[This Transcript is Unedited]



Subcommittee on Privacy and Confidentiality

March 31, 2005

Millennium Knickerbocker Hotel
163 East Walton Place
Chicago, IL 60611

Proceedings By:
CASET Associates, Ltd.
10201 Lee Highway, Suite 160
Fairfax, Virginia 22030
(703) 352-0091


P R O C E E D I N G S [9:06 a.m.]

Agenda Item: Introductions and Opening Remarks – Mr. Rothstein

MR. ROTHSTEIN: Good morning, my name is Mark Rothstein and I’m director of
the Institute for Bioethics Health Policy and Law at the University of
Louisville School of Medicine and chair of the Subcommittee on Privacy and
Confidentiality of the National Committee on Vital and Health Statistics. The
NCVHS is a federal advisory committee consisting of private citizens that makes
recommendations to the Secretary of HHS on matters of health information
policy. On behalf of the subcommittee and staff I want to welcome you to
today’s hearing on national health information technology. We are being
broadcast live over the internet and I want to welcome our internet listeners
as well, I also want to apologize to our internet listeners for the technical
difficulties that we had yesterday that may have limited your ability to follow
our hearings.

We’ll begin with introductions of the members of the subcommittee, staff,
witnesses, and guests. Subcommittee members should disclose any conflicts of
interest, others need not do so, I will begin by noting that I have no
conflicts of interest. Simon?

DR. COHN: I’m Simon Cohn, I’m the associate executive director for health
information policy for Kaiser Permanente and chair of the committee, I want to
welcome our presenters who not been so long.

MR. HOUSTON: Good morning, I’m John Houston, I’m with the University of
Pittsburgh Medical Center, I’m a member of the committee as well as this
subcommittee and I have no conflicts.

DR. RIPPEN: Helga Rippen, staff, I’m at the Office of the Assistant
Secretary for Planning and Evaluation, and no conflicts.

MR. SIMKO: Mike Simko with Walgreens.

MS. WINCKLER: Susan Winckler with the American Pharmacists Association.

MS. MCANDREW: Sue McAndrew with the Office for Civil Rights and privacy
liaison to the subcommittee.

DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the
subcommittee, no conflict.

MS. GREENBERG: I’m Marjorie Greenberg from the National Center for Health
Statistics, CDC, and executive secretary to the committee. Welcome.

DR. HARDING: I’m Richard Harding, I’m the chair of neuropsychiatry at the
University of South Carolina, member of the committee and subcommittee. I have
no conflicts.

MS. BERNSTEIN: Maya Bernstein, I’m the privacy advocate of the Department
of Health and Human Services in the Office of the Assistant Secretary for
Planning and Evaluation and I’m the lead staff to this subcommittee.

MS. SQUIRE: My name is Marietta Squire and I’m staff to the subcommittee,
I’m with CDC, NCHS.

PARTICIPANT: [Off microphone.]

MR. KIRSTEY(?): My name is Stuart Kirstey, I’m with Walgreens.

DR. STRAFFORD: My name is Craig Strafford, I’m an obstetrician and
gynecologist with the American College of Obstetricians and Gynecologists.

MR. ROTHSTEIN: Thank you and welcome to all of you. Invited witnesses have
been asked to limit their remarks to 15 minutes, after all the witnesses on a
panel have testified we will have time for questions and discussion. Witnesses
may submit additional written testimony to Marietta Squire within two weeks of
the hearing. I would request that witnesses and guests turn off their cell
phones and other electronic devices that could interrupt the hearing. Also
because we are being broadcast over the internet and recorded for transcription
we need to remember to speak clearly and into the microphones.

The hearings today represent the second day of the second series of our
hearings on national health information technology. At our first round of
hearings held in Washington on February 23rd and 24th we
heard from experts on privacy and confidentiality as well as representatives of
consumer organizations. These individuals explored the privacy and
confidentiality issues raised by creating an interoperable system of
comprehensive longitudinal electronic health records.

At this second round of hearings we are exploring these same issues but
hearing from health care providers to get their perspectives. We plan to hold a
third round of hearings in Washington, D.C., on June 7th and
8th to hear from health plans as well as health systems. Additional
details about future hearings will be published in the Federal Register and on
our website as soon as they have been finalized.

As we discussed yesterday electronic health records and a National Health
Information Network hold out the promise of increasing the safety and
efficiency of health care, lowering costs, and facilitating the treatment of
those with cognitive or communication impairments. Even assuming these
benefits, protecting patient’s privacy and confidentiality in such a system
represents a tremendous challenge. We hope that today’s witnesses will help us
to see ways to resolve and answer these challenges.

As I welcome our first panel this morning on pharmacy services let me alert
members of the subcommittee as well as the witnesses that Dr. Riddle has been
delayed, he’s got a flight delay and we are expecting him probably in an hour
or so but our plan will be to proceed with the first two witnesses and then
begin our question and answer period with you and then we will pause when Dr.
Riddle comes to have his testimony and then resume our question and answer. So
I apologize for the interruption but that could not be avoided so our first
witness is Michael Simko.

Agenda Item: Panel IV – Pharmacy Services – National
Association of Chain Drug Stores – Mr. Simko

MR. SIMKO: Good morning. My name is Mike Simko, I’m the corporate manager
of pharmacy health information technology for Walgreens. I’ve been a practicing
pharmacist for 25 years and in addition I’m now co-chair of the NCPDP Workgroup
11 on e-prescribing standards. Speaking for the entire Walgreen company I want
to thank the subcommittee for inviting us here to share our experiences,
conclusions, and challenges that we’ve encountered over the years from our
continuous efforts to help deploy electronic prescribing connectivity
nationwide and improve the delivery of quality health care to patients.

Walgreens was founded in 1901, currently has over 4,700 locations in 45
states and Puerto Rico. Walgreens fills over one million prescriptions daily
accounting for 14 percent of all retail prescriptions dispensed in the United
States. We currently open a new pharmacy every day, actually one every 17
hours. Nearly 30 percent of our pharmacy locations are open 24 hours. Our
company focus is pharmacy. Walgreens has a long and successful history of
pioneering technology in the practice of pharmacy. All of our pharmacies are
linked by satellite. Walgreens is the greatest user of satellite communication
in American outside of the United States government. Our mission is to provide
the highest quality pharmacy services and quality health care to our patients
in the most efficient and cost beneficial manner.

Walgreens has long recognized the benefits of electronic prescribing.
Nearly 15 years ago Walgreens initiated electronic communication between
pharmacies and physician’s offices utilizing an email like structure to message
physicians for refill authorizations. Since that time Walgreens developed the
system and marketed e-prescribing under the PreScribe trademark. The benefits
of e-prescribing, such as complete patient prescription information,
elimination of transcription and communication errors became immediately
apparent. However, to drive increased utilization of e-prescribing by
physicians there was a need for other pharmacy organizations to participate on
a level playing field that guarantees the patient’s freedom of choice in
selecting their pharmacy, and that messaging must flow through a secure means
of communication. We sold PreScribe software to Proxymed, a network aggregator.
Today Walgreens communicates electronically in the sending of prescription
renewal requests and receiving new medication orders from participating

Walgreens’ electronic connectivity to physicians is through network
aggregators such as Proxymed and SureScripts. These connections are made
through a secure private data circuit utilizing encrypted messaging and
standards to prevent altering transactions. Prescribers are given authorized
identification and certification before any access to the network. Agreements
between trading partners ensure only authorized access to transmit and receive
communications between pharmacies and participating prescribers.

On the pharmacy side existing firewalls and data encryption ensure the
security and confidentiality of patient information. In addition log files and
audit trails exist. Access to patient information and system functionality
enabled by sign-on/user ID to individuals with a valid authorization level.

The benefits of improved exchange of health care information are well
known. There is a critical need to protect privacy with improved discovery and
delivery of patient’s medical records when they are needed, where they are
needed, and only to authorized individuals who need them. The ability to locate
patient records and delivery them securely will enable a number of improvements
in health care, including the ability of authorized clinicians to access vital
patient records in near real time in the event of an emergency, improving
patient access to their own records, decrease the number of tests that need to
be re-run because previous results cannot be found in a timely manner, lowering
the risk of negative drug interactions, and safer delivery of medication orders
to the pharmacy. Increasing the availability of information to authorized
caregivers in a secure, accurate, and timely fashion is essential to improve
the clinical care and provide a host of other benefits to the patient and the
health system.

The connections between pharmacies and other entities must be secure
utilizing SSL and VPN connections, private data circuits, and encrypted
messaging. The continued better linking of patient records is essential to
improving health care. There needs to be a method to correctly identify the
correct patient records across many entities, labs, clinical systems, third
party payers, and pharmacies. In order to effectively collect and transmit
critical accurate data to support quality health care across various entities
and properly link correct patient information may require a unique patient
identifier. HIPAA compliance issues must be addressed to preserve and protect
patient confidentiality. Each transaction is stamped with a system ID, sender,
receiver, prescriber, DEA, and prescribing agent. All transactions are checked
against network profiles. Transactions that fail authentication are rejected.

I’ve attached a diagram which shows the common architecture and
infrastructure of the current messaging format. From the right, it’s on the
next page, from the right messages are sent to a central processor at the
prescriber’s practice, then routed through a secure connection to an
aggregator, then sent to a pharmacy host system central server, from there
dispersed to the correct targeted pharmacy.

A challenge in moving forward with an effective system that allows the
interoperability between authorized providers regarding a patient’s health care
will be the authentication and level of information sharing. Indicators will
need to be created and managed that adheres to HIPAA compliance standards
allowing patients to authorize the movement and sharing of personal health
information data among various entities. The dispersion of information between
labs, prescriber systems, pharmacies and third party payers will need to be
identified through standards development. Situations can and do arise where
patients may selectively need to choose what information is shared and with
what entities it can be shared.

In today’s paper based world patients will often use multiple pharmacies to
avoid incorporating “sensitive” medical information with their
overall profile. In addition, patients often at times forego having a
medication processed through their third party plan opting to pay cash to avoid
discovery of that medication information being identified or chance discovery
by their employer. These may include categories of medication that treat mental
health or a sensitive disease state. Patients today at Walgreens, even though
all our pharmacies are interconnected by satellite, have the ability to limit
their profile to a single store not viewable by another Walgreen pharmacy.
There is some reluctance in a significant patient population that resists
sharing all information or being part of a mass data pool.

Recent adoption of NCPDP standards regarding medication history and
compliance messaging from the pharmacy to the physician create new
opportunities and challenges for pharmacy as it relates to security and HIPAA
compliance. Bi-directional messaging between pharmacies and physicians means
the delivery of information the physician did not previously access regarding a
patient. Because of the number of prescriptions not covered by third party
plans, prescriptions that patients opted to pay cash, worker compensation
prescriptions and OTC medications, pharmacies possess a greater amount of
medication history than may be provided by a PBM. In addition allergy and
health condition information is routinely stored on pharmacy host systems.
Pharmacies will need to address multiple types of data sets. The data sets
needed to adjudicate claims for payment with payer groups do not need to
contain the same level and type of information as data shared among prescribers
and pharmacies. Clinical information will include different data fields and the
extent of interoperable sharing of that information will need to be identified
through standards and business partner agreements.

The patient information system will need to be dynamic, allowing patients
to participate in managing information flow, and give participating entities a
mechanism to identify specific information for sharing while protecting other
information. Patients may opt in for complete sharing of information or opt in
only for selective data allowed for sharing.

Preserving privacy is important to ensuring acceptance of the e-prescribing
and electronic medical records systems along with its benefits. Patient health
records should be left with the health care providers who created them. The
architecture needed must support the linking of health records. The challenge
to pharmacy is a unique patient and prescriber identifier system. The NCPDP
provider ID is the current and standard process for enumeration and
identification of pharmacies in use today and has extensive industry
experience. The NCPDP standards do support the use of the NPI.

Adoption of NPI in e-prescribing should not be required until May 2007
deadline if there is adequate industry experience in the use of the NPI and
acceptable business practices are available for distribution of the NPI file to
the industry. Until that time the current identifiers should be supported. The
e-prescribing industry will continue to use existing identifiers for business
purposes that the NPI does not support such as transaction routing to specific

To properly identify patients unique identification methodology must be
employed. Today, name and birthday may identify patients, however this may not
be enough. Going forward a Master Patient Index may need to be created. There
has already been success today in moving information across various standards.
There is a current and successful effort within HL7 and NCPDP to interface the
two systems to allow seamless movement of clinical information from one format
to another. At this continues to develop and become implemented more
information about a particular patient will be available. Managing that
information and ensuring HIPAA compliance procedures and patient
confidentiality is protected. This will be a particular challenge to pharmacy
as it deals with the assimilation of patient medication and health data from
multiple providers. Furthermore, the growing challenge is the proper
application and providing this information to other health care entities in a
manner that does not violate HIPAA standards or wishes of the patient.

The COB, Coordination of Benefits, and SPOC, Single Point of Contact,
efforts through CMS is another application of system integration that
pharmacies will need to address multiple payers and providers for patient
health care are electronically aligned.

Many challenges face pharmacy as e-health care continues to emerge. The
protection and integration of patient information will need to be carefully
addressed and evaluated to ensure the best of health care is provided while
protection of patient confidentiality is upheld.

A large national database of patient information does not appear to be the
answer. Patients are cautious of their health information being shared by
entities they do not want to have access. Each provider entity should maintain
their information and the interoperability of sharing that information will
need to be included in provider agreements that include the patient’s

Walgreens is profoundly appreciative of the opportunity to address these
issues to the NCVHS subcommittee. We fully recognize the importance of this
group’s efforts and are willing to provide any assistance to promote the
adoption of e-prescribing and resolution of any issues now and in the future.
Thank you.

MR. ROTHSTEIN: Thank you for that very interesting testimony, I know we’ll
have many questions to ask you about Walgreen’s practices, which we’ll do in
the time after all witnesses have testified. Now I’d like to recognize Susan

Agenda Item: Panel IV – Pharmacy Services – American
Pharmacists Association – Ms. Winckler

MS. WINCKLER: Good morning. I’m Susan Winckler, I’m vice president for
policy and communications and staff council with the American Pharmacists
Association. APhA is the first established and largest association of
pharmacists in the U.S. and we represent pharmacists in all practice settings,
whether it’s a community, a hospital, a long term care facility, including
those pharmacists in research and the payer community. Today my comments will
focus primarily on those pharmacists who are involved in direct patient care
and what it is that pharmacists are looking for, both the concerns and the
suggestions they have as we move forward in this idea of an electronic health

I will focus my comments on three areas, specifically access, contribution,
and integration, as the key elements of what pharmacists are looking for in
their ability to both protect the information that they create but then also be
able to access that information in an emerging environment.

I do have to say we appreciate the opportunity to be here and stress that
again when we talk about access. A few years ago when we would talk about
health information technology and electronic health records there was often,
there was a chart that was often used that had health care providers in the
center and pharmacy off to the side. I think we’ve learned since then that
perhaps that’s not where we should be but we should be in with the health care
providers and understand that role. That’s key to the first point this morning
which is speaking to the idea of access.

As pharmacists it’s helpful to have access to that information from the
electronic health record, whether it’s access to laboratory information about
cholesterol testing, if a medication is working, if it’s access to information
about what’s happening for a patient who uses Closapine(?) for example and
there may be risks to the patient that we need to monitor laboratory wise. Many
times the pharmacists today accesses that information either from the patient
or by calling the laboratory or calling the physician and an electronic health
record environment would help facilitate that.

We understand as well that access does not mean unfettered access by
everyone and I know that the committee has spent a lot of time talking about
those types of issues. From the pharmacist’s perspective our access should be
appropriate to our role in the health care system as the medication expert so
there are some things that we would not need to access but as we try to discuss
and define what are those things we do need to access what we need to keep in
mind is the pharmacist’s role to check for those drug interactions to see how
the medication use is progressing, as well as the responsibility we have
related to controlled substances and specifically watching for the abuse and
diversion of controlled substances.

There are some situations where someone may request limited access to their
information about the controlled substances that they’re securing from a number
of different pharmacies and it’s not necessarily that they’re concerned about
privacy per se but they’d like not to get caught in their diversion activities.
It’s just a distinction that we have to watch for and make sure that the
pharmacist is able to complete their responsibilities under the state practice
acts as well as the controlled substance act as we keep that in mind.

We also have questions about access when it comes to the idea of the health
care provider’s access to information and payers access to information and here
I’ll echo what Mike just mentioned, that in some situations what the payer
needs to document that care was provided, that medication was dispensed, that
an intervention of the pharmacist was provided, does not need to be the full
patient record and understanding of what happened. The challenge we face today
is that the implementation of HIPAA and specifically the minimum necessary
approach to that issue, at least in the pharmacy environment, has not resolved
that problem and that we seem to be in a bit of a situation where if the payer
says it’s necessary it’s necessary regardless of what others may say in that
situation and so we still need to resolve some of those issues about what is
the payer access to information and then distinguishing that from what is the
access of those who are involved in direct patient care.

The second piece, and I should say access is of course contingent on the
fact that those who are not involved in health care at all shouldn’t have any
access but I think we know that as the premise walking in today.

The second piece I’d like to discuss has to do with contribution and that’s
the idea that pharmacists do have information to contribute to these health
records and to that broader health information network and so as we’re looking
at standards and structure for all of that to remember that not only is it the
pharmacists needing to see information but the pharmacists may well be
providing information that would be extraordinarily helpful to the patient’s
providers. One of the key things that’s not seen today in most health records
is why a patient stopped taking a medication and we can hypothesize, offer
theories, but if you don’t have any of that interaction from the patient which
is something that the pharmacist can often secure and then document, if that’s
not contributed to the health record we have lost that opportunity.

The final piece I’ll talk about has to do with integration and that’s
speaking, I think the pharmacist and pharmacy community has an advantage when
we talk about electronic health records and expanding health information
technology because most pharmacies today use computers, they have computerized
patient profiles and although I do know a pharmacies I can point you to who
don’t they’re very rare and we would have to drive a long way to find them but
they do exist.

What we found from that is that we have integration in the community
setting and we have the use of electronic health records in the hospital
setting and in the long term care setting, and they’re all different. And so
among APhA’s members there are profound difficulties in sharing the information
among those systems. And so today you go from a system where we have fantastic
communication capabilities as Mike talked about within Walgreens but if a
patient at a Walgreen’s pharmacy goes into a hospital and the hospital
pharmacist calls a Walgreen’s pharmacist to get that information they most
likely have to communicate that over the telephone or maybe send a fax in the
current system because they are so different.

So as we move forward the integration of those existing systems is
essential and then understanding that there will be costs with changing those
legacy systems but approaching it to make sure that we have integration among
those systems and also some ability to make sure that the system that
integrates all of that information also meets the needs for those different
practice environments, that the needs for the providers in a long term care
facility may be slightly different from those in a hospital, from those in a
community health center or somewhere else, so there’s some, we have a single
structure or standards but also some adaptability for those different

Integration should also consider one final point and that’s the idea that I
think we’re selling ourselves short if we look to the idea of the electronic
health record in a national health information structure that simply takes the
information that’s communicated today on paper and communicates that
electronically. We have the opportunity to communicate additional information
and to provide additional support to patient care and I’ll speak to that
specifically in the context of a prescription.

The written prescription today looks much the same as it did 100 years ago
except that we have much more choice in the drugs that could be identified on
that prescription but if you compare the paper prescriptions there’s very
little different. The challenge with that is that we know today that
medications can do much more and so if we could provide more information it
helps both the prescriber and the pharmacist and most importantly helps the
patient, including something like the intended use of a medication, not a
diagnosis but what is that medication being prescribed for, is it to manage
pain or is it for an infection or is it for seizure control, providing that
type of information helps us navigate things as basic as medication errors
where you could stop a medication error if you know that the medication that’s
being prescribed is for a certain condition, it’s a lot easier to catch that
error because you won’t confuse Celebrex and Celexa if you know what the
intended use was. But as well it helps patients manage their therapy when you
consider a patient facing five or six or seven prescription medications every
morning, I think most of us just take those and may not understand what
medication is for what condition and what they should expect.

So as we look to integration APhA urges the committee and as we move
forward in this broader structure to consider not only making sure that the
current systems are integrated but what are those steps that we can do to go
beyond what’s currently communicated and truly create a preferred future in
this opportunity that is presented before us.

In conclusion we do thank you for the opportunity to be here this morning
and look forward to the question and answer session, I know Mike and I
acknowledged that we’ll be on the hot seat for quite a while, that’s alright.
Thank you.

MR. ROTHSTEIN: Thank you for that very important testimony and your seats
are being warmed as we speak as we’re going to open the floor to questions and
for those of you who weren’t here at the start of the hearing Kenneth Riddle
from the National Community Pharmacists Association has been delayed by air
traffic and should be here I’m guessing within the next half hour or so but in
advance of that we have some time for questions and I see one of my colleagues
is prepared to start on that. Mr. Houston.

MR. HOUSTON: Thank you very much. Specifically I guess it’s open to both of
you but I know Susan spoke to the fact, to discuss access, and I think you
indicated that pharmacists have the responsibility or at least have the desire
to do such things as monitoring lab values and other types of information
related to the patient and I guess that goes to whether the medication is
effective or whether the patient is complying with the medication dosaging and
things of that sort. I guess the question I have and being somewhat of a cynic
and thinking about privacy and the thoughts of patients, why isn’t that the
physician or the clinician’s role and I would suspect that some patients would
find it offensive that a pharmacist or somebody in a pharmacy would have access
to that type of information and be concerned that that really was a breach of
privacy. And then I’d just like your input as to why, more input as to why
that’s important and why they shouldn’t be concerned.

MS. WINCKLER: Sure. Well, if primary care providers had 48 hours in every
day and could see all of the people I think we wouldn’t perhaps face some of
these issues but when you look at the health care team and have the pharmacist,
the nurse, and the physician and obviously others contributing to that as well
the pharmacist’s role as the medication expert plays into some of that need to
help monitor the patient progress in this area. What we’ve found in studies
that we have done in research that a number of other groups have done, when you
pair the patient with the pharmacist so the patient understands that I am
entering this program to help improve my diabetes, or to lower my cholesterol,
that these are the steps that will be taken. In some situations the cholesterol
testing is actually conducted at the pharmacy, in other situations it’s
conducted elsewhere but the patient has said yes I want this information to be
shared with my pharmacist.

So I guess to address your specific concern, what we’re talking about is
not Mike coming into a pharmacy where I work and I say boy, you’re not doing
very well on your cholesterol lowering medication, where did you have dinner
last night, that’s not at all the approach that we’re talking about. And in
fact it’s part of the new Medicare drug benefit that there is a requirement
that certain patients have what they call medication therapy management
services available to help make sure that those drugs are used correctly but
the patients opt in to those programs, what we’re saying is we want to make
sure that the pharmacist can get access to that information short of faxing,
calling, and everything else if you have this structure available.

MR. HOUSTON: So if you’re looking at specific architecture, without getting
into technical details, what you’re really saying though is that, then is that
a patient would be able to opt in to a program where a pharmacist would be able
to monitor a variety of lab values, test results, whatever, based upon the
medications that the pharmacist is dispensing to the patient.

MS. WINCKLER: Or it may not be limited to the specific medications that the
pharmacist who’s working with you may have a patient who is enrolled in a
program or chooses to enroll in a program to manage their diabetes and it’s
what access the information the pharmacists needs is predicted primarily by the
disease state that you’re evaluating, it also is influenced by the specific
medications that they’re taking but I wouldn’t want the, the drug is not
necessarily the trigger, it’s the need for the pharmacist to help provide that
additional support to the physicians and the others who are involved in the
care of the patient.

MR. HOUSTON: Thank you.

MR. ROTHSTEIN: With the indulgence of my colleagues I’d like to follow-up
on John’s question, because I think it raises a very important issue. I think
you make a good point and I would say a compelling point with regard to the
benefits of an expanded role for pharmacists in the health care delivery
process, I’m thinking in terms of pharmacogenomic information and other new
technologies which will put a greater responsibility on pharmacists as not
merely the dispensers of prescriptions meds. If that in fact is the new model
that we’re going to be moving toward I’m troubled by some of the testimony that
we heard at our hearings in the fall on pharmaceutical marketing practices so
it seems to me, and let me just tell you what we heard, we heard that it is
common practice at some pharmaceutical, I’m sorry, some pharmacy chains to send
product switching information that is paid for by pharmaceutical companies
directly to patients that they have and receive payment and don’t disclose this
information, etc., etc., and —

MR. HOUSTON: Under the heading of —

MR. ROTHSTEIN: Under the heading of —

MR. HOUSTON: — alternative therapy —

MR. ROTHSTEIN: — patient information and education and not marketing —

MR. HOUSTON: — disease management or alternative therapies, things like

MR. ROTHSTEIN: Thank you. So it seems to me that in this brave new world of
pharmacy practice pharmacists can’t have it both ways and they can’t it seems
to me engage in practices that would be of questionable ethics if engaged in by
physicians and nurses and other health care practitioners and sort of say well
we’re more of a commercial entity dealing with these companies. So with that
long, long introduction the question is would pharmacists be willing to accept
greater regulation and limitations on their ability to do this kind of product
information/education/marketing in exchange for a greater recognition of their
role in the health care delivery process and access to patient health
information because if they get, from a patient standpoint if they get more
information that only facilitates their ability to do more of these kinds of

MS. WINCKLER: Right. From APhA’s perspective we have addressed the same
concerns because it was raised I think in 1998 is when we developed some
guidelines for manufacturer participation in what was called patient incentive
programs and where the association came out was if it’s marketing, if it’s
saying this product is an alternative that you need to know about, that needs
to be distinguished from the patient care environment and if there is any
financial involvement from outside parties that that must be disclosed
understanding that it does put, it creates a situation where you have a health
care professional who could be perceived as misusing that position and that is
what APhA and the pharmacists who came up with our policy specifically wanted
to avoid. So we, the association supports that clear distinction and we would
definitely be willing to explore whether it’s explicit limits or understanding
the distinction between those marketing activities and then those activities
that are involved in patient care.

