our best. But it would not be very useful and it really wouldn’t be aligned with our charter for us to do things that were useful to somebody else and simply were not actionable on HHS. I think none of us would be comfortable with that.

Roland, then Bruce and Bob.

DR. THORPE: I just have a question. Can you clarify what data policy means here? Does it refer back to all of the things, the health data standards, vital, blah, blah? What does data policy really refer to?

DR. STEAD: I think it has to do with data. When we make recommendations to the Secretary, those recommendations are about data or information policy; they are not about reimbursement policy. Or they may be data that you need to deal with reimbursement policy, but we always frame what we’re doing around the data implications.

But it’s broad. It’s data, but that excludes lots of other things HHS does.

MS. HINES: The charter has this phrase which now I know in my sleep — national health information policy. That’s kind of the blanket term.

DR. STEAD: Data and national health information. So, we are data or health or information. We are not IT. There are a number of things we are not, but those three things are quite broad and that’s what we are.

DR. THORPE: So should it be data and information as opposed to just data? I just heard we use two terms. Did I misunderstand?

DR. STEAD: We have national health information policy at the start of the second line. We have all the different aspects in the last half of the first line, first half of the second line. So the question is how much of that would you end up repeating in that second sentence. That’s the question

DR. THORPE: I guess it’s just me, the academician in me. What’s the difference between information and data? We have data here and information there. I’m just trying to be concise and consistent.

DR. STEAD: You want to have data and information?

DR. THORPE: I’m not going to lose sleep over it; I just wanted to know.

DR. STEAD: The question is whether you want to add the word “information.” It works for me.

Okay. Bob?

DR. PHILLIPS: I’m going to tackle both vision and mission because it took me a minute for vision. Vision is supposed to be, in my mind, what you’re supposed to accomplish, what your big goal, so I don’t’ like to have mechanisms in there. So, through “visionary advice” creates a problem for me. So I flipped it to say, “to improve the utility of health information and data policy to the health and wellbeing of people in the U.S. and its territories.” So there’s not a mechanism in there that can be limiting.

In the mission, which to me is how do we do it, there’s a lack of — I think there’s an important role we fill in terms of convening stakeholders to frame issues and explore them in order to advise effectively that I think could be in our mission statement. It doesn’t have to be there but it is the way we do our work.

DR. STEAD: Thoughts? We’ve got about four minutes before the break. Do we want to continue to let people say what they have? We’ll have some time again after the break.

My sense of this conversation is that we want to make changes to bring this up to date, which is good, so we will have to decide to what degree we want to do that as a committee as a whole and to what degree do we want to back off and get written input that we bring back and then revisit this in September. So we don’t have to nail this.

I think maybe we can go around, capture the thoughts and then think about what to do with them after we get them on the table. Vickie?

DR. MAYS: What’s not in here are the things that we are assigned by Congress. Do we have to worry about that? We’re assigned by Congress to do the review of the ACA; we’re assigned by Congress to do HIPAA. And I think we have one more thing.

I am not debating who the customer is in terms of the Secretary, but we should probably put upfront that Congress has asked us to do these things, so should they be in there?

DR. STEAD: We can think about it. Those were things that fell in the cells on the grid when we had the complex version. They fit very cleanly under the objectives. Where they fit, the things Congress wants us to do, is under specific objectives. And it would be fine — and you may be suggesting we do this — that for the things that are legally mandated we actually note them under the appropriate objectives so that it’s clear that our overarching plan reflects them.

DR. MAYS: I just want to make sure. In our charter, then, the things we have to do for Congress do not appear? I was trying to make sure in our mission, if we have a relationship with Congress, then they should be in the mission. We can make it short; I don’t know if we have to say everything. Something like, “and activities as mandated by Congress.”

DR. STEAD: Okay. I get that. You’re advocating that that would be an addition to the mission statement.

DR. MAYS: Yes. It’s again like a customer type thing, but I think it’s important to know that our mission has a relationship to Congress.

DR. STEAD: Got it.

DR. COHEN: It’s just to advise the Secretary of HHS and Congress?

DR. MAYS: A response to initiatives from Congress, or something like that.

DR. STEAD: We’ve got the concept. We’ll figure that out after break. Linda?

MS. KLOSS: Two thoughts. We might be able to handle Vickie’s suggestion by referencing the charter, because the charter evolves and I think it does add impact that this is a mission that follows a formal charter.

Second, I think, in terms of methods, while I agree that we convene I think we are also doing a lot more deliberation on our own, so I would keep methods very broad to give us the maximum flexibility.

DR. STEAD: Okay. We have earned our break. Sorry, Rich?

MR. LANDEN: One other thought for consideration. I haven’t figured out the how. I would like to somehow see us add the term “patient safety” here, not as an explicit objective but as something that kind of underlies how we look at the data ecosystem, particularly as it pertains to cybersecurity but not limited to that.

DR. STEAD: All right. Jacki, do you want to comment from the phone before we take our break?

MS. MONSON: I’m good with all the suggestions that have been made. I don’t have any additional comments.

DR. STEAD: Thank you. Let’s take a break and we will reconvene at 10:15 and we can think through process. As we do that, I am going to also want us to look at the one-pager that basically outlines priorities we would use to select tasks and so forth and criteria for success, because I think, logically, we might want to add that for the one-pager as part of the Strategic Plan if we, in fact, like them, or we’re going to want some process for updating them. Thank you.


DR. STEAD: Given the richness of this discussion, we need to think through the process we want to use to refresh the Strategic Plan. What I would suggest is that — we’ve captured the input we have gotten so far. I would suggest we just walk through the strategies and objectives so I can make sure that the people who didn’t live through the last iteration understand how they hook together, without try to wordsmith them.

My sense is that what we now need to do is, informed by this conversation, maybe Rebecca could capture some changes we agreed to plus some alternatives that have been suggested. We could email that out to people and people could provide comment electronically, and we could get a version through the Executive Committee in advance of the September meeting and maybe bring it back for another short discussion. This isn’t time sensitive. We can, in the conversation as the committee as a whole in September, know if we’re getting close. People would have seen the new version.

In essence, I would suggest that as our process for the next 25 minutes. I would also like to walk through, just so we all know what it is, the extract from the 11th Report to Congress that I thought we might refresh and bring forward so that we would have the vision, mission and objectives, and then we would have what are the criteria we will use to select the projects within the objectives, and how do we believe we will measure success. I think, collectively, that makes a nice compact package if we can get an updated version that we like through this process.

Is it fair to really try to spend the rest of this block together making sure we understand what we’ve got so that we can then do the word suggestions later if we have time?

MS. HINES: I also want to welcome — I know some of you have already started and have some ideas on wording, please send that. I always appreciate having specific language.

DR. STEAD: Strategic Goal One — Strengthen the data and analytic capacity to sustain continuous improvement in health and wellbeing.

Strategic Goal Two — Accelerate the adoption of standards to achieve the purposes of efficiency, privacy, security and interoperability of health data and systems.

Goal Three — Increase access and use of data while ensuring appropriate safeguards.

Goal Four — Recommend long-term strategies in health information policy.

Those were the high-level goals. Then, within them, we, in essence, built objectives that followed a pattern. We needed to assess, we needed to identify opportunities, and we needed to recommend actions — in essence. And the words around what you assess vary, but that was the basic pattern that we migrated to.

Does the basic approach make sense?

DR. ROSS: I am very supportive. I think the goals — you can strengthen capacity, acceleration, adoption of standards, increase access and use, recommend information strategies or policy — to me that all makes sense and I like the parallelism under that. I like this. I have lots of refined words to offer but I think that should be offline. I don’t want to get into wordsmithing. I’m with you.

DR. MAYS: I just want to ask why, in Goal Four, it’s only long-term. I know this is higher level, but sometimes HHS needs us to give them short-term strategies as well. So I’m just not sure.

DR. STEAD: What we’re attempting to do, if you look at Objective 1.3, 2.3 and 3.3, the last objective under each of the first three goals is recommendation of actions to HHS. As we have worked together since November, we’ve been trying to separate our vision statements, which tend to take the nature of reports and tend to be longer-term, from our recommendations which are intended to be shorter-term.

If I remember our discussions a couple of summers ago correctly — and you were part of those — the idea was that the shorter-term things would fall out of One, Two and Three; whereas, what we were really trying to do in Goal Four was always keep a long lens so that we had the right context to make our shorter-term assessments and recommendations. So that was the concept.

Other comments about the basic structure? What is your thought about timing of comments back to you? This is the kind of thing that people do while they are on the airplane home. It will be more helpful than if we ponder it too long, probably.

MS. HINES: You want to say by next Friday, which would be June 30?

DR. STEAD: And this will go through more iterations.

MS. HINES: And, of course, I’ll have to send a note to the folks who aren’t here and let them know what’s going on.

DR. STEAD: Right. And Nick was not part of this.

DR. MAYS: Can we get a Word file, because this is a pdf.

MS. HINES: Sure. That’s a great idea. I’ll send the Word file out with a reminder if you could send your suggestions by June 30.

DR. STEAD: Let’s switch to the one-pager that has the 11th Report to Congress June 2014, pages 44 to 45 and page 52. This was early in my tenure, and Bruce, Linda, Vickie and others that were here before me may have a better recollection of how these evolved. As best I can tell, they evolved during the preparation of the 11th Report to Congress and they were included in that report.

I thought it would be useful if we could have something like this to help guide us. I’ll just give people a chance to look at it.

The first block as framed here was around standards. I think it would probably be useful if we could actually make sure that we generalize this. If people like the idea that we ought to have touchstones — obviously, the goals and objectives become touchstones and maybe that’s all we need. This set of work was done before we did that set of work, and I’m just trying to clean everything up and hook it together.

DR. COHEN: I have a general comment. I like where most of these are going, although, in retrospect, I see missing the population health perspective. The focus seems more on the healthcare industry, clinical and administrative data. So I think these should reflect not only the triple aim but our focus on population and public health more explicitly.

For instance, bullet number 2, be actionable by the Secretary and the healthcare industry, is limiting our perspective.

DR. STEAD: Absolutely. There are two ways — the point is well made, and I think this largely emerged from Standards.

MS. KLOSS: I can tell you the history of this. We had a strategic planning meeting the summer of 2013, and that’s when that whole notion of the convergence of what we were trying to do, coming together, but then Standards took the lead in fleshing out this set. I agree with you; I think it needs to be broadened.

But I think having a checklist that reflects our collective sense of how we make decisions to move things forward would be very helpful.

DR. RIPPEN: When I look at the Strategic Plan layout with the vision, mission and goals and objectives and then I look at the components on this page, the first grouping is more like a checklist, to say that whatever work product we have, does it meet these kind of general criteria so that we can consistently always make sure that we touch on them. Now, we can modify them, but it’s more like is it actionable, that kind of stuff.

The second bucket with regards to the initiatives I would say actually falls into the vision and mission if you think about the overarching principles of health, but they go into more detail. Maybe we can just make sure that it’s clear or maybe have this as a definitional sort of thing, what’s health — I don’t know.

DR. STEAD: I do like your parsing, so I think things like have an identifiable audience — you’re characterizing the first bucket correctly, and I think that would be a very useful checklist for us to agree to.

There’s a piece of me that thinks that any strategy where you don’t have some metrics to follow to see whether you’re making progress is apple pie and motherhood. If you begin to attach some metrics, then we, in essence, have a way to step back every year or two and say is the game changing. NCVHS doesn’t directly change the game. But if we’re working hard and the game doesn’t change, then we need to think about how to better use our efforts.

So I think we might rethink the second block around how would we actually know if we’re making progress toward our objectives.

DR. RIPPEN: Yes, and then we would just have to make sure that they’re correctly framed. And that would not only help us with regards to progress but it could help highlight gaps in what we’re doing.

DR. STEAD: Then let me make another possible process statement. It sounds to me like, with a certain amount of work, we can land this one-pager of vision, mission, goals and objectives pretty easily. It sounds to me like we might land the top block — what are some of the checklists we need to hit — pretty easily. And then it seems to me that figuring out what metrics we can use to follow where we’re making progress is bigger.

So why don’t we try to tackle the first two through email exchange, et cetera, maybe by the September meeting, and then put the NCVHS Metrics of Success in the parking lot for consideration in our development of the Work Plan for 2018 or 2019, or wherever we think we have the bandwidth, that it becomes important.

Would that be a logical way to try to bring to closure and get back where we can use it the things that are pretty easy to agree with while putting the other where we can come back to it at an appropriate time, because we’ve got a lot that we still have to do. Is that a comfortable process approach?

DR. COHEN: Yes, I agree. Rebecca, could you also send us a Word version of this?

DR. STEAD: We’ll send you the Word version of the top block.

DR. MAYS: I am trying to understand, because in talking about the metrics — and I know we’re going to put it off but I just want to make sure I’m understanding it — that’s almost like needing to create another layer of somebody to monitor it, somebody to figure out alternative ways. Sometimes the very act of us holding a hearing causes the industry to change something.

I just think that we have to really think a lot about this because this is resource — in order to do this successfully, it’s going to require resources, and it’s almost like we’re going to have to have staff or someone committed to this.

DR. STEAD: Except we know that’s not going to happen, so I get the concern and I’m glad you raised the question. I think the question we need to ask ourselves is are there touchstones related to one or more of the objectives that could help us know whether the health ecosystem was making progress along the lines our objectives say that would help us, without it turning into — we might recommend that HHS have such a measurement ecosystem for some piece of what it’s doing. If we’re stepping back and saying what are the data we need to assess the health of the population, that would be something that would take a major effort. We can recommend that.

The question is whether there is something that would be more qualitative that would help us know whether we’re having the impact we want or whether we should recast our work. Does that help at all?

DR. MAYS: I’m just going to say be careful what you put out there. Some of us lived through GPRA and other things where, if you put out metrics where you’re supposed to achieve them and you don’t, at least the way in the past it has worked, that’s what gets you shut down. If you don’t hit — you know, the surveys have to live through this. There is a lot of that within HHS. You have to meet a certain metric of 70 percent of this, 80 percent — I remember on this committee we used to have to worry about our recommendations in the sense that if you put too many recommendations forward and they don’t get adopted, then it was an issue to think about.