Now a challenge that comes in is that some would say that compliance work,
so trying to improve patient compliance to medications, should fall on the
marketing side and we would disagree, that compliance work, it does have a side
effect that you get more prescriptions dispensed and so yes, there is a
financial side to it but I guess it’s hard to distinguish that compliance work
with the reminder that I get from my dentist that I need to go in twice a year,
which frankly is very helpful or I wouldn’t get there. So yes, we would be
absolutely willing to both share the information that we’ve developed that
tries to distinguish this marketing from the direct patient care role and as
necessary to make sure that those are, whether it’s enforced or observed,
however that happens, that the information we want pharmacists to be able to
access is for their role as direct care providers, not for a role in marketing.

MR. ROTHSTEIN: So if you could make that information available to the
subcommittee we would be very appreciative of that. What is the sort of current
status of your position, so if I’m a pharmacist and I call and ask for an
opinion as to this are you going to tell me that it’s something that’s frowned
on, that advised against, that you view it as an association as being improper
in some way or —

MS. WINCKLER: There are specific parameters if it were going to be
conducted by the individual pharmacist and that includes disclosing to the
patient any compensation structure, that any patient information would not be
shared back with the funder or whatever is involved with that and that it
should be identified as marketing. And then within all of that there’s also the
HIPAA compliance components of this as well but the association policy is based
on those three important points of disclosure, distinguishing it as marketing
and no sharing of information back for anyone outside of the treatment system.

MR. ROTHSTEIN: Thank you. Mr. Simko, would you like to respond to it?

MR. SIMKO: Sure. I fully agree with the APhA’s stance and the points that
Susan brought up, and can tell you that in the practice of our particular
company that while there may be the opportunity for therapeutic interchange
marketing to patients it’s not done at any point of care and it’s always done
under the guise of that there’s this other product available and there might be
a desire for you to, well, let’s work with your physician to switch, but none
of that has to do with any marketing, it more has to do with cost effectiveness
and more has to do with better coverage on a particular third party plan.

In the whole continuum of pharma and marketing much is done to the
physician, in many cases the medication chosen in a particular course of
therapy may have to do with the commercial a patient may have seen on the way
to their physician’s office, and in many cases the suggestion of medication
comes from the patient based on advertising. Pharmacy at the point of care when
we’re delivering health care to patients, no advertising takes place, no
switching takes place, no coercion to anything other then something that may be
more cost effective to the patient if a particular third party plan that they
may be covered by has multiple tier of co-pays or particular products are not
covered. And patients trust pharmacists and rely on pharmacists and in many
cases compel pharmacists to find that lower cost of therapy in many cases for
them and that creates this bi-directional need for messaging back to physicians
and prescribers so that the best course of therapy and the most effective
course of therapy can be made for that particular patient.

MR. ROTHSTEIN: Thank you. Dr. Cohn.

DR. COHN: It’s a pleasure seeing our presenters, again, I feel like we’re
back doing e-prescribing hearings. I’m actually going to stay away from the
conversation that we just ran into and I think I need to actually recuse myself
publicly in relationship to some of the medication therapy management service
issues only because I sit on the CPT editorial panel and they’ve had to
consider codes for medication therapy management services, so I will sort of
publicly recuse myself from that.

I perhaps had a simpler set of questions and Mike I wanted to start with
you relating to some comments you made relating to access by, I guess the
practices relating to your database and pharmacist’s knowledge of medications
being prescribed within Walgreens. I think you had indicated in your testimony
that depending on patient wishes medications might only be entered in a
particular store or might be accessible over the entire network. Now the other
setback, of course, as Susan sort of commented about issues relating to
pharmacists needing to know about what medications a person is on, and of
course the issues of fraud and abuse and everything else, I guess I’m curious
about your experiences with that in Walgreens, what percentage of patients
elect to have their medication history kept only within one store, are there
issues that I think Susan has brought up that we should be concerned about

MR. SIMKO: Sure. The incidence of the population of patients that want to
restrict their profile to a particular location is low and it’s probably, I
don’t have the exact percent but I would say less then five. Many of those
patients have very sensitive disease states, they may be HIV or some other
issue that they do not want an entire corporation of pharmacies to have access
to their patient information or medication history. So much of it is driven by
not so much many patients over a lot of disease states, we’ve noticed that it’s
generally limited to some very sensitive disease states that a certain
population of patients have and those seem to be the ones that want to limit to
a particular pharmacy, to a particular location, to a particular practitioner
at that store, that they don’t want that information shared anywhere else.

The other part is people are nervous with more e-connectivity that
information is now being shared to places they never intended it to be shared
and there’s a growing concern and we get questions from patients all the time,
every day in stores, that does Walgreens sell information, do pharmacies sell
this to manufacturers, is my data being sold somewhere else. The answer is no
as far as Walgreens is concerned but nevertheless they just have this mistrust
of identity theft and everything else that’s taking place that they want to
just locate their records in one particular place. But the incidence, the
population of those patients is slow and is small.

DR. COHN: Susan do you have a comment? And then I’ll ask a follow-up on
this one.

MS. WINCKLER: It’s something that we addressed as we were helping
pharmacists prepare to implement the HIPAA privacy concerns where you have the
opportunity for the patient to request restrictions on the disclosure on the
data and what we had guided our members and other pharmacists to do is to
assess that request and whether there was any conflicts between that request
and their responsibilities to protect against diversion or pharmacy practice at
concerns, so it sounds like the Walgreens system allows you to navigate some of
those issues but I think it’s something we have to keep an eye on because it
could create barriers where we really need to share information, whether it’s a
fraud and abuse situation or a barrier where a patient chooses to get a
sensitive medication at one place and separate that from their other therapy
and the risk is not fraud and abuse but actually patient harm because of a
conflict between those two medications.

DR. COHN: Well let me ask a follow-up on this one because I think it sort
of goes to a comment that I made yesterday which is that with all of these
sorts of interesting things that providers are doing now to help ensure privacy
we run the risk of providers knowing less then payers about what’s going on.
And so once again I know some about e-prescribing and I know some about the
pharmacy industry and so Mike you’re in a situation where obviously you’re the
pharmacy, another pharmacy may not know about the information but in all
likelihood the information will go up to a PBM, correct, and so they’ll be the
ones looking at diversion, they’ll be the ones looking at possible unknown
allergies or drug interactions, I mean somebody will be doing this, it just
won’t be you. Isn’t that sort of what happens here?

MR. SIMKO: Well, again, the PBMs only know what they know and only get
what’s sent to them, and in many cases patients because of the type of
medication or their choice do not always allow all their prescriptions to be
processed through a PBM. So the pharmacy’s depth of knowledge and breadth of
medication is generally much larger then a PBMs and because when we do
adjudicate a claim on a patient we do get DUR and information and medication
information regarding a patient from a particular PBM if a DUR exists, if
there’s any drug interaction between what we’re dispensing and what a patient
may have processed through that PBM, even from another pharmacy, we get that
information and we do our patient consultation with it. However we also have
everything else the PBM does have and in many cases our pharmacy system, many
pharmacy systems now keep track of other medication a patient may take from
whatever source they get it from and they can just list that in our system,
whether it’s OTC, other prescriptions they may get from a mail order, wherever,
that we can keep and we do do drug utilization review against those medications
where a particular PBM may not have that information.

MS. WINCKLER: Actually what your question stimulated me to point out is
that I guess we have to remember that even if we have an electronic health
record and all this information we still have to talk to the patient because
there will be situations and I’ll give the example of the new Medicare Part D
benefit where the payers benefit design is actually going to pose substantial
limitations on what the payer knows about medication therapy and that’s the
reality that the new Medicare drug benefit will not pay for benzodiazepines or
barbiturates, so those drugs will not be in the PBM record, they will only be
at the pharmacy level because there’s no reason for those claims to be filed
with the payer and you will have that automatic distinction and separation of
therapy in that environment. So I guess I would agree that we do have to be
concerned about who has the information and who has the most information and
maybe approach this in the realm that we should all assume none of us has the
complete picture but where else do we need to look for the information.

MR. SIMKO: Also there’s very limited if any PBM information regarding
health conditions or allergies on a particular patient, most of that is all
collected in the pharmacy system.


DR. TANG: I have several questions if I may. One, I want to step to their
defense in terms of John’s question, I think pharmacists play a crucial role in
helping to prevent medication errors and informing clinicians in prescribing,
and in particular I like your example of across the continuum of care and
possibly one of the most, one of the biggest opportunities for help is in the
long term care facilities where I think there’s certainly there’s multiple
medications and a lot of less then desirable prescribing practices.

A question I’d have for your, when you talked about how critical the role
of pharmacist is in the care situation, is there any distinction from what I
might call a clinical pharmacist and one that may be in a dispensing role, like
you might see in a retail pharmacy, so I’m used to working with Pharm.D’s for
example, whether it’s in the hospital setting or the ambulatory care setting
and a lot in the quality management and medication prescribing area, is that
different, do you have a different role when you talk about access to labs and
making sure that they’re on the right thing and not getting into trouble. Is
there a different role in different positions as a pharmacist?

MR. WINCKLER: There would be a different need for access to information but
I wouldn’t separate it out by where the pharmacist stands, it’s the role that
they’re fulfilling, that you may if we used a Walgreens structure, I’ll just
use that as an example, they may want to in one facility have the pharmacist
who’s overseeing that order fulfillment side and the medication error
observation in checking that process, and then the pharmacist who’s engaged in
their hospice practice or doing the medication therapy management for patients
with diabetes. So there definitely will be a difference in the access that the
pharmacist needs but you may also have the same pharmacist performing both of
those functions depending on what it is that they are, what it is that they’re
doing that day and what role they are fulfilling.

As to the clinical versus the non-clinical side, all pharmacy graduates
come out with their doctor of pharmacy, that’s the core degree, and so are
prepared to operate in this environment, it’s just depending on how we deploy
them. But I should say my use of Walgreens was hypothetical as an example.

MR. SIMKO: Mine isn’t. To answer your question we actually do deploy
clinical pharmacists in a variety of practice settings, both in the area of
specialty pharmacy and we have dedicated patient care centers so for more
complex or more involved type of medication management, disease state
management we do have this core group of specialized individuals totally
dedicated, they do not work in stores but totally dedicated to patient
consultation and interaction based on disease states or based on certain
medication therapy that that patient may be on.

DR. TANG: So would you expect in the Walgreens dispensing role to have the
same kind of access to information that Susan talked about in terms of lab
values and diagnoses and —

MR. SIMKO: To the extent that a pharmacist in front of a patient can give
better advice, care, or determine when an alert occurs that perhaps this
patient is not as compliant or because of an interaction of therapy this
patient may be on that lab values are not coinciding with medication therapy
what this pharmacist knows about this patient, and to the extent that certain
disease states require the monitoring of lab values, certain drugs we dispense
require the pharmacist to know and document particular lab values, then yes.
Will they be intricate in every consultation? Probably not, but the fact that
that information is there, updatable, gives that pharmacist just one more
check, just one more level of being able to better help, better advise that
particular patient, something that in the paper world today they’re mainly
blinded to.

DR. TANG: In the current Walgreens system since you described and it was
very interesting to hear all of the information that you would have that
exceeds that a PBM would have, are there audit trails so a patient could find
out who looked at their medication history and to the extent you give diagnoses
and so on and so forth, in the future perhaps lab tests?

MR. SIMKO: Within Walgreens it’s a very closed system, their patient
information does not get out anywhere else, however, if any notations were made
to the patient’s profile, to the patient information, our patients have access
to their profile and to their patient information, they can monitor that.
Anytime they want they can sign on, we give them PINs, we give them user IDs
that’s unique to them and they can monitor, they can track, they can update,
they can add to their profile both the medication that they’re taking and
health conditions they have and they can view that if any other notations or
changes were made to their profile along the way.

DR. TANG: Is there an audit trail to know who within Walgreens has looked
at a file?

MR. SIMKO: Absolutely, yes, everything that’s touched on a patient’s
profile is time stamped, user stamped, location stamped, that everyone knows
who did what, who looked at what, when.

DR. TANG: So when a pharmacist or even the check-out person is accessing
your record they are logging in every time?

MR. SIMKO: Absolutely.

DR. TANG: So you know it’s that person?

MR. SIMKO: Right, and we know that who used it, who sold it, when it was
sold, everything.

DR. TANG: Can I —

MR. ROTHSTEIN: They’ll be a second round if there’s time.

DR. TANG: Can I follow-up on the train of thought that you started, this is
a little bit of a hot seat question, nothing better then personal experience to
raise data points that you’d like to explore. This whole idea of how it is that
someone well known to me received a solicitation for then a new brand drug as a
potential replacement for a generic medication that this person received. What
patient improvement program made that happen?

MR. SIMKO: Without knowing the particulars it would be hard to say but in
some cases and by some payers and by some PBMs sometimes brand name medication
is a preferred therapy over a particular generic if manufacturer dollar rebates
were given to that particular PBM.

DR. TANG: And then so there’s some financial incentive for the PBM —

MR. SIMKO: And the patient.

DR. TANG: And potentially the patient. Is there any to the pharmacy?

MR. SIMKO: I cannot say for sure, I can get you an answer to that but I
don’t want to comment without having absolute knowledge of that.

DR. TANG: So that trace was that information about the dispensation of that
drug when back to the PBM who then turned around and used the contact
information to create a mailing to the patient.

MR. SIMKO: Could have happened that way.

DR. TANG: And how would someone either be aware up front that this could
happen to their data or opt out of that happening, or is that possible?

MR. SIMKO: Proactively today they probably don’t know until it actually
happens to them and I’m not sure if in particular their party plans or PBMs the
patients are given any heads up that your medications may be marketed or
information gathered about your particular medication therapy may be marketed,
it doesn’t happen from the Walgreen company.

MS. WINCKLER: They would likely need to opt out at the payer level if it’s
the PBM who’s doing that because Walgreens submitted the information to get the
claim paid, which the patient agreed to, and then it’s how the payer uses that
information, the challenges that most consumers would believe that it’s the
pharmacy who’s doing it rather then the payer.

DR. TANG: So the follow-up just to figure out whether Walgreen has any
financial dispensation for that transaction.

MR. SIMKO: Yeah, I can’t answer that for sure, I would have to get back to
you on that.

MR. ROTHSTEIN: Dr. Harding?

DR. HARDING: Well, I can follow-up on that question too but we’ll drop that
and go to something else for the present time. I just have two questions about
two things that I always think are interesting. One is that on page six of your
testimony you said that adoption of NPI, national patient identifier, in
e-prescribing should be required, or should not be required until May 2007. Now
is May 2007 some kind of a deadline, is that the compliance date where there’s
going to be —

MS. GREENBERG: My understanding that’s the date that it will be, that’s the
implementation date that will be required but trading partners can agree on it
being required earlier I believe.

DR. HARDING: But there’s a still hold on the development of that.

DR. COHN: No, this is the provider, this is the provider identifier.

MS. GREENBERG: This is the national provider ID, I’m sorry, I didn’t

DR. HARDING: That’s my question, the individual national patient identifier
is what, okay, skip that, let’s move on.

MR. ROTHSTEIN: I would ask everyone to not speak at the same time, we need
to get this transcribed and so forth. So Richard?

DR. HARDING: Just a quick, yesterday we had American Hospital Association
and some others here and they were saying that there is in the minimum
necessary field very little argument between providers and payers as to what is
minimally necessary. Is that the case in pharmaceutical activities? Do you get
into discussions with the payer as to what is minimally necessary for them to
pay you? Do they accept your statement of what is minimally necessary or do
they ask for a lot more then that?

MR. SIMKO: There’s generally a set of, a code set when we’re adjudicating a
particular claim and that code set is generally the same across the predominant
amount of payers, however, with that being said at particular times payers may
then say in order for you to get reimbursement we’re also going to require you
send this data field, this data field, and this data field. It hasn’t been
problematic yet as far as how much information they want because generally it’s
just, they want drug, day supply, patient, that kind of information. The
concern though is as this amount of information pharmacies receive is going to
grow and get bigger and pharmacies will have more of this information
assimilated from various providers then the opportunity on the payer/PBM side
will be we know you have it and now we want it and in order for you to get paid
X give it to us, otherwise it’s going to be X minus and those are concerns of

DR. HARDING: But at the present time that is not happening but there is
that potential as the question implies.

MR. SIMKO: Yes, exactly.

DR. HARDING: Thank you. Anything?

MS. WINCKLER: And I think I just echo, I think there’s a fair amount of
concern that there is, today we seem to be working from that minimum necessary
dataset but it’s not established as clearly in the pharmacy environment and
particularly according to the NCPDP telecommunication standard as it is in
other environments.

DR. HARDING: Thank you.

MR. ROTHSTEIN: Ms. Bernstein.

MS. BERNSTEIN: Thank you, Mr. Chairman. I just wanted to clarify something
in Mr. Simko’s testimony, at the bottom of page five you mention that, it says
patients may opt in for complete sharing of information or opt in only for
selective data, and I wonder if the National Association of Chain Drug Stores
or Walgreens in particular advocates an opt in system which for privacy people
it’s a term of art meaning that the default would be not to completely share
information and that it would be, it would behoove the patient to decide
whether or not more sharing would be done. Is that what was intended or —

MR. SIMKO: What some of the concern today is that right now it’s almost
like all or nothing as compared sharing information or not. We understand that
if patients may have a particular information they don’t want anybody to know
about, particular pharmacy where they had that medication fulfilled at, they
may just opt out and then it just kind of takes out everything and have none of
their information shared versus is there a way they can opt in but just
selectively maybe not share in every single medication that they’re taking, and
is it better that they can do that versus all in or none at all.

MS. BERNSTEIN: What I’m asking is is the position of your organization,
either of your organizations that the policy should be that there will not be
sharing unless the patient affirmatively decides to allow it, or is the
default, I presume the default is more likely that the information will be
shared unless the patient opts out, unless they say that we don’t want it. But
opt in would imply that the default is we don’t share unless the patient says
it’s okay which is different then, do you see what I’m saying?

MR. SIMKO: And I believe it’s opt in, I’m sorry, they opt out, right, so
the information is shared.

MS. BERNSTEIN: Thank you.

MR. ROTHSTEIN: I have a question that follows up on that and that is we
have heard certainly at our last hearing that one of the options for protecting
patient privacy would be to sort of have special rules for certain very
sensitive medical conditions such as mental illness or HIV and so forth in
terms of the medication record itself. But clearly if that’s the way one were
going on this you’d have to include pharmacy as well because if you have a
prescription for Prozac you don’t need much diagnostic information. So my
question is given that in your judgment how feasible would that be to have
special rules, and I don’t know what those rules would be, for different kinds
of prescription meds?

MR. SIMKO: Pharmacy systems are extremely sophisticated and growing even
more sophisticated and building a system where we could identify a class of
drugs and then prevent that certain class, those certain medications, from
behaving or acting or being shared or moving like other medications is not that
difficult and something that we could easily do in the interests of making sure
the rest of the information is made available, so it’s very feasible today —

MR. ROTHSTEIN: So you do think that’s feasible.

MR. SIMKO: Absolutely.

MS. WINCKLER: And the only challenge I’d raise from the practitioner
perspective is deciding what conditions meet that of protection, I mean about
eight months ago it might have been a certain condition for me that now I can’t
hide but I could have hidden eight months ago. And also I think it raises a
question just from a if I’m trying to access this information and I shouldn’t
is it easier for me to get into when I know it’s all collected in one place and
that the example, some pharmacies if you use the drug example and trying to
protect against diversion they have the option of either keeping all of the
schedule two controlled substances in one place or dispersing them throughout
their inventory, they often choose to disperse it throughout the inventory
because then if someone breaks in and wants to steal them they have to work
harder to find it. And I don’t know if that creates situations here if you
designate that information as particularly sensitive do you also flag it as the
gold mine for the people who are seeking it.

MR. ROTHSTEIN: Well, thank you for that answer, I see that Dr. Riddle has
joined us and welcome, we have had testimony from your colleagues on the panel
and we’re sort of mid way in the question and answer session, so we’re going to
take a pause in the questioning and allow you to give your testimony and then
we’ll resume the questioning and I’m sure they’ll be some for you as well.

Agenda Item: Panel IV – Pharmacy Services – National
Community Pharmacists Association – Mr. Riddle

DR. RIDDLE: No problem, I’m confident that my colleagues Michael Simko and
Susan Winckler have probably done a great job in answering questions thus far.
I do apologize for the lateness, there were flight delays coming out of D.C.

Again, good morning, my name is Dr. Kenneth Riddle, I’m a pharmacist and
the assistant director for professional affairs for the National Community
Pharmacists Association, or NCPA, and we’re located in Alexandria, Virginia,
and again I thank you for the opportunity to testify today on the subject of
privacy and health information technology.

A bit of background about the organization, NCPA is a 108 year old
organization which represents the nation’s community pharmacists, including
owners of nearly 24,000 pharmacies which make up a 42 percent retail
marketplace and the 60,000 pharmacists that work in this independent or
community setting. And again these independently owned pharmacies generate $78
billion dollars yearly and fill nearly half of all prescriptions.

Statistically currently in the United States there are 57,208 pharmacies
and there is at least one pharmacy in every county just to give you an idea of
how many pharmacies are in the country and the makeup of these include
independent, chain, supermarkets, and your traditional mass merchandiser
pharmacies. And the tasks performed regularly in these community pharmacies
highlight why the transmission of EHR into an interoperable network within ten
years is of not only interest but importance to our community pharmacists.

Currently when community pharmacists are educated they go a minimum of six
years of education and the curriculum includes pharmacy sciences, pharmacy
practices, drug and disease state management courses, as well as the
matriculation through clerkships, internships, and externships, and then upon
that completion that have to have a national licensing exam. Once they’ve been
licensed nationally then they have to continue education through courses that
are provided annually just to show the degree of education that the community
pharmacist undergoes. So once they become a pharmacist as one of the most
accessible health care professionals community pharmacists are a patient
resource of sorts for information, this information runs a large gambit, it
includes Medicare and Medicaid and private insurance information, as well as
information on over the counter and prescription medications.

Also pharmacists are used as a resource in engaging patients to become more
proactive in the treatment of their personal health care and an example of this
is the 19,000 of 24,000 independent pharmacies that have enlisted and solicited
at least one customer to be involved in the Community Care Rx drug benefit
program within Medicare program.

So currently community pharmacists are engaged in a list of daily
activities on the front line which include reviewing patient medication
profiles, answering questions and concerns, as well as making referrals and
recommendations and according to the 2004 Pfizer Digest on average pharmacists
speak with other health care professionals at least seven times a day. So that
again shows you the scope of communication that takes place within the
profession of pharmacy and it’s also important to note that a community
pharmacy has been a profession that has been highly computerized for over 20
years now with the processing and transaction of insurance claims, and
community pharmacies transmit hundreds of real time electronic processing
transactions daily for these insurance claims, additionally pharmacies have
embraced electronic transmission of new prescriptions and refill prescriptions
through electronic prescribing between pharmacies and physicians and NCPA is
currently a part of this process through a company by the name of SureScripts.

So as you can see our industry is excited about, and I’m sure it is an
iteration of what my colleagues have spoken of, we’re excited about the advent
of electronic health records and the possibilities on the horizon for
electronic prescribing. However, with the inception of a plan to adopt a
widespread use of interoperation EHR within ten years there are naturally some
questions and concerns that we do have.

Currently when a pharmacist reviews a prescription the information that
they have may be incomplete and that oftentimes results in the patient not
receiving the maximum benefit of the value of the medication that they’re
coming to receive. Or it can also result in a difficulty translating the
prescription. So EHR has the potential to allow pharmacists to review
comprehensive patient profiles in efforts to prevent both drug/drug and
drug/food interactions. These records could also assist in the management of
both disease states and medication therapy regimens based on readily available
medical histories. Also these medical histories would include drug allergies
and concurrent disease states. Such databases could also aid in the
identification of subsequent reduction for prescription fraud and reducing
illicit drug use, it could also support the prevention of duplicate therapy and
reduced non-compliance amongst patients and both of these are implicated in the
increasing rise of health care costs.

So again there are several questions that concern community pharmacists in
regards to EHR run the gambit and are comprised of subjects such as privacy,
naturally, confidentiality, security, accessibility, as well as operational
procedures and the cost of the assumption of a project such as this. And with
the initiation of HIPAA, as we all know Health Information Portability and
Assurance Act of 1996, security and confidentiality have been highlighted to be
priorities and are of paramount importance to community pharmacists.

As mentioned earlier pharmacists transmit hundreds of prescription claims
daily and as these claims are transmitted for adjudication, approval, and
eventual payment these companies responsible for routing the claim to the
appropriate payer and the pharmacy benefit manager, or PBM, commonly pull
de-identified information for the purposes of reselling that information and we
see that regularly. Several pharmacists have no control and others don’t even
know that this takes place. So pharmacies must be assured that if they ask to
transmit patient information to the EHR collection point that the information
that they transmit is secure and will not be used for commercial interests
without consent of the transmitting pharmacy.