I’m just saying we have to really think about this and what it means and how much it takes to get this stuff.

DR. STEAD: So, would you advocate that we not even put it in the parking lot, that we just let it go away?

DR. MAYS: As a researcher it’s hard for me to say that, but as a person on the committee I would say let’s just scale it down, that we think about success in a different way. This is very detailed. Either we have to have the staff to do this or — I just worry that we’re putting this at a very high level.

DR. STEAD: One option would be to let this live in the 11th Report and go away. Another option would be to have in the parking lot that the committee should figure out how it’s going to assess its success. So we can ignore it or we can have something that’s general that isn’t tied to this. What would you prefer?

DR. MAYS: I would say maybe the success of HHS in taking our advice, not — We are advisory. If you’re advisory it means the person can totally ignore you, and it shouldn’t be counted against you that you have been ignored because something in their direction may have changed from the time we stored it. So I think it’s more about HHS being evaluated rather than us.

DR. STEAD: This conversation leaves me suggesting that we not try to put it in the parking lot now. We’ve got enough else to do. I get the sense we have answered the question. As I read through all the previous reports I was just trying to see which things should we bring forward and I’m hearing this is one we should not bring forward.

DR. RIPPEN: And again, we can interpret all these things in different ways, but some of them are kind of in the first bucket — is it focused on improving patient quality. So, it’s when we have hearings that we actually include those in the discussions to make sure that the recommendations are intended to. Again, it goes back to framework.

DR. STEAD: From my perch, this is a very helpful discussion. We will broaden and tighten up the first checklist and we will let the objectives be their own statement of what we’re trying to achieve, and we will periodically think about whether we’re achieving them but we will not try to identify success criteria. I see lots of shaking heads and I can’t tell whether that evil eye I’m getting from Dave is a shaking head or —


MS. KLOSS: I have a different view of this. I think that it is incumbent on us to have some discussion about our success, even if the criteria that come out of it are more about the effectiveness of our process or are we spending our time on the right things. I just don’t think it’s reasonable in this day and age not to be doing some self-reflection.

So I would put it in the parking lot and not commit to starting with this list as a starting point, but I think it would be a very productive discussion for us to have so we’re all on the same page, just like having put this strategic plan together. I think it’s part of it.

MS. MONSON: I agree with Linda’s comments relating to the measures. I think it’s important to have some measurable action. It doesn’t have to be complicated. I don’t think it has to be as complicated as this list. I think if you match the strategy to the work plan to the recommendations, and each time that we create a work plan, each time we work on recommendations, if we had the opportunity to determine what the metric is related to that, that is sufficient to actually provide a metric.

I guess, based on what I’m hearing, we’re kind of over-complicating it, and in a simple way we can come up with metrics that measure our success. I would agree with Linda that it should be a parking lot issue.

DR. STEAD: Thank you, Jacki. Rich.

MR. LANDEN: My thinking is along the lines of what Linda and Jacki were saying, and my observation is that in the two years I have been on the group now, we do this implicitly. We are doing it now. We may not call it out as such, but when we look to do our work plan we’re always looking back informally at what we have done in the past, so, if we want to organize a bit better and just explicitly include it in the process, I think that would meet the objectives.

PARTICIPANT: I support that. I was just where Linda was with this.

DR. STEAD: Then I think we reached a conclusion. This is very helpful and we will proceed working on the two pieces that we think are reasonably landable.

DR. THORPE: Bill, before we start I just want to get some clarity. Can you just clarify what is the conclusion? Is this on the parking lot and not a priority, off the table? I just want to be clear because you just said we have come to a conclusion.

MS. HINES: Roland, I am about to send an email. We definitely want your input on that. In terms of the other document, we want your input on the top part. The bottom part we will probably not use the specifics, but we’ll put the concept on the parking lot.

DR. THORPE: That’s what I was looking for, thank you.

DR. STEAD: And the concept simply will be self-reflection.

Welcome, Charlie.

Agenda Item: NCHS Update from the Director

MR. ROTHWELL: Thank you all for inviting me here. First of all, I usually start off when I talk with you all to give you thanks. It’s very important for government to hear from those who are not in government to guide us in our actions, and we appreciate you giving your time to us.

I was interested in the conversation that was going on relative to CMS, and that’s a good example. We do many things in government where we think we’re doing the right thing and it might, in fact, be the right thing for our agency internally, but it can have impacts elsewhere. That is why we need advisory committees to wake us up and shake us up and say did you think of this and did you think of that. So I think that was a really good example of an appropriate action by an advisory committee. Of course, it’s easy for me to say because I am not in the CMS —


But I think it’s very appropriate and you all have given NCHS similar guidance over the years.

What I’m going to do is go over some activities that are going on in NCHS and then I’m going to go over some budget issues and I’m going to go over some staffing issues. I am then going to talk about new things and where I see the future going, and then I’ll invite any questions that you might have.

First of all, I think the last time I talked with you — and then I talked with some of you individually or with groups that you represented — we were going to and we still are going to be redesigning the National Health Interview Survey. That’s the survey that we do with 35,000 households a year, doing two, both about adult and child, so it’s about 70,000 people that we do a year, using about 1,000 Census interviewers going into people’s houses and taking up about an hour and a half or more of their time and getting over a 70 percent response rate doing so.

We need to redesign the HIS. It has grown. All flowers wanted to be bloomed and we needed to cull them down to the appropriate flowers that really make a difference and reduce it down by about 30 percent. I think we have done that. Unfortunately, in order to meet the concerns around this table and many other tables in looking at how we can reduce questions and refocus the survey, it meant that we could not institute the redesign in January 2018.

That being said, I’m trying to see a positive in this whole thing. We will be doing the redesign in January of 2019, but as I may have told you — I know I told you the last time — we were just going to have to go cold turkey into the new redesign of HIS. We weren’t going to be able to test it. We have tested the questions but we hadn’t tested the entire instrument because we didn’t have the money to do so. That is something I’m going to be talking to you about at the end in general.

This time it looks like we might be able to, within the last quarter or maybe last two months, really do a dual sample. We might not be able to say as much in the last quarter of the year but we will at least be able to look at differences that might be coming up that we really had not thought about. So I think that’s going to be a positive thing.

So far, our response rates are no worse than they have been before, so I think we can survive another year with a longer survey, but I’m hopeful that the redesign will make us much more efficient and we can get in and out of people’s houses within an hour — unless they’re older folks like me who have a variety of conditions that takes a longer time for an interview.

On the Vitals end, you have already heard over the last several months about Vitals from Delton Atkinson and others, and I am very pleased with what’s going on. I think the thing I’m most pleased with is that I went to the state annual meeting a few weeks ago and I didn’t know many people there anymore. They were young; they were vigorous and they wanted to do new things and they wanted to do things better. And I think that’s really exceedingly important for us in the future on Vitals because we’re really talking about new systems and new ways of doing things.

We’re seeing things like, for example, in one state, they’re providing an electronic death registration system on a cell phone so that a physician can enter in the information right on the cell phone, and, in fact, it interacts with their electronic health record and interacts with all their other information so they don’t really have to enter in a lot of information in order to get down to what they have to enter on the death certificate. And then, there are help screens that allow them, if they have questions, to interact with NCHS systems, by the way, to really put the appropriate information in there. There are other states that are linking their electronic health records with the vital records. We need to marry them in the future.

These are things that the state staff are not running away from; they are running toward, and that’s a huge difference and I think it’s going to mean that we are going to be providing even faster data to the states, to the communities and to the nation. I am really excited about that.

We are now doing quarterly reports six months after the event that is taking place at the national end. That’s quicker than most states actually provide their own information, and we provide this back to the states. If it wasn’t for the states we wouldn’t be in business in this, so it’s really a dual activity. It’s one that has worked and it shows that you can have cooperative agreements and you can work cooperatively at a variety of levels of government.

I have heard over and over again that when you get more government agencies involved things don’t work. That is not the case. I think when you get more government agencies involved who want to work together you’re going to get solutions that will make a difference.

Our healthcare program and getting information from physicians and hospitals — we are really on the cusp — I keep saying the cusp and I wish we were closer to really achieving it and I’ll get to this in looking at future issues. But electronic health records is right now our bane and our future in that we’re looking to go from surveys of tens of thousands of records to tens of millions, if not more, with a lot of detail in them that will allow us to do things that we never ever thought we could do.

The issue, of course, as I think I have mentioned to you in the past, is how do you standardize this enough within certain types of information that we need that doesn’t do harm to the physicians and hospitals and the vendors themselves who are providing these electronic records but that allow us to say something nationally and at a community level that really would be useful. But this is going to be our future — if not NCHS’s future, the future of some other agency, and I’ll talk about that a little bit later.

NHANES, our gold standard. This is the survey, for those of you who don’t know, that we have about a 5,000-person sample that we do each year. We have trailers that are connected together and automated. We use Westat to do the data collection. If you want to see standardization on how to do measurement, go and see one of our mobile examination centers. We have three large trailers that we put together; sometimes we put four. For example, when we did the youth fitness thing we put a fourth trailer in. It’s really something to see.

If you’re looking at growth charts, if you’re looking at hypertension rates in the United States, or obesity, any of those things, we are the gold standard. Yet, there are terrific problems with response rates. Terrific problems, and we’re struggling with that. If we can’t resolve that, I am very much concerned about our future with NHANES. Even though it’s our gold standard, we are on a downward slope on response rates that we need to turn around or we really can’t say something nationally. We can do only so much as far as from a methodological perspective, but when you start getting response rates in the 60 percent and upper 50 percent range, then you have a problem.

It’s not because people don’t want to have an exam. After all, we’re going in — just like HIS, not quite as long — but we’re going into somebody’s house for maybe an hour or 45 minutes to take similar information, but also poking and prodding them in all their crevices that they don’t want to be poked and prodded in during an examination, and that can take four hours or more in a mobile examination center. So we’re losing staff, we’re losing response rates right at the beginning. Once we get people and interview them they take the exam, so we need to be able to somehow motivate them. But that’s a real issue for us.

Okay, budget. The President’s budget had some significant cuts. You have all read the newspaper on the domestic side, and we really don’t know what Congress is going to do with those cuts. At this point, the Centers for Disease Control I think has somewhere between a 17 and 18 percent cut. NIH I think, has a 20 percent cut even though they got a bump up. EPA, Interior, you name it, there are some significant cuts.

NCHS received a cut. Well, our appropriated budget is about $155 million and we receive non-appropriated dollars from NIH and CDC and FDA and others who are doing business with us of around $40 million. So you put that together and we have a good sized budget.

Our appropriated dollars, at least in the President’s budget, were cut $5 million. I never thought I would like to lose $5 million, but I’m very, very thankful. CDC could have asked us to lose 20 percent of our budget or more and they didn’t. So, of our appropriated dollars, it’s around 3 percent or so. I think that speaks well of us and I’m greatly appreciative of it.

That being said, in our budget we have no money to do anything new. We have a budget to maintain our data collection systems. No NCHS staff are in the field other than monitoring what’s going on, so we contract either with states, with the Census or private concerns like Westat to do our data collection, so that’s one pot of money. The other pot of money is personnel.

What I’m concerned about is, obviously, meeting the $5 million deficit because we basically, except for one bump up on a specific issue that lasted a year, have been flat-funded for the last six years or so, and costs have gone up. So I am more concerned about if, in fact, NIH gets the 20 percent cut and if CDC really gets the 17 percent cut and others receive their cuts in the President’s budget. If that were to take place, and they are the ones that are providing us the other $40 million of doing work, I would think if I were them I would be giving it to home before I gave away to others. So, we might have a problem.

So, what are we doing to protect us? We are not hiring. CDC is in a freeze, and NCHS will be in a freeze even if CDC comes out of it, and I expect us not to be hiring unless it’s a super-critical position at least through the fiscal year if not the calendar year. Right now, we are 15 percent under our FTE ceiling level. We are down 77 positions, and I expect us, by the end of the calendar year, to be down almost 90 positions from a ceiling of 530.

But we are going to do okay. We are going to do just fine. Our staff are not wild about this, but we’ve got a job to do and we are going to deliver.

But from a leadership perspective, we are having a significant turnover. Marcie Cynamon, the Director of the Health Interview Survey, will be retiring within the next month and a half. Marcie has been with us for 36, 38 years. A great leader. Clarice Brown has already left, who headed up our healthcare surveys. Nat Shanker, who was my deputy and then was also the head of Research and Methodology, has retired. Delton Atkinson who heads up Vital Statistics at NCHS will be retiring at the end of the year. These people are second-generation NCHSers, and we are going to miss them. I am going to miss them. But we have strong people underneath, and I feel very good about where we are going to be in the future. It is just going to be a little tough for a while.

And we will be looking for a few good people to come into NCHS when, in fact, we can hire. But I also have some very good people in the center that I can move up into these roles, and I will when I’m allowed to detail them in, so don’t worry about it. But I think at some point in time we are going to have to either hire or look at other ways of doing business.

And we have had some deaths in the family. Some of you may not know her, but I was pleased to have known her for a number of years — Dorothy Rice was the head of NCHS for a number of years, a great health economist who made a difference. She talked to me just a month and a half before her death. You don’t realize that NCHSers never die, or at least they do die but they don’t go away. And Monroe Sirken, who headed up our research methods, died recently, and Monroe would contact me all the time. Monroe retired at age 90, by the way, so he holds the record. As a matter of fact, I think he was the oldest HHS person for many, many years.

NCHS has a lot of good, solid folks underneath and we’re going to be just fine, and I’m really looking forward to seeing the next set of hires that we do that will re-energize us.

The future. There is going to be a response or set of recommendations that will come out of the Commission on Evidence-Based Policymaking that will be coming out in September. I think you all need to be looking at this very closely. I think it will have a lot of impact on maybe what you’re going to be looking at and what NCHS and other statistical agencies and other agencies are doing who have large administrative systems that could be turned into statistics in the future. At least I’m hopeful of that.