In conjunction to that it’s another concern that community pharmacy, we’re
asking who will be charged to transmit this information to the EHR collection
point. And as we mentioned the benefits of EHR are obvious for looking at a
comprehensive review of the patient’s medication history but along with that we
have to take into account issues of possible discrimination and prejudices, an
example would be an employer refusing to hire a potential applicant for a
position because he has access to the patient’s record that indicates the
patient has been using methadone for the treatment of previous heroin

In addition the parameters of accessibility are of extreme importance to
community pharmacists. The number of patients that pharmacists see daily and
the activities that take place, it is important and it is necessary for
pharmacies to have access to electronic health care record transmission, not
only access but access to retrieve and if necessary add pertinent information
to these records. Other questions include how will measures used to prevent
inappropriate entities from having access to E HR allow patients and the
patient’s care givers to have access to EHR without impeding a firewall to
them. Also how will health care providers ourselves be given to access to EHR
and finally whether there would be a charge to the health care provider to
access such a record for transmission.

And with the day to day operational procedures associated with EHR several
areas come to interest to community pharmacies and these include the standard
operational procedures. Currently in pharmacy there are uniform data fields
that are filled out when a patient presents information to the pharmacy and
this is so that there can be a consistent level of information that is
transmitted for claims and from pharmacy to pharmacy if the patient chooses to
use the network of pharmacies that are available. So with this we would really
like to know what data fields will be required to be included in the EHR, when
a patient presents their health information what will be the necessary fields
that have to be filled out in that information for it to be consistent amongst
others that are going to be transmitting these records as well as how will
record duplication be prevented and addressed, for instance if I am a junior
how will it be ensured that the information will not be misconstrued or
erroneously used to prescribe me medication.

In conjunction who is liable for the transmission of records that are
intercepted or the databases that are hacked into, as well as what is the
anticipated time to transmit and receive an electronic health care record.
Currently on the forefront of community pharmacies time is an issue, several
pharmacists may not even have the opportunity to take lunch breaks because of
the amount of claims that are processed, the amount of prescriptions that are
filled, the amount of counseling that is currently taking place on the front
line and with the advent of the baby boomers increasing this time factor will
become more severe and so we really would like to know how much time will it
take to transmit and to receive such a claim.

In addition to these procedural questions community pharmacists are
interested in the infrastructure, which is explanation of how these claims will
be transmitted, will it be via one pipeline, meaning the information will be
transmitted from one pharmacy and through that same pipeline be received to
that pharmacy, or will it be via two pipelines, in that information will be
transmitted from pipeline A and the information of reception, will it be
received from pipeline B, again will there be one pipeline or will there be
simultaneous pipelines going back and forth for the information.

In conclusion, community pharmacists come in contact with a vast amount of
patient health information as well as a large number of patients daily. These
interactions, coupled with the use of computerized processes position community
pharmacists to be a significant contributor to the compiling of information for
electronic health record transmission. Although advantageous EHR transmission
involving community pharmacists raises questions about privacy and
confidentiality, security, liability, accessibility, and cost and
reimbursement. Community pharmacists are looking forward to working with you to
provide the input that will assist in resolving some of the unanswered
questions associated with EHR.

Thank you.

MR. ROTHSTEIN: Thank you very much, I appreciate your rushing to be here
and join us. We’ll now resume our questioning and allow you to comment as well,
I think we were up to Dr. Rippen.

DR. RIPPEN: Thank you all, I appreciate the very important role of the
pharmacists in the delivery of health care and that the movement toward an
electronic health records and their operability may provide additional tools
and capabilities for everyone in health care. But yesterday we also heard about
some of the exquisite sensitivities that consumers have with regarding sharing
any very sensitive information, even as it relates to the medications and we
also see in the press at least that there are now certain pharmacists that may
now refuse to provide, dispense certain drugs, such as contraception. What do
you think the implications of those trends may be on consumer view of allowing
pharmacists for example to access actually more information?

MS. WINCKLER: Let me address the conscious issue first and just say how
it’s addressed in the majority of situations, it’s that if the pharmacist
chooses not to participate in a certain activity they opt out but have set up a
system so the patient is served and there’s no conflict between the two, so the
pharmacist steps away, the patient is served, and the patient may not even know
that the pharmacist chose not to participate in that activity. And that’s what
happens in, as we try to track it statistically, in the majority of situations
where we have problem is where that seamless transition doesn’t occur and so we
have, APhA specifically has worked on this issue for a long time and I know
many employers have set up a system where they know of those situations where
the pharmacist is opting out and have set up the alternative system.

It does raise a question for individual consumers and at some level also
raises the understanding that at the pharmacy they are dealing with a health
care professional and that they’re getting something, that something more is
happening then just that medication being provided. As we move to the
electronic health record and perhaps more information I think it’s incumbent on
our profession to help consumers understand why a pharmacist might need access
to that information and how the pharmacist would use that information and to, I
don’t know if we want to say the word police but to better help the members of
our profession understand the responsibilities that come with the access to
that information and the vast majority of pharmacists understand that but we do
have others who we have to reach to help them understand that with additional
access comes additional responsibility and be prepared to deliver on that or we
will run into the consumer side where the consumer says no I don’t want the
pharmacist to have access to that designated information.

MR. SIMKO: Susan is quite correct and in Walgreens there is a very, very
detailed structured set of procedures that if a particular pharmacist for any
reason has trouble fulfilling a medication order there is an exact plan to
follow, we have enough resources available that in most cases the patient never
knows, but even if they did they never suffer any inconvenience, they will get
their prescription, they will get their medication.

Regarding the other part about the increased amount of information
available to the pharmacist, the vast majority of the public holds pharmacists
quite high in trust and being able to provide objective information to the
patient. In many cases they look at the pharmacist as kind of the validation
that this particular therapy is good, I trust this, the pharmacist didn’t
initiate the therapy, a prescriber did, but they’re a kind of a validation
point because this is the person they know, this is the person they have access
to, this is the pharmacist they see all the time and they look that this
pharmacist can better answer my questions the more information they have. So I
don’t feel, see, anticipate, experienced any reluctance on the part of a
patient in that the pharmacist has more information to better inform them
versus less information.

DR. RIDDLE: I concur and I would like to reiterate the points of my
colleagues that currently as well as in most of our chains, independents as
well, have a relationship with many of the patients as well as a relationship
with the profession to remain integritous(?) and oftentimes if there is a
refusal to fill as has been spoken before it takes place before the patient is
even aware of that issue. And again if there is a refusal it is mandated that
they refer that patient to another pharmacist who will fill that prescription.

DR. RIPPEN: And just one follow on question if I may, you had said that you
allowed consumers to have access to the information, how many I would say
people have taken you up on that and what has been the general response?

MR. SIMKO: I couldn’t give you the numbers, I could make those available to
you but it’s in the millions and the one trend I can tell you that, probably
over 60 percent of the updates to patient profiles, medication history,
allergies, health conditions, anything that they want to add that they think
the pharmacy should know about them is done by the patient on their own with
their access versus informing the pharmacy staff at the store or over the
phone. Patients really like to feel they participate and they really like to
feel like they have ownership of their information and just the fact that they
can check it, we see the hits on a particular patient’s profile, that we know
that they’re in there, many times they do nothing, they’re just checking, and
that gives them a tremendous comfort level, the fact that they can monitor
this, but even the fact that they can update it really gives them control and I
think as patients become more technologically sophisticated that’s an important
part that they play.

MR. ROTHSTEIN: We have time for a short second round of questioning. Mr.

MR. HOUSTON: Thank you. It was interesting, Dr. Riddle indicated that the
typical pharmacist speaks to somebody, a clinician, seven times a day, which I
think is very interesting, I think it goes towards the need to integrate as
best as possible between the systems, between the providers and the
pharmacists. But I do have a very specific question, in Michael Simko’s
testimony he indicated the fact that there was a need to develop a unique, or
to require a unique patient identifier which there is a somewhat of a bias
against I guess, right now at least at the federal level, but at the same time
Kenneth Riddle spoke of the fact that a lot of pharmacists are using technology
developed by SureScripts to communicate between providers and pharmacies. And I
guess the question is, on one hand it seems as though there are effective
mechanisms to link providers and pharmacists and I would think in that realm
also patients, and that would speak to the need, to the fact that there is a
system that works today, but yet I’m hearing on the other hand that there is a
desire or a need to have a common patient identifier and I’d just like people
to sort of speak to that issue.

MR. SIMKO: I don’t think they’re necessarily in conflict, the two, there’s
the today and then there’s the growing need of tomorrow, and today we have
various types of identifiers in place that do work. I think as interoperability
grows, deepens, and becomes more integrated with a variety of other systems,
hospitals, labs, whatever, over a various amount of language type
communications, HL7, NCPDP Script, whatever is out there, that there’s going to
be a growing need to have some unique identifier for that patient so that we
know it’s that patient, it’s that history and it’s correct and it matches to
where it needs to match to. Today we have processes that work and I just think
that as things grow, as this becomes a bigger more deepening part of health
care, and the other part to remember is that the regulations that are being
formulated to affect Medicare Part D are in name only, they’re going to affect
every single patient in this country because physicians are not implementing a
Medicare Part D system, they’re going to electronic medical records, it’s for
the world —

MR. HOUSTON: From a pharmacy perspective is this, on a scale of one to ten,
is this a ten, is this a two, is it a three or a five —

MR. SIMKO: 15 or 20 or 30 or 100.

DR. TANG: What was the scale to represent?

MR. HOUSTON: One to ten and he said 15, 20, the scale being 10 being most
important, one being least important, having an NPI, in terms of having a
common patient identifier.

MR. SIMKO: Today the need isn’t very strong and I don’t think anybody yet
can put their finger on exactly when and how much and when that’s going to
occur, I think it needs to be on the horizon, I think it needs to be thought
about and I think it needs to be kept at least in thought that at some point we
may have to have something uniquely for a particular patient, especially as the
population, the input, the amount of provider input continues to grow. We
already see the coming need for an NPI, national provider identifier for
physicians and prescribers, I think the same is going to hold true for

DR. TANG: Can I ask just a brief —

MR. ROTHSTEIN: You’re only one away.

DR. TANG: The follow-up question to that is do you have any sense of what
percent of the transactions involve either duplicate numbers for a single
patient or potential conflicts? I mean do you know order of magnitude what the
scope of the problem is in terms of problems with identifying patients

MR. SIMKO: Can you clarify —

DR. TANG: So is it five percent, three percent of the patients you have
problems, you either have two numbers for one patient or you have multiple
patients having, you have a problem matching a patient to that person’s profile

MR. SIMKO: I would say at least 25 to 30 percent that there’s the variation
of how patients are registered or how they appear that may cause duplication,
all the way to how birthdates are entered in a clinical system versus how they
may be entered in a pharmacy system, don’t necessarily electronically connect
these two properly so you will get redundant and duplicate patient
registrations, profiles, and information and the risk to all that is if you
don’t know to integrate them then you’ve blinded yourself to a certain amount
of information.

MS. GREENBERG: With the indulgent of the chair I just want to ask a short
line of questioning that probably is more relevant to some of the other
subcommittees of the national committee but it has a privacy implication —

MR. ROTHSTEIN: We have a captive panel.

MS. GREENBERG: Well, I was stimulated by the testimony an hour ago or so or
more about Mike and Susan and particularly something in Susan’s testimony and
it kind of follows along the line of the very first question that John asked.
And that is you spoke in terms of the need, at least in circumstances where the
pharmacist is involved in the kind of disease management or medication
management team type of delivery of clinical services to understand not just
the health condition or the diagnosis for which the medication is being
prescribed but its intended use, and in particular the intended outcomes, what
types of outcomes you might be trying to achieve so that you can help track
those. And I wondered if in thinking about the type of that whole line of query
and I think we might want to bring you back for discussions, for example of the
Quality Workgroup which is looking at the type of information needed to do, to
monitor quality of care, about the need for more structured or any information
and also more structure information on functional status and functioning.

Because as you indicate it’s often not to maybe cure a health condition or
remove a health condition but to improve a person’s level of functioning and as
we’ve identified in other work of the committee this is not currently even well
collected information in health care records and I’m sure certainly not in your
records. Have your associations given any thought to this and would you be
interested in engaging in further discussion on this?

MS. WINCKLER: From APhA’s perspective absolutely, it’s one of the things
that is seen as most important for our practitioners, that they have a better
understanding of that intended use or what is the, not end point but maybe the
goal, because it’s hard to help motivate a patient if neither the patient nor
the pharmacist has a good idea of where they’re headed. And you can get some of
that information from the prescriber but in the current system it takes a lot
of time and sometimes is very challenging to do, so yes, we’d be very
interested in that and have done a fair amount of work in trying to articulate
what’s the most important information to have both on the prescription and then
on the prescription label to help patients take better control of how they use
that medication and the result that they should get.

MS. GREENBERG: I’m also thinking that from the point of view of your
interaction with the patient, their improvement in functioning in some goal
area is probably more important to them then what their particular diagnosis

MS. WINCKLER: Right, I think it’s from the patient perspective why I’m
taking this may have nothing to do with the technical diagnosis, that’s not
what they care about, they want to know what they can expect and what they
should be watching for and how it will change their daily life.

DR. COHN: I guess I was put off a little bit with Marjorie’s question
because I actually had thought she was asking you whether or not you wanted,
were willing to enter that information or that type of information in your own
encounter and I wasn’t sure, and you seemed to answer it as though yes we’re
happy to get that information.

MS. GREENBERG: Well, I wondered both ways, whether that’s, both whether you
are looking to get the information on the prescription as to what the
functional outcome, or the expected outcomes are, what’s trying to be achieved,
what the goal of therapy is, and also to be able to feed back if you’re in a
situation where you’re part of that disease management, what types of goals are
being achieved from that point of view, therapeutic goals.

MS. WINCKLER: Right, and so I was speaking it from the context, what is
that additional information that would be helpful from the prescriber that then
helps guide the feedback that’s provided from the pharmacist and the patient so
you have, you start to have that information accessible to health care
professionals who are gathering it in the first place.

MR. SIMKO: From the Walgreen’s perspective we’d be absolutely, think it’s a
great idea, to participate in anything like that and we’re willing to and in
fact today we’re already building internally systems where we’re thinking of
giving patients, physicians, pharmacists, the ability to at every encounter
that they’re going to put notes on this patient’s profile so that the follow-up
can be shared by the person’s prescriber, the pharmacy and the patient, and in
addition to that with the advent of electronic prescribing and the sharing of
electronic medical records the pharmacist will be better informed to know
exactly that okay, you’re taking this medication for a particular purpose and
is the great encourager of that patient that you’re taking this drug to treat a
disease, maybe these other drugs help you perform better, function better,
better quality of life and all those together need to be critically managed and
monitored. I think the pharmacist is an excellent place to do that and so much
so that we recognize that and we’re absolutely willing to go forward with that
and participate and return any time that you would have us back.

DR. RIDDLE: In addition it’s almost a natural progression of what’s taking
place currently, I spoke about in the testimony that there’s current dialogue
within the health care profession inter-professionally between providers and
care givers and prescribers and dispensers and counselors and so with the way
things are being practiced now it’s a natural evolution with the vehicle of the
EHR transmission through an interoperable network for pharmacists to have
access to that information as well as dialogue with physicians or other
concerns or recommendations, or even referrals to clinicians and providers.

MR. ROTHSTEIN: Dr. Tang has the final question.

DR. TANG: So just to make explicit on this last exchange, I can see the
value in pharmacists having more information and being part of the team taking
care of the patient, I’d love to get like the refill data from you or anything
that you glean from the patient, are there impediments for the provider, the
clinician provider to getting information from the pharmacies that you may have
in your database?

MS. WINCKLER: Today or under the future we’re talking about? I think today
the challenge is finding a way to communicate that back to the involved
prescribers in the best way.

DR. TANG: I’m talking about policy wise, I know in the past pharmacies have
said well there may be a privacy problem but in today’s world with HIPAA
protection and if the technical and standard impediments were removed are there
any problems with Walgreens sharing back your dispensing history, OTC, those

MR. SIMKO: No and in fact being the co-chair of NCPDP I can even address
that we’ve just approved standardization that pharmacies can and will be
sending back compliance information, fill history, so any particular medication
you write, not only when we filled it but if the patient picked it up and we’ll
tell you when they didn’t. So that structure is being built today, standards
were approved, the various network aggregators will near future be able to
handle that bi-directional messaging so that physicians with systems will know
that patients are compliant, we’ll update your medical records for you so that
when you’re reviewing that particular patient you’ll know not only they got
this medication but they got it at the correct intervals, they got it at the
correct time, or when they didn’t get it.

DR. TANG: If I could turn this one to a different party, the payer, the PBM
in your situation, how much information is transferred to the PBM and how much
is being requested and how much in your mind may cross the minimum necessary,
because I think you addressed that in your testimony.

MR. SIMKO: Yeah, with the PBM it’s whenever we adjudicate the claim is when
they know the patient got —

DR. TANG: But do they know more things, like you now have patients entering
diagnoses and other things —

MR. SIMKO: Not today, they just know the minimal amount of information
necessary to adjudicate.

DR. TANG: They aren’t requesting additional information.

MR. SIMKO: Not yet.

MR. ROTHSTEIN: Dr. Riddle, you wanted to comment?

DR. RIDDLE: Yes, there was an interjection to the comment before concerning
communication between the physicians and the pharmacists, currently pharmacists
are mandated by various laws through various states of pharmacy to already
compile the information that physicians may request so when it comes to
assimilating that to a new process for EHR transmission it really shouldn’t be
extremely difficult for pharmacists because for years we’ve been tracking all
the necessary information that has been mandated and regulated by the various
state boards of pharmacy.

MR. ROTHSTEIN: Well, thank you all for your testimony and it was quite
interesting and helpful to us. We will take a break now until 11:10 and at that
time we will move to Panel V on primary care providers.

[Brief break.]

MR. ROTHSTEIN: Good morning, we are back with the hearing of the
Subcommittee on Privacy and Confidentiality of the National Committee on Vital
and Health Statistics, day two of our hearings on National Health Information
Network. And we’re pleased to welcome our panel members from Panel V, primary
care providers, thank you for being with us and we’ll go in alphabetical order
so if you are ready to proceed we’re happy to here from Laurie Badzek.

Agenda Item: Panel V – Primary Care Providers –
American Nurses Association – Ms. Badzek

MS. BADZEK: Good morning and thank you for having me. I represent the
American Nurses Association which is a broad nursing organization that
represents 2.7 million nurses in the United States in a variety of practice
settings at a variety of levels. Our nursing workforce is currently facing a
shortage, that shortage may have an impact on the work that nurses do related
to the work that you are planning for them and I’ll discuss that further. ANA
has been working very hard to develop mechanisms to both increase the number of
nurses and to bring nurses back who have left the setting which have also added
to the shortage.

Nurses since the beginning of time, since even before Florence Nightingale
have been concerned with issues of patient ethics and patient confidentiality,
it does play a large part of our role in our work and I will discuss that with
you more in detail as well. Nurses are often the voice of the patient,
especially our vulnerable patients, and we are currently the most trusted
profession as indicated by public polls, we were unseated for a few years
following 9/11 by firemen and policemen and we were happy to allow them to step
to the forefront and obviously they are right at the top with us as well but we
have regained our status as the most trusted profession.

In 1995 ANA did develop two position statements related to positions of
computerized patient records, I reviewed those position statements before
coming here today, much of the information in those position statements is
still accurate, those statements came from the Computer Based Patient Record
Institute and although that information is valid it’s still not yet universally
adopted because of the concerns and issues related to technology, cost of
technology, and changes in technology which have kept many institutions from
developing computerized patient records within those settings.

Obviously electronic health records and then more broadly the National
Health Information Network create the use of new processes and new technologies
that nurses need to work with within the health care setting and from the broad
perspective of nursing probably the most important thing that we see related to
your work and the biggest concerns we have actually deal with the system
itself. Nurses have long been working within systems that are pieced together
not well and not well thought out. In terms of establishing the network I
believe that it starts here with your work and the very first thing that nurses
and that the public will be looking for is the specified purpose of development
of a national network and hopefully that will be well defined, and then how
that system is going to be supported and supportive of the work of taking care
of patients will be important.

Other questions that nursing is concerned about and that need to be
addressed is the cost of the system, how will the cost be borne out and will it
be passed on to patients, will it actually impact the health care setting where
nurses practice. Again, nursing has long been subject to the cuts of health
care and so if money is required to go somewhere else then does that mean that
there is less resources for nursing to actually do the work. And again, these
are things that are just questions that hopefully will be answered prior to the
institution of any national network. So again, those costs are important.

How will this network cross state boundaries? Nursing practice is bound by
licensure laws and is subject to licensure discipline within state boundaries
and there are many issues in nursing currently related to crossing boundaries
and interstate licensure and the impact of what happens if there are breaches
within this network, how will nurses be impacted by failures or deficits in the
system and again, there have been many system issues for which nurses have been
personally attempted to be held liable, many times they have shown that it is a
system error but this is one more system that if it’s not well planned out,
well defined, and well understood that would cause complications and then
ultimately might impact quality care.

Other issues, those revolving around the accuracy of data, I was here
briefly yesterday and I think those were articulated fairly well by one of the
speakers. I mean if the data isn’t accurate, if the data isn’t up to date, if
there aren’t mechanisms for that then the system has no value because if it’s
not accurate data then no one, including the nurse, is going to rely on it. So
what mechanisms will be in place for accuracy and then how will we show that
this actually promotes quality care, nursing has now moved to what is called an
evidence based practice, we use the evidence from the clinical setting to show
what it is that we do works, to show that the care that we are providing is
actually quality care and actually is improving the outcomes for patients, and
so how will this system allow us to continue to work and to show that what we
are doing is evidence based.

The overall system must also account for technology changes and deficits
and currently that is a problem with some of the system now. As I talk to
nurses across the country I mean we still have nurses who are working in paper
records, we have nurses who are working in very big systems that have very well
defined patient records that are computerized, we have nurses working in the VA
where there is already a system in place from my understanding of just talking
to nurses related to a patient dataset that is a computer dataset. So we have a
variety and again, to be effective the system must have an overall positive
impact both on cost and quality as we start to move towards looking at a
national system.

Nursing is all about the commitment to the patient and these are some of
the fundamental values related to patient care that nurses look at. We are
committed to patients, to the right to self determination, we’re committed to
the uniqueness of individuals, we help to resolve conflicts of interest, we
provide for collaborative efforts when it comes to taking care of our patients,
and we promote the interests of the patients and advocate for the patients.

One of the primary roles defined by nursing and by the public is that the
nurse is there to advocate for the patient. And as we look at what is one of
our primary things we have to be able to help our patients, one, to understand
the system, they have to have knowledge and they have to have access. And
actually just moving to computerized medical records has created some problems
for access for patients. If you think about a patient who wants to look at
their file or look at their record, it becomes much more difficult when it’s on
a computer then just physically carrying the paper into the room, and then
there are delays in terms of well we have to print this off and then how do we
get it printed off.

And so again, and there are many issues that have crossed time and legally
have been out there, who owns the record, who’s the keeper of the record, and
so as you develop a national system again these questions are going to arise,
does the national system now hold the record and the keeper of the record and
yet the patient is still the person who owns the information but how do they
access it and how do nurses allow them to access it, all become issues that
still need to be answered.

Also the system needs to be trusted. Health care and in particular nursing
and medicine are based on trust and if patients don’t trust us they’re not
going to give us the information and then the information won’t be in the
record and the record won’t be accurate. So again, the system is based on trust
and so can this system be trusted and then much of it is going to be an
educational factor, you’re going to have to educate patients as well as nurses
about the system, the purpose of the system and then how the system works to
benefit and increase quality care.

Questions related to conflict that come up is there’s always the patient
who doesn’t want to participate and will they be penalized, they don’t want
their information houses in some national setting and how will we deal with
that, will someone actually be penalized because they don’t want a national
record. And again, some of this could be education, nursing per se has not
debated the national record and therefore we can’t say that we are against it,
in fact I would say that nursing would probably be in favor of a record if it
could be shown that it had a strong purpose and that it would benefit quality.

In terms of transportability, currently we have a lot of settings that are
sort of already behind the eight ball, where you have settings where in fact
you have vulnerable populations in rural settings, I mean there are already
issues related to technology and technology transference. I mean not to long
ago I was in a rural setting where they were dealing with a very old computer
and they could not accept information that had been put on to a new computer,
so again, we have these technological issues that already occur right now and
how will we deal with those issues. Again, technology, there are problems,
deficits, and errors that occur, even in typing information into the network,
again, what are the protections.

The commitment of the nurse to duties, again we have nursing is set out in
a manner that there’s accountability and responsibility, nurses also delegate
information and receive information back from those they’ve delegated to.
There’s issues of competence and then improvement in the health care

Primarily one of the biggest concerns that I hear from nurses related to
confidentiality and patient records is the password problem and this may seem
like a very small thing but at the same time as we move to yet another network,
another series of protections need to be put in place, I’ve talked to nurses
who have up to ten passwords for a variety of different systems and what
happens to passwords when they’re changed, when they’re lost, what happens to
information, these are all concerns that nurses have about what they’re
entering into the record. Also nurses are fully aware that somebody else
controls their password so when it needs to be changed, what is happening, who
can get in and make changes to records, and now you’re going to layer it one
further, it’s hard enough for people to have trust within their own system and
now we’re going to have to have trust in a system that goes even further.