The other is, during a time of transition like this in any administration, there is always a chance for doing new things and building new bridges. This is probably, in my view, one of the more interesting transitions, and I’m not talking about politically. I’m talking about as just an interesting process, and I think it’s one that gives opportunities for you to redefine what it is that you’re about and provide us guidance during these periods of stress when people are looking at how we are going to reimagine what this department is about and how we’re going to try to use the money that we have most appropriately. And that is something that I think you all need to be concerned about.

There is something called the Data Council that is an internal organization sponsored by HHS to look internally at trying to harmonize and focus our data holdings within HHS. I think there’s an opportunity when we’re really trying to re-invigorate that council and aim it towards whatever happens in the reimagining of our department. And when we looked at some of the outcomes of the first conversations that were taking place on the reimaging of the Department, the one thing that came out more than anything else was data, not people. It was amazing.

I really think that this is an opportunity for you all and the Data Council and individual agencies that are basically data-based to really look at how we do business in the future. I have no idea how this is going to turn out, I really don’t, but we had better be ready. I think it is possibly a great opportunity for us.

We need to change the way we’re doing business. Technology is going to drive us, and that’s my concern. NCHS is no different than the Bureau of Labor Statistics or some of the other major statistical agencies and some of the data agencies. We have the funding to do what we want to do now and what we can do now. What we don’t have is the ability to look to the future and make changes. After all, we were going to completely redesign the largest health interview survey that takes place in government and we were going to do it, bingo, without even testing it. That’s because we didn’t have the money to do it another way.

We really need to, upfront, look at how we can consolidate and standardize the information that we’re going to get from electronic health records and take advantage of that now. Think of it — if we had that now relative to opioid overdoses — It’s not just about the deaths. It’s about those emergency room visits. It’s about visits in hospitals and physicians’ offices that we would be able to capture and say something about.

By the way, we have gotten terrific support over the years from ONC on this, and I think with the Meaningful Use and all the effort that they have put in to create not just the idea but put in place that electronic health records really can make a difference, I think we are really close to that and we need to really look at that as a future for us. But there needs to be money that allows us to make those changes.

On e-vitals, states need to go to the next type of system that allows them to really inter-relate with the electronic health records within their community that they are dealing with. And they need to be able to quickly provide that information to us so that we can quickly go back to them if there are issues of quality, because one of the major concerns that has always been in vitals is how good is this information. Really, how good is it?

Then, what if we were able to link up the electronic health information of a decedent with the decedent’s cause of death, and do it right now? That is where we’re going to be. I need to have the staff to be able to look forward in that. Other agencies need to have the staff that break away from the existing way we have done business and look at these new avenues, and we have to have the funding to allow us to do that, or let us go our own way. Let NCHS do it the way it has always done and have another agency look to the future, and as our response rates go down and as we become less and less responsive, you just do away with us and go with another agency. But, somehow, we need to look at the future.

With that, I will stand down.

DR. STEAD: Thank you very much for your service and your passion about the opportunity, because collectively we have got to figure it out. Bruce and Dave.

DR. COHEN: Good to see you, Charlie. Dorothy was my first boss. She hired me in 1987. There will be, in the next month’s Journal of Public Health Management and Practice, a really wonderful piece about her incredible, illustrious career and the impact she has had on public health in our country.

I have one specific question and one general question. The specific question has to do with, obviously, a data issue. NCHS has always been the engine behind Healthy People. I was wondering about your perspective on what’s going on with Healthy People and where you see that going in the future. Part of the question has to do with the measurement framework that we developed here and is getting a lot of currency outside of government, and we would like to see it be more actively used within HHS. That’s my specific question.

My general question is are there any particular areas that you feel we can help be more supportive of with respect to NCHS’s future.

MR. ROTHWELL: On the first, I have been very vocal on this. I think Healthy People is a great concept, and I think it is good to have objectives that can be tracked. I think it’s good to have solid data behind it that can be tracked and be held accountable for.

I would think, if I was — fortunately, I am not — the Secretary of this department and someone gave me 1200 objectives that I was supposed to be responsible for, I would be very concerned. If that is focused thought, we’re in trouble.

I think that is one of the things that — There’s a group that’s meeting on the 2030 objectives and looking at how we can better focus what it is that the Department really wants to see from a Healthy People perspective. And maybe what’s more appropriate at the NIH level, the CDC level, at the HRSA level — there are objectives and there can be sub-objectives, and I really think that we need to be much more focused.

As you know, NCHS supports the Healthy People from a data perspective, and you would think that a data monger like me would be trying to get more data and more objectives, and I think that is exactly the wrong thing to do. I think the objectives should be where the responsibilities lie, and for some of those objectives the responsibilities lie clearly in HRSA, or clearly in CDC, or clearly in one of the institutes at NIH. And they should take those.

For those that really require coordination or really the focus for the Department itself, those I think should be the Healthy People broad objectives for the Department. But that’s me thinking. You can take that with less than a grain of salt.

As far as helping NCHS in the future, I think you need to take us on. Just as all the new areas that I was talking about, you should be asking us why aren’t we using new technologies. Why aren’t we looking at electronic health records? Why aren’t we doing more linking with other datasets? Why aren’t we doing business with other agencies besides HHS? The issue of health is not necessarily the issue. Opioid overdose is a health outcome. Is it really a health issue? I think it’s a much broader societal issue, I would say.

So we need to have more than just health surveys to look at. We need to be able to link to other activities. By the way, if you do away with the Social Security number, that will be one issue with data linkaging that you might want to think about.

I really think you can help us by making sure that we are not comfortable in our skin. I think there’s going to be great change in the next five years, and it has nothing to do with this administration; it has to do with the way technology is going. Health has finally caught up with IT, or vice versa, and we had better be able to figure out how to use it appropriately nationally.

DR. STEAD: Thank you for the conversation and comments, but I think we need to try to stay on task. We want to stop and welcome John Graham. We really appreciate your being able to join us.

DR. GRAHAM: Thank you very much, sir, it’s a real pleasure to be here. Thanks to Rashida Dorsey, who is on my staff, for her great staff work. I recognize three of my colleagues here. I’m sorry I couldn’t spend more time with you all. I am really glad that Dr. Rucker has taken the time to join us, and I’m looking forward to his remarks. Thanks very much.

DR. STEAD: With that introduction, Don, we will let you take the stage. Thank you for joining us.

Agenda Item: ONC Discussion

DR. RUCKER: Thank you very much. As the Agenda says, I am Don Rucker, the new National Coordinator. Since folks may not know my background, let me just say a word or two about that just to frame sort of who is this guy and expose at least some of the thought, and then we’ll get into what we see and what the Secretary sees as the priorities. So, just a very brief background in terms of my interest in medical data and then really talk about ONC’s priorities, and I think we have plenty of time for questions and discussion and interaction.

I got interested in health data through John Eisenberg back at Penn as a med student. Those of you who know the late great John Eisenberg, an absolutely magnetic personality, he got me interested in decision trees and decision analysis. As with many other folks, probably some of you here in the room, I did a residency at UCSD and realized that a lot of it that was missing was data. The decisions were not the hard part but just actually getting data. This was an era when medical records were densely paper. And I know other folks at that time, like Dr. Stead, were already working on making EMRs elsewhere, but the Duke experience was not what we had UCSD.

I then was a grad student at Stanford with Ted Shortliff and involved in role-based expert systems, sort of the medical computing, AI, NLM fellow in what was eventually called medical informatics. I went and joined a very small company and we built the first Windows EMR, Windows 2.1, and then was at Shared Medical/Siemens for 13 years as Chief Medical Officer involved in rolling out computerized physician order entry, and have done some interesting things at Ohio State Premise Health since.

All that to say I am deeply appreciative of the role of data and the difficulty in getting data and the difficulty of analyzing data and what the meaning is in data. I think a large part of what we hope to do at ONC is really about freeing up data.

The two priorities that are coming up — and maybe a little bit of history. With the rollout and happening of the Meaningful Use Program, now, almost every U.S. hospital has inpatient electronic records, and probably 80 percent of outpatient practices have electronic records. So a lot has been accomplished in that era at some cost.

The two probably big residual issues from ONC’s point of view and the Secretary’s point of view are the massive and widespread complaints about the usability of electronic medical records. You cannot scratch any clinician without sort of hearing about this. Some of this is around the cost of structured data. There are many reasons for that.

And the second one is the thought why aren’t these things interoperable. I think part of the hope and the dream and the promise of Meaningful Use was that this would all communicate. There was a lot of work done on standards but there is more work to be done there.

So those are the two broad, overarching priorities of ONC. Our legislative mandate on a go-forward basis, the two big documents — and John White, who is the Deputy National Coordinator in the back there, can correct me if I’m missing something — are really the MIPS macro-provisions, you know, advancing clinical information, the ACI, and working with CMS on a number of projects there. And probably the largest one for this group’s interest is the 21st Century Cures Act, and we will talk more about that as well.

As we look at these two challenges, I think it’s worth reflecting back on what makes usability hard and what makes interoperability hard, because I think understanding it is part of how you actually get to the solution. I think in usability — somebody has been designing EMRs and listening to complaints about EMRs for many decades, and I think this is where this group can sort of help and potentially lead the way.

There are two subtle challenges I would just throw out for our collective thought. One is when you ask clinicians, especially docs, what they want in an EMR, they invariably give you fairly unhelpful answers, has been my observation. It’s very interesting. Most docs and clinicians think of themselves as logicians, so they give you answers on screen design that are based on the implicit assumption that they’re logic machines, sort of the Sherlock Holmes type of thing.

The reality is that all humans are really pattern recognizers, and if we designed EMR screens in terms of data capture and data use on pattern recognition, I think we would be ahead of the game. We have not done that. If you look at some of the leading products, they’re busy collages of buttons where you can’t get a mental model of what’s going on. So I think this group can help there.

The second very subtle but important bias that I think affects us in getting healthcare data and to usability is what developers, software developers, are told. It’s hard to get the information out of the clinicians. By the way, the interesting thing about the clinicians is that within five minutes of actually using the system they’re in 100 percent agreement that this works or that doesn’t work. That’s the bizarre thing. Before, they can’t tell you, but within minutes everybody — oh, yeah, that part works, that doesn’t work. And that agreement is amazingly homogeneous. Fascinating.

The second thing out there that we as a group should consider working on is what programmers are taught. You go to computer science grad school. We were all taught to reuse code libraries. That’s a standard thing. You get demerits if you’re not reusing code, if you’re just writing some spaghetti code on your own as opposed to why didn’t you use this code library. For any of the folks who look at some of the modern open-source computer frameworks — for example, all of the animal books with oreilley.com type of thing — it’s all about libraries and reuse.

The problem is all of these libraries were designed for people who are desk-bound. They weren’t designed for people who are heavily interrupted, who are interrupted dozens of times every hour. They are designed for people who maybe have some phone calls or are sitting at a desk. So, fundamentally, the programming tools that we throw out there to build these EMRs, there’s something funny about that. Why the market hasn’t appreciated this I don’t know. It’s an interesting question. But as we collectively think about data, it’s worth understanding the biases on the tools are very profound.

Interoperability, what are the challenges? Everybody knows this. You have had many meetings on this. It’s a stack. It’s things from the vocabularies and the technical things and the semantic, the various business models, and then the multiplicity of workflows that are often not understood. One of the things I have personally been interested in is the role in healthcare of telephone calls. Not much understood.

I was able to write a software stack when I was at Ohio State to look at that institution’s phone calls. That institution had 130,000 phone calls a day, and roughly 10 percent of the FTE time at the Institution was spent on the phone in a variety of tasks. I have no idea what the phone calls were about, but I would throw out to you in looking at these that one-half of then were under 60 seconds, and those averaged about 30 seconds. Thirty seconds is enough time to say hello, who you are and exchange one fact. So, as we design these systems for data, we should also think about automation and coordination and workflow.

So, what are ONC’s missions? The Cures Act actually is pretty explicit in some ways and not that explicit in others. There are three big things at least from our reading of the Cures Act. One is the legislative requirement that there shall be interoperability. So, okay. That’s out there. The second one is there shall not be information-blocking. Again, how does one define that? And the third thing, which I think is very interesting, is there shall be open APIs, application programming interfaces.

Those are the three big legislative mandates in, I believe it’s Title 4, sort of the more IT part. There’s a lot of other stuff in the Cures Act. Those are really the priorities of ONC in going forward. That’s what is in the presidential budget; that’s what we’re aligning ourselves to do. That is where I think the country will get a benefit.

I think there are a couple different ways of looking at that when you look at this broader question of interoperability. There’s looking at interoperability from the point of view of the patient. Can patients actually get their information? It’s a HIPAA-mandated right that if your provider has an electronic medical record you can get your CCTA and process that. I invite all of you to ask for it and get that information. I know you can get it at Vanderbilt.

But the real goal here — and the President has outlined this in many ways — is for patients to be able to shop; for us to get out of the business of having us decide what’s good for patients and getting patients to decide what’s good for patients. So, true ability to be economic consumers.

The second big issue with interoperability is to make it efficient for providers to find medical records, to minimize transaction costs. In large institutions, if you’re doing a referral business, there are still many massive faxes. I know some of the IT folks where I have worked would get a 200-page inbound referral fax from somebody out in the community referring into a tertiary care medical center. That inbound fax would jam up the all-in-one laser printer enterprise, and then IT, the folks in that clinical area — my printer isn’t working; I can’t print out my stuff. And IT would have to physically dispatch somebody to put in more paper or do something. So these things are still very real.

The third constituency here is really the broader entrepreneurial community. Can we do new things in healthcare? If we look at interoperability, how do we look at that? I think the way one can look at that are some very broad use cases. The first use case is just the individual. Can I get my medical record type of thing, right? Can I move my medical record electronically? Personal empowerment.

The second is an institutional accountability, and a lot of the vendors are sort of moving to that individual stuff. But when you look technically, can any of the new startup companies that are doing healthcare IT analysis, federal agencies that want to look at things in bulk, the various payer entities, the Optums of the world — there are dozens of these companies starting up — do we have interoperability for batch transfer of data and accountability of institutions to the services they provide? That is very hard to provision when it’s one record at a time and mother may I on individual records. Certainly, from a research point of view, I think we sort of understand that.

The third part of interoperability — and this is where the open APIs come in — is can new entrepreneurs come in and do new modes of business. There’s a lot of money in Silicon Valley and the venture community chasing new modes of doing business, but it’s very hard because of the huge policy constraints. It’s hard to get something paid for if it doesn’t have a CPT code, and that’s sort of an information challenge in and of itself. Well, if it doesn’t have a CPT code it can’t exist. It’s sort of cogito ergo sum or something from the 1700s.

So those are some of the things from an interoperability point of view that we’re looking at. We’re working with other folks. John, we’ve had discussion on this. And CMS. I know these are priorities for the Secretary.

On usability, obviously, we have to look internally and reflect on any of the rules and regs with ONC. I think anybody who has been in the clinical world knows that the Level 4 and Level 5 E&M codes have made our medical charts a wasteland of non-information. One of the vendors that has business within and without the United States says American charts have four times as many characters as the rest of the world — and I don’t believe that’s because Americans are sicker — by four than the rest of the world, though I guess maybe we try. But actually, the rest of the world has the same metabolic syndrome, same kind of issues. It’s really global.

So I think there is a huge interest in CMS working on this. This is a priority for many parts of CMS as well to do this, so these are administration priorities. We are working on that in terms of usability.

I would just conclude these are extraordinary, exciting times when you look at Moore’s Law, growth in computer science, when you look at the new computing paradigms, when you look at the incredible new business models that are out there in other parts of healthcare. I’m jealous. I would, as a clinician, as a patient, I would like to benefit from some of those things and I think that’s our collective opportunity.

At any rate, that’s what we are hoping to do at ONC across the street, and I think we have time for questions.

DR. STEAD: First, thank you very much for both your decision to say yes to the offer to take this position and for your taking the time to come and begin a conversation with us.

We would like to know how we can best be of assistance to you and to the new ONC FACA as it comes together, and I recognize it’s moving parts. Our primary focus is health, not just healthcare, and really around data and information policy, so that’s the lens we tend to bring to the intersection of that and healthcare IT.

We have the track record of being able to take both a long-term view and to provide a short-term recommendation informed by that long-term view. We tend to go up and down. Your thoughts about how we can best work with you — and the FACAs team — would be I think extraordinarily helpful to us.

DR. RUCKER: I think we were talking about the HITAC, so this is — Under the 21st Century Cures Act, one of the provisions is to merge what were before the standards and policy advisory FACAs into one group, sort of the technology advisory committee. Just thinking about it, one of the things we can do is actually somehow figure out a joint meeting. I think it would be a very powerful and straightforward way of doing things to start.

I think it will be very helpful to have the long-term perspective that the Center has which, obviously, is innately long term. What I do not know — other than one or two or three people who have been announced, we’re waiting — This is not done by the executive branch, the staffing of this; this is done by the legislative branch of the GAO. We have met with them just to sort of outline some of the things that we would like to see.

Simply, what we would like to see — at least some of the members — is demonstrated success and hooking up real world, complex systems with real transmission of data. I think everybody quote, unquote, “believes in interoperability” but, obviously, the fact that we’re still talking about it decades after we started talking about it — there’s something innately hard about it. I would like our national options to be formed by people who have actually done it. It’s one thing to say you are for it; it’s another thing to have actually done the heavy lifting and gotten the bits and bytes to move in some environments. And there are a number of people who have done it.

So we have put out, just for the GAO, some thoughts on some ways to sort of evaluate whether we can get at least some of the folks on this who have done it. There are some calls for technical excellence. There are a number of other criteria for selection. There is not an explicit time line; it’s supposed to be something like six months, if memory serves me. I believe that is the rough time line of GAO, but I don’t have dates or any further specifics on who will be on the committee.

I think once we have that, we will work — As you may or may not know, the 21st Century Cures Act actually has an explicit listing from Congress that goes on for a page on rank order priorities for HITAC, so it’s not just a general consideration of things. They are explicitly ordered. I haven’t memorized the list but when the committee comes we’ll make sure everybody has that. You can look at that under the HITAC provision and see what they’re charged with. But clearly, I believe we’re going to have folks who share these goals and we will figure out ways to work together and incorporate the learning. There is nothing worse than re-work.

DR. STEAD: Thank you, Rich.

MR. LANDEN: Welcome, and congratulations on your appointment. You have got your job cut out for you. I appreciate the very concise way in which you described and were able to enumerate the priorities of the National Coordinator. Good luck. We are here to be as helpful as we can.

I guess the first thing I would like to ask about is I haven’t heard the issue of patient safety among what you talked about and I assume it underlies everything, but can you tell us a little bit more about what you’re looking at as patient safety? We have talked about that in association with a couple of our data activities over the last day or so, and I would like to make sure we’re thinking along the same lines.

DR. RUCKER: Yes. Obviously, patient safety is an extraordinarily complex issue. I think like many, if not most, people in this room, I have sort of been informed — as I think we all likely have over the last 20 or 30 years — about the aviation experience in looking at safety and looking at it as a systems issue rather than as sort of individual bad actors type of thing.

When you look at it from a regulatory point of view it’s a very complex environment, and we probably don’t have enough time to get into the whole learned expert, learned intermediary, FDA. As probably everybody knows, there have been discussions about the regulatory aspect of this for decades.

I would point out my personal belief that true safety in these systems comes from great software architecture that allows errors and experimentation and things to happen efficiently, and for people to design these systems with maximal plasticity. That is, I think, where true safety comes in.

The world is very complex in healthcare and you are going to need changes, and my experience of decades on the vendor side is, with good, bad and indifferent architectures, that the people who have good architectures can really rise to the occasion, make changes, make changes that don’t have loose ends and gotcha’s. And the people who are doing what, in computer science class, is called spaghetti code, often that’s where a lot of these sort of errors occur. That’s where a lot of the screen confusion comes, the cognitive overload. And usability, which I see as the yin and yang of safety — I don’t see those things as uncoupled — comes from elegance of design and thought and architecture.

We have a challenge — The more rules and little things we add on as government-mandated tasks — and I think a lot of that has happened in IT — the more cluttered these architectures become. It’s sort of a classic case of micro-optimization. We have a policy where we think, oh, this helps that, but it’s like adding more weight to the airplane. The life raft in the airplane may be good, but ultimately, they’re adding weight to the air frame, and I think that’s an empiric thing, what the true safety net is on that.

So I look at safety — to answer your question — as a systems issue. I think we want to do what we can from a market competition, from any other way, to ensure software architectures that are plastic. This is a very interesting discussion in Silicon Valley now. If you look at all of the open-source things, there’s a real new way of thinking about these architectures. That’s where I believe true safety and true usability comes in.

I’m happy to take it offline if you want to have some more discussion on it.

MR. LANDEN: No, thank you. Just one quick follow-up. You touched on the cybersecurity and the usability, and the only thing that I would call out to you is the importance that patient identity as a prerequisite to interoperability also has a key role with patient safety. Thank you.


MS. KLOSS: Thank you, Dr. Rucker. Nice to see you, and thanks for spending time with us.

One of our charges is to advance recommendations relating to HIPAA including privacy and security and its implementation. We have worked to coordinate with the Chief Privacy Officer at ONC over the years, and I’m just wondering what your vision is for how that role of the Chief Privacy Officer and the security function will fit with the two priorities you have for interoperability and usability, if you are far enough along in your thinking about what the priorities will be there.

DR. RUCKER: To be honest with you, I’m still learning some of it, the prior policies. I know ONC has in some things, with challenges on informed consent and privacy and sort of that app world. It is a work in progress. I have had discussions with Office of Civil Rights, early discussion on what things we can do.

I think, collectively, there is vast confusion about HIPAA out in the world. Those of us who have spent a lot of time in clinical committee meetings know HIPAA is used as a blanket excuse not to do stuff. The devil made me do it. No, it wasn’t the devil this time; it was HIPAA. So I think we have an information burden.

I think a lot of work has been done to try to lift that information burden; I don’t think we have totally lifted it. There was a lot of HIPAA education and there probably needs to be a lot of HIPAA re-education.

MS. KLOSS: Always.

DR. RUCKER: I think, collectively, we have to think out of the box. HIPAA is not doing what it intends. The stuff is not portable; it is not affordable. It has sort of harmed its nominal mission, I believe, over the 20 years now that the act has been out.

I think it may be time, as part of the broader re-thinking that we’re doing about healthcare and information, to rethink whether there’s a way to reframe that. And it may be to just get the word HIPAA off the table and force a re-think of this. That’s just Don Rucker; that is not an official suggestion or policy — let me put a disclaimer in there.


I am just going to say I think the law of unintended consequences has with HIPAA, and I think collectively the country needs to rethink it.

MS. KLOSS: We have just worked hard through liaisons and through serving on some of ONC’s tiger teams and others to stay on the same page and move forward but coordinate our work, because there is a lot to be done there.

DR. RUCKER: Ideally, if you really think about it, computers can actually help privacy. That’s not the way they are looked at, and we obviously know every second we spend on the Internet is being streamed live to 100 re-marketers. But computers do ultimately; they are just rocks, and they are absolutely binary machines — at least the ones we have clinically. There is, ultimately, accountability for a lot of this. I think you see that in a lot of delivery systems where people sort of snooped around more in their neighbor’s business kind of thing. I think now there’s a lot less of that because of some of the technology. I know some of the folks at Vanderbilt have been leading the way in that kind of research.

I am guardedly optimistic about increasing privacy.

MS. KLOSS: At any rate, that is an area for specific coordination.

DR. RIPPEN: In the context of a connected world and interoperability and all of the wonderful opportunities, my bias is that healthcare and health informatics infrastructure is a critical infrastructure for the United States. As we know, healthcare is probably at the lower end of capability as it relates to cybersecurity. We have already had numerous incidents where systems have gone down, offline, for a variety of reasons.

As ONC has the leadership role in protecting this critical infrastructure in addition to setting the policies and direction, how are you going to ensure, or at least how are you making sure to address, this component of cybersecurity and, I guess, collaborate with those that have the expertise and that knowledge, so that as you start providing more and more opportunities to realize the benefit we are also putting in place at a critical point during development the capability to protect?

DR. RUCKER: The certification requirements have a number of security provisions in them that we believe reflect current security practices which, as you know, evolve over time. I think the certification is a large part of it just on the get-go on cybersecurity.

We, with HHS — and it’s really sort of a more robust thing — are doing a number of things on getting cybersecurity messages out there and have worked with, for example, CHIME, which sort of controls the CIOs, controls the hospital networks, in terms of trying to get them up to date. Some of this is sort of computer hygiene — the patches and some of the basic computer hygiene type of things.

So there are a number of areas there. It is a daunting thing. It’s ultimately, I think, a sort of overall federal government type of role. You’re sort of asking the rhetorical question of who is the smartest bad person out there on the planet with cybersecurity, right? It’s sort of an n of 1 kind of problem in a lot of cases, which are the hardest things to do policy on.

We’re doing what we can within what we know about current computer science, about operating systems. I think some of this, honestly, in terms of being able to maintain systems that are relatively secure, goes back to the question we just discussed about usability and safety, which is have we made the overall provision of these systems as simple and straightforward as possible, because complexity ultimately is where most cybersecurity breaches happen. People go into complexity, so we have to be clear that we are not adding to complexity.

DR. RIPPEN: When you think about your FACA members, you may want to consider some extreme experts in cybersecurity.


DR. RIPPEN: At least with regards to staff, with recommendations, because the one thing I learned a long time ago when I was working for a place that is known very well, is that to be able to build good systems security has to be built into the architecture. It makes it a lot more effective than a bubble wrap.

DR. RUCKER: GAO is actually looking at that. In our discussion with them, they are doing actually a very thoughtful job at looking at some of these areas of expertise, and I am very confident that they will have some folks doing that. They’re pretty confident just from what they have seen in the applications that they are getting people with very rich experience who will touch on this. I am pretty confident that we’re going to have folks who have the entire stack of expertise there.

DR. MAYS: Again, let me also thank you for spending time with us. It was very exciting to hear about potentially having a joint meeting because I think that there are things on both sides that would be great to discuss further.

We had a workgroup on data access and use, and one of the activities that we often participated in was being experts or giving expertise from our data entrepreneurs and others to parts of HHS. One of the things I am wondering about is the extent to which you will spend some time on internal to HHS. HHS prior, in terms of ONC, was busy creating the entrepreneurs and it had Health DataPalooza.

But sometimes when we look back within HHS, particularly in terms of some of its agencies, it actually needs some of the things we’re creating in terms of the workforce that is going on outside and inside and, also, being able to kind of do some renovations technologically in terms of its systems. Is that at all on your radar, to be able to do those things?

DR. RUCKER: Well, I’m speaking a little bit out of school here because this is not ONC’s role, so this is the role of HHS. But the answer to that is yes. Bruce Greenstein, the Chief Technology Officer, is doing a number of things in this area. I believe CMS as well. The US Digital Service they are working with on some of these systems. We have had a little discussion with them as it sort of relates to overlap areas in quality reporting.

But I think John Bardis, the Assistant Secretary, absolutely has a mission to be working on some of these sort of internal system efficiencies.

DR. MAYS: We need like a coordination.

DR. RUCKER: I think Bruce and the CTO’s office is really working — again, I am speaking out of school because that’s not purely ONC’s role, but I believe that is happening as we speak.

DR. STEAD: As you think about interoperability, I think one of the challenges is that we approach interoperability as what we can move through a transaction processing pipeline, and one of the keys is to limit what we try to move, I think. Then we end up with how do we aggregate asset access, steward, make understood data that doesn’t have to be pushed through the transaction pipeline.

Does that compute, or is there anything along those lines that might play into the interoperability strategy? If so, I think the latter is where this committee might be more helpful while we also try to help with the transaction processing. I think our sweet spot is actually outside of the transaction process.

DR. RUCKER: That is obviously a fascinating question. I didn’t mention it, but in my prior life as Chief Medical Officer at Siemens, our quantum of data was basically one-half a gigabyte. So, if you have an MRI that you’re sending around, you’re not sending it, right? If you want to take the network down just send a bunch of those images.