I heard of a problem that a nurse was relating to me related to technology
concerns where a drive was changed. Now the information is still on the old
drive and her question was how was that going to be technologically be
destroyed, that information was there since it’s now on a new system. And she
couldn’t get an answer to that question. Now mind you it’s a system question
but the fact that she couldn’t get an answer raised a concern for her because
she didn’t know how the outsourced technology people were dealing with that
drive and so these are questions as well, and I’m not a tech person so I mean
there are probably better tech people here then I am, but she never got an
answer to that question and so she asked it to me, should I be concerned. So
again, we have issues related to our technology that we need to talk about.

I’ve already mentioned the licensure and accountability at the state level,
the question is now will we have a federal level of accountability as we got to
a national system that nurses will need to be concerned about and be educated
about. And there are already questions about records crossing state lines,
currently even as of just a couple of weeks ago there was a question about is
the practice occurring, where the nurses or where the patient is, well now that
we’re going to have national records I mean is the practice occurring in
cyberspace, I mean where is practice actually occurring.

Other issues, if this information is to be networked where within the
network will be able to draw from these document, what information will be able
to get, and then will the system require more energy then it will actually give
back, in other words if it’s going to take us five years to get everybody up
and on speed with this network and with the costs associated with it and the
learning curve associated, five years from now technology will have changed,
will we be starting all over again. I mean these are concerns, nurses are
already dealing with technology changes every day and there’s new equipment,
there’s new beds, and is this one more thing that’s going to take more time and
then what will be the benefit, will this really benefit patient care at the

And again will this system support evidence based practice, which is one
area where I think there’s a big plus, I mean nurses believe that if
information is networked then they can more easily show that information
actually does add to practice, and again, that’s a piece of research, being
able to access large datasets is often seen as a plus but yet there are risks
associated with that in terms of protections for patients.

Commitment to the profession, nurses as a whole are not only committed to
patients and to systems where they work and their own personal accountability,
but there is commitment on the part of the profession, nursing believes in
working from a team situation. Often things that are occurring actually in our
setting now, the HIPAA concerns, the confidentiality protections that are
currently in place have actually put some constraints on nursing practice and
have actually changed much of the way that nurses share information. Let me
give you an example so that that comes a little bit closer to you.

It used to be that typically in an ICU setting nurses would tape their
report prior to the close of shift, the other nurses coming on would go in and
listen to that report. But what HIPAA did was say well you don’t need to have
that information because you’re only caring for two out of the 15 patients so
you can really only listen to the information on your patients. So now nurses
must individually pass report in most settings versus sharing report within an
entire unit, so in other words instead of hearing about 15 or 20 patients you
only hear about the two or three that you’re actually taking care of. In some
ways that’s been good, in other ways it’s not good, but again, these are
changes that nurses have passed on that don’t necessarily benefit their time
and don’t necessarily benefit what they see as unit practice and this is
typical in many settings now.

I guess the final question that I’d like to pose is again, will a greater
good come from the network. Obviously less paper is better, nurses are big
environmentalists, we would be happy to have less paper and have a cleaner
environment. But obviously technology brings other questions and information,
will nurses be able to get the information they need, when they need it, will
it easily be located, will the information be subject to misuse, will it
identify risks, bad genes, family histories, things that could actually be used
against patients. Will the technology actually benefit the patients in a big
way and obviously there’s some example of how technology has truly benefited
nursing, the cyber libraries that are available to nurses on the units are just
wonderful, everything is on MedLine and nursing units actually have access to
this information. Websites like nichepeg(?) are wonderful places, sources of
information for nurses, and for patients as well, nurses have the ability to
pull up documents like family history document from the Surgeon General’s
website, these things have all added, this technology has all added to nursing
practice and actually made it better. And so as we move to some type of
National Health Information Network with patient medical records, again, will
that technology add to and improve nursing practice because that is what we are
concerned about.

Thank you.

MR. ROTHSTEIN: Thank you very much and we’ll have questions at the end of
the presentation by all the panel members. Our next witness is Dr. Darryl

Agenda Item: Panel V – Primary Care Providers –
American Osteopathic Association – Dr. Beehler

DR. BEEHLER: Good morning, my name is Darryl Beehler, I’m a D.O., I’m board
certified in family practice emergency medicine, quality assurance utilization
review. Presently I’m medical director and a staff physician in the emergency
department at Douglas Coney(?) Hospital in Alexandria, Minnesota. In a prior
life I was medical director of a for profit HMO in Arizona and therefore I have
had the opportunity to have first hand knowledge of both sides, or I should say
several sides of the street of health care and the agendas that go along with

On behalf of the AOA I’d like to thank Chairman Rothstein and the
subcommittee members for the opportunity to provide testimony on potential
privacy and confidentiality issues raised by the development, adoption, and
implementation of widespread interoperable electronic health records, and the
National Health Information Network.

Founded in 1987 the American Osteopathic Association represents more then
54,000 osteopathic physicians practicing in 23 specialties and subspecialties.
The AOA is committed to advancing the development and utilization of
information technology to improve the quality and efficiency of the health care
delivery system. We believe that health information technology if properly
developed and effectively implemented in close conjunction with the physician
community and other stakeholders offers great promise.

The rapid developments in medical informatics is changing the face of the
health care delivery system. The AOA commends the National Committee on Vital
and Health statistics for its effort to gather important information from
various stakeholders regarding the development of the National Health
Information Network. It is imperative that technological advances occur through
a deliberative process in which physicians and other interested parties are
able to provide input and ultimately shape the end product.

The AOA is involved in the U.S. Department of Health and Human Services
work to develop the NHIN. To assist the process the AOA and many of our
osteopathic specialty organizations have joined the Physicians’ Electronic
Health Record Coalition, known as PEHRC. PEHRC is a coalition of more then 20
physician organizations dedicated to assisting physicians, particularly
physicians in small and medium sized ambulatory care medical practices to
acquire and to use affordable standards based electronic health records and
health information technology to improve quality, enhance patient safety, and
increase efficiency. The AOA remains committed to achieving these goals.

Several years ago the AOA formed a technical advisory committee known as
TAC, this was to support the development and adoption of electronic health
records and health information technology, and to counsel and advise the
association’s strategic use of advanced information system technology with the
goal of enhancing the effectiveness of osteopathic physicians in the delivery
of patient care and promoting public health. The TAC, which I have the pleasure
of chairing, represents a cross section of osteopathic physicians involved in
application of technology to the practice of medicine.

Robert Juhasz, D.O., past president of the Ohio Osteopathic Association and
a member of the AOA’s Council on Federal Health Programs, participated in a
panel discussion with President Bush on January 27th in Cleveland,
Ohio. Dr. Juhasz shared with the President details on how the adoption of new
technologies is improving the quality and effectiveness of care in his practice
at the Cleveland Clinic Foundation. Dr. Juhasz explained that the Cleveland
Clinic Foundation’s secured electronic patient portal, MyChart, patients may
receive test results and their doctor’s recommendations, schedule appointments,
request prescription refills, be empowered to better understand their health
care needs when they have greater access to great portions of their health
information through a secure, encrypted, web based site.

The philosophy of osteopathic medicine is that the physician in
coordination with the patient acts as a teacher to help patients take more
responsibility for their own well being, to maintain their health and to change
unhealthy patterns. Osteopathic physicians assist patients in developing
attitudes and lifestyles that do not just fight illness but help prevent it.
Preventative physical examinations, screening services, and patient education
all contribute to improving patient’s quality of care and health. Health
information technology has a tremendous potential to improve the interaction
between the patient and physician.

The foundations of the patient/physician relationship are trust and
transparency. Therefore the development the development and implementation of a
National Health Information Network must enhance, not hinder, this
relationship. Special attention must be given to the impact the network will
have on the patient/physician relationship and security of patient information.
The benefit of health information technology and the patient data contained
therein must balance potential benefits against the potential misuse of patient
data in violation of the patient’s privacy.

In July 2004 the AOA issued guiding principles on e-prescribing, including
safety, privacy, transparency, design, integration, scalability, and timing. We
believe these general principles also apply to the development of the National
Health Information Network.

Safety, one comprehensive intact system is needed to hold all the clinical
information on an individual creating a safety net. This can lower adverse
affects and increase the overall safety of a patient’s encounter.

Privacy, information on patient’s information should be current,
comprehensive, and compliant with HIPAA, and must never be used for unintended
activities such as those not directly related to patient care.

Transparency, third party involvement must be transparent and disclosed.

Design, financial interests should not dictate the design of the system, in
other words all drugs should be available. Standards must require fail safe in
any system to prevent the introduction of new health care errors.

Integration, systems should be proven and should integrate with existing
health care technology and the existing workflow, in other words downloading
the patient data from previous electronic medical records.

Scalability, any standards should be broad based and applicable to all
health care delivery systems.

Timing, these standards should be placed at the earliest possible date to
allow software vendors and practitioners adequate time to become compliant with
said standards and perform all necessary testing prior to the implementation.

In addition to these principles we recommend that your committee explore
the following issues as they relate to patient control of data, patient
interaction with the health care system and physicians, and the security of
patient data.

The increased storage and transmittal of private health data and associated
materials places confidential documents at greater risk of misuse. What
authentication and encryption measures can be taken to ensure a secure network?

The administration advocates that the development of personal health
records. If patients will possess a portion or all of their medical records how
will they be assured that they will have the most current information available
to them from all of their health care providers? How will the data be
synchronized and how will the data on the personal health record be identified
and tracked?

Computers cannot solve all patient safety issues. The development and
implementation of the National Health Information Network must take into
account that a keystroke and other errors are growing problems in health
information technology and e-prescribing. As more messaging and sharing of
patient’s health information takes place via computer network the risk of
misinterpreting information increases.

As technology becomes more prevalent in health care patients need to be a
vested partner with their physicians to understand both the benefits and the
risks of the systems. Will physicians be responsible for informing every
patient or will public awareness campaigns be implemented to help ease the
transitional patient education process?

Trust between a physician and a patient is paramount. While a National
Health Information Network can be a valuable tool it must not create undue
external influences over clinical decision making processes which could
undermine the patient’s best interests.

The variable presence of health information technology and electronic
health records in the current United States market is a concern. The price, the
measure of quality, the benefits, and the usage vary greatly within the health
care community, particularly in physician’s practices. Interoperability and
consistency is a key when trying to promote an integrated national system,
those who may not have current uniformity with other physicians in the part of
the state, the town, or even the health system in which they practice.

The AOA believes that the widespread adoption of health information
technologies, such as electronic medical records and electronic prescribing,
has the potential to reduce medical errors, enhance quality, and improve the
efficiency of providing medical care. Furthermore the AOA believes that these
technologies are capable of reducing the costs of providing health care.

The AOA supports efforts to ensure that all patient populations, especially
those in rural and underserved communities, benefit from this effort. To foster
adoption in all practice settings the AOA supports public and private programs
that provide needed technical and financial support to implement new

Advancement in the health information technology development and
implementation should not come at the cost of patient privacy, confidentiality
and the patient/ physician relationship. Furthermore the privacy data should be
protected to foster the ability of physicians to provide the care that they
deem appropriate in conjunction with the patient.

Once again thank you for the opportunity to testify today. The American
Osteopathic Association remains committed to advancing health information
technology utilization and is happy to provide any assistance to the
subcommittee as you move forward in your deliberations on this very important

MR. ROTHSTEIN: Thank you Dr. Beehler for that fine testimony and we’ll have
questions after the end of the presentations. I’m pleased to now recognize Dr.

Agenda Item: Panel V – Primary Care Providers – American
College of Physicians – Dr. Hale

DR. HALE: Hi. I’m here representing American College of Physicians, thank
you very much for inviting us to speak on this important topic. American
College of Physicians is very, very interested in this area for a number of
reasons, number one for the care of patients and quality of care, use of
evidence based medicine and making that assessable to patient care. We’re also
tremendously interested in education, education not only physicians but
patients as well. And we’re also interested in developing stronger and more
useful relationships, those relationships can be from the patient and physician
working closer together, having more information, but also with our colleagues,
we’ve become more and more separated from the pharmacists and the nurses and
the other colleagues that we work with and we feel the information technology
really can give us benefits.

But it’s a benefit risk kind of thing and physicians are pretty comfortable
with that, that’s how we make our decisions, every time we have to decide on
something in giving care to a patient we have to say what are the benefits and
what are the risks, and feel confident that those benefits outweigh the risks.
And I think that’s one of the challenges of health information technology is to
lower the risk and increase the benefits so that we can optimize patient care.

American College of Physicians has over 100,000 internists and medical
students in its membership and in January of 2005 ACP submitted a comment
letter to ONCHIT about the RFI on the National Health Information Network and
also participated with a collaborative with a number of organizations which is
in the written report on this topic as well. And many of the points that I’m
going to bring up today were included in those letters.

We feel that the NHIN should consist of a carefully planned network that
meets society’s requirements of the widespread adoption of a formal set of
technical components that are standardized with standards and methodologies and
have explicit policies for their use and governance to protect both patients,
physicians, and everyone involved in the health care process. We feel this is
really centered around patient care and that all of these designs should be
centered with the patient as the center. There’s a lot of things involved in
patient care that can be improved by the use of information technology, this
diagram just shows a number of those issues that can be addressed, but they’re
very complex and in order to have the relationships necessary to improve these
processes we have to have the protections with the patient and the other people
involved in the patient care as the center and that information protected so
that we can share information safety.

We feel that there should be a fostering of the trusted environment and one
of the really key roles in doing this is going to be the need for a very
extensive educational program. I think one of the challenges now is that
there’s so much misunderstanding over what these health information networks
can be and how that information can be protected and we feel that not only
patients but clinicians and everyone else needs to have a much better
understanding about what the technology is and what the benefits and risks of
these technologies are so that they can make informed discussions and be more
involved in the process.

We feel that there should be information, information should be steward by
patients and physicians working together and that we need to act as stewards to
protect this information. And that patients and physicians work together to
control the access, patients have the ultimate decision on who has access to
their information but physicians and patients need to work together to decide
on what information should be shared and what are the benefits and risks of use
of that information.

We feel that there should be a voluntary decision and there is significant
concern that by having a have and have not kind of world people may feel
pressured in sharing their information and in the past we’ve seen that with the
use of the release forms for information to insurers. A lot of times patients
don’t even read these forms and go ahead and sign off to share their
information because they feel they don’t have a choice. So I think we need to
work harder to try and help people realize that they do have a choice but they
need to sit and the physicians and the patients and those involved in care need
to talk about what the risks and benefits of those choices are.

We feel that patients need to have a very strong role in the control of
their health information but it needs to be clearly defined. Patients need to
be able to choose whether or not to participate in sharing the information but
they need to be educated so that it’s a very informed choice. They need to be
able to exercise their rights under HIPAA and they need to have control over
who has access to the records, not only the entire record but the key parts of
their record, improved access of control compared to what they’ve had in the
past. They need to know and be able to ask whose accessed their information and
for what purposes and they also need to be able to review and request changes
to that information when it’s incorrect. They need to be able to get copies of
their information when necessary and they need to be able to reliably and
securely share the information between institutions and providers when
necessary to improve their care.

But there’s some key other elements to this, once a patient’s consent has
been granted for the information access the information has to be shared
efficiently and also in a trusted environment. And there’s a lot of concern in
the physician community about the speed of access, as you build more controls
for the protection of information how do we keep the benefit of the access of
the information so it can be available to take good care of patients. We’re
also concerned about emergency situations where we need to be sure that we have
clearly outlined rules and regulations to protect those situations so we can
access information to care for patients in emergency situations where patients
may not be able to give their permission, or in cases where it’s unclear who is
speaking for the patient, such as in pediatric cases and other situations.

We feel the clinician and the patient must have the authority over the
access of information and how it’s used. Physicians are responsible for
maintaining the accuracy of the patient medical information and should work
closely with patients to make sure that that information is correct. There’s a
tremendous advantage in health information systems to improve on this because
there’s a lot of difficulty and trouble with accuracy at this point in time.

We also need to protect the information from corruption and also from loss,
these are both physical loss and also loss when transferred from place to
place. And we need to be able to review with patients their information and
negotiate when they feel that this information is not accurate and make
corrections when necessary. We feel that if we developed these roles better and
if there was support to develop these roles better in the patient physician
relationship then there would be an enhancement of this relationship and we
could as physicians give better care.

Physicians and patients should control the access to the information in the
networks in other ways. One of the concerns physicians have is as we build
these regional networks there’s multi-stakeholder collaboratives that are being
built and they have health plans and government and patients and physicians and
a lot of different stakeholders involved in these networks. We feel strongly
that the patients and physicians should be the ones who make the decision on
how the information is used in these aggregated networks so that they can be
used for the purpose of improving quality of health care as the number one
priority and that there should be transparency in every case on how information
is used.

In terms of authorized access to information we feel that the information
network is going to end up being a collective network of networks, that there
will be in some cases in rural environments like where I’m from in the
Adirondacks, it may be most appropriate to have a clinical database for a
region where all the information is aggregated. But that’s not realistic for
the entire network and we’re going to have to be able to link these networks
together. And ACP feels that there’s going to need to be a very well built
record locater service to provide this service because the technology that we
have now makes it very difficult to match up records and it’s labor intensive
when there’s errors and that can obstruct the care of patients. We feel that
the collaborative will need to be a multi-stakeholder collaborative that’s
regional or non-geographic, non-geographic sub-network level in order to build
this record locater service, and that the record locater service should be
based on open standards that’s set by a standards and policy entity.

We feel that the subcomponents of this system would be the linking of
records via registry of names and record location information and sharing among
users participating in the system. But by being able to build the record
locater system on the sub-network level it would be possible to make decisions
on sharing of individual parts of information rather then having to send
aggregate large amounts of information to everyone, and that it would enhance
the ability to choose to what kind of information should be shared and to give
better protection for sensitive information where only certain providers should
be accessing the information.

In terms of the privacy and security principles, we feel that the privacy
and security principles outlined by the Connecting for Health Initiative spell
out what ACP supports. And that is in terms of confidentiality, materials
existing within the system should only be disclosed to those who have authority
to access that information and there should be significant authentication
systems in place to make sure that only authorized individuals are able to
access the information and that there’s auditing to make sure that everyone,
all the access to the information is tacked and is compliant with policy

We feel that it’s very important that the integrity of information also be
defended against lost or unauthorized use and that again, every alteration and
change in information is logged and documented and that there should be
non-repudiation when we’re sending information across networks between hospital
systems and providers, it’s going to be very, very important to have some sort
of method of non-repudiation so that we can have confidence that information is
accurate and has not changed during the transport between the two systems.

In terms of wired security, we feel that there should be physical and other
mechanisms in place to defend this system from eavesdropping, copying, or other
interception of information and that the information should be encrypted. We
think that there should also be mechanisms in place to ensure the delivery of
information and that there should be notification of delivery between entities.
The simplest example is that when I do a prescription there should be
notification back to me that the pharmacy received that information.

We think there should be perimeter security with required authorization and
credentials and an auditing program so that anyone who’s actually accessing the
information systems to work on these systems also are tracked and authorized
for the levels of access they have. And we think there should be content
security, restricting what can be done with the data even by authorized
personnel. And we feel that physical access to the equipment should also be
protected but that access to the physical equipment doesn’t give you full
access to all the information, that there are obviously levels of access.

We think the data integration from disparate sources results in a challenge
and that there’s going to need to be models developed in how we handle this
information. There’s a new kind of record that we’re dealing with and I think
it’s very difficult to deal with this kind of record for physicians, there’s a
lot of discussion on how we’re going to handle the responsibilities of
information that comes from another source, if we don’t agree with the problem
list who’s in charge of changing that if we have a community record. We have to
address error correction, who’s going to be in charge of error correction,
reconciliation and conflicting data. I think these are challenges that we will
find benefits out of having the information but these will be some of the
challenges that we’ll have to face and they’re going to be time consuming and

When multiple physicians and clinicians care for a patient and there’s
multiple complex problems there’s going to be the necessity for new models for
who’s going to be responsible for maintaining these records and sharing the
information. And also what information do you share to other providers.

And then also we’re going to need responsibilities on how we’re going to
search, obtain, and review and validate information that comes in from other
resources and how we’re going to handle that in our electronic health records.
How do we bring that information in, how do we validate that the information
was not altered and came from a source that was trusted, and how do we also
make sure that it’s transmitted in the same form in the same language between

Finally ACP recommends the consideration of a unique patient identifier, we
feel that this can strongly improve patient care, we feel that it’s going to be
difficult to have the kind of efficiency with patient care that we feel will
improve patient care without it. We feel that there needs to be federal privacy
protections to prevent any access to this information and it shouldn’t be based
on the Social Security Number. But we feel that it should not be put aside, it
should be considered because in order to have quick access of information and
be sure that you don’t have to lose the time that’s going to be necessary to
match up records this kind of thing is going to be important when we’re taking
care of patients that may be moving between systems.

Thank you very much, I appreciate the change to be here.

MR. ROTHSTEIN: Thank you very much for that very comprehensive and
thoughtful testimony, we’re now ready to proceed with our questions, we’ll
answer your last slide with a yes we do have questions and first Mr. Houston
has a question.

MR. HOUSTON: Thank you, a couple questions and one to Darryl. In your
testimony you talked about implicit to it that you’re wanting to have
implemented within small and medium size ambulatory care medical practices
having EHRs, I mean I’m assuming that’s sort of the assumption, that it really
is important. Has your organization done any cost estimates as to what the
impact on a per physician or per physician practice basis would be?

DR. BEEHLER: As you talk about cost per patient, cost per doctor, cost per
practice, you get involved with a wide variety of who’s saying what, when and
how for what purpose. Probably the best number that I heard was the lowest
amount was about $9,000 dollars a year per physician every year in a small
three man or four man practice. I think that came from the lowest number that
we could get out of any kind of bidder through the academy. Then when you go
into the cost really of implementing it there was an issue one time that I
became very upset with when there was a term being thrown around free is not
cheap enough for doctors, that just burns me because it’s not the truth, free
is not free is really the truth because when you give somebody a software to
implement an electronic health record that’s only a small portion of the cost.
So when they throw that around it’s something that is divisive, class warfare,
and doesn’t help anybody. We have a lot of issues.

I don’t believe any physician group in a three man group, a four man group,
a four person group I should say, is going to benefit financially from
electronic health record, quality is going to benefit, sharing that information
that you know about the patient with somebody else is going to benefit, but the
actual, the buyer of the service, the implementer of the service is never going
to benefit.

MR. HOUSTON: So the bottom line to the practice isn’t really there.

DR. BEEHLER: You’re not going to benefit, cost savings is not there to the
small group.

MR. HOUSTON: That’s important, thank you. And I had one other question
also, different lines. There’s been a lot of tension regarding patient access
and control, actually patient control over electronic health information and we
heard it today, heard it earlier, heard it yesterday. One of the statements you
made in your testimony is that there’s a need or desire to have the most
currently available information from all health care providers available in
this record and so your testimony is sort of in one way sort of towards an
extreme which is that there isn’t a lot of patient control over access, or
maybe I’m misinterpreting that. I mean at least your testimony sort of speak to
the fact that you want to have all this information readily available to all
physicians in order to serve the patient whereas we hear a lot of comments to
the opposite which is there’s a lot of concern from patients that they don’t
necessarily want, or they want to have control over their information. Am I
misinterpreting what your testimony is?

DR. BEEHLER: No, there’s a definite juxtaposition here. When I was a family
doc in a small town of central Minnesota I took care of the full practice of
medicine, surgery, obstetrics, everything in a small town. The thing that
shocked me is I had no sexual transmitted diseases in my small town, it was
amazing but I had all the other towns around me had sexually transmitted
diseases. And then when I’d talk with my colleagues they were taking care of my
patients with sexually transmitted diseases because they went out of town for
their treatment, that privacy treatment, they didn’t want other people to know
about it. We have to have that information all in one chart, how do we protect
it, how do we do it, do we put a disclaimer on every electronic health record
that this is probably an incomplete record, we put a disclaimer on all of them
because we know there are certain things that are not going to be on the charts
and for the belief that it’s going to be complete. I think what I believe is
that the patients should be able to see their entire record, the patient should
be able to see the entire record, and I think their primary care physician
should be able to see their entire record but I don’t believe that the physical
therapist should be able to see the entire record or a lot of other people that
you refer sections of health care to.

MR. HOUSTON: But as opposed to the patient having, it sounds like you’re
not really giving, you’re not advocating the patient having, him or herself
having a lot of control necessarily over what goes into the record though.

DR. BEEHLER: No, I don’t think they should have control over it, I think
they can comment on, I think the same way that when I get a record, a nursing
assessment of a patient is in difference to my assessment, I make a note that I
disagree with the assessment and here’s the reason why, and I think the patient
should have the same right on their electronic health record, that if I see a
patient whose got this and this and this I put it down, the patient disagrees
with me, the patient should have a right to add a comment in that they disagree
with the input.

MR. ROTHSTEIN: I’d like to ask Dr. Hale to comment on that because that
answer as I see it seems to conflict with your statement on page two, am I

DR. HALE: I don’t think they actually conflict, I think the issue is that
part of the thing we’re dealing with is a lack of communication and education
and our point is, ACP point of view is that we really haven’t had the time in
our patient visits to sit down with patients, there hasn’t been educational
programs for patients so that they can sit down with this and discuss the risks
and benefits of sharing information. In my experience with my patients, I have
a small EMR in my practice, if I sit down and talk to them and want to share
information and explain to them why it hasn’t been an issue of them wanting to
restrict the access to care givers when the purpose is clear. So I think we can
meet the same goal that the information is accessible for physicians when
they’re taking care and clinicians taking care of patients without heavy
restrictions but the thing that’s limiting us is this lack of understanding and
lack of communication and the fact that physicians and patients don’t have the
time and opportunity to sit down and discuss these issues.

MR. ROTHSTEIN: Okay, we’ve got Dr. Cohn and then Ms. Greenberg and Dr.

DR. COHN: Actually this is really meant to be a follow-on, obviously thank
you all for some very good testimony, and Patricia welcome back, I remember I
think the last time you were here —

DR. HALE: E-prescribing.

DR. COHN: It was e-prescribing but I think you were actually having
problems with your electronic health record at that point too as I remember so
I’m glad it’s all working again.

I guess the question I’d have and Patricia I’m asking you only because I
think representing the ACP you’ve obviously thought through I think some of
this issue about patient control of information and I think you were just
beginning to talk about that issue of time spent talking to the patient about
information and once again I’m still trying to figure out exactly how this is
all going to work but one could imagine that there might be many occasions
where you have to talk to the patient before you get permission to access the
information as well as also when you’re done with the visit what permission can
I make available to others so it’s sort of in many visits you’d have to have
sort of a dual set of conversations.

And I guess I’m just trying to thing from your perspective as well as ACPs
what additional resources would you need to make that happen, I mean do you
need additional staff, do you need additional hours in the week, we heard
earlier about the pharmacists giving up lunch hours, how did you see this
happen in a realistic paradigm I guess what would really work given that I
think what I’m hearing is sort of this implicit view that you have and I think
also ACP is that if patients are well educated and really can be talked to that
of course they will allow all this information to be available so we will get
to the paradigm that Darryl was talking about which I think I’m hearing from

DR. HALE: I think I understand your question and it’s actually part of a
very larger issue which is our reimbursement methodology. We believe, ACP
believes, and I’m not trying to bring in a different platform but it is
relevant, we strongly believe that reimbursement should be tied around patient
care and quality of care and not how many minutes you’re in the room or how
many clicks you have on a form or what kind of procedures that you do. And
right now it is a system that’s got two difficult things that can’t be
balanced, on the one hand we have tremendously useful information systems to
bring information in, we have the ability to take better care of patients,
share information between clinicians, on the other hand our reimbursement
system does not allow us to sit down and sit with our patients for the length
of time to talk about disease management, to bring clinicians together in
patient care, and to spend the time to talk to them about the sharing of their

Now ACP certainly supports the HIPAA regulations that say for patient care
there should not be restrictions on the information and also we strongly which
is in our testimony that patients should be able to request changes in their
information, but that the physician should be deciding on what information is
in there so that it’s accurate for patient care. So we do believe that those
things need to be protected and the information needs to be available but I
don’t think that this perceived gap between patients and physician’s views on
the access of information is insurmountable if there was the time and the
availability of clinicians to sit with their patients and spend more time in
patient care.

DR. COHN: Can I ask a follow-up on that one? And Patricia I appreciate it,
I think what I’m hearing from you is that, I mean depending on what one does
with privacy obviously and all of this there are obviously financial
implications and certainly, I mean whatever we do in whatever letter we send I
think we sort of need to observe, I mean once again I obviously think of all
the payers and it’s Medicare and CMS as a payer as well as obviously private
payers but depending on what road is taken there may actually be need for
additional reimbursement to handle societal decisions on this. I think that’s
what I’m hearing from you.

DR. HALE: Yes, and to your point earlier about what are the costs, every
part of the office is affected and we saw that with implementation of HIPAA, in
my small rural practice having a patient come in and being properly educated on
protection of their health care information, to do it properly they need to be
given the information but someone needs to explain it to them. And in the past
we really haven’t, I think no one has really been able to spend the time and
energy in the past to protect information and as I said before we’ve seen that
happen in the past with insurance forms, insurance information, we just sort
of, the form came in and we sent the information out and patients really didn’t
understand how much of their information was automatically being sent. They now
are concerned about it thinking that it’s in electronic form but it’s really no
different then what’s been happening all along, now everyone’s thinking well
maybe we should be spending more time on the issue.

But it is going to be time consuming, questions for a nurse, to have a
privacy officer who’s usually in a small office, one of your nurses to be able
to talk to the patients, and to really take care of a patient I should be doing
it, I should be sitting down and talking to them about what information is
going to be shared, it’s just very hard to do that and get through my quality
indicators of when their hemoglobin A1C was done and going through their test
results and then the test results aren’t in the chart so I have to go out and
find them and all those other issues, write out a prescription, etc., etc.

MS. BERNSTEIN: If I could just follow-up sort of on the same topic, aside
from the issue of whether the physician in the office has the time to actually
sit down with the patient, and ideally as you said in an ideal world a
physician would be able to sit down and have a dialogue with a patient about
what’s happening with their records, I’m not sure whether it’s realistic, I
guess my question is how savvy are physicians about what’s really happening
with all the data that they collect and share, do they know what’s happening
with the information at the insurers or pharmacies or PBMs, we heard about
marketing today, we heard about what pharmacies are doing, we heard about all
kinds of different kind of sharing, hospitals, labs, you talked about having a
privacy officer but in a small office that’s probably unrealistic, it’s
probably unrealistic for the doctor, who is —

DR. HALE: That’s exactly, at the beginning I wanted to talk about the
educational part, I think that is incredibly important and something that is
going to require a tremendous amount of resources to educate not just the
patients but clinicians as well, we as clinicians need to understand how the
information is handled, what information we’re sharing and how, and we need to
be, in order to be able to have an educated discussion on our part as well as
on the patient’s part. And I think there’s a tremendous amount of education
that needs to be done on both sides.

MS. BERNSTEIN: I have regularly conversations with my primary care provider
about this, she knows what I do for a living, I do privacy policy and I’ve been
seeing her for a long time so we’ve had this series of conversations but she’s
usually asking me, what is I that’s happening with all this information rather
then the other way around and I’m pretty sure that’s a pretty unusual
circumstance given that there’s six minutes per patient or whatever. How
realistic is it that there will be time for this kind of education or this kind
of added —

DR. HALE: well, one of the benefits of having evidence based medicine
accessible and educational programs accessible, one of the big goals is that I
won’t have to be spending as much time trying to dig through 20 journals to try
and stay up on things that I can’t possibly stay up on and some of that time
could be used for spending time thinking about management of patients and
education and getting other kinds of education on how I take care of patients.
So I think there is potential, again it’s one of those risk benefits and how do
we handle the issue but if we were able to have the resources and build a
system where evidence based medical tools were there for me and my patient care
from day to day I wouldn’t be so concerned about trying to read every single
journal article that I might come up on something in two months time and use
that time to learn more about the system that I’m using this new paradigm of a
different way of taking care of patients.

MS. GREENBERG: You may have responded to this but I’m not quite sure, it
goes back to the questioning that Dr. Cohn and others were following on, the
extent of agreement here or disagreement, I don’t think we need to put it in
those terms but as I read Dr. Hale’s testimony here under patient control of
information I also was wondering, you mentioned patients must be able to choose
whether or not to participate in sharing personally identifiable information
and exercise their rights under the Health Insurance Portability and
Accountability Act, etc., and it wasn’t clear to me whether the American
College of Physicians’ position is in support of the balance there that has
been struck by the HIPAA privacy rule where there are disclosures allowed
without consent or written consent or without written authorization, or whether
in fact your position was that the current privacy rules allow for more sharing
of information without explicit authorization or consent then you would

DR. HALE: To clarify that, I believe the ACP’s position is in support of
the present HIPAA guidelines. We clearly believe there are settings where you
aren’t always going to be able to get full disclosure from patients, emergency
settings, and that there should be, although should have a right in the
decision of what information should be shared again, we need to be able to
educate them. If a patient chooses to not have a portion of their chart by
HIPAA regulations sent to another physician they have a right to request that.
Now when that happens to me in my practice I say to them you absolutely have
this right of not disclosing of this information but here’s the consequences
and here’s the risk and benefit and in practice I don’t find that to be a
difficult issue because when you explain to a patient that gee, if I don’t tell
the cardiologist that you’re on a medication for anti-depression, an
antidepressant for your depression, that may influence the medication he gives
you and cause you harm, the patients oh, okay, well they see the right of doing
that. To summarize, ACP does support the HIPAA regulations the way they stand
and feels that they do work.

MS. GREENBERG: Thank you. That was actually a question I had I must say
when I read the collaborative response because it seemed to be an absolute
statement about patient’s right to control all of their information which is
somewhat in conflict with the HIPAA privacy rule.

DR. HALE: Well, I think the reason, the point that we’re trying to make is
not so much on that issue of sharing information between a physician and
physician, I think we’re even more concerned about where the information goes
outside of that relationship, that’s the big one that we’re talking about. When
we’re making National Health Information Networks and we’re aggregating
information and we’re profiling patients, one of big concerns is does that mean
patients may be selected out of health plans, I mean there’s a lot of risk here
that we feel physicians and patients need to be sitting at the table to help
with those tough decisions. That’s really what those statements were directed
towards, not so much a concern that we need to have, more patients need more
control on that sharing of information between clinicians.

MS. GREENBERG: But the HIPAA privacy rules also allow release of
identifiable information for public health purposes, for research with IRB
approval, so there are waives or exceptions beyond just sharing —

DR. HALE: And our statement is that we feel that physicians and patients
should be, that those are important things to be done but the physicians and
patients should be involved in those decisions and they should be transparent
in the use of that information.

MS. GREENBERG: But you are in support of the current privacy rule.

DR. HALE: Yes, but the current privacy rule does not designate who makes
the decision in my understanding, there’s much more authority here then me so
educate me if I’m wrong, but it doesn’t say who sits at the table and makes the
decision of whether that choice for that release of that information fits that
guideline of use and is the proper use of the information. If I’m in a regional
network in the Adirondacks and I have a regional clinical data repository and
there’s a request by the health department or anyone else, or a research
organizations would be an even better choice because it would be a little
grayer, that they want some specific type of information. Well, we have to
have, what we’re saying is that patients and physicians should be sitting at
that table in the decision if that meets the recommendation of appropriate use
of that information and that that should not be made without the input of
physicians at the table and patients, they should be the primary deciders for
that, not necessarily a collaborative of other individuals without that input.

DR. BEEHLER: The question about the data for public health or for
experimentation purposes, do you believe that an individual should give up the
right for individually identified data to go to that, to experimental purposes?
I believe that summary data can be helpful for whether it’s diabetes management
or whatever, heart disease or whatever, summary data can be use for
experimental things but shouldn’t an individual patient have a right if they’re
going to have an electronic health record, personal health record, if anybody
is going to have any personal identifiable data to go out that they should have
transparency to say yes or no?

MS. GREENBERG: Well, actually I’m not one of the testifiers and I’m just
trying —

DR. BEEHLER: I’m just trying to understand the question here.

MR. ROTHSTEIN: Well, generally speaking the rule is that if it’s research
it requires specific authorization but I believe Marjorie was talking about the
situations, the unusual situations where an IRB can waive individual
authorization if there are various criteria satisfied such as minimal risk and
so forth.

MS. GREENBERG: And in public health there’s also if it’s required by state
law regulation —

MR. ROTHSTEIN: There’s broad public health provision and many others, law
enforcement and so forth.

MS. GREENBERG: Because we’ve had, I mean we have had testimony I think at
the last hearing that said that they felt that the privacy rules had gone,
should require more consent or more authorization then they currently do and I
think it’s useful to know where groups stand on that particularly —

DR. HALE: Fortunately IRB boards are made up often of physicians and


DR. TANG: Thank you. Pat, I appreciate both your testimony in terms of
focusing on the collaborative response and also the College’s important
participation in that because I think that process is a good process. An
interesting thing where the ACP seems to be a little divergent with the
collaborative response and invite your comment on it because it came up just
with the last session that the pharmacists were saying, were certainly
intimating that a unique health identifier for individuals would be a good
thing and one of the representatives said that they had as much as 25 to 30
percent of their, 25 to 30 percent problem with correctly identifying or
accurately identifying a patient and matching it to their profile in Walgreens.
And I notice that the College has decided in your last paragraph to say that
you would advocate for a voluntary unique health identifier. Can you provide
some background on that rationale?

DR. HALE: Yeah, I’d be glad to, that was actually as you can imagine a very
lengthy discussion within the College and was slightly in not direct contrast
with the collaborative response because we negotiated for wording that allowed
for any identifier to be used. The reason that this has come up within, we have
an informatics subcommittee that has a lot of people who work in information
systems all over the country and there was tremendous support within that group
that a unique patient identifier would enhance the quality of care that we can
give because of the complexity of matching patients and the errors in the
systems to do that, very same thing that the pharmacists are talking about.
It’s wonderful to say that you can do a five or seven match, item match and be
able to transfer the records but in real time when you’re taking care of a
patient that takes time.

And those actually, some of those issues were why we in our region in the
Adirondacks decided to do a central clinical data repository with an NPI
because in order to access a patient’s record fast and efficient and in an
emergency situation, in an emergency room, and in office, those errors can
become obstructionary because when there’s an error and a mismatch that takes
human intervention to fix that match. And that means information that’s not
accessible for some period of time if at all.

So it’s a significant problem in health information systems because of
little issues about the difference of proprietary systems and how they actually
list. Exactly what was said earlier, I was shaking my head up and down because
that’s exactly the same, how do you even do a birthday, simple things that we
take for granted differ between proprietary systems and we don’t have, we’re
not going to have an open source system running the entire network, that is
also why we recommend the RLS as a measure to try, as at least a measure to try
to move forward in having a system set up for rapid identification of patients
so that care can be given. If I’m sitting in a situation and I want to take
care of a patient —

DR. COHN: Patricia, RLS —

DR. HALE: RLS was for the record locating system, I’m sorry. If I’m sitting
in my office in Ft. Edward and a patient comes in and I want to access
information, or in the emergency room in my hospital, I need to have that
information usually very rapidly in order to take care of that patient. But in
the setting where I need a record say from Albany Med for a patient who was
there a couple of weeks ago then it’s not as big an issue to have that
information and if you had to cross match them it wouldn’t be quite as big an
issue. But there’s still going to be settings where a patient of mine ends up
in the emergency room at Albany Med and needs care and that care could be
compromised because of that matching process not being able to pull the record
from my system.

DR. HARDING: Ms. Badzek, I was impressed with your testimony and I work in
a moderate size hospital, 1,000 beds and so forth, and we’ve been rolling in an
electronic medical record and so forth and the nurses of course are always the
canaries in the mine shaft of getting that brought in. And I was impressed with
your testimony that a great deal of time and effort has to go into inputting
the electronic medical record and I just got kind of a sinking feeling
listening to you in that I had the feeling like a lot goes into that and not a
lot is shared, that is that it becomes a silo and that the physicians and
others are not taking as much out as is put in. And some of that I’m sure is
Joint Commission requirements and so forth but I really have concerns that
these electronic records are going to be huge data storage but not used
appropriately or as thoroughly as we all hope they will be and that
communication is decreasing between professionals in hospitals because of them,
because of the time commitments that go into it. I know I have colleagues at
the VA who say they sit in front of a computer three hours a day, three hours a
day in front of a computer. Now some of that time they sit an talk to patients
and type while they’re talking but three hours every day into that, and I’m not
critical of the VA system, it’s a wonderful system and it has lots of
information, is it worth it.

MS. BADZEK: Well, I think that’s one of the questions and I’m in 100
percent agreement with you that much of the information that goes in currently
from what I hear from nurses, of course I’m like in the tower and they’re out
there and they’re sharing information with me, is that much of what goes in is
not utilized and that there is a lot of repetition going on and that much of
their time that they could be with patients is required to input. And then of
course there’s fears associated with inputting, mistyping, you can’t hurry, you
can’t check the wrong box, so then there is a delay associated to some degree
with fear because they don’t work as quickly as they could, because they know
that this is permanent once they push the enter key that’s the final go round,
or then there needs to be a correction which takes even more time. I think
significantly, I’ve recently been in a number of hospitals and there are nurses
sitting in front of computer screens at any given point in time —

DR. HARDING: And not with patients.

MS. BADZEK: And not with patients.

DR. HARDING: And not talking to the doctors.

MS. BADZEK: Exactly, exactly, and then there’s right now currently because
we don’t have a system per se in every setting I go in it’s different, some are
entering into PDAs and then that’s being downloaded, so communication is in
terms of talking, sharing information, is decreasing.

DR. HARDING: Correct.

MR. ROTHSTEIN: Well, I will ask the final question of the morning and
follow-up on Richard’s point which I think is an important one. Our hearings
today and our entire series of hearings have not been about electronic health
records but a National Health Information Network, a network of electronic
health records. And so the issue is not so much whether an electronic health
record would be beneficial to clinicians or to patients in individual health
care decisions, let’s assume that is the case. We’re concerned with the privacy
ramifications of an integrated interoperable comprehensive system and
personally I want to be convinced that the privacy risks are outweighed by the
benefits to patients and their treating health care providers by an integrated
national system that we are in the process of developing. And so I’d like to
ask all of you from your experience what do you, what benefits do you
anticipate for yourself and for your patients in not the EHR but an NHIN?

MS. BADZEK: Well, I think I mentioned earlier that I think the biggest
area, and I know this has come up from the other presenters as well, is in the
evidence based practice piece, the access to what is the best way to actually
take care of someone, what is proven based upon care we’ve previously given as
the best way or the best method to carry out care and being able to rapidly
pull that up from a national system —

MR. ROTHSTEIN: But you wouldn’t necessarily need individual medical
histories to get that right?

MS. BADZEK: That’s right, so that’s one thing. The other thing is we have
some prime examples of data that actually is wonderful if the patient can carry
it with them or it’s readily accessible and the Schiavo case has highlighted
that and in several states now we have ways that we have physician’s orders for
life sustaining treatment within state groups where there’s a document that
actually travels with the patient. If that information was readily available to
be pulled up, emergency settings as well as units within hospitals caring for
individual patients who had that type of information, I think it was mentioned
here when you’re talking about children and it also goes true for the elderly,
if people who can’t speak for themselves, who is it, is that in the record, and
then are the desires of someone that were there when they were able, when they
were capacitated, actually recorded.

These are some areas where I think it would be very helpful to have a
national system because you never know where the person is going to end up at
the time that that information is needed. So I think there are a number of
things, but again, what is the accuracy of the information, I mean we go back
to again this weighing the benefits, the local information where the person was
yesterday is probably the most accurate, is what’s been transferred to a
national system the most accurate information.

MR. ROTHSTEIN: Okay, Dr. Hale?

DR. HALE: I’d like to just give an example of a personal experience to kind
of put it in perspective. I had a patient who went in the hospital for hip
surgery and was transferred following hospitalization to a rehabilitation
center out of the area. He had multiple medical problems and cardiac problems,
was on lipid lowering agents and some other medications. When he was
hospitalized the formulary in the hospital was different then the outpatient
setting so his medications were changed. He was transferred to a different
facility with a different formulary and his medications were changed yet again.
And then he was discharged back to me, he came in to see me about, I was not
notified of when he was discharged because I didn’t have a unified system to
know that so he didn’t end up coming in to see me for about two weeks.

When he came in he was complaining of abdominal pain and nausea and
vomiting and when I worked through the entire history what had happened was he
was taking too high dose lipid lowering agents and it causes significant
hepatitis. And that is to me a perfect example of a situation where there could
have been multiple interventions to prevent that from happening. If there had
been communication between the facilities on the medications, the admission
medications of the patient, that could have prevented the discharge medications
from being in conflict with what he already had at home. If the pharmacist had
been able to be in communication with the system the pharmacist would have had
that information and known not to have duplicate medications given in community
setting, he was actually staying with a community member so he ended up using a
different pharmacy too. And then I could have known that the patient was
discharged and been able to have certainly seen him sooner which would have
helped and also been able to see the medications, if they’d been in a unified
community medical record.

So that’s a personal example of a common problem that we see in medicine,
it’s one of the more common adverse drug events that we see that’s not just a
high cost to the system but causes significant harm to patients. And having
that aggregated information shared between individuals will make a huge
difference for all the clinicians involved in care.

DR. BEEHLER: The National Health Information Network structure, whatever we
want to call it, I think is important because it sets up standards and if we’re
going to be anywhere in this process we have to have the same language of
what’s going on when and how. We have to make sure that the patient carried
with them information, we don’t know what version that’s in, is it Word-7 or
Word-12 or what Word, what the version is. And so we have to have some kind of
an ability to make sure we’ve got an understandable, a really reproducible
reliable system and I think national has to be that way.

I think our evidence based medicine, we’ve been doing evidence based
medicine for years and years and years, we call it sharing best practices,
whatever. But I think with a national system we’re going to get everybody to do
the best stuff sooner, I think that’s the whole idea is so we can get the
latest and the best to the most people in a timely fashion rather then 16 years
to get things changed.

I do believe that this minimum, the minimum we need to do is we need to get
at least a CCR up and running right now, the continuity care record I think is
something that’s so important, it hasn’t been mentioned here yet I don’t
believe, but I think it’s a logical step —

MR. ROTHSTEIN: We did talk about that yesterday.

DR. BEEHLER: I really support that because that would take care of the
lipid lowering agents, a lot of others, so you get this sharing of information,
especially when people go from provider to provider, physician to physician,
facility to facility, there is a continuity of care snapshot in time of what’s
happening today and that’s what gives us, we will get somewhere somehow.

As I started looking into electronic health records the technology system
seemed so simple, seemed so beautiful, seemed so logical, why can’t we get it
done tomorrow. Then as we get all the tentacles involved and exposed it’s going
to be a process I think of tremendous conflict and hidden agendas, motivations,
pay for performance, is it lowering costs or is it improving quality, we’ve got
the payers versus the providers, we got all these other agendas going on but we
need something for the patients now, right now, and basically we can’t do them
any harm. I think whatever we do we first do no harm.

MR. ROTHSTEIN: Well, thank you for your answer to that question and for
your testimony this morning, we appreciate it, it was very helpful to us. And
for those of you on the internet as well as those present let me announce what
our schedule is going to be. We’re going to take a ten to 15 minute break in
which we get our lunch wherever it may be hiding and then we’re going to resume
our hearing in the sense that we will have a working lunch with a subcommittee
discussion of our future plans and that will take us through until 1:30 and
then we will have Panel VI on specialty care. So we’ll be back in about 15
minutes. Thank you.


Agenda Item: June Hearing Discussion – Mr.

MR. ROTHSTEIN: Okay, we are back on the record with our working lunch of
the Subcommittee on Privacy and Confidentiality. The purpose of our discussion
this afternoon is to plan our June hearing and also to talk about some other
issues. Let me see if I can summarize our discussions yesterday with regard to
the June meeting.

We were talking about changing the structure of the June meeting so that we
would have witnesses from two different groups of entities. The first one would
be health systems so we were interested in getting testimony from people who
had experience with electronic health record systems, not just EHRs but
systems. So we were going to hear from hopefully the VA, the Department of
Defense, perhaps people representing other large clinics, Mayo Clinic,
Cleveland Clinic and so forth, and maybe even some international witnesses who
could talk to us about electronic networks in the UK or Australia or other

In addition to that we talked yesterday about substituting or deferring
hearing from the IT experts to a fourth hearing and hearing instead from health
plans which we have not heard from yet. So in other words we would hear from
Blue Cross and we’d hear from Humana and some of the other large health plans
that we need to get their perspectives from.

What I would propose and we can discuss this of course is we have two days
of hearings scheduled for June 7th and 8th, my
recommendation would be to have a morning and afternoon session hearing from
the health systems people and a morning session, a half day on hearing from the
health plans because there are fewer that we need to hear from, we could have
that say two panels with health plans. The reason for that is there is a
meeting of the NCVHS Executive Subcommittee which we are hoping can start after
lunch on June 8th and then continue for a half day on June
9th. So that would be, let me just put on the table that plan and we
can discuss it. Paul?

DR. TANG: What occurred to me based on particularly the pharmacy session
this morning is how big a role PBMs have. I didn’t think of them as payers,
should have but didn’t until they made those statements but to them basically
for them to get their payment they feel just like patients feel they have to
sign on the dotted line, they feel that they must give them everything that
they ask for. It was very clear when I asked well have we passed the minimum
necessary and the response almost seemed like not yet. So I’m very concerned
about the transmission of data from pharmacists, a provider, to the payer, PBM.

MR. ROTHSTEIN: How about if we include PBMs, perhaps a panel of them, in
the health plans segment?

DR. TANG: And that would be great. The only other —

MR. ROTHSTEIN: Yeah, well how many are we talking, we’re talking maybe two
or three witnesses? That’s all.

DR. TANG: The only other comment is it’s also become clear that I think we
talked about control of the information and the minimum necessary, I think
actually one of the biggest concerns that patients have is at the
payer/employer level because that’s where discrimination can take place that
would disadvantage an individual. So I’m thinking that we may want to make
sure, and that doesn’t say a half a day wouldn’t do it but I want to make sure
that we do cover that side of the house in terms of privacy and

MR. ROTHSTEIN: Could you explain a little bit more what you mean? I don’t
know who you’re talking about when you say employer. Are you talking about the
employer of the patient or the employer of the providers?

DR. TANG: The employer of the patient, in other words the people who pay
for care, people have either an incentive or an obligation to transmit
information to get the payment, whether that’s a pharmacist or the patient
getting a payment for their professional services and that’s a point where
there may be tension between what you would like to disclose, what’s the
minimum necessary, and may be beyond that.

MR. ROTHSTEIN: So in other words you’re interested in probing the question
of how much PHI is sent to the payers in employer sponsored group health plans.