So, personally, I have thought a lot about just exactly what you say. Obviously, when you look at the totality of a gene sequencing let alone having any shield localization within cells of data, membranes — these big, new, further data stores are too large to actually just send. So I think we have to think globally.

The point was made about personal identifiers and how do we deal with these large datasets and some of that computational — The work I was doing on telephone stuff, a lot of the real-time performance of that, not that it was a real-time system — was done by hashing functions.

We are absolutely looking at that and mindful of some of the things. And there are companies who are doing remote storage of what are currently the largest datasets in widespread clinical use, which are images.

DR. STEAD: Thank you. We are nearing the end of our time. I don’t know if you want to make a closing comment, or John or Charlie, whether you would like to make a comment or pose a question.

MR. ROTHWELL: I just think it’s obvious where the future is and how we’re going to have to work together in order to get there. It’s chief technology officers, it’s data scientists, it’s statisticians, and it is also the advisory groups to these activities.

I think we are going to have to figure out how we make sure that the various advisory groups know what’s going on and relate to one another, because I think only then are we going to get the types of advice that we really need in order to do appropriate work. One area might look like we’re doing the right thing and you’re giving us the right advice, but, in fact, it might not really resonate from a technology perspective.

Anyway, it’s something we need to think about.

DR. GRAHAM: I have been thinking very carefully, cautiously about how I compose. I would just like to kind of corroborate what Dr. Rucker said. We have a new chief technology officer and all. And remember we are also operating under an executive order to reorganize and restructure, and Dr. Price has labeled HHS’s version of Reimagine HHS. Issues of how we use data in our IT systems have been very prominent in our discussions about that. As we report that out to OMB over the summer, there will be a lot of energy in addressing those issues.

I am new to the government so I know I have to speak cautiously. I’m trying to speak slowly and not signal anything that shouldn’t be signaled. Thanks very much.

DR. STEAD: Thank you all. We will adjourn for lunch.

(Luncheon Break.)


Agenda Item: Beyond HIPAA Scoping

DR. STEAD: We are ready for the discussion of Beyond HIPAA.

MS. KLOSS: Thank you. Our goal over the next hour is to review the current scoping document and the plans for this Beyond HIPAA project and actually solicit your input about who you might want to hear from at the full committee meeting in September to kind of launch that project.

Think about what we did yesterday with the vocabulary and terminology. We kind of launched that project by having some panels to get us all on the same page. We want to do the same thing now with the Beyond HIPAA project and we’re kind of one step behind, so the purpose of this discussion is to plan how we can best use our time in September.

There is some urgency because we will be wanting to invite some people who will help get us all off to a good start on this, and, obviously, we need to come out of this meeting with a pretty good idea of what direction we are going to go so we can issue invitations.

Maya is going to do two things for us. She is going to advance slides and she is going to take notes, and we have our subject matter expert from the Office of Civil Rights here, Rachel Seeger. Our subcommittee met a couple of weeks ago to pre-digest this and frame up some ideas of what topics may be on the short list for September so we are not starting with a blank slate.

Just to quickly review the highlights of the framing document, our goals for this are four. We want to identify and describe the changing environment and the risks to privacy and security of confidential health information that exist in the space that are not covered by HIPAA protections.

Then, we want to kind of lay out integrative models — in other words, go big with our thinking about possible models that may be relevant for how best to protect individuals’ privacy and secure health data uses, again, outside of the HIPAA protections, while enabling uses, services and research.

Third, formulate recommendations for the Secretary, and then, fourth, prepare a report for health data stewards.

Those are our four goals. The space we are addressing is the space that’s beyond the world of the covered entity and business associates, so, the area of health data use that is outside of HIPAA, or beyond HIPAA.

We broke this into four phases, and our first phase is that word again, Vickie — to conduct an environmental scan. And our goal is to, again, go broad. What are the key drivers that are challenging health information privacy and security beyond the scope of HIPAA?

We identified these areas as drivers. The big data analytics, certainly the expanding world of uses and users, cybersecurity, evolving technologies for privacy and security, laws in other domains that might be relevant to us, evolving consumer attitudes and certainly personal devices and the Internet of Things. These are all big topics, which is precisely why we need you to help narrow down and think through how we get our arms around them.

Our approach for Phase 1 is one or more hearings and some background research. We do see that, at the end of this, there is an opportunity to produce a report that is an environmental scan report. There has been a lot written on this. There are a lot of areas of interlocking expertise, and we think there’s an opportunity for us to pull together some kind of composite of what we learned in this, and that we would be remiss not to do that for our own purpose as well as our broader audience.

So I think about that deliverable as not unlike the kind of report that came out of the Roundtable for Pop Health. We brought people together; we learned from them and then we kind of pulled together a composite of what we learned. Not recommendations, not policy, but here is the environment.

Phase 2. Then, we step into kind of the more generative space. Based on what we learned, what are the models or future scenarios? How do we synthesize this, lay out assumptions and identify further areas of uncertainty? Here, we think we perhaps will be ready to tee up an invitational roundtable to really do the work of developing models that will be useful going forward.

Again, I always think of past work of this committee, like the 21st Century health data environment, something that’s going to be broader and will inform our thinking about where we want to drill down. So, some modeling, some analysis work with the help of a roundtable.

Phase 3 is our customary work, what we can synthesize for that for more short-term recommendations, perhaps short term, depending on the clarity of the policy framework that comes out. We may need another hearing. But at any rate, our Phase 3 deliverable would be a letter to the Secretary that would be drafted and approved by the full committee. I think, at this stage, we are not trying to absolutely understand how we would carry out Phase 3 or we would need another hearing, but we put a place holder for that.

The final phase is to take the results of what we have learned and turn that into a report for the healthcare industry and data stewards. Again, I go back to the example of the toolkit, something that could be used by practitioners in the field that would be a byproduct of this work.

So, that’s kind of a big chunk. If there are any questions on those phases — does it seem logical? Go big, think about what we have learned, develop specific recommendations for the Secretary, and then produce some kind of product for the industry, more broadly.

I think we have given ourselves enough time here. We’ve sort of said the rest of this year is really the environmental scan, which we would kick off in September by inviting some people to come and talk to us. Because we don’t have another meeting until January, we don’t know whether part of that January meeting may need to be a Round 2 of the environmental scan. It could well be. We left the Phase 2 work for the second half of 2018.

We would be developing a letter to the Secretary in early 2019, and completing the work on the toolkit by the end of 2019. So we’ve essentially got two years of work for this. I think it is reasonable given what we learned from the community health data work and the time it took to move that along and bring it to completion.

Any questions?

DR. CORNELIUS: A tiny question. I heard about a meeting in January as opposed to end of November? Is that a sidebar?

DR. STEAD: We are shifting to three evenly-spaced meetings. We’re holding the November dates as an opportunity for whatever the most important hearing or hearings are, and we are shifting the annual meeting calendar to January, May and September, evenly spaced.

MS. HINES: They are at the bottom of the Agenda. Basically, November, assuming something is going to happen. But instead of being a meeting of the full committee, it could be the standards workshop follow-up from August or it could be Beyond HIPAA. We don’t know yet; we are not far along enough. Maybe we could do one on one day and one on the other if they are one-day. Let’s assume we’re going to be meeting; we just don’t know what the topic is and it won’t be the full committee.

DR. CORNELIUS: Got it, thank you.

MS. KLOSS: With that, what we’re hoping to structure in September is a robust discussion like we had yesterday on terminologies but this time on the privacy and security issues in this world beyond HIPAA. This slide just reminds us what the six drivers are that we think are relevant to our environmental scan discussion. The shadowed part is what our subcommittee has put forward as possible groups that we might want to hear from.

Just going through these, first, we think there could be something to be learned by looking at other governance frameworks that are used by FTC, by NIH, by FDA. Rachel has laid out — she did some background for our subcommittee on FTC in particular. Could you take just a couple minutes and explain that?

MS. SEEGER: I would like to have Shalley do that because, if you don’t mind, it was her work.

MS. KIM: I am Shalley Kim and I am the legal intern for the Health Information Privacy Division and I am supporting the Privacy and Security Subcommittee. We did a very general scan of some of the work that the FTC has done, so just a little bit of background.

The FTC Act prohibits companies from engaging in deceptive or unfair acts or practices and/or affecting commerce. This means that companies must not mislead consumers about what’s happening with their health information. It has broad enforcement authority under Section 5 to advise its platform of protecting consumer privacy and ensuring the security of consumer information. We did a few case studies illustrating some of its enforcement measures to protect the privacy and security of consumer information, and I will just give you a brief overview of a few of them.

One of them is TRENDnet. In September 2013, for the first time, the FTC asserted its jurisdiction over the Internet of Things, bringing charges against TRENDnet. The FTC alleged that a breach in the security software of the company’s internet-accessible cameras permitted hackers to access and post contents of users’ camera feeds on the Internet. TRENDnet marketed its secure view cameras as a use for baby monitoring and home and hospital security, and these cameras allowed users to access live video and audio feeds through the Internet and mobile devices.

Though marketed as secure for security purposes, the unsecure transmission of camera log-in credentials over the Internet led to TRENDnet’s inability to honor users’ security settings, and users’ live feeds became publicly accessible. As a result, hackers gained access to the live feeds of users and posted links to the feeds of about 700 cameras that displayed the home lives of TRENDnet users.

In January 2014, TRENDnet and FTC reached a settlement which included an agreement to notify its customers about the security flaw permitting hackers to access users’ live feeds and to provide free customer support and remediation. In the settlement announcement, the FTC Chair emphasized that the Internet of Things holds great promise for innovative consumer products and services, but consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet.

So that’s one example, one case study of the FTC’s broad enforcement authority that HIPAA would not cover.

MS. KLOSS: It reminds us that there are other laws that are applicable in this world beyond HIPAA, and there is knowledge of what some of the risks are and what some of the remediation for those risks might be.

DR. STEAD: Is that part of a governance framework or is it an example of the existing legal framework?

MS. KIM: It is the existing legal framework.

DR. STEAD: So it may be that we want to have the legal framework that is alongside HIPAA, that’s from other sectors. Complementary legal frameworks. In my head, I’m distinguishing between governance —

MS. BERNSTEIN: Could you say more about how you are distinguishing what you mean by legal framework from governance framework?

DR. STEAD: I think of existing laws and how they are being enforced. To me, that’s the legal framework. The governance, to me, is the mechanisms that result in decisions. Maybe some of those decisions are represented as laws; maybe some of them are represented as policy. I think of governance as a broader construct than a law. But I am not a lawyer.

MS. SEEGER: I am not a lawyer either even though it says J.D. here. There is a growing body of guidance outside of law for industry in particular that is based off of a lot of what’s happening in government, of what’s required of our systems. This gets down to Six. Then there’s cybersecurity framework, OCR, and we presented this to you all at one of the recent full committee meetings. We did a cross-walk with NIST on the cybersecurity framework back to HIPAA.

NIST is doing a lot of innovative work and has a very interesting pilot that is looking at the vulnerabilities of infusion pumps in particular. Many of these infusion pumps, not only are they very portable but they also are unpatched and they are operating off of out-of-the-box security systems and then connecting to the network of the health system, the hospital, whatnot, and are extremely vulnerable to hacking. The FTC has been looking at a lot of this work in conjunction with the Department of Commerce and NIST and HHS, so there’s a lot of information out there that I don’t think gets pushed to industry.

One of the concerns is that oftentimes privacy and security are an afterthought when it comes to product development. Products move to market without research and development happening with privacy and security baked in.

DR. STEAD: Let me raise another thing we exchanged this morning which really does come off the Cybersecurity Task Force. I think our challenge is how, even as we go up to be broad, to constrain the scope so that we move the ball. As I read — it was only last night that I finally got time to read the Cybersecurity Task Force report. It is a well laid-out report. I understand you were on the task force, Jacki, so thank you.

It seems to me one thing we might do is take that report as one of our building blocks, a little bit like we used NIST’s de-ID white paper, to say we didn’t have to redo what NIST had done. We needed to say what did this mean for HHS. Well, in this case, HHS has actually already said to itself with a public-private group what the cybersecurity framework should mean.

It seems to me that gives us the opportunity to maybe come back and say, okay, how do we set HIPAA on top of this, and how do we set other levers on top of this, because the Cybersecurity Task Force, at least to my read, did not deal with privacy and confidentiality.

Therefore, we would need to layer that on and we would need to address topics, I would think, like, if there is going to be a new cybersecurity leader, what is the relationship of that leader to OCR given the journey we have been on in bringing together the HIPAA privacy and security rules. What does that tell us if, as I think, this is appropriate and there’s going to be a major push within HHS around cybersecurity?

So it’s possible that there might be some low-hanging fruit early recommendations that could take advantage of the Cybersecurity Task Force report while using it to give us a way to think about how do you set privacy and confidentiality on top of it.

MS. BERNSTEIN: Can I just add to the nice summary? The example is, just thinking broadly, what FTC has been doing in the last five or ten years looking at its seminal authority for unfair and deceptive trade practices and just starting in that time period to use it to deal with privacy. Unfairness, like having a bad security problem policy or lousy security policy but telling everybody what it is but having it be lousy — that is unfair.

Deceptive is we told you one thing, as in the example that Shalley said, and we did something else, and they are exercising and expanding their authorities into a new area by using the existing statute that they already have. They are exploring new areas in privacy including places in health that are not already covered by HIPAA, I think it’s fair to say.

MS. KLOSS: If we think about what we’re trying to do here, which is to frame up a really productive two to three-hour session in September, I think one of the things we are hearing is that this complementary legal framework might be one of the topics we pursue and we invite —

DR. STEAD: And Maya’s comments just actually helped move me one step from law to levers, because I’m hearing deceptive and unfair practices as one or two new levers supported by some existing law and enforcement, so, as you suggest, we may want to hear about that. But as we do that, we will want to be assembling a framework that helps us think about how we talk about these different things that we’re setting side by side, because we are trying to have the pattern emerge.