DR. TANG: Because if you read between the lines when patients say they want
control of information I think that’s because they have a lack of understanding
and a fear of where their information is going and so in lieu of understanding
what’s happening and for what reason they’re saying well I’d like to make sure
I maintain control, when as Pat was saying most patients by surveys again also
would like their information to be widely shared among providers so that they
can receive safe, high quality care.

MR. ROTHSTEIN: Well, I’m happy to add that dimension but I would
respectfully take issue with the point that patients are being sort of
unreasonable in, or mistaken in thinking that their information is not going to
everybody under the sun when the fact of the matter is their information can be
going to everybody under the sun and we talked about this yesterday with the
notion of compelled authorizations. So if you want a job your employer can say
I want to see all your medical records —

DR. TANG: I think we’re saying the same thing so I don’t know that you’re
taking exception —

MR. ROTHSTEIN: No, I think you were talking about employers as payers —

DR. TANG: Anyone for which you depend on in the system that we have getting
either reimbursement or payment for you feel I think an implicit obligation to
supply information whether or not that is beyond minimum necessary in order to
do the payment function. And so I’m thinking that our policy recommendations
may actually deal very strongly with that interface between whether it’s the
pharmacists provider or the physician provider and the payer.

DR. COHN: Paul, sorry you weren’t here yesterday, I think Mark was making
the point that yes there’s payment relationships such as you’re describing but
there are also these issues about well geez, to get employed you have to sign a
sheet that allows an employer to get all of your information or if you want to
get insurance you have to release all of your information, and I think that’s
where Mark was going to at least in his comment yesterday. And I think some of
that may be useful for us to look at, what I was going to say in terms of
employer though is to me that there’s, and I’m a little concerned if we start
wandering off too far in this area, I don’t know where we’re getting because I
don’t know what we’re asking, but certainly there’s an issue called self
funded, self funded issues where the employer really is the payer for health
care and I think we’ve heard from them before and obviously they’re
adjudicators, there’s typical middle people that sort of protect things but
maybe hearing from them again might be a useful thing to hear. But I think Mark
you bring up a very good question, the issue from yesterday, and I’d like to
get somebody in here to talk to us a little bit about all of these maybe
non-payment disclosures but sort of these issues of well geez, if we had an
NHII and people start signing on the dotted line and you’re an insurance
company or you’re a whatever, I mean what is that going to really mean in the
future which I think is really the issue you were bringing up.

MR. ROTHSTEIN: Yeah, well actually we did have somebody —

MS. GREENBERG: Did we have a panel with employers?

MR. ROTHSTEIN: Well, not last month in January, and I was the witness, it
was wonderful testimony but not memorable testimony.

MR. HOUSTON: There was a lady who represented I think it was some type of
meat packing company, was that Wisconsin?

MR. ROTHSTEIN: No, there were other people as well, it was a whole half day
of people on that. We had a gentlemen who was a representative of the Work
Place Rights Institute, Lou Maltby(?), we had people from the Society of Human
Resource Management, and several other witnesses addressing this particular

MS. GREENBERG: Maybe even employer help clinics?

MR. ROTHSTEIN: We can check who all the witnesses were but precisely Simon
to take up that question and that was just used as sort of an example of how
compelled authorizations result and lots of stuff —

DR. COHN: And I think we will apologize, I know John Paul wasn’t there,
this was, even though I know Paul reviewed all the testimony he wasn’t there
physically, I was on the conference call as best I could hear and so obviously
we just need to go back and review the testimony.

MS. BERNSTEIN: Can I just ask, Dr. Tang, were you talking about the concern
on the part of patients that the information in their medical record might be
used to discriminate against them by an employer because the employer is not
the plan itself but because they’re paying or cosponsoring an insurance plan,
that they get their insurance through their employer, you’re talking about that
relationship? Or were you really talking more about when an employer is
actually the plan?

DR. TANG: In this case I’m talking about when the employer is the plan so
they’re self insured, so they are entitled to that information, there should be
a firewall between the people who —

MR. ROTHSTEIN: In theory there is.

DR. TANG: Correct, but it strikes me that we’ve spent perhaps a
disproportionate amount of time on the provider side when actually that’s where
probably patients want information to flow to, and we may need to spend more,
that’s my sole point, may want to spent more time on the places where
information flows and perhaps too much which is actually maybe the source of
patient’s fears and concerns and the motivator for their need for control. I’m
just saying that that might be where we spend our policy time.

MR. ROTHSTEIN: And in fact even for non-self insured employers TPAs are
often under pressure from employers to identify sort of the high cost users and
that’s quite common, I get reports of that.

MS. BERNSTEIN: That’s the point I was trying to make, there’s other sorts
of discrimination.

MR. ROTHSTEIN: So we’ll look into seeing if we can —

DR. TANG: It’s not so much just the employer, it’s just delving down a
little bit on the policies that could make use of data in aggregate or
identifiable that they’re entitled to so that we can have better transparency
about what’s going on and perhaps develop policy recommendations that say what
filters should be applied because I think because of that obligation to payers,
or at least the perceived obligations, there’s fairly free flow of information
from the professional side, whether it’s the pharmacist like we heard this
morning, or the provider or even the patient —

MR. ROTHSTEIN: The only thing that I would say and I appreciate your
concern about this and I’m very concerned is that the farther we get from the
treatment relationship the more complicated it is to resolve the problems that
we identify and the less claim NCVHS has that it’s somehow within our
jurisdiction. So in other words many people are concerned that they won’t be
able to get life insurance or disability insurance or you name it because their
records are so comprehensive and they may have to sign an authorization if they
want to apply for this and we don’t have the wherewithal to get to sort of the
substantive question of whether a disability insurance company or a long term
care insurance company should have minimum necessary requirements over what
they get their hands on, that’s the only issue I would have. I don’t think you
can solve the problem of health privacy without taking a look at all these
things but the farther we get from our core mission the harder it is for us to

DR. TANG: It’s along the lines that Marjorie was asking about, what’s in
HIPAA and what’s allowable without disclosure and clearly payers and
clearinghouses are one of those just blanket and then we apply this concept of
minimum necessary of all the places, as again, as I look at what’s in the
patient’s mind where we might want to be more concrete, we as society and
perhaps we as policy advisors, might be more concrete about the criteria for
minimum necessary for that interface.

MR. ROTHSTEIN: I think it’s a wonderful idea and I’ve actually strongly
supported that over the years, I mean pre-HIPAA, I would just add
parenthetically that my position is that not only should we apply some version
of the minimum necessary standard for payment but we ought to apply a standard
of in the least identifiable form. Because if I’m a payer all that I need to
know is that patient 12345 who was entitled to health care benefits was seen in
some place and the treatment was reasonable. I don’t need to know who that is
and yet they all get individually identifiable information and they have a
right to that, I mean do they really need that. some employers actually over
the last ten or 15 years have experimented with the idea of taking out
individual identifiers, that is names, and substituting sort of an internal
company health care ID number that would be secured somewhere but that concept
has really never gone anywhere.

MS. BERNSTEIN: We did hear from the various consumer organizations at the
last hearing which might cover some of the issues, I mean I don’t know if they
specifically at that hearing addressed the issues that you’re concerned about
today but we can certainly go back to them and ask them to supplement what
they’ve talked to us about and they would cover things like the ability of
consumers to get bank loans or other kinds of insurance and so forth that might
be at risk because of discrimination of the sort that you’re talking about. I
don’t know if that’s, trying to figure out who would be able to give us
information about the kind of thing that you’re trying to get at. The plans,
they’re the ones who want the information, they’re not the ones concerned about
on the other side.

MR. ROTHSTEIN: Well, I think we’ve heard the concerns, now the question is
I would like to hear from the plans their rationale or justification for why
they need so much information and whether they would be amenable to some sort
of idea to limit the amount of information they got.

MR. HOUSTON: I’m thinking as I’m going to be speaking here, sort of a spin
off to some of the discussion is that CMS has broad access rights to patient
information records as part of its oversight responsibilities, I know they came
into our shop one time and said hey, we want to look at all these patient
records and we said they’re not the patients and they said so what, we want to
make sure that you’re charging us what you’re charging other patients for. And
I guess, as sort of part of the discussion about payers are we going to, should
we be thinking about governmental rights because as a provider I’m going to
start thinking geez, now they start tapping into my information systems without
me even knowing about it in order to do an audit without me ever having, them
never having come onsite and can they take all this data and they went to the
provider and payer, process services, and me never know what’s going on. Is
that something that needs to be explored or am I doing, or am I asking a
question I shouldn’t ask?

MR. ROTHSTEIN: No, I think you’re asking a good question but I think one of
the things that we need to be thinking about is when we’re talking about NHIN
it’s tempting to sort of revisit all the issues involving HIPAA that we went
through already, I mean you could think of —

MR. HOUSTON: Well, this is a little bit different though because if we have
a fully operational, fully functional NHIN it doesn’t give, there isn’t the
capacity of a governmental agency potentially to step in and say okay, I’m just
going to go look at it, and as part of my oversight responsibility and rights
and I’m going to start to look at your data online and I can get to it. It’s
not HIPAA, it’s now this —

MR. ROTHSTEIN: What I’m saying is it’s now also possible if we have an NHIN
for the policy to say this victim of sexual abuse, her perpetrator had a sort
of a very unusual MO and therefore we want to query the medical records of all
the women in a particular area to see if there are any other hospital visits
where they had the same sort of physical trauma and that of course raises all
sorts of privacy questions about people who never filed a police report and now
they’re dragged into a criminal investigation. But that’s a law enforcement
issue that is not, there’s no end to where we could be exploring this.

MR. HOUSTON: It is interesting, there are types of occurrences whether they
be a law enforcement event and the type you described or a oversight like I
described where the institution would typically want to know and have a right
to know that that type of investigation, we’ll just say it’s an investigation,
is occurring, or that that type of inquiry is occurring. And I think it’s
absolutely 100 percent reasonable and I can see where this —

MR. ROTHSTEIN: You’re talking about the institution like the hospital.

MR. HOUSTON: The hospital knowing that somebody is looking at its records
like in that realm based upon, and maybe it’s an investigation by law
enforcement and it’s probably a pretty good example of why we would want to
know that, obviously CMS oversight would be another reason. But it could also
be county health officials looking for disease surveillance or doing something
else, we might want to know whether they’re looking at us to see if maybe
they’re suspecting we have a higher incident rate or mortality rate for some
reason, I’m just, I think when there’s some specter there that the organization
may have done something wrong or at least there’s an inquiry to see if they
have done something wrong or there’s something out of the norm that the
institution is going to want to know it. And I think that, I don’t know how
this, I know this sort of spun off the discussions we had but it just
immediately —

MR. ROTHSTEIN: Well, my answer to your question was not that what you’re
saying is not important and not that it’s not relevant, all that I’m saying is
there are so many potential issues for us to explore that we’d never get
finished our work and as I, and maybe we should have this ongoing process but I
think the department is expecting that we’re going to actually produce a
recommendation within, by the end of the year certainly and at least in broad
terms make recommendations on privacy issues.

MR. HOUSTON: But let me say this and I’ll say my last piece here and then
I’ll be done with it. I do believe though that there is a not insubstantial
portion of our patient population who looks at those types of inquiries as
being, I don’t want to say inappropriate but that they’re against them, I
remember when we were going through, CMS came in and said we want to look at
all these records and I was talking to one of the attorneys for CMS and said my
first impression is that boy, I wouldn’t want somebody looking at my records if
I’m not receiving services from CMS and I was going through this and the
attorney said you know I don’t disagree with you. And my point only is that I’m
thinking of things for which there is a potential reasonable sensitivity of
patients and as that being an inhibitor or something that’s going to get in the
way of us trying to further the NHIN, that’s my only point.

MR. ROTHSTEIN: How about this suggestion, we are going to have undoubtedly
a fourth hearing and we’re going to talk about that in a minute about possible
times for that, in which we were going to consider the issues of possible
research that we need going along with Marjorie’s suggestion yesterday, as well
as sort of exploring options with IT experts, is it feasible to do X, Y, or Z,
and what would it entail and how much burden would it put on whatever. And
perhaps our letter to the secretary whenever we get around to doing it should
include a list of areas where we think research is very important as well as a
list of other areas that we think are important that we will continue to hold
hearings and monitor and so forth in the future but going back to my original
point I think we need to take a sort of a general stand on the issue of NHIN
and identify for the secretary what the major issues we have identified from
our series of hearings, that’s my point.

MR. HOUSTON: Then I would think that it might be also helpful to simply put
this as a bullet point of something to ensure that it’s considered.

MR. ROTHSTEIN: We can have a whole arsenal of bullet points. Maya?

MS. BERNSTEIN: Well, I was sort of going to press you a little bit to see
if I was understanding your point although now you say you’re satisfied, but
whether you were trying to get at the idea that even in those places where
HIPAA, with a HIPAA rule already has a settled policy that we might not want to
revisit where the specific advent of NHIN might change the abilities of a
population to get information and so forth, so for example in your law
enforcement example the idea that there’s an integrated network nationally
makes it lots easier for law enforcement to develop leads for example then just
walking into the local hospital and finding out if there’s somebody with a
particular injury, those things that are directly related to —

MR. HOUSTON: The issue that’s probably more meaningful as it relates to my
CMS example, I as a hospital attorney would want to know if there is some
inquiry by CMS into our charging practices and that they were investigating,
reviewing patient records to ensure that they’re fair, we would like to know
that that’s going on and my point is is that —

MS. BERNSTEIN: I have no doubt that you’d want to know that, I can tell you
law enforcement and other investigators will not want you to know because you
can jeopardize their investigation or cover evidence and so forth.

MR. HOUSTON: But typically in a subpoena or the like they’ll tell you, or a
search warrant, that you’re not supposed to disclose and we work very closely
with law enforcement, that’s rarely a problem. But we would want to know and I
think the NHIN, my only point though is that the NHIN does give in theory the
capacity and HIPAA supports this for a governmental agency to have access to a
hospital’s records and my point is is that we may not necessarily unless we
really, I guess we could log the heck out of things and see geez, why is CMS
looking at 2,000 records, we would want to know that prior to the time that it
occurs and we would probably want to be actively participating in any inquiry.

MS. BERNSTEIN: But that’s my point is that NHIN makes the ability of law
enforcement or other investigators, it allows them to do investigations without
you knowing it, which is something that is not necessarily contemplated
directly by the rule as it exists now, that there are changes because of the
technology —

MR. HOUSTON: I think this allows you to do that.

MS. BERNSTEIN: I’m saying, it allows them to do that but my point is
there’s a concept in practically obscure, right, the idea that if records are
on paper and they are dispersed throughout the country you have to go county to
county and look at every kind of record to actually find it. But with the
advent of NHIN you can sit down at a computer remotely and look at all the
records from New York to California and that is something that’s not, that may
add new issues that are not specifically dealt with and there might be things
that we want to —

MS. MCANDREW: I would clarify that in one respect, in John’s case, for all
of these, from the HIPAA privacy perspective these are all permissive
disclosures so in fact they cannot go on without the provider’s permission, now
it can go on without the individual permission —

MR. HOUSTON: Absolutely.

MS. MCANDREW: — and so if you’re talking about whether the entity itself

MR. HOUSTON: It’s actually not permissive disclosure because as soon as we
questioned why CMS would want to see patient records for patients unrelated,
were not, the services weren’t being paid by CMS they said you have a legal
obligation to provide an opinion of counsel and to which we said great.

MS. MCANDREW: To the extent they have other legal compulsions to make you
agree to that but as far as the privacy rule is concerned you can say no and
you can take your lumps.

MR. ROTHSTEIN: Okay, I’m going to make a sort of a decision that we need to
move on, we’ve got less then ten minutes and there are a couple of issues that
we need to discuss. Yesterday we talked about the desirability of scheduling a
conference call to talk about the contents of our June hearing so my question
to the members of the subcommittee is given our discussion yesterday and today
do you want to have that conference call take place before or after Maya puts
together kind of a tentative list of the people that we’re trying to contact?

MR. HOUSTON: I think it’s a two step process, I think you want to have sort
of what’s, put the agendas to writing tentatively as to what we think we want
to hear and then we can before we actually go out and try to put a contact
group together why don’t we have a conference call and talk about who we might
try to pursue.

MR. ROTHSTEIN: Okay, so how about if we do this, we will get the summary of
the meeting put together and separately we will have a summary of the people
that we’ve identified as potential sources and institutions and once that’s
done then we’ll schedule a conference call to talk about specifics, who and how
many and what. And so the question is how long do you think it’s going to take
to get a, not necessarily a summary of this whole meeting but some sort of
written document that —

MS. BERNSTEIN: Of just the plans for June —

MR. ROTHSTEIN: Exactly, that we talked about yesterday.


MR. ROTHSTEIN: So how about if we then adopt the following plan —

MS. BERNSTEIN: Is that reasonable?

MR. ROTHSTEIN: That’s fine, so today’s the 31st, let’s suppose
that we all get the information back by Monday the 11th which would
be like ten days instead of a week and then I’ll ask Marietta to circulate
calendars —

MR. HOUSTON: Do we have our calendars out? I mean can we talk —

MR. ROTHSTEIN: Well, I think it’s easier just to do it by —

MS. BERNSTEIN: We have missing members today.

MR. ROTHSTEIN: yeah, we’re missing Harry, so I’ll ask Marietta if this is
okay to circulate calendars for beginning Monday, April 11th through
the end of April so that we can have, what, that will give us three weeks to
have a one hour conference call —

MR. HOUSTON: I was going to say, we should do a one hour —

MR. ROTHSTEIN: We’re trying to schedule a one hour conference call some
time the last three weeks —

MR. HOUSTON: We’re all joking because we think three weeks is probably to
wide of a slot, I mean I would think we should try to shoot for the
11th, the week of the 11th if possible unless there’s
some —

MR. ROTHSTEIN: Well, I’m going to be away three of those five days and
somebody else may be away two of those five days.

MS. GREENBERG: What days are we discussing?

MS. BERNSTEIN: The 11th of April through the end of the month.

MR. ROTHSTEIN: So that’s the plan. Simon?

DR. COHN: I’m absolutely fine with that if it can be schedule, I guess the
other question is how much of this can be handled via email and I guess I would
be hopeful that a lot of this might be able to be handled by communications
back and forth where we identify possible candidates, questions that maybe
haven’t been asked.

MS. GREENBERG: What time on the 11th?

MR. ROTHSTEIN: No, no, starting the, between the 11th and end of
the, between then and the end of the month —

MS. BERNSTEIN: Finding a time for a conference call during that time. And
if before that time if anyone has particular ideas just please send them to me
because as you know not being a health person I’m learning all, if you have
contacts or you have particular organizations that you know will be able to be
helpful to the subcommittee please just let me know.

MR. HOUSTON: I think it’s also the reason why we have con calls so we can
start to seed those names once we get your list I’ll be, I think we can do
that, we can hopefully start to flesh in the list.

MS. BERNSTEIN: Before we leave the June if you’re going to move on to the
next one —

MR. ROTHSTEIN: Moving to July so you —

MS. BERNSTEIN: June, I’m in June still, you talked about the plans and PBMs
and so forth, we made very quick mention of international stuff, can we talk a
little bit more about that just for a moment?

MR. ROTHSTEIN: Sure, just to go back to what we talked about yesterday we
wanted to explore the experiences of other countries using integrated health
networks so we thought that maybe we would explore what the UK has done and
Australia has done, possibly Sweden, and we’d take a look at some other
countries that are perhaps ahead of us in this technology.

MS. BERNSTEIN: I’m just wondering, I got that part, where you want to fit
them in since you were already talking about having set up panels for PBMs,
during that June, do you expect to be able to fit them in during that June

MR. ROTHSTEIN: If we do a whole day on the 7th dealing with
health systems we will have an opportunity to have four panels, one of those
four panels will be an international panel, that was my thinking.

MS. BERNSTEIN: Four panels on one day?

MR. ROTHSTEIN: Yeah, two in the morning, two in the afternoon. So if we did
that we could have one of the four would be international and then on the next
day where the PBMs fit in is we would have two panels on health plans and one
of those would include PBMs. Marjorie?

MS. GREENBERG: I just wanted to note that if we have in the past and not
completely have full memory as to exactly how we did it, we have had some
presentations around the NHII from people in the UK and even Australia, but we
do have very limited ability to actually travel people internationally and so I
wanted to make that clear, I mean we can, we have some ability to travel people
within the United States who are unable to cover their travel if under
exceptional circumstances but we really don’t have an international travel

MR. HOUSTON: We can go to Australia.

MS. GREENBERG: That can be a challenge.

MR. ROTHSTEIN: Point well taken, we were thinking of for example Don
Detner(?) to talk about UK —

MS. GREENBERG: We can bring him up from Charlottesville.

MS. BERNSTEIN: Can we bring people from Canada? Because I know people in
Canada who are experts on international stuff, I don’t know if in particular
health care but I think we might be able to get somebody —

MR. ROTHSTEIN: Well we traveled somebody from Canada at the last hearing.
But yeah, we’re not going to bring anybody from Australia but there may well be
people here who are experts.

MS. GREENBERG: I just didn’t want to raise unrealistic expectations.

MR. ROTHSTEIN: Absolutely.

MS. DOZIER-PEEPLES: I know we heard from Canada and they were talking about
the French system as well and I’d like to just suggest that to the extent we
can get more capitalistic rather then socialistic systems to testify about how
they handle this it might be more informative. I mean both is good but then
when you’ve got societies that have a socialized health care system don’t have
the discriminatory practices against individuals because they can’t, I mean the
system is more protective then ours and so I think the privacy issues are
different in a more capitalistic system then they are in a socialistic system.

DR. COHN: And you’re thinking of which countries?

MS. DOZIER-PEEPLES: Well, like Canada, I mean I don’t think a lot of that
applies because it’s more protective, because the economic system is set up
differently so you’re not economically —

MR. ROTHSTEIN: No, the question was what countries do you want to hear

MS. DOZIER-PEEPLES: Well, I’m not sure, I mean I don’t know, I don’t know
which ones to suggest to you unfortunately, I just thought that I think it
would be more helpful if we had something that had an economy that was a little
bit more —

MS. BERNSTEIN: I’ll see if I can track some of that down during the next
week, talk to some of the contact that I have about who might be experts and
with respect, and keep in mind that point and just come back to the committee
with some information about that.

MR. ROTHSTEIN: Okay, let me move forward to our last item of business and
that is planning for hearing number four which we talked about yesterday to
some degree and to repeat, to deal with the issue of research, what do we need
to know and maybe who ought to be doing the research to find it out for us and
what relevance does it have to NHIN as well as the IT issues and who are the
major experts on systems design and we need to, we talked yesterday about
putting together at some point a kind of a query list so that they wouldn’t
just give presentations but we could ask them is it possible to do this, is it
possible to do this, what are the problems in doing that and so on. And that
would be hearing number four, I’ll defer for a moment when we’re going to be
hearing number five. The question is whether July is a possible time to have
hearing number four and so assuming that it’s no major problem I’ll ask
Marietta if she would at the same time she circulates the inquiries for the
conference call to send out a calendar for July and see when people are
available for a two day hearing in July and if that doesn’t work then we’ll
maybe then go to August. But I’d like to do it in July if possible because we
already have an executive subcommittee meeting in August scheduled.

MS. BERNSTEIN: Could we do it in conjunction with that meeting? Are there
significant technologists in the Bay area that —

MR. ROTHSTEIN: I would assume so.

MS. BERNSTEIN: Is it possible on the schedule to combine that hearing if
there are, if there’s a significant technologist community there that would not
have to travel if we’re already there.

[Multiple speakers.]

MR. ROTHSTEIN: We are going to be in San Francisco on the 15th I
believe, right Marjorie?

MS. GREENBERG: The 15th of August, the 15th,
16th, and if you’re on the NHII Workgroup the 17th and

MR. ROTHSTEIN: So is there —

MS. GREENBERG: Let me alert people to that possibility now that we’ve
confirmed the 15th and 16th for the executive
subcommittee, we’re polling for the NHII Workgroup the 18th and

MR. ROTHSTEIN: But that might be a problem because there’s overlap right
between Privacy and Confidentiality and the Workgroup?

MS. GREENBERG: Yes, you were thinking of having —

MR. ROTHSTEIN: We were thinking of maybe having a Privacy meeting in San

MS. GREENBERG: I don’t think you can do that at the same time as the NHII
Workgroup. You can just go for broke and try for Friday I suppose, or a day and
a half for each, you’ll have to talk to the chair of the NHII Workgroup on your

MR. ROTHSTEIN: We were talking about scheduling the fourth hearing in San
Francisco after the executive Committee Retreat but the NHII Workgroup is doing
that right?

MS. GREENBERG: We’re polling for that.

DR. COHN: We’re polling for that.

MR. ROTHSTEIN: Okay, how about if we do it this way, if it doesn’t work
out, if there are people on, well, second crack at that is if the Workgroup has
some problems meeting then maybe then we can poll our people to see if we can
substitute Privacy and Confidentiality.

MS. GREENBERG: Or we could have a day and a half for each, just take up the
whole week. It’s the week of August 15th.

MS. BERNSTEIN: Another possibility, is there significant overlap between
the research component of the hearings you want to have and the IT component,
if there’s not we could have a one day in July on research and the one day on
IT where the IT people are and we wouldn’t have to take up the whole week with
a two day, we would have time to do that if that’s acceptable.

MS. GREENBERG: I think a compelling reason would be if there are people on
the West Coast that you feel you would benefit from being in this other venue
and if that were the case you could hear from some people in July who are most
East Coast located and other people, it’s a possibility.