MS. BERNSTEIN: I don’t know if Rachel or Shalley will agree with my way of thinking on this, but I think of the HIPAA privacy and security rules as incorporating some of those same ideas of fairness and preventing things like deception, but in their limited scope of covered entities. At the time of HIPAA, we didn’t take on everything, but in that scope, the kinds of things you find in the HIPAA rule are designed to prevent the same kinds of bad actors.

MS. KLOSS: Based on principles of fair information practice.

MS. SEEGER: The other piece that FTC has been pushing at and that you recently held a hearing on is big data and de-identification and re-identification of data, so there are all types of organizations outside the scope of HIPAA that are touching healthcare data in new ways. You did outstanding work on your recommendations, and the two-day hearing was very robust.

I do think that there might be some more work that needs to be done there, and that is number one on the environmental scan. Cyber is certainly front and center on the Department’s radar right now, but I think that ONC would have a lot of interesting things to add with respect to APIs. This space is moving so fast and HIPAA just covers a little bit of it.

DR. COHEN: This is a fascinating discussion, particularly in the light of Don Rucker’s perspective around Beyond HIPAA and the potential constraints, unintended consequences of the constraints that HIPAA produced. I think it would be interesting to keep that lens on the issues as well to be able to step back and think, not grounded in HIPAA terminology, about what the intention of HIPAA was to balance privacy and access to data in a much broader way. So I think that will be really important as we move forward.

MR. LANDEN: I have a couple of points. Since FTC has been mentioned, I’ll call out that they have been working with ONC over the past several years and the fair trade monitoring is what they have been doing with ONC, and as far as ONC’s responsibility for meaningful use certification and field surveillance. So, yes, they are a key player.

My second point is back to Bill’s original question. What I read in suggestion number one on the screen, governance framework to me talks more about a health information exchange and who or what organization there is that determines, enforces it. Governance framework talks about how the responsibilities and rights of the various participants are determined and enforced and managed by that health information exchange.

I don’t see that anywhere. To me, it’s just not connected with the use case that we heard from Shalley which I would characterize more as a regulatory enforcement action rather than a governance framework.

So, FTC and FDA I understand. NIH on that list I don’t know because they don’t do regulatory enforcement that I am aware of. But I think I am just talking about terminology as far as what you’re saying, who the key actors are and their participation in this goal, and I think that is all right on target.

MS. KLOSS: Yes, they are admittedly all pretty overlapping. But when we talked about governance framework we thought that certainly NIH has some set of guiding requirements for uses and disclosures of research data and that those might be important for us to learn more about.

DR. STEAD: So you might end up with governance frameworks, legal and regulatory frameworks, and guidance. Maybe three different types.

MS. SEEGER: Just to build on Linda’s point, NIH is there because of the precision medicine, now known as the joint All of Us Research Initiative. It has a set privacy and security framework built into that, and that is a good model I think for the committee to look at.


MS. SEEGER: From what I understand — and someone might correct me — FDA has interim guidance to mobile device and medical device manufacturers around privacy and security with respect to some of the things that I mentioned earlier. Many times, the product comes forward with an off-the-shelf security firewall attached to it, and when the device is attached to the network it can be left unpatched or unsupported, and it creates an open vulnerability on the network.

So, there is some advice that is being developed by FDA to encourage, now, and ultimately require device manufacturers to have more robust security privacy built into their product before it moves to market.

MS. KLOSS: Do you agree that we might issue an invitation and have one panel that would represent agencies of government that might orient us to what frameworks they are using?

MS. BERNSTEIN: I am trying to figure out what kind of models are going to be the most useful ones. In another piece of my ASPE life my office is embarking on some research project to look at governance programs that agencies are using for the use of administrative data, sharing administrative data, and one of the things we are trying to look at is what policies, governance plans, data, privacy board council kinds of things do they use. It’s a little different kind of a model than you’re talking about, but governance over collected data and administrative data.

You may be talking about consumer-generated data as opposed to government-generated data, but I think in terms of governance models, each may have some useful —

MS. KLOSS: They may have some things in common.

DR. STEAD: I may be trying to jump too far too fast. I am beginning to imagine some potential drafts of some pictures that might be some of the things we would come out with and the initial drafts would be wrong. But one such draft might somehow draw on the Cybersecurity Task Force report or something else to paint a picture of the landscape, and that would be maybe one layer, and then sitting on top of that layer would be what part of that landscape HIPAA touches and it doesn’t touch. So we would be able to draw the landscape without being constrained by HIPAA and then see what parts HIPAA touches.

Then, if we could work what the taxonomy is or if somebody already has the taxonomy of governance, laws, guidance, then that might give us a way to structure our questions to the panel around — because I think it would be wonderful. It sounds like the FTC is really in this space. So, to have the “all of us” model, the FTC approach and the FDA approach, if we could have some framework to help organize the conversation and have a panel like we had yesterday afternoon — and we also had a block on the Cybersecurity Task Force — that would be a lot.

MS. KLOSS: That would be a lot. The other higher priority that I think bubbled up in our subcommittee discussion — oh, I’m sorry, Helga.

DR. RIPPEN: I just wanted to follow up on what you were saying, what are we saying is the context. If we say healthcare systems, we know. If we’re saying kind of the earlier conversations Bruce and others have brought up with regards to population base, that’s different. Or are we talking about the construct of a consumer?

You have to say, well, what is the context in which we are going to be developing this framework or who is impacted.

DR. STEAD: I sort of like the Cybersecurity Task Force, because they, in essence, laid this out, and their layout, to the degree I read it, is all of the above.

DR. RIPPEN: So they took different snapshots as far as going from an individual to the —

DR. STEAD: They tried to show how different industry segments within — They tried to do two things. In their case, they took the risk framework to be availability, confidentiality and integrity, and then they added patient safety, so they expanded the risk framework from the traditional security three. They did have confidentiality. It’s access, integrity, confidentiality, patient safety. Then what they did was say what is the balance amongst those risks in different segments within the health industry.

There is no way to do Beyond HIPAA limited to healthcare.

DR. RIPPEN: I agree. That’s why I’m asking.

MS. KLOSS: Okay. I think we have got consensus that we will have a review of the model and conclusions form the Cybersecurity Task Force, and perhaps we can ask our own Jacki if she would help us prepare and present that. I haven’t given you any notice on this question, Jacki.

MS. MONSON: Of course.

MS. KLOSS: Wonderful. And then I think we have a panel on learning about the governance models and legal frameworks and will hear from at least the FTC, FDA, perhaps NIH. Is that right?

DR. STEAD: I think to take the NIH and make it “all of us” — This is a ground-up, new launch and they have been very robustly tackling this, so it would be an example of a non-legacy approach. It may be wrong. Otherwise, the NIH would be way too broad.

MS. KLOSS: Okay. Then the third thing we struggled with a little bit as a subcommittee is, in some ways, it would be nice to kick this off, as we have with other hearings or groups, with sort of an overview of what is this bigger world set of risks like, even beyond cybersecurity. That is kind of what number two is, if we could tee-up somebody, really a thought leader that could describe the environment kind of broadly or frame it for us. I don’t know if anybody has any suggestions in that regard, but we certainly had some people that I would consider at our DID hearing, so maybe we circle back.

MS. BERNSTEIN: We talked about some names. Joella Netsky, we talked about Danny Weitzner, we talked about some others —

MS. KLOSS: Ira Rubenstein.

MS. BERNSTEIN: We wanted to ask the committee for your ideas, too.

MS. SEEGER: There is so much that has been going on with machine learning and artificial intelligence in the healthcare space that has sprung up over the spring, so it’s very new, but I think it’s important for the full committee and the subcommittee to keep pace with what’s happening in these new applications. But there are all of these new data uses, some of which are in the HIPAA-covered setting and some which are not.

MS. KLOSS: Who is the go-to expert? NIST?

MS. SEEGER: I know that the big players in this space are Google, Amazon, Microsoft, and we could look to our partners at NIST who have a complementary federal advisory committee to this that are doing a lot of work in security in particular. They have folks from those organizations who are sitting on their FACA.

MS. MONSON: This is Jacki. I also have connections into anybody in Silicon Valley and Microsoft that I can help facilitate offline.

DR. MAYS: NIH funded these big centers on big data, and there has been a group of bioinformatics within the schools of medicine that have gotten together to discuss this, so I can also forward some names to you.

MS. KLOSS: I think as our next step we will circle back to Rachel and to Jacki to see if we can, either through NIST and Vicki — I just think it would be great to have an opening statement by somebody who could just take us to the evolving world and the new technologies that are at play. Then we could move to cyber particularly and we could move to the governance and legal and the NIH, and that’s probably all we could do without blowing our minds.

DR. STEAD: If we are at a good place with this, while we have a few more minutes, do you want to begin to think about what you would like to do with the terminology and vocabulary? If we are at a good place here, we have a rough game plan, and then we might loop back for just the last 15 minutes of this block and reflect on what our reaction to the terminology and vocabulary briefings were yesterday and what that tells us about what we want in that space in September.

MS. KLOSS: Just to kick that off, our plan had been to hear from the federal agencies that were responsible for enabling the vocabularies and terminologies in yesterday’s hearing, and then to move to the private sector at our hearing in September, the vocabulary terminology developers in the private sector, to kind of round out our environmental scan.

If we were to do that, then key players would be the American Medical Association with CPT, the DSM. We were going to speak perhaps to the American Dental, and there are others who are developing vocabulary tools, IMO and others, that are really important in advancing the use of these tools within the electronic health record, within the healthcare organization. So I kind of saw two groups — the other vocabulary and classification system developers and the vocabulary tools, if you will.

MS. HINES: For those of us not in this space, what would be an example of that?

MS. KLOSS: There are companies that are vocabulary companies that work with healthcare organizations to embed and make the terminologies useful within their electronic health record.

DR. STEAD: Is it too early, or would there be a way to bring in how some other countries — Canada or Australia — that are thinking about this?

MS. KLOSS: I think it is not too early, because I think it’s very instructive to think about how other countries have looked at coordinating these multiple systems to advance their digital health environment, and I would look to Canada or Australia. Canada is closer, but there are some people in the U.S. that have actually consulted with Australia.

DR. STEAD: So you think we could get a U.S. —

MS. KLOSS: I think we could get a U.S. person who knows how those classification of vocabulary centers operate.

MS. HINES: Are we thinking we would do that and the Beyond HIPAA panels that you outlined, both, at September’s meeting?

DR. STEAD: Let me ask one other, as I just try to think about managing bandwidth. We are trying to do this initial work as a committee as a whole because we think that we all need to have an understanding of what we’re trying to do. We are thinking we would form an ad hoc group downstream a bit, and, again, given our rule that everything has to be homed somewhere, this is homed in Standards even though at the moment we’re working it as a committee as a whole.

This raises a question. If we end up with more than we can do in September could we prioritize amongst these three, and is it possible that some part of this could be obtained through ad hoc or subcommittee level calls, much as we’re doing in the run-up to predictability roadmap, reducing what we have to bring to the full committee, or we could bring a summary of that back. My sense of September is we’re going to have many more opportunities than two days, and I haven’t yet had the courage to ask Bruce to give us back the time from the vitals hearing to tackle them.


MS. KLOSS: Yes, I think we can think about the vocabulary and terminology block and see what we could cover as a briefing document in another way.

DR. STEAD: I think the other countries part would probably be especially important to bring to the full committee. I am less clear that the others are.

The other thing I would still love to figure out how we get back — I would love to have a one-page diagram that we could understand, at the level of some of the Standards’ how things work, that shows how the pieces come together for RxNORM and NDF. I don’t think that necessarily needs to be a presentation; it could be follow-up.

What are people thinking is the right level to bring into this full meeting versus work at the subcommittee or ad hoc group levels?

DR. PHILLIPS: Can I ask a question from the international perspective for the terminology? What are you really wanting to explore there? I have done a lot of consultations on Australia, New Zealand and Canada, the Netherlands.

MS. KLOSS: It’s really an organizational question. How they organized the development, maintenance, and dissemination of these systems that, I think as we heard yesterday, have very different release times in this country. They are all kind of on their own schedules. Have others been able to look across these systems and rationalize the planning for release so that there could be quick uptake, really what we’re trying to do with Standards’ roadmap overall, make the release more predictable.

Deb, I think you had a real-life example. I don’t know if you talked to Bill about bringing it into this discussion but it fits right here. We are, right now, looking at the ICD-11 path as its own stand-alone timetable unrelated to this, that or anything else around it, and, of course, that is what was so costly to the industry when we went from 9 to 10.

So, we’re at a really sweet spot, being far enough ahead to be making some recommendations on how this never happens again, that we roadmap these releases and we make sure we are really leveraging and everybody knows what the game plan is.

MS. STRICKLAND: As we started to talk about ICD-11 and the possibility that that could happen in the next decade or so, and as we looked at the time line for 7030 or the next version of the HIPAA standard transactions, I got to thinking that the ICD-11 is not supported in those transactions. We are at a pivotal time right now as those transactions are going out for public comment. They are at a point where they could be changed and then re-issued for public comment. But beyond that, once they are done they are done, and this will be a miss again.

DR. STEAD: What is the timeframe in which that intervention could take place?

MS. STRICKLAND: Now would be good.


My recommendation is for the full committee to give the Standards Subcommittee the ability to take this discussion, talk about it, and if they feel it is warranted to bring this to X12 to be corrected, because the problem is some of the guides have already gone out and they may have to come back, be changed, and be re-released for public comment.

Like I said, it is like now now, but we do have a meeting July 6th with the Standards Subcommittee, so, at the next Standards Subcommittee meeting we have us discuss that, make sure everybody agrees that that is the appropriate direction, and then we could move forward to X12 and ask them to correct that situation.

It’s not that I think that ICD-11 is going to happen in eight years or ten years right now, but to be honest, look at our track record with these HIPAA transactions. 7030 is still going to be alive during the time that ICD-11 is brought to life and incorporated, so it is still going to be a factor.

MS. KLOSS: So we have this range of vocabulary and terminology tools that are absolutely essential to our healthcare information and, right now, they are all churning along on their own timetables.

DR. STEAD: This is a nice example of some intersection of terminology, vocabulary and predictability roadmaps. If the Standards Subcommittee decides that they feel this change needs to be made, can the Standards Subcommittee work with X12 to get that done without the full committee having to do something that goes through the Secretary?