DR. COHN: [Comment off microphone.] — 12 different times and there may be
a case to be made for trying to figure out some way collaboratively since it
may be for example that NHII may talk about, may wind up talking about some
aspects of privacy which might make it, might make a lot of sense.

MR. ROTHSTEIN: Well, how about if we do it this way, we’ll ask Marietta to
circulate July and August scheduled for people, Simon and I and Marjorie will
try to work out whatever schedule accommodates those.

MS. BERNSTEIN: And again, if you have particular ideas about who might be
organizations or witnesses for that hearing, in particular if they’re in the
San Francisco, where they are, because if they’re in the San Francisco area
that would make a difference to our scheduling.

MR. HOUSTON: We were talking about that might extend into August would be
the developers meeting?

MR. ROTHSTEIN: Yes, if we can’t schedule it.

MR. HOUSTON: Okay, that’s actually a good place for it because there’s a
lot of software development going on in that area.

DR. TANG: Your objective for that when you say IT you actually mean the
querying things out of a mining a database versus the wires and the machines
that get the information around.

MR. ROTHSTEIN: Well, we’re going to ask people questions like how would
you, would it be possible to have different access rules for different kinds of
information, would it be possible to, what’s involved in controlling patient —

DR. TANG: That’s more of an application provider versus a technology —

MR. HOUSTON: Absolutely but there are a number, I can think of a number of
software development, a number of health care software houses out of that area
as well as people like HP that probably have broad based experience, even
though they’re not necessarily a software developer per se they probably have a
fairly robust —

MR. ROTHSTEIN: IBM is doing a lot of work in that area, there are lots of
companies that do —

MR. HOUSTON: But in San Francisco, I’m just thinking of, I can think of a
number of companies that are software companies out of that area.

MR. ROTHSTEIN: I’m using IT in a very sloppy way.

Okay, are there any other questions or comments before we move to the next
panel? Okay, thank you, and I would ask the witnesses on Panel VI, Dr.
Stafford, oh, Dr. Strafford, I’m sorry, and Dr. Keaton. Thank you for joining
us, appreciate your coming to share your thoughts on this subject with us and
we’ll go as we’ve been in alphabetical order so we’d ask Dr. Keaton to begin.

Agenda Item: Panel VI – Specialists – American College
of Emergency Physicians – Dr. Keaton

DR. KEATON: Thank you. First I’ll apologize for not being here and known to
you earlier enough to get a printed card or to get my specific qualifications
in the materials that were passed out, I’ll just tell you briefly that first
and foremost I’m a practicing emergency physician, have been for the last 25
years. I was practicing at 1:00 this morning in fact as I finished up with a
shift that I traded to free up to come here but I think this was very
important, that indeed the viewpoint of a practicing doc be here. In addition
to that I wear a number of other hats that may be useful to the committee as we
try to work through what is a very thorny problem.

I’m in an urban trauma center, a teaching environment, 100,000 adult visits
a year. We see and I personally know the frustrations of not having the data
that you need and the data that makes a difference between life and death. If
we have a chance I’ll share a story from the, well, from a HIPAA standpoint
that happened recently, we won’t tell you how recently.

I’m also core faculty in emergency medicine residency training program, I’m
the professor of clinical emergency medicine at the Northeastern Ohio
University’s College of Medicine, and I direct our emergency medical
informatics program at Summa Health System. I chair continuing medical
education for the entire enterprise and I’m here representing the American
College of Emergency Physicians where I’m the vice president of their board of

Wearing even another hat I’m on the board of the e-Health Initiative and
I’m on the steering committee for Connecting for Health. So there’s a number of
different viewpoints these comments come from but primarily take them as a doc
who’s in the pits taking care of patients on a very, very regular basis and on
that behalf I want to thank you from the American College of Emergency
Physicians for asking us to participate and address this subcommittee.

ACEP is a national medical specialty society with 23,000 members, we’re
dedicated to improving the quality of emergency care through continuing
education, research, public education. If you look at the CDC’s estimates for
2003 the emergency departments in this country took care of 114 million
patients, all ages, all types, undifferentiated acute medical and trauma
problems, in rural, urban and suburban settings, 24 hours a day, seven days a
week, 365 days a year. We’re always there.

Due to the very nature of emergency care it’s often delivered without the
benefit of a patient’s vital past medical information. Nevertheless emergency
care providers perform admirably as a safety net for this country’s health care
system which is chronically over crowded and chronically poorly supported. The
emergency department serves many roles in our health care system. As the
interface between the inpatient and the outpatient worlds we provide acute
episodic care for patients who either have no access to their primary care,
either because they’re not in their home area or because they don’t have that
access, and we also provide care for those who are acutely ill or become
acutely injured. We’re experts at acute diagnosis and stabilization and we’re
also a vital link in the public health network.

One common thread that runs through all of these roles is our lack of a
stable patient population and our lack of longitudinal data on large numbers of
our patients. Many factors including our mobile society, the lack of inpatient
capacity that results in frequent ambulance diversions, the provision of
specialty services that take patients by helicopters from well outside their
normal areas, and changing managed care referral patterns all result in
patients ending up at someplace other then their home hospital’s emergency
department. As a specialty center we see that even more then most.

I’ve often described my job in the ED as being like an air traffic
controller at O’Hare during a snow storm, the difference is that not every
plane is on my radar screen and the planes that are there don’t necessarily
provide accurate information in terms of their altitude, their speed or their
direction that they’re headed in. It’s a good day for me if all the planes stay
in the air and no one crashes but it’s certainly not the ideal and that ideal I
think we can get closer and closer to if we bring the right information to the
right docs at the time we’re trying to take care of the patients. The emergency
department is one of the most complex and challenging practice environments in
all of medicine. Clearly all patients will benefit from improved health care
information technology but I believe none will benefit as much as those cared
for in emergency situations.

The overriding reason that we’re looking to create a National Health
Information Network and electronic health records is to improve the quality,
efficiency, and safety of health care for all Americans. Protecting the
confidential patient information has to be a high priority, the challenge is
balancing the needs for timely data availability against the desires by some to
access the data for nefarious purposes. When the NHII exists breaches of
security will be inevitable. Many have pointed to the financial industry as an
example of what a secure system should look like, however, if you look at the
2001 Evans Data polls roughly 27 percent of developers surveyed in that banking
and financial services industry say that they had experienced security breaches
in the prior year, that’s 27 percent experienced something. According to the
New York Times nearly ten million people were victims of identity theft in a
recent 12 month period, the costs for that were quite remarkable. Placing a
cost on the loss of confidential patient data will be very difficult although I
have no doubt that our friends in the plaintiffs department find a way to do
so. The greatest cost however will be incurred if we fail to implement the NHII
strategy or surround it with so many security measures so as to make it
unusable by patients and practicing clinicians like me.

The American College of Emergency Physicians appreciates the opportunity to
provide this committee with our comments regarding privacy and confidentiality
safeguards that might be considered as part of an implementation strategy.
Emergency physicians are patient advocates dedicated to providing quality
patient care and protecting the public’s health will protecting the sanctity of
every patient’s health information. We are concerned however that certain
unintended consequences of privacy measures might dangerously impede our
ability to deliver the best possible emergency medical care and I want to
address you from the, not the 30,000 foot or the 50,000 foot level but from the
ground where we spend our time.

We believe that network operations should be consistent with current HIPAA
guidelines, they’ve worked reasonably well for us, and they should include
provisions to facilitate access to continuing care in emergency situations. I
will say parenthetically that they’ve worked well for us because of the
emergency situation exceptions in HIPAA.

The remainder of my comments will focus on several privacy and
confidentiality principles that we believe are critical to implementation of
data systems that will allow us to provide the highest quality care to the
millions and millions of patients who seek care in our departments every year.
I will stress that these principles focus on your charge which is to address
issues of privacy and confidentiality and are by no means a complete listing of
our concerns regarding the NHII or NHIN as a whole. We did do a response to the
request for information and if you’re interested I’ll be happy to make that
available to you, we also participated in the collaborative response.

Number one, optimal management of emergency cases requires rapid, and I
underline rapid, access to patient data. Speed and reliability are crucial, if
the system is not fast and always available it will not meet the needs of
clinicians and patients. Emergency medicine held a consensus conference in 2004
that was published in the Journal of the Society of Academic Emergency
Medicine. In a quote from that electronic clinical records should be released
immediately upon the certification of a clinician that there is an immediate
clinical need for the release of those records. The issues of security,
identification, and authentication should facilitate that process, not hinder

Number two, the assumption must be made that a patient who is unable to
give permission for data access would have done so had they been able to do
just that. Our patients can’t always provide permission, the sickest ones more
often then not. Given the nature of emergency medicine cumbersome or onerous
authorization requirements must be avoided, moreover it’s vitally important
that we have a break the glass policy so we can authorize emergency clinicians
to quickly gain access to critical information when time is of the absolute
essence. This doctrine presumes that consent would be given by a patient if
they were able to do so.

Number three, optimal patient management of emergency cases requires access
to complete patient data. Clinicians must be able to trust that the data that
they’re viewing is complete and truthful. A single data point or a set of data
points obtained at a single point in time is like looking at a still photograph
or a single frame in a movie. When we look at a movie we are presented with
sufficient frames per second to enable the brain to interpret the individual
images as a continuous action. Editing a movie, leaving frames out, leaving
stuff on the cutting floor, that changes significant portions and can lead
viewers to reach incorrect or differing conclusions. In a similar way viewing
incomplete data portrayed as complete can cause the clinicians to reach
unjustified and potentially dangerous conclusions. If known data is not
accessible for any reason the information system must call this gap to the
clinician’s attention in a very conspicuous manner. We need to know that this
is not complete, whether it’s that one of the data sources is down, whether
it’s that as I’ll mention in a second the patient has refused to allow you to
have data, we need to know that it’s not complete otherwise the assumption or
the belief is that we’re getting complete data.

Number four, emergency physicians must be notified when a patient refuses
permission to provide access to some or all of their data. Most of the models
enable patients to direct that pointers to some or all of their data not be
included in a central database. While ACEP does not disagree with a patient’s
right to withhold information no matter how potentially damaging that might be
to them we believe it’s critical that the treating physician be notified that
the data being viewed is incomplete. Such refusal alters the point of truth and
it requires the emergency physician to look at the data differently.

Number five, public health needs including syndromic surveillance require
reliable access to population based data. Access to this data must be assured.
Secondary use of this data from the National Health Information Network should
support improvements in public health through surveillance, benchmarking, and
public policy initiatives. Critical de-identified public health data must be
made available to maximize the effectiveness of surveillance systems with or
without the patient’s permission. Imagine what happens if the index case on a
smallpox or SARS or another episode refused to allow their data to be part of a
surveillance network and we didn’t have that index case and that head start.
Also once a risk is identified there must be a link back from the de-identified
data to the index case for their protection and for the protection of the
public as a whole.

Here’s where we get into the nitty gritty, some patients will refuse
permission to access their data because they plan to injure themselves or
injure others. We must provide provisions for allowing access to critical data
to protect the patient and society from the harm that could reasonably expect
it to occur if critical data were not disclosed. This is a difficult problem,
probably well beyond the scope of this committee, likely would require
legislative action.

Emergency patients are a subset of society as a whole and society as a
whole has good people and it has some not so good people. Some have ulterior
motives for coming to the emergency department, these may include illegal and
dangerous drug seeking behaviors, they may include terrorist activities, they
may include personal injuries that took place, imagine the patient that comes
in with a radiation related injury, we send them out without that surveillance
or information so that they can have their dirty bomb weeks or days later,
those type of things we need to be able to provide some protections for. Other
patients may represent a threat to themselves or others due to psychiatric
conditions and toxicants or criminal activity.

And finally number seven, while not strictly under the purview of this
committee we would like to stress the fact that consideration must be given to
the potential tort liability risks inherent to creation of this network. That
in and of itself could shut the whole thing down in terms of people not being
willing to participate. Two major legal impediments that we see, first involves
the liability for breaches of security, if you have no system you have no
breaches, you have no risk, but the danger to society as we see it is
substantial. The other involves liability for failure to notice or correctly
interpret issues hidden in the vast volume of newly available results of tests
that were not necessarily ordered by the clinicians that’s involved. Imagine
being sent to the New York Public Library and being held responsible for
something that’s buried in one of those volumes that you didn’t read and being
told that you really should have read it. Patients have thousands and thousands
and thousands of pages of data that will become available and we have to find
some way to reasonably deal with that.

Once again thanks for providing the opportunity to address the areas of
concern to emergency physicians and the patients we serve. At this point I’ll
entertain any questions or move to the next presentation.

MR. ROTHSTEIN: Thank you, you’ve certainly given us a lot to think about,
and we’re going to be doing that and listening to Dr. Strafford at the same

Agenda Item: Panel VI – Specialists – American
College of Obstetricians and Gynecologists – Dr. Strafford

DR. STRAFFORD: Good afternoon, I’m Craig Strafford, as I said this morning
in the introduction I’m an obstetrician gynecologist, I have practiced OB-GYN
for 30 years. What I would like to do in my remarks is give you a little bit of
orientation about what I do, what the American College of Obstetricians and
Gynecologists are about, give you some examples from the system in which I work
which is entirely paperless, and then I do have a handout, has that been
distributed? Okay, and then basically it’s the last five slides that are the
meat of what I would like to say and give to the committee and having listened
to all the other testimony today I think that there are some nuances on what
has been produced before in terms of testimony but basically you’ll hear some
themes that have been expressed previously.

The American College of Obstetricians and Gynecologists has 35,000 fellows,
we do not have any idea how many fellows are using electronic medical records
or electronic health records in their practices. As to the number of women
served approximately 95 percent of OB-GYN, of physicians practicing obstetrics
and gynecology are fellows of the college, so with a high degree of probability
if a woman has seen an obstetrician gynecologist in this country she has been
cared for by one of the fellows. ACOG is organized to foster and stimulate
improvements in all aspects of women’s care, to establish and maintain
standards for practice, and to promote professional education and promote
patient education.

I’ve color coded the slides green for OB-GYN and blue for Holzer Clinic.
There are four issues of concern to the American College as we knew that this
opportunity for presentation was coming up. One is the political agendas in
patient privacy. In the state of Kansas there is an attorney general who wanted
to have from the information system all of the names of all of the women who
had sought pregnancy termination and I think one of the safeguards that would
need to be in the system would be if there was political sensitive information
in a patient’s health care record and a system had the ability to index all of
those patients how would that patient privacy be protected.

A second area for concern with the American College is adolescents.
Adolescents do not always have their priorities straightened around and they do
some experimentation with life and part of that can be the adolescent afraid
that she may have acquired a sexually transmitted disease. We want to encourage
the young woman to come in for care and not have the divulgence of her fear be
a barrier to her seeking health care service, so that if we had an electronic
medical record that was in a database that that index could be penetrated how
would that woman feel secure about seeking anonymous care.

Another major area of concern for fellows within the college is the cost of
the implementation or the starting or the adoption of an electronic health
record and one of the presenters this morning, the gentlemen from the American
Osteopathic Association speculated $9,000 dollars. I think that as he said was
the low end, I think the high end is much, much higher then that, maybe three
or four times that.

PARTICIPANT: [Comment off microphone.]

DR. STRAFFORD: Yes, he did say per year. In large hospital systems there is
often more of a motivation to have an electronic record because of the
interaction of multiple providers, lab and x-ray, as I’ll say in a few minutes
that’s what we have at Holzer Clinic three to five person practices which are
the majority of the practices in this country would not necessarily have the
resources to commit to the implementation of a record and part of what I’ll say
at this point and then reinforce later is there needs to be a cost benefit gain
for the practice in order to make the investment. It does clearly afford us the
opportunity to provide better patient care but it may not be better enough to
afford the expense.

And then as has been alluded to several times the pay for performance
piece, if we’re going to look at payment reimbursements to providers based on
meeting criteria for care and that is in the, that is more readily determined
by an electronic database then it is by a graphite and cellulose paper and
pencil, it may be to the disadvantage of a provider not to be able to
demonstrate their proficiencies of care. So that may be a motivation for them
to invest in an electronic medical record but here again the cost may be

Let me tell you a little bit about Holzer Clinic, Holzer Clinic is in the
central part of Southeastern Ohio, we have eight sites of operation in Ohio and
West Virginia, we are 100 miles north to south and 100 miles east to west. We
have about 470,000 patient visits a year, we have about half of our patients
are Medicare and Medicaid so that if you look at our gross production, our
gross revenue from our gross production is about 54 percent of our billed
charges, that then is our revenue base against which all of our expenses are
put. We have at the present time 174 providers, 127 physicians and 47 mid-level

In your handout it says annual cost, this is a cost, the $6.4 million
dollars is the actual investment that we’ve made in our electronic medical
record in the last four years and these are the categories of expense, there is
some programmed expense in this list for the rest of 2005 but that lets the
committee see the categories in which we’ve made investment and some sense of
the handle of that, some sense of the size of it. In addition to this we think
we’ve spent about $350,000 dollars to actually specifically meet the HIPAA

We compared ourselves to other industries, this slide was actually
developed by our IT people and was presented to the clinic’s board of directors
to help justify the expense and try to compare us to other industries. We are
at 4.1 percent at present and we will be at 5.5 with projected expansions of
our systems and system enhancements that we’ve already, for which we’ve already

To give you a very brief history, the organization made a commitment in
1992 to adopt an electronic medical record. At that time we converted from a
dictation system for all of our clinical notes into using a computer based
system. From that we then, that was the electronic conversion, we then phased
into that a lab ordering system and a lab reporting system, the idea being that
you can order the, the lab ordering component is not yet there, I am still
circling desired laboratory studies on a sheet handing it to a patient and she
is taking that to the lab but the reporting of the lab comes back to me
electronically as soon as it is available. The same is true for radiology, we
are still ordering diagnostic services on a piece of paper but the report comes
back on the system.

We are fully integrated within our entire service area and I personally
have not used a paper record for anything this year, there are people within
our organization who have not used a paper record for the last six months. We
have mandated ourselves that no one in our system will use a paper record after
July the 1st of this year.

And I need to confess and add something here, our system crashed on Monday
and you’re smiling, there was not a smile in our organization, it is absolutely
totally devastating, we couldn’t do anything and we just really were paralyzed,
that’s the third system crash we’ve had in two weeks because our IT people are
trying to interface a lot of the expansions that we had, for which we had
contracted and it’s one of those, and I think when possibly to leap ahead of
what you as a committee will hear, when you talk to your vendors they tend to
promise a great, great deal but the actual reality of using it, and our system
is not particularly big, I mean 400,000, 500,000 patient visits a year and 100
miles east to west and north to south, I mean this is not a big system but it
is a system upon which we have become completely dependent.

Now some of these philosophical points you’ve heard before, the electronic
medical record or health record can replace a paper record, we do achieve some
real increased functionality, results reporting, dictating, structured notes,
prescription writing, test ordering, charge capture, coding, scanning and
tasking. Tasking is something that is working out extremely well for us right
now and that is if a patient calls in for a prescription renewal it is tasked
to me, it shows up on a memo on the computer on my desk, I can then go into the
patient’s chart and see if her request is appropriate and then can task back to
the pharmacy to refill the prescription. That is a big savings, you don’t have
to pull the chart, you don’t have to wait to get the chart, you can just take
care of it right then and there.

I am horrifically concerned that the IT department wants us to use
templates and I think, for patient encounters, and I am afraid that templates
fantastically bulk up the chart with not specific patient information and Brian
talked a moment ago about having information and its validity to work with, you
get all of this garbage and I say that respectfully about review of systems and
past medical history and social and family history that is in there in terms of
coding requirements for reimbursement, adds very little if any useful
information as you are trying to scan back through that chart when that lady
shows up with an acute care situation and you’ve got all this material to wade
through to try to find the significant aspects of her most recent or a recent
health care encounter.

No one who has presented thus far has talked about what is a medical
record, in my experience a medical record is simply a diary of the patient’s
health care encounters and into which is layered periodically reports about lab
and x-ray or consultations. In our system we scan in information from outside
providers and then our medical records department is a library of all of this
information that’s simply filed by the patient’s name or some identifying

I would argue that if we’re going to have the benefit of an electronic
health record we have to find a way to go in and mine the data out of that
information, to look for the ability to initiative preventive services, to look
for the ability to initiate disease prevention, in other words at one point I
went to our medical records people a couple years ago and I said, and I’m not
really sure that we’re doing mammograms appropriately on our patients, do we
have any idea how many over 40 year old women who come to us for care
regardless of the reason but how many of them have had mammograms. So they
pulled 1,000 charts and when I was on call I would sit and go through a couple
hundred of them at a time just trying to do a stroke count, did or did she not
have a mammogram.

With an electronic medical record we ought to be able to do that very
efficiently, now whether that violates the patient’s privacy, does the woman
want to know that she has not had a mammogram, does a man want to know he has
or hasn’t had a PSA or a colonoscopy or a 65 year old person with emphysema,
have they or have they not had an influenza shot or a pneumonia shot. It gives
us the ability to help the patients be more healthy but is that a violation of
her privacy, it’s not, but that’s what an electronic medical record might be
able to do if we got the system aligned. Right now all we have is a very
elaborate, very expensive and somewhat more efficient medical record but it’s
not a lot different then the paper record we’ve used for the first 25 years I
was in the group.

The potential advantages we’ve actually talked about, the item on here is a
reference to what we’re all about and that is the adoption of an electronic
medical record has been declared to be a national priority. The annual cost
commitment for Holzer Clinic right now is running about a million dollars a
year, I don’t know that we can demonstrate the savings, we have stopped some of
the vans that ran records back and forth between our facilities and the medical
records department is down in personnel because we don’t have people filing the
notes or the lab on the charts anymore but then we’ve contrasted that by adding
some more expensive people in information technology.

I think the patient care benefits could be absolutely priceless in terms of
the avoidance of medication interactions, undesirable ones, and finding who
needs a screening study of some kind that they haven’t had. But I think the
affordability in particular will impact how rapidly the systems are adopted.

We have three areas of concern with our medical record and external sites
of health care service at present and I’ll go through these individually. Event
logging versus auditing, we are very much prepared to look where are there
breaches of our system, we are not prepared to do a periodic assessment of our
system to just see if there are any breaches. And I was trying to think of a
good way to analogize this for the committee, my wife and I have a small dairy
goat herd, okay, we have built appropriate fence to try to keep our nannies
where they’re supposed to be and our fail safe is every night when we go to
bring them back from the outer pastures to the barn if all the nannies show up
then we figure there are no holes in the fences. Now Sunday morning, Easter
Sunday morning we were out repairing a hole in the fence, it’s not what we
wanted to do on Easter morning but it was the reality of have a hole in the
fence and you’ve got to fix it.

I think the comparison here is if we have requirements with electronic
medical records where we look at logging events then that’s a matter of which
nanny didn’t come back. If we’ve got the regular audit then I would have to
walk the fence line every day, I don’t have time to walk the fence line every
day and I think that as we look at the design of systems we need to be sure, or
as sure we can or it would be a recommendation and a plea that we design
systems that look at reasonable fences, things happen to fences and when there
is a breach in the fence then you go fix the fence but you don’t want to have
to walk the fence line every day.

I apologize if the analogy is far fetched.

Another problem we have is with the Ohio Board of Pharmacy. They currently
require two or more forms of user identification for an electronically
transmitted prescription. They don’t require two forms of verification if you
hand the patient a written prescription. We think that this is a commitment on
the part of the Ohio Board of Pharmacy to develop a fail safe, they’re trying
to protect, I understand they’re trying to protect, but their system is
burdensome. Here again, it’s walling the fence line instead of looking where
the hole in the fence is.

We also with a computer generated paper prescription the Ohio Board of
Pharmacy currently requires us to circulate that piece of paper back to the
prescriber and have the prescriber write their name on it and then hand it back
to the patient. We think that this is onerous inefficiency, our IT people would
like to use a facsimile signature, an electronic signature if you would, and we
just think that the $25,000 dollar cost on there is what it would cost us in
printers alone in our system, let alone all the time and inefficiencies, time
lost and inefficiencies in circulating the printed prescription back to the
physician for the physician signature.

One other aspect that has been alluded to earlier is that every once in a
while a patient will want to produce a prescription for themselves that did not
necessarily come from one of our providers so we think that whatever system is
constructed in the future will have to have some kind of safeguard so we can
see when we’ve got a forged prescription. Patients also want to manipulate
their data in terms of worker’s compensation.

Privacy is a vital issue, I think that we certainly have a number of
policies and procedures within our organization to protect the patient’s
privacy. We think that manual systems are sometimes difficult to secure, if a
chart is left out on a counter, a desk top, it’s open to be read by other
people. We think they’re very difficult to audit, the corollary to that is that
we think the electronic systems, given some of the problems that we’ve been
talking about today, given an intention or an unintentional breach of the
electronic system we think they’re actually more secure then the paper system
and they certainly could be a lot easier to audit. We think that there are
significant benefits with implementing an electronic system if we can avoid
unnecessary obstacles.

Individual health care information by and large is private information that
no one else wants to see. I think we all have individual health record, there’s
probably not much interest in any of us looking at anybody else’s health record
in this room unless, from the American College of Obstetricians and
Gynecologist’s point of view, unless you’ve had a pregnancy termination and
someone wants to embarrass you with that, or if you’ve had a sexually
transmitted disease and someone wants to embarrass you with that. But by and
large if we’re building a system we don’t necessarily need to worry that the
kinds of things that Brian and his colleagues would look at in the emergency
room is information we’d want them to have. There is far more likelihood that
someone would want to come in and steal financial information rather then
patient specific information.