MS. KLOSS: I think so.

MS. HINES: You’re not talking about a letter of recommendation or anything like that; you’re basically saying, hello, let’s look ahead.

MS. KLOSS: Sort of going back to X12 and saying we really need to have ICD-11 supported in the next version of the HPIAA transactions.

MS. HINES: It sounds like a pretty straightforward communication.

DR. STEAD: It sounds to me like, within our process, you with your membership on the Standards Subcommittee and your relationship with X12, this fits with our outreach kind of cooperative activity, so I don’t think the full committee needs to be involved.

MS. STRICKLAND: This is new for me. We haven’t done anything like this, but —

MS. HINES: I’ll look into this. Your plan is to send something on behalf of the NCVHS or are you sending —

MS. KLOSS: I think we could do it informally.

MS. HINES: Just say it has been brought to your attention that —

MS. STRICKLAND: As these things are colliding across the industry, the ICD-10 could be very much alive and kicking when 7030 is in —

MS. KLOSS: And we have had this happen before. This happened before.

MS. HINES: And the idealist in me says, wow, this is such a great idea. I would love to have it actually see the light of day from the committee, but it sounds like, from a realist standpoint, it would make more sense to have it happen informally. But it’s a really great example of how the committee just uses its role appropriately.

I don’t know if there is some process, Rashida, where we could say look what the committee has figured out and look how they have just pointed out to organizations that are in the private sector that there’s a collision coming. We have seen it before; we’re going to prevent it this next time. I don’t know.

DR. STEAD: I don’t see this as any different than when I was a member of the NLM Strategic Planning Panel a few weeks ago taking the opportunity to introduce them to what the committee had been doing and getting it incorporated into the NLM Strategic Plan, so it builds a receptor model. I see this as our normal outreach and communication. We can keep a mental note —

MS. HINES: I was just going to say we should actually keep a list of these things, because we talked this morning about looking for a checklist or metrics for what the committee’s influence is. These are great examples. What you just said I don’t have written down anywhere. This is influencing at a national level that I think needs to be captured.

MS. KLOSS: So the take-aways then for September and the terminology agenda are that we will complete the inventory of other systems and do that offline and have some sort of a report or briefing that we can round out what we have learned and see where we need to go collectively as a committee, and look at exploring the models for coordination of terminologies and vocabularies from other countries, but maybe limit the dialogue on this to an hour or hour and a half.

DR. STEAD: If you want to have another three-hour block for Beyond HIPAA, then we probably need to constrain this to either an hour or hour and a half. And it would seem to me that I could conceive of that probably being more usefully used by having a report of work we have sort of synthesized and this update, and somebody to let us know — exemplars from other countries who really get at the coordination components that you’re talking about. I think that might be a nice fit.

Does that seem the right thing? We are still experimenting. What is the right level to work? As a committee as a whole that means — we want to get broad input, but it also means we are ready to intelligently vote when the examples come down. So it’s a dual effort while still letting the sausage-making go down to the ad hocs or something else.

MS. HINES: The full committee would not get a briefing on things like CPT or DSM, but rather there would be a synthesized briefing on that. I think that makes sense.

DR. STEAD: My gut is another round of what we did yesterday actually wouldn’t help us at this point.

MS. KLOSS: Yes. TMI. Okay, that’s good.

DR. STEAD: I think we have a game plan. This is really remarkably good use of time.

Agenda Item: Work Plan Discussion and Next Steps

DR. STEAD: We will morph back into the work plan discussion as though, to some degree, we haven’t been doing that. You have the work plan at high level, and it is now actually pretty simple because we have largely cleared the deck. I don’t know that we need to walk through that. We can, but we do have at the bottom of it the parking lot.

What we’ve been doing is different from the past. We have not been putting a bunch of stuff up in the work plan until we actually knew what we were doing. We’re trying to keep the work plan itself pretty clean.

DR. COHEN: There is one addition. We agreed to follow up on some kind of APCD activity.

MS. HINES: It is here; it’s actually in the main part of the work plan. It’s the second row.

DR. COHEN: That was for Q2.

MS. HINES: Right. That is what we just did, so now the question is — I think what Bill was saying is we know now what to add for Q3 and Q4 based on this meeting. We don’t need to do that here because we know what those things are.

DR. COHEN: Okay.

DR. STEAD: I am just trying to think how we keep it — Do you want to say something about when you’re going to want to bring some proposal back to the full committee? My sense is you are going to be heads-down on Vitals between now and September. Maybe that sense is wrong.

DR. COHEN: I think we need to continue the momentum to scope out an activity because we had, I think, a robust discussion this morning.

MS. HINES: Do you want for Q3 to be “scope out activity”?

DR. COHEN: Yes. Scope out activity.

DR. RIPPEN: Bruce, to follow up on the scoping, do we want to consider a model that privacy has done, which is actually hearing from different organizations that actually have datasets?

MS. HINES: We will talk about that —

DR. COHEN: I don’t think we have figured out what it is we want to do.

MS. HINES: Just put scope out something.

DR. COHEN: Yes. Scope out follow-up APCD activity.

DR. STEAD: And it’s not really follow up APCD —

DR. COHEN: Yes. Scope out follow-up activity.

DR. STEAD: I would advocate that we call that 2.4.2017.

DR. COHEN: I am fine with that.

MS. HINES: And then the question — because I see some looks — is do we want to change the title of that from APCD Hearing Follow-Up to something else?

DR. STEAD: Yes. I would declare APCD hearing done.

DR. COHEN: Okay, got it.

DR. HINES: Great. So what do we want to call this next thing?

DR. MAYS: I have a question. What I’m a little confused about is, Bruce, I thought as we were planning the Vitals hearing that there were all these other pieces of the Vitals that were to go next.

DR. COHEN: We won’t have developed a short-term and a long-term population health work plan. I guess the two pieces — the one active piece now is Vitals, so the question is do we have the bandwidth to do another short-term activity, and I’m saying if that short-term activity is thinking about what’s next based on our discussion this morning, yes. A longer-term activity would be, after the Vitals hearing if issues emerge about what to do next with respect to Vitals, that would be built in beginning after the hearing.

DR. STEAD: Let me make a suggestion.

DR. COHEN: Vickie, you look confused —

DR. MAYS: I am, because as we have had discussions about Vitals you keep putting things on the side saying that’s something we will look at, so my sense is that there are things that we have raised that were to come next. Maybe two months ago we had a list of other things of, okay, this is for this hearing. And there’s a list of these other things. So I’m just talking bandwidth. Remember we had this other list.

DR. HINES: We did. It was sort of like the research uses, the NDI.

DR. MAYS: I don’t want to forget that list because we were then talking about doing things from there. We as a group came up with what we thought things were, and there was this first hearing and then these other things.

DR. STEAD: I am just trying to manage process here, and we’re having a mismatch here.

We have a parking lot. I suggest Pop Health also have a parking lot. By parking lot, we may want to rename the parking lot “candidate items queue” or something. That’s what we mean by the parking lot. There can be items in the parking lot that we’re trying to think about as a full committee. There is no reason there can’t also be such a list within each of the subcommittees.

So, one thing Pop Health can do, which we don’t need to have on our work list, is to take one of your calls for when you have some time free from Vitals, and sort of do a level set on what’s your future piece list, and are any of them sufficiently near in the critical path that you want them on the full committee’s list.

DR. COHEN: Yes. Great idea. Now that we have some new committee members it makes sense to revisit what our work plan is. Let’s just focus on preparing for Vitals at this point and schedule the next Population Health Subcommittee meeting to brainstorm about what options are with respect to future work plan.

DR. STEAD: Let me make one more process suggestion which would go to the full committee. That makes sense.

It seems to me might want to say let’s say that in Q4, in addition to what hearing we may or may not hold, each of the subcommittees will draft their Calendar 2018 work plan. Then, the question for this is, as you do that, you will be able to reflect your building block work, Bruce; you will have the results of Vitals, you will have been able to have some discussions around possible next steps around what we were talking about after APCD, so it would be a really good time to do that work. And we might make that something we would ask each of the subcommittees to do, if that computes with people.

Then the question for us in the next half hour or so is, in addition to what we have already got on the decks between now and/or at the September meeting, who do we want to hear from in September who will inform our collective work plan. We had here just as candidates ASPE, ONC, OCR, CMS, NLM, ARC, et cetera. Do we want something from the Commission on Evidence-Based Policy, for example? That might be another thing we would want to bring back there.

Which of the agency groups do we want to hear from at that juncture with a particular eye, not an update — they can give us an update, but the real ask is, given their priorities in the next say 18 months, what questions might NCVHS weigh in on in some way, shape or form. If we could get that kind of input at that time it would help us build our collective work plan.

What do you think about that?

DR. DORSEY: I think that is a good idea. I’m really hopeful that we will hear more concretely about some of the plans associated with Reimagine HHS, because I see that as a very critical way that NCVHS could potentially help the Department and advise the Department.

We just don’t know what that’s looking like now. We know that data are somewhere in there; they are certainly there. How data play out, we don’t have the answers to that yet. I’m hoping we have that by Q3, but that’s definitely something that we would want to talk to the committee about.

DR. STEAD: So, if we had ASPE talk to us, say basically give us an update on Reimagine, you will know more. You may not be done but you will know more. And then, given what you know, what would be the most important things —

DR. DORSEY: I would even say that it will be ASPE/the Data Council, so I would give an update for both. I am Co-Chair of the Data Council. If Charlie does an update you might be able to time that discussion so he fares well, because he is also a Co-Chair of the Data Council and we could get that input as well. So I would say both of those.

DR. STEAD: I really think we maybe pull it out as Update on the Data Council and have you and Charlie help with that. That would be nice. And have the ASPE Reimagine be a separate input bullet.

DR. COHEN: And part of that was how we can work more closely with the Data Council moving forward, I think, in the reimagining of HHS data relationships.

MS. HINES: That actually overlaps Data Council and Reimagine potentially.

DR. DORSEY: Potentially.

DR. STEAD: I just think they are actually two separate questions.

MS. HINES: Except the Data Council will be brought into that, too.

DR. STEAD: Think how much this has changed in the last month. Rich, and then Linda.

MR. LANDEN: Before Nick left yesterday he asked me to say something on his behalf since he knew he wasn’t going to be able to dial in today, so let me just read what he sent us.

“One item I’d like to bring up is in regards to the work and how it flows through the committee processes. With as much work as we have going on, I would encourage each subcommittee to have at least two significant items active at any time, but that pace must be realistic so that we can set and manage expectations appropriately. Each initiative will naturally have its ups and downs regarding workload. This is why I think we have to have multiple items active. However, we must pace in a way that members and staff (emphasize and) can adequately manage and accomplish this work.

“We also have lots of items on the potential list.” — by which he means the parking lot list we’ve been talking about. “It will be as important what we purposefully choose not to undertake now as it will be what we choose to do. My guess is that there will not always be agreement, but if we are not disciplined with this we will have too much happening and not do an adequate job.”

That’s what he sent. I echo that. In my previous life, it was different organizations did things differently, and the more effective organizations were the ones that could explicitly say this is a good idea, but we will not work on this until or unless something else changes.

DR. STEAD: Thank you for channeling Nick. That process suggestion can play in while you are putting together the subcommittee work plans in Q4.

MS. HINES: Rich, yesterday you mentioned a 21st Century Cures presentation or the HITAC.

DR. DORSEY: Likely, Cures. There are implementation leads that I should have more contact with.

DR. STEAD: If it would be possible to have the approach that HHS is taking to 21st Century Cures and which part of HHS is the point on each piece of it, so that we are actually hearing the landscape, not the detail in any one example.

DR. DORSEY: I can tell you the aspects that are most relevant to data — NIH, OCR, and ONC. And there’s a piece that connects with like the PRA, special exemptions with the PRA. There’s also a lot of the private, the data-sharing work with research. NIH is the lead.

But there’s an implementation lead and then there’s a policy coordination lead. The approach that HHS will take is we will have an agency that is maybe designated actually in the laws and has responsibility, but then there is also the policy coordination piece because there are other relevant parties and stakeholders across the Department that will be involved.

DR. STEAD: Wouldn’t it be helpful to present that approach so that we knew what you viewed as the key legs and policy point and implementation point? That would give us a landscape from which we could then say we need to drill into this piece, or it might be helpful if we did. Would that make sense?

DR. DORSEY: I think so. I will follow up with you on that, and then I’m also going to reach out to some of the implementation leads to see where everyone is and what’s the best type of discussion to have with the committee.

DR. MAYS: Would you be open to having NIH come, because I hear they are leads on —

DR. DORSEY: They have a huge role, yes. It depends on how you want — I can work with you on how you want that discussion to go, because there are different ways. It might not just be NIH; it could be NIH and then another agency that’s going to have a critical role in the policy coordination piece as well.

MS. HINES: And what you laid out a couple minutes ago I think is going to drive what we want. There is this implementation piece, there’s this policy piece, what policy pieces would even be relevant for this committee and so forth.

DR. MAYS: I just think it’s also useful to hear if we can from the other agencies, because part of what we’re doing — at least I know some of what NIH is doing.

DR. STEAD: What I’m trying to do is we’re handling these meetings very differently than we handled meetings before where we tended to have a full half-day of, in essence, download that was general. We obviously got to deep dive into a small piece of NLM yesterday, but I think, frankly, that’s more helpful to us than the overview of NLM.

So, to the degree we can keep track of the key agencies we want to be engaged with and build fairly targeted things — so, NIH would be part of the “all of us” or PMI piece in the “Beyond HIPAA”. We may also want a component of NIH from 21st Century Cures. If we do, we may want to figure out if we can combine them in some way, or not.

But I think it’s helpful for us to have really an understanding and ask, Vickie, if we can think through what’s the most important lens to bring in, and how we dovetail it with this other work we’re doing.

DR. MAYS: I guess the only thing I’m saying is that, as we are planning, they are planning and they are having their sense of how they’re going to do something. So, given that we meet so infrequently, if it’s possible to have them at the next meeting, we can carve our piece out even better. I think they are really moving ahead and carving out what they see as how they want to do it. I think they are kind of the big gorilla in this one in terms of being a big agency, in terms of driving the direction. I may be wrong, but that’s the way it’s being talked about.

DR. STEAD: So you’re saying we might, for 21st Century Cures, do the overview, and then we might do a deeper drive into what the NIH is doing.

DR. MAYS: To hear from them and to be able to be at the table where, if there’s something we think we’re really good at or do better, to have a dialogue about it. They still may be the lead but our piece may look different in a discussion —

DR. DORSEY: I can work with you certainly on how to add Cures and add NIH to the agenda. I would also ask, based on the briefing that we got from Dr. Rucker, was that sufficient for the ONC portion of 21st Century Cures? He talked about what the priorities are. Cures could take up half your meeting.

MS. HINES: I don’t think we know the answer to that yet.

DR. MAYS: Maybe we need to do work in between to get a sense of what we want to play a big role in and have more specific questions.

MS. KLOSS: I have one question. When we think about the potential hearing space in November, what are you thinking of? I still have this bullet three on the parking lot list, disclosures. That was something, if you recall from our last meeting, the Office of Civil Rights said it would be useful for us to weigh in on. That would be a hearing and a letter to the Secretary.

I think, if we are going to help OCR, we would have to do it certainly in November of first quarter next year.

DR. STEAD: I didn’t know how certain we were that they knew they wanted us to do that.

MS. KLOSS: Yes. They said it would be helpful. The question really is bandwidth —

DR. STEAD: For privacy and security.

MS. KLOSS: Because if we’re going to do a hearing in November, which would probably be the ideal time, we need to get going on it.

DR. STEAD: Right, while we’re doing terminology. It seems to me the two highest likelihood candidates are that and whatever comes out of the Predictability Roadmap Workshop. If Privacy and Security has the bandwidth to scope, then maybe we can talk about that at the Executive Subcommittee. As I look at that list —

MS. KLOSS: Well, it fits into the category of something near term, practical, needed.

DR. STEAD: My gut is if we want to do something about patient matching, that would probably be downstream in Calendar 2018. I am guessing at this juncture. But the other thing that we have to do in November would be the Review Committee.

MS. HINES: I think it is too soon.

DR. STEAD: All I am saying is, if at some point we are told, we are supposed to proceed.

MS. HINES: Right. But I don’t think there is an expectation that you would have to get it done right away. We wouldn’t have to light a fire under it.

DR. STEAD: Does the group as a whole think the most likely uses of the time would be accounting for disclosures under Privacy and the hearing on whatever comes out of the workshop for predictability roadmap, for November? Want to begin to pencil those in? Okay.

MS. HINES: Penciled in.

MS. KLOSS: And we will have a Privacy Subcommittee call.

MS. HINES: Bill, you just said the patient-matching CHIME letter would be 2018 if it were to go?

DR. STEAD: I am saying it will not be 2017.

MS. HINES: I think what you have just determined is that everything on the parking lot that we’re going to deal with in the next six months we have talked about.

DR. STEAD: We know that Standards is going to come back with some recommendation around patient matching sometime in the fall, but by the time that comes back any action we took wouldn’t be in 2017. We know that’s being worked at the subcommittee level. I don’t hear any of the others currently being worked. We are working in some way, shape or form the name code set in criteria because that intersects terminology and vocabulary.

We may want to take the parking lot and have a set of it that are being worked at the subcommittee level and then drop the other things down a level, because we now know that Standards is working the question — Well, it actually needs to go into the work plan. We need to put into the work plan the letter to the Secretary on SSN RI.


DR. COHEN: I suggest that each subcommittee have its own bike rack.


DR. STEAD: But we’ve got something that we know you’re actually working on, without them having to become a row.

MS. HINES: Do we need a template for the subcommittees so that we can somehow see all of this? My zoom lens wants to be able to take our full committee work plan and look at all the Pop Health, Standards, Privacy —

DR. STEAD: Actually, I would like us, to the degree we can, to stick with the discipline that, as the subcommittees develop a work plan, if we don’t yet have it, they develop at least an initial scoping piece. And then, anything that gets a scoping piece that we think we know when we’re doing it, we would actually create a row within this and it would be homed to the subcommittee.

I think we got too complex. I think we have a process that has worked pretty well for six months, so I think if we stick with it — We have gotten used to the fact that scoping documents can be variable and they are iterative so we’re over-compulsing, and yet, they are a nice way to keep track of more detail which has things like time line for it, so we don’t actually have to have all that information in this chart.

MS. HINES: Right. And below, in the parking lot area, we are free to do whatever we want with the parking lot. We could have little mini-parking lots or bike racks, if that is helpful. That way, we can just see, but have the work plan itself uncluttered.

DR. STEAD: Correct. And I am just advocating that we would have the parking lot, and then above that we would have work in progress that hasn’t yet risen to the level of going in the matrix.

MS. HINES: Okay. So, a new little category called pre-birth — gestation.

DR. STEAD: Scoping at the level of subcommittee. Once it gets out of scoping at the level of subcommittee it either goes into the parking lot or to the work plan.

MS. HINES: Got it. Very nice.

MS. KLOSS: It’s good to keep it to one page.

DR. STEAD: This has gotten simpler.

MR. LANDEN: Maybe Nick’s suggestion, if there are items identified as not being for the coming year, to flag those.

DR. STEAD: Yes. We can begin to split the parking lot into candidates. The parking lot may end up with its own page.

My sense is that we are beginning to lose critical mass, so can we basically shift to public comment and see if we have public comments?

MS. HINES: We did have somebody submit a written public comment. I think I emailed it to the committee, but should it be read?

DR. STEAD: If it’s short enough to be read, yes.

Agenda Item: Public Comment

MS. HINES: This was received from Dr. Eric Rose, who is Vice President of Terminology Management at Intelligent Medical Objects. He is writing to call to the committee’s attention an issue of concern regarding the impending 2018 update of ICD-10 PCS and to suggest that this may be an appropriate topic for the committee.

The planned update — “There’s a very large number of codes that have descriptions whose meanings are substantially different from the descriptions in the 2017 edition. I believe these changes threaten the integrity of existing patient data coded in ICD-10 PCS and undermine the quality in general.”

I think I emailed the details to you all, so I just wanted to make sure that made it into the public record.

Is there anyone on the phone, or Webex? We have one person in the room. Please introduce yourself.

DR. RODE: I am Dan Rode. I am speaking on behalf of myself and not any of my clients or employers. I wanted to just make a few comments, partly based on the fact that I have followed this committee for over 20 years and really enjoyed the discussion today.

First of all, I would like to thank the committee and especially the staff. It was really nice to have all the downloads and handouts that were available this time around. I have a sight problem, and the ability to be able to read some of this before coming into this meeting and trying to figure out what you’re talking about was extremely helpful and I hope you will keep that up.

To the discussion that you had just recently today, if we are going to move more of the dialogue and discussion to the subcommittees, I hope that you would consider doing what the Office of the National Coordinator did with their committees and workgroups, and that is at least make the discussion available online so we could listen in. I won’t go so far as to suggest that they also take public comment, but I think it would be extremely helpful to do that.

Also, when we first started with HIPAA I was essentially a liaison between the X12 task force and this committee. At the time, not only X12 but, as other discussions came up, the various standards groups began to attend these meetings. I think if we are looking at predictability and we’re looking at some of the discussion that came up here today, we really need to get the word out as to these discussions, not necessarily that they would appear on a panel but that the communication begins to appear.

It’s not just the 1730 that we’ve got to think about with the X12, but we’re dealing with now data and data transfer among a number of different standards groups — transaction groups, vocabulary groups, terminology groups and so on — and I think it would be very helpful to have that information out.

And, to that extent, I think it would be helpful to have at least an overlook of the work plan placed on the NCVHS website. The website gives me an agenda a few weeks out, but it doesn’t really say what the committee is working on unless I take the time to read the transcript. And if any of you ever tried to read the transcript of this committee — outside of staff — you will know that’s not the easiest thing to do to find out what’s going on.

But I think, as you are doing some very important work, to bring these things forward, to look at where we go beyond, to look at predictability — this encompasses a good part of the industry and I think anything that could be done to communicate that to the groups that aren’t here on a regular basis would be most helpful to you and certainly to them. Thank you.

DR. ROSS: Since you raised this last point about communication, I would agree. Always the question then is how. What constitutes sufficient — trying to be of goodwill and put it out on a site is one thing. To let people know directly, go look, and sign people up — how would you envision that really being done well?

I agree with your point. I do think that a number of these issues, many, many stakeholders need to be informed, aware, alert. This is very complicated and intertwined fates of all these stakeholders. So your point is taken well. What is your recommendation?

DR. RODE: I think I would disseminate this initially through the liaisons. CMS especially works very closely with a number of the groups, but other members of the HHS staff who are interfacing with these groups I think could be an initial conduit.

I would also suggest a press release. It has been years since I’ve seen a member of the press at one of these meeting, and I am not suggesting they should start to attend. You may not need that. But just getting out the information. When I was employed by AHIMA, my role was to get this to our association, which is part of my purpose at being at these meetings.

I think, again, if people understood what was being said then I think we would begin to increase the communication. But somewhere initially — it may be a press release, it may be just something talking about here’s our work plan for the next six months and these are the kind of hearings we’re going to have, these are the kinds of things that you’re going to hear.

DR. STEAD: Thank you.

MS. HINES: Jeannine does not have anybody on Webex and I don’t believe we have anyone on the phone.

DR. STEAD: Before we adjourn I would like to thank the staff, who have done an unbelievable job in getting us ready for this effort. I don’t remember how many times Geneva had to change my flights to get me here but it was considerable. And Debbie and Marietta and Catherine — we have had an unbelievable level of support. Rebecca and our lead staff, Kate, and we never forget Jeannine. Thank you all.

We can adjourn.

(Whereupon, the meeting was adjourned at 2:45 p.m.)

FULL COMMITTEE MEETING, June 21 – 22, 2017


  1. Adding to Debra’s comment regarding ICD-11 about X12 7030 (good job!), the same conversation should take place with NCPDP.  As I found out in February, Prescriptions for drugs covered by Medicare Part B require a diagnoses code and the pharmacy/PBM systems process it when seeking approval and boiling Medicare Part B.  I do not know if the current NCPDP transactions (including ePrior Auth) support ICD-11.
  2. The concerns expressed by Bill and some Committee members about the rollout of SSN RI without end-to-end testing are well founded.  In addition to the issues raised in the Committee discussion, consider:
    1. It the February CMS presentation to the Committee, they said that Medicare will be returning the current Medicare number and the SSN RI on the remittance advice.  I do not think, but have not verified, that the X12 835 can transmit 2 health plan IDs.  Will providers revert to paper if they need the current ID to post the remittance? 
    2. Will a Medicare claim submitted during the transition with the current Medicare ID be easily identified during a real time claims pending inquiry?   
    3. They did not tell the Committee about plans for: patients who do not receive their new cards by the end of the transition; new Medicare cards for Social Security recipients noted as deceased, but who actually are alive; and those 4.7 individuals had been identified by the Social Security as having; more than one number in 2007.  If the SSN RI cards are issued off the active Medicare beneficiaries list, then maybe only the “lost new card” is the only one if these that is an issue.


President, Boundary Information Group         
4401 S. Quebec Street – Suite 100                    
Denver, CO 80237
303-809-9337 cell

Dear Dr. Dorsey and Ms. Hines:

I am writing to call the attention of the NCVHS to an issue of concern regarding the impending 2018 update of ICD-10-PCS, and to suggest that this may be an appropriate topic for discussion at your meeting later this month.  I provide a summary below, which I believe should describe the issue clearly, but I would also be happy to present these during the meeting if that would be helpful.

The issue is that in the planned 2018 update to ICD-10-PCS, a very large number of codes have descriptions whose meanings are substantially different from the descriptions in the 2017 edition of ICD-10-PCS.  I believe these changes threaten the integrity of existing patient data coded in ICD-10-PCS and undermine the quality of ICD-10-PCS in general.

As you are likely aware, one core principle of maintenance of any clinical vocabulary is that the meaning of a code should not change over time.  When this principle is not adhered to, confusion can arise about the meaning of patient data stored using the code, since the meaning of the code to the person who selected it would have been based on a (now-obsolete) code description.  This principle is one of the well-known Desiderata for Controlled Medical Vocabularies in the Twenty-First Century by Dr. James Cimino of Columbia University, published in 1998 (see section 2.3, “Concept Permanence”).  In a properly-managed clinical terminology, if there is a need to represent a particular concept that isn’t already represented with an existing code, the managers of the terminology should add a new code (and if necessary, retire the old one), not change the meaning of an existing code.

Here are some examples of ICD-10-PCS codes with description changes that result in a change in meaning between the 2017 and 2018 versions of the code set:


  • 2017 version: “Revision of Nonautologous Tissue Substitute in Right Rib, Open Approach”
  • 2018 version: “Revision of Nonautologous Tissue Substitute in 1 to 2 Ribs, Open Approach”


  • 2017 version: “Drainage of Right Trunk Bursa and Ligament, Percutaneous Approach, Diagnostic”
  • 2018 version: “Drainage of Upper Spine Bursa and Ligament, Percutaneous Approach, Diagnostic”


  • 2017 version: “Drainage of Epidural Space, Percutaneous Approach”
  • 2018 version: “Drainage of Intracranial Epidural Space, Percutaneous Approach”

I am attaching a spreadsheet showing the 1,219 description changes that, in our analysis, constitute a significant change in meaning.  I brought this concern to CMS and received a very cordial response (see attached e-mail thread), though no indication that these changes would be reconsidered, particularly given that the time window for the usual feedback channels had already passed.  Nevertheless, given the significance of these changes, I believe the NCVHS would want to be aware and perhaps provide its own input to CMS on this topic.


Eric Rose

Eric Rose, M.D., F.A.A.F.P.| Vice President, Terminology Management | Intelligent Medical Objects, Inc.
(206) 465-9345 cell| erose@imo-online.com
We provide COMMON GROUND for Health Communications that support Meaningful Use • Your Interface Terminology to ICD, CPT® and SNOMED®