Sanctions we feel should be severe for violations, for deliberate
violations or breaches, and that the regulatory statutes should be achievable
and doable without being burdensome. That point I think has been made by
virtually every presenter.

The government regulatory and accreditation agencies, I mean that’s why
this committee is meeting, it lags it just a bit behind some other industries,
we think there are efficiencies to be gained. The comment about data silos has
come up several times, we have tried very hard not to have data silos within
our organization but it takes quite a bit of information technology to get the
radiology reports, the lab reports, the scanned in outside reports, EKG reports
and the encounter notes all together in one record because those are all
different systems. Our main facility in Gallipolis which was the original
Holzer Clinic is physically attached to Holzer Medical Center which is a not
for profit community hospital and we have struggled to be able to get our
information to go across in a seamless way. The best we’ve been able to come up
with right now is a go out and reenter the system with another set of passwords
in order to be able to get the information back and forth. And our colleagues
in the emergency room want clinical information and then we on the clinic side
want to find out what’s happened to the patients in the emergency facilities
and right now the best we can do is a double password, go out of one system and
into the hospital system and back and forth.

What should be ACOG’s role in the future? ACOG is a national organization
which is encouraging the development of data systems, we would plead for the
systems to be intra-operatory, that the systems be all able to speak to each
other, I think you’ve already noted that. We would also plead to have a basic
standard format of system so that there can be appropriate interaction between
systems. In obstetric and gynecology one area in particular where we need to
have two systems talk to each other is the prenatal care of a patient which is
almost always conducted in an outpatient setting, and then when the patient
enters labor and delivery we need all that information including any recent
pelvic ultrasounds or non-stress parts on part of the fetal heart rate
monitoring. And patients of course enter labor and delivery at all hours of the
day and night and a ready exchange of information is highly desirable, a
standardized system would facilitate that.

Again, making the same plea in a different way, right now we have lots of
independent providers developing lots of unique systems, the systems don’t talk
to each other, we need to be able to have the systems in a standardized format
and also interoperative. Again, we would plead for standards that are developed
by the users, by the interested parties, and by all stakeholders, we think the
standards should be uniform and I would also plead for whatever correction,
modification, change to the system that the ability to change the system is
plastic and fluid enough so that we don’t get locked in. I know Dr. Cohn has
worked with CPT and the RUC(?) and PEAK(?) and all of those kinds of things and
we struggle with trying to come from the Harvard based resource value units
into new modern procedures. Whatever our IT system is we want to avoid that
kind of entrapment in “the Harvard system.”

Recommendations would be for the development, we are very positive about
the development of electronic medical records. We think that the privacy issue
can be handled with adequate sanctions against careless or intentional
dissemination of information, we think that any system can be penetrated and
beat, what we’re trying to do is to put up reasonable fencing, back to the goat
analogy, to keep the girls in the pasture, we’re not building a stone wall,
we’re just putting up field fence but every once in a while you get a hole in
it. And then in the interoperability piece is just desperately important.

And finally in conclusion we think that the electronic medical record can
certainly afford better patient care, we are fearful about new rules and
regulations, I think physicians feel burdened with rules and regulations now,
physicians should see the changes as positive. The physicians should also see
the changes as affordable. Various presenters have talked about the cost, the
quality and the access to the system, those are the three key components.

And finally in absolute conclusion the American College of Obstetricians
and Gynecologists very much appreciates the opportunity to have made these
comments and we would very much like to participate in future specific sessions
where either the standard of care and/or specific issues of patient privacy are
being addressed. I thank you for your attention.

MR. ROTHSTEIN: Thank you, Dr. Strafford, appreciate your comments and we’ll
go to the question session in just a few minutes. I want to note for the record
that the American Academy of Pediatrics was not able to have a representative
here this afternoon, they were scheduled to be on this panel, but they did
submit a written statement and I’d like to for the record and for those on the
internet summarize some of the key provisions of what the Academy said.

This statement is submitted on behalf of the American Academy of
Pediatrics, an organization of 60,000 primary care pediatricians, pediatric
medical specialists and surgical specialists who are dedicated to the health,
safety, and well being of infants, children, adolescents, and young adults. Our
statement is premised on the critical importance of advocating for the design
of improved health care systems to prevent medical errors while still
protecting patient privacy.

Most pediatricians practice in small office settings and have limited
technology resources to implement multiple interfaces and authentication
systems. There is a critical need for a single national system of provider and
practice authentication and there are opportunities to leverage the DEA
registration process for this purpose. There is an important need for a single
method for secure authenticated encrypted data transport that can serve the
needs of multiple data types such as immunizations, laboratory results,
prescriptions, and health record summaries and multiple interoperability
partners such as public health departments, school systems, laboratories,
pharmacies, other primary care providers, emergency departments, and hospitals.

Appropriate privacy and access controls must travel with the data and
electronic or digital signatures must also travel with the data in an
interoperable framework where legal signature authentication is persistent
after the data is received. Data sharing and data transport will also require
national standards for authentication of users and verification of access
rights and must support audit tools.

National standards should also provide a governance process for data
stewardship, e.g., RIOs managed the dissemination of data to research
organizations. The use of medical records data for practice profiling and
quality improvement must be transparent to providers. There is an urgent need
to move towards a single technology, the Academy notes there is much to be
learned from experiences in Europe with the Public Health Information Network.
Whatever standard is adopted for the NHIN it is critical that all
interoperability partners including practitioners, EHR vendors, laboratories,
pharmacies and health departments receive incentives to convert to a single
common standard mode of data transport.

Pediatricians receiving data from the NHIN must have confidence that they
know the source of the data that information has not been altered or disclosed
during transport and that signatures can convey non-repudiation of the data
that has been shared.

Finally the American Academy of Pediatrics believes that a uniform national
patient identifier is necessary to allow interoperability via the National
Health Information Network. We would encourage the creation of a unique
national patient identifier as originally specified under HIPAA. This is
particularly important for pediatrics in which patients frequently present with
no name (in the case of a newborn) or with changing names (which may or may not
match that of the parents). The American Academy of Pediatrics recognizes the
controversy surrounding the issue of a national patient identifier and
recommends that use of such an identifier be restricted to communications
covered by the HIPAA privacy rule. In the absence of uniform national patient
identifier alternative methods must provide multiple identifiers needed to
correctly link child health records and include provisions for correctly
documenting adolescent privacy rights and changing parental or other custodial

The AAP feels there are substantial benefits from an NHIN that reaches the
offices of pediatricians. Management of obesity will be improved if the growth
data can be shared. Recognition of developmental disabilities and provision of
services to children with disabilities can be improved through coordination of
care and sharing of diagnostics and therapeutic plans. Immunization rates can
be improved by sharing data as children move to new locations and sources of
care. The management of ADHD can be advanced by improved communication of
treatment monitoring and improved ease of continuing long term medication.
Communication of medications and test results between primary care
pediatricians and specialists or emergency departments can prevent duplication
of services and help to prevent risks to patient safety.

So those are some of the points that the American Academy of Pediatrics
made, I think in some respects they highlight or reinforce that both of you

So the floor is now open for questions from subcommittee members. Dr. Tang.

DR. TANG: I want to thank all the testifiers, I think it was really good
testimony and a lot of concrete as you were saying at the ground floor kind of
observations and recommendations so I really appreciate that. I have one
question for you Brian, on number six, that you may need, and I don’t know who
the you was, you may need to overrule the patient’s refusal to provide
information and the example you gave was a terrorist. Was is the doctor needing
access to some information or a surveillance trying to get access to some

DR. KEATON: Those I would refer more to the individual patient encounter. I
mean the toughest patients for us to deal with now are the psychiatric
patients, the determination whether somebody is capable of making informed
decisions or whether we need to intervene and basically what we call pink slip
and take away their right to make those choices and act on their behalf. The
current regs within HIPAA provide wide latitude for issues of national security
and issues of public health and I think we need to maintain the types of
protections that are there and understand that oftentimes the overwhelming
public need is greater then the individual’s right to privacy. I bring the
terrorism example, the SARS example, the issues that we have with certain
communicable diseases, certainly as we start looking at other possibilities in
a more and more dangerous world the people that spend more time interacting
with the people capable of some of these acts are emergency workers, whether
they’re emergency physicians, the EMS workers, police, etc., we need to be able
to protect as best we can, and it’s a slippery slope.

DR. TANG: One question related to this panel —

MS. BERNSTEIN: Could I follow-up on that particular point really quick? I
wanted to know whether you were concerned in respect to those kinds of things,
people who are dangerous either to themselves or others, has your organization
taken the position that you want the information to be available for the
protection of the patient or the immediate physicians, the setting in which the
patient is being treated? Or are you talking about affirmatively being able to
disclose to not just public health but law enforcement and so forth without a

DR. KEATON: There are already, there’s clear law in most states protecting
the safety of emergency care workers so from that standpoint if somebody is a
direct threat to me I as a citizen, not as a physician, have the right to seek
protection so from that standpoint it’s not as big an issue. The bigger issue,
a common occurrence, a patient is very intoxicated, insists on leaving my
department and is going to get into a car and drive. Am I obligated to protect
the public by calling the police and stopping that patient or am I obligated to
let the patient go out and kills somebody or kill themselves? And there are
many different opinions on that all the way across the board and many different
legal rulings. The practical approach is I would much rather have to face a
jury for having stopped somebody from hurting themselves or somebody else then
to face a jury for having let that person leave and kill an innocent person but
there is no good law for that. Now you take that many steps further and say
okay, now we’re looking at somebody who’s making a dirty bomb and has presented
to my emergency department with a radiation related complaint, am I obligated
to let the appropriate authorities know that.

MS. BERNSTEIN: Yeah, I guess I was asking more about you have the situation
where you’re treating somebody who has an ulcer because they happen to tell you
that they’ve been developed an ulcer because they’ve been embezzling from their
employer, something like that, where there’s a crime being committed but it’s
not —

DR. KEATON: The place that we have traditionally drawn the line and this is
not College policy, this is more from an ethical standpoint then anything else,
the place that you draw the line has primarily been the physical welfare.

DR. TANG: This panels title is specialist and we heard one before for
primary care physicians and both of your illustrations were very cogent, your
six steps and the prenatal care and so on and so forth. And then I took a step
back and looked at these points and I was finding that I don’t see how any of
them don’t apply to primary care and I just wanted to get your impression of

DR. STRAFFORD: I think they certainly do apply to primary care.

DR. KEATON: The difference in my setting is the norm in my world is chaos
as opposed to the routine visit that most primary care folks have. The patient
that I took care of the other day, great example, we’re a regional trauma
center, they fly me in a 67 year old man who was driving on a country road, no
real reason to have an accident, he hit a tree. He was combative at the scene,
the helicopter arrives, they paralyzed and inibated(?) him to make his
transport. So he arrives to me as an unknown entity and I’m unable to get any
information from him, I know nothing about him. I do have a driver’s license so
I could get identifying data potentially through a regional registry. His blood
pressure is 70 over 40, he’s in atrial fibrillation which is an irregular heart
rate at about 160 beats per minute.

Now I’ve got a bunch of question, this guy was acting goofy, he’s been in a
car accident, did he have a heart attack that caused the accident, did he have
this fast rhythm that caused the accident, is this an old rhythm and is he on
cummiden(?) as a blood thinner which is going to complicate whatever is going
on inside of his head, I don’t know his med list and I’ve got all of these
questions and each one of these problems leads me down a line of therapy that
will kill him if I pick the wrong line and I don’t even have an old EKG to know
whether he’s had this before. Those are the situations we face every day, I
mean just to get some of that basic, the continuity of care record would be a
wonderful start just to get some of these basic pieces of information on these
critical patients could make dramatic differences.


DR. COHN: Thank you both for some very good testimony, I mean Brian I guess
I should start off by disclosing that I am also a fellow of the American
College of Emergency Physicians and practiced emergency medicine for many
years, I was actually speaking yesterday about issues relating to lack of
information in the emergency department.

DR. KEATON: I spent more time looking for data then I do for anything.

DR. COHN: Well, trying to look through it once you have it which is the
other thing. Now having said that though I’m looking through all of this and
obviously our responsibility is to try to make recommendations to the secretary
relating to privacy and the NHII and probably also that slippery area between
privacy and security. And I was looking at your actual testimony rather then
the points you were making in your comments about well, in the financial sector
27 percent of the respondents had breaches of security in 2001 and yet at the
same time you’re saying well geez, if we don’t do an NHII we risk public safety
and personal safety. I’m also looking at Craig’s comments where he’s saying
that we can make an EHR or an NHII that is more secure then the paper record.
Now I do know that there probably are not 27 percent breaches around the
country in the paper record currently but I don’t, this is sort of a tough one
to figure out where the right balance is on all of this, I mean you don’t want
more security, are you expecting to tolerate this level of breach? Where’s the
balance here from your view and also Craig?

DR. KEATON: I would suggest in an electronic record you’re able to identify
the breaches. I would just think back to any medical records department, any
physician’s office where you’ve got stacks and stacks of records and the person
who is working the desk up front wants to know what’s going on with her
neighbor and then she goes and looks at the record and nobody’s the wiser. But
in an electronic environment there’s a logging function that says hey, there
was somebody in this record that didn’t have the right to be there and it’s
identified as a breach. The breaches that take place in paper records every day
are phenomenal, we just don’t know about them or count them.

DR. STRAFFORD: And I think that was exactly the point I was trying to make
and I agreed with the presenter this morning from the pharmacy industry, I
think we want to know when someone has done something that they shouldn’t do
and the electronic record will allow you to do that and will allow you to know
when someone has been into somebody else’s record. My please was that we would
not be forced to routinely “walk the fence line” to see if there are
any holes in the fence, I think that is a burdensome task to put on an over
burdened health care delivery system, my plea was to just make it a rule that
you shouldn’t go where you don’t need to be and that if you do there are
consequences rather then force us to run a check all the time to try to figure
out whose been in Brian’s record or has Brian been in mine.

DR. COHN: And Brian, I guess I would just follow-up with the question, you
mentioned about basically so many security measures as to make things unusable,
what is your view about too many things to make it unusable?

DR. KEATON: There are a number of frustrations, auto sign out, I’m in an
emergency department and the IT standard which is based on a number of lawyer’s
interpretations of a number of different laws says that systems have to sign
off with three minutes of inactivity. It takes me three and a half minutes on a
phone call to the OB-GYN when I just called Craig and I look back and
everything I was working on is gone, that’s one. I’ve spent time doing a number
of different activities and find out that because I’m multitasking I didn’t
finish an activity or sign it out or close it out in a prescribed period of
time and it’s gone. That’s just the auto log out.

There are a number of different places where you have 14 different systems
and 14 different passwords and you’re trying to remember which is which and
which one has changed and which one is updated and you’re doing that all at a
critical time. There are a number of different things from a security
standpoint that can really muck up my world in terms of trying to be efficient
and take care of patients. My plea is that we don’t add to that complexity. I
think there’s ways technologically to get by a lot of this, unfortunately they
cost a lot of money or they cost of lot of political capital to accomplish and
even a single sign in, there’s a number of different functionalities that would
deal with that particular problem that I identified. We can make a long list of
the other frustrations in the real world.

MR. ROTHSTEIN: Dr. Harding.

DR. HARDING: In the last group I was asking about the electronic medical
record in a hospital, you’ve developed a paperless medical record —

DR. STRAFFORD: Correct, both hospital and clinic.

DR. HARDING: In your system, it’s a closed system.


DR. HARDING: Okay, what would be the benefit would you see of being able to
plug that system into the big system, that is the National Health Information
Network? Would it help you? Would it cause more problems then it would help?
What would be your reaction to that because you’ve developed a very good
system, if you go into the big system what do you see as the good news or the
bad news?

DR. STRAFFORD: Let me answer that question by saying before we developed
our system we made a deliberate decision to own all of our own hardware and
software because we were afraid to be in the big system and we knew we could
have a better chance to control the information in a wholly owned system, not
one that was out on the internet. And I actually asked that question of our IT
people Monday or Tuesday when I was trying to put this presentation together,
we still feel that we would be very much afraid of a system that, I mean you
can hack into our system, I could bring our system up right here, right now, if
we needed to. The model that I’ve seen that really works fantastically well is
for a time I was on the group and faculty practice advisory committee to the
AMA and we had a group of individuals, vendors come in and demonstrate
electronic medical record systems and the one the U.S. military has is
phenomenal, just phenomenal, and it looked like it was safe and secure and
could get the information shipped around quickly. And I also just confessed to
you that our system crashed four times in the last three weeks and was down all
of Monday and part of Tuesday. We’re afraid —

DR. HARDING: Afraid to get on the big system.


DR. HARDING: Okay, and who’s liable for the crash by the way if the patient
had a bad outcome, secondary, not being able to access that information?

DR. STRAFFORD: Oh, I am sure that the providing physician would be the
culpable party and then there would be a hand wringing like I’m doing right now
under the table and anguishing, and I don’t know that that’s been tested, we
haven’t been to court yet on any allegations of unwanted outcome and produced a
paperless medical record yet, that will be in our future at some point I’m

DR. HARDING: And your back up is —

DR. STRAFFORD: We’d print it out.

DR. HARDING: You can print it out?

DR. STRAFFORD: Yes, we can print out my office notes ten years back. When I
bring the patient’s chart up on my computer at the office I can look back ten
years, all of her encounters in her chart. But that’s only a standard medical
record in a different format, what I want to do is I want to find out, in terms
of OB-GYN I want to know how many urinary tract infections has that lady had in
the last three years, is she now someone that I should refer to urology, I want
those patient management tools that I’m not, that I don’t have yet. But I think
the system has the capability of doing that.

DR. HARDING: Dr. Keaton, any comment on that?

DR. KEATON: I think what the bottom line comes, are we talking about being
able to bring up text records or are we trying to bring up discreet data
points. Text records are difficult to search but easy to read, requires my
brain power to figure out which ones I need. Discreet data points allow data
transmission, I mean in my perfect world when a patient would register the data
that’s known about that patient in my institution, in a regional registry, or a
national registry depending on the scope that you needed, would pre-populate
the chart that I open up. Even better for the ambulatory patient or the patient
whose in critical it would pre-populate a chart that would be opened in front
of the patient and they could themselves look at and say yes this is accurate,
no it’s not here’s where there’s an issue, I mean that to me would be perfect,
it would save a lot of the up front time and we can focus on what’s the true
problem now, that’s one part.

The second part that discreet data points gives you is a much easier time
doing surveillance. I’ll give you an example, you look at pharmacy surveillance
on anti-diarrheal and anti-nausea medicines, combine that with school absences,
combine that with emergency department presenting complaints or discharge
diagnosis consistent, combine that with the zip code of the patient who
presented to the emergency department with that complaint, drop over the top of
that a water district or sewer district overlay map and drop over that the
rainfall data. And you find out that in Washington, D.C., there was a sewer
line that was broken and there were a lot of people in the Rock Creek area that
were getting sick. That was done by the Washington Hospital Center who have the
biggest Microsoft database of patient data anywhere in the world but it’s
within a single hospital network. Those are the type of things that suddenly
become possible when you have the data and you do the surveillance.

MR. ROTHSTEIN: I have a question for each of you, first Dr. Strafford, have
any of your patients asked to have information about their health not kept in
the record or limitations placed on the disclosure of that information to
people who are asking for information from their record?

DR. STRAFFORD: The answer to both questions is yes. A further
clarification, we live in a small community, since it is widely known that the
entire medical record is secure in an electronic format, since that has been
known no patient has requested that I not put in her record that she’s having a
test, screen for HIV, whereas in the past the patient has said I don’t want
that in my record because I know it will end up in the record room and somebody
will read it. So actually that’s a benefit.

As to patients saying that they don’t want something in there my response
to the patient is I certainly understand, I will respect your request, why are
you asking or what is your concern. There is some obligation to put, I mean I
feel like I have an obligation to accurately document the patient’s medical
condition so I think you run a fine line on this. Dr. Harding in psychiatry
probably deals with this, our psychiatrists simply don’t have anything in the
patient’s medical record, it says patient was seen.

MR. ROTHSTEIN: And actually there are many state laws that make it unlawful
for you not to include all the information in the medical record. Yet if it
goes in and you get a third party request, let’s say an employer or a life
insurance company, whatever, and you send the whole thing there may be
information that has no relevance to what they’re considering the person for
and yet be very sensitive and we’re trying to wrestle with the idea of how do
we protect the medical uses but also protect the privacy from especially
non-medical uses.

DR. STRAFFORD: Mark, a year ago if a patient’s insurer asked for a copy of
a record and it said all patient care I would check with the patient and see
does she want all patient care or she just want her gynecologic record. Now I
don’t recall that we’ve had that request since we’ve been in a paperless system
but I’ll be very interested, I’ll ask when I go back and see how we handle that
because we could transmit the entire record, I think what we’re doing right now
is probably printing it off in paper and sending it to them but it brings up a
very interesting point because you could send, just with a push of a button you
could send all the lab, all the x-ray, everything.

MR. ROTHSTEIN: Right, and I think that’s one of the privacy concerns that
we heard from the consumers last time.

The question for Dr. Keaton is we hear you about your need for information
to treat patients in emergencies and I’m trying to also work through if there’s
a way that would satisfy your needs but also deal with the issues of patients
who want to not have everything accessible to everybody. So I have several,
three quick options for you and see what you think of these where emergency
department personnel, there’s sort of like an emergency override where you
would have access to a layer of information or a level of information that
would not be accessible to sort of the routine office visit. I assume that
would be okay with you.

DR. KEATON: That would be the break the glass approach.

MR. ROTHSTEIN: Right. Second would be where you have access to a CCR but
not the whole detailed information.

DR. KEATON: That would probably be best, I mean the CCR has the information
that I primarily need, I don’t want ten years worth of office notices.

MR. ROTHSTEIN: Exactly, or 30 year old information that has no relevance.
And I suppose the least desirable but, well, I don’t want to categorize it,
records available to you with a flag if there’s something that has been deleted
by the patient, a notation that there’s some sensitive information that is not

DR. KEATON: I would agree, I think it’s important that we know that a
record is not complete. The other place that that falls in is if we’re using a
federated model like has been proposed for the NHII and one or more of the data
sources that are known to exist are offline for some reason, I need to be
notified that I’m not getting a complete record, for whatever reason.

MR. ROTHSTEIN: Thank you, that’s helpful. Dr. Tang had a question.

DR. TANG: Brian you made an interesting comment about how HIPAA was working
fine for you and the additional phrase was that partly because of the emergency
exception. So outside of the infrequent case where there’s a patient who is not
able to provide the consent needed how have you taken advantageous of the
emergency exclusions of HIPAA in order to render your care?

DR. KEATON: Personally I probably haven’t. As a part of a system working
with the public health folks and syndromic surveillance and some of the other
stuff that we’ve done there are a number of ways that data is looked at that
probably would not pass the test if it was being looked at from a pure research
standpoint, if it was being looked at from a number of different ways. There’s
a lot of data that floats through in the name of security and in the name of
public health that needs to be looked at but wouldn’t necessarily be available
without those exceptions.

DR. TANG: But those are more public health I think.

DR. KEATON: But we are the front end of public health, I mean most of that
data comes from my department.

MR. ROTHSTEIN: Any other questions for this panel? Maya?

MS. BERNSTEIN: I just wanted to clarify something that Dr. Keaton said in
his testimony, yesterday we heard testimony from I can’t remember exactly who
it was that physicians generally never assume that the data that they have in
the record is complete or that the labs are accurate and so forth, that they
really have to, and not being a health care provider, that they really have to
take their own history where possible and do their own labs and they do them
over every time just to make sure that the current ones are accurate no matter
what it says in the records. But you sort of testified that unless the document
that you would have from the electronic record has a notation or that somehow
you’re notified that the record is not complete or not accurate that you’re
going to assume that it is complete. Is there something about a change in
practice or something about the electronic record that makes that different
then what we heard yesterday or am I just —

DR. KEATON: At some point you have to assume a point of truth, at some
point you have to take those individual frames of the movie and put them
together into a continuous action. The better and the more numbers of points
that you have in there the better you’re able to put those frames together and
see a clear picture. The concern that is raised when you know that there’s data
missing is that raises your awareness as to the possibility that what you’re
seeing isn’t really true. It raises my concerns even greater when I know that
that data is not there because a patient refuses to allow it to be there. The
most common occurrence in my department is that patient is drug seeking, that
patient is involved in whether you want to call it shopping or other
activities, that patient is in my department because they were thrown out of
the emergency department across the street because they had punched out a
nurse, I mean there’s a lot of things where suddenly when somebody says no you
can’t get my medical records it kind of raises your awareness that you need to
look further, you need to at least take what you’re told with a grain of salt.

MR. ROTHSTEIN: Well, I want to thank both of you for your testimony, I
think its been very helpful to us. I think the witnesses that we heard from
both days were exceptional and so I want to thank mostly in abstentia the
witnesses who testified this morning and yesterday, it’s been very, very
informative and I want to thank Maya for her great work in helping to line up
the panels over the last two days and Kathleen Fyffe —

MS. BERNSTEIN: Michelle Williamson as well.

MR. ROTHSTEIN: Michelle as well, and I want to thank —

MS. BERNSTEIN: Mary Jo Deering, I mean there’s a group of staff that helped
me because this was my first hearing as lead staff —

MR. ROTHSTEIN: — thank the staff for excellent logistical support and we
are adjourned.

[Whereupon at 2:55 p.m. the meeting was adjourned.]