[This Transcript is Unedited]



“Personal Health Records”

May 20, 2009

Hubert H. Humphrey Building
Room 800
200 Independent Ave, SW
Washington, DC 20201

Proceedings by:
CASET Associates, Ltd.
Fairfax, Virginia 22030
(703) 352-0091



Agenda Item: Introductions and Opening Remarks

MR. HOUSTON: Why don’t we plan on getting started here. I know that Harry
and Paul aren’t here yet, but hopefully by the time we get through the
introductions and things they will be. Let me just kick this off.

My name is John Houston. I am the vice president responsible for privacy and
security at the University of Pittsburgh Medical School. I along with Dr.
Leslie Francis who will introduce herself are the co-chairs of the Subcommittee
on Privacy, Confidentiality & Security of NCVHS. NCVHS is a federal
advisory committee consisting of private citizens that make recommendations to
the Secretary of HHS on matters of health information policy.

On behalf of the subcommittee and staff I want to welcome you to today’s
hearing on Privacy and Confidentiality and Security of Personal Health Records.
We will begin with introductions of the subcommittee staff, witnesses, and
guests. Subcommittee members should disclose any conflicts of interest. Others
do not need to do so. I will offer that I have no conflicts of interest. Turn
the microphone on when you are going to speak. There is a button to do that.

DR. FRANCIS: I am Leslie Francis. As John mentioned, I am co-chair of this
subcommittee and I am in the philosophy department and the law school at the
University of Utah and I have no conflicts.

MS. BERNSTEIN: Good morning. I am Maya Bernstein. I am the privacy advocacy
of the department. I work in the Office of the Assistant Secretary for Planning
and Evaluation and I am lead staff to this subcommittee.

MR. REYNOLDS: Harry Reynolds, Blue Cross and Blue Shield of North Carolina.
I am a member of the subcommittee and no conflicts.

MS. MILAM: Sallie Milam with the West Virginia Healthcare Authority and the
West Virginia Health Information Network. We are a NIN-2 contractor.

MS. KHAN: Hetty Khan. I work for the CDC’s National Center for Health
Statistics and I am staff to the subcommittee.

MR. COFFIELD: I am Bob Coffield. I am a healthcare attorney from Charleston,
West Virginia with a law firm of Flaherty, Sensabaugh & Bonasso.

MS. SARASOHN-KAHN: Jane Sarasohn-Kahn with THINK-Health in suburban

MR. WEITZNER: Danny Weitzner, computer science and artificial intelligence
lab, MIT.

MS. MCANDREW: Sue McAndrew. I am the deputy director of health information
privacy in the Office for Civil Rights and I am the privacy liaison to the

MS. GREENBERG: Good morning. I am Marjorie Greenberg from the National
Center for Health Statistics CDC and executive secretary to the committee.

DR. SUAREZ: Good morning. I am Walter Suarez for Institute of HIPAA/HIT
Education and Research. I am a member of the subcommittee and no conflict.

DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the committee,
no conflict.

(Introductions around the room)

PARTICIPANT: Can we have callers introduce yourselves please?

MS. HORLICK: Gail Horlick, CDC in Atlanta, staff to the subcommittee.

MR. HOUSTON: I guess that is it.

PARTICIPANT: Is there someone else on the phone?

(No response)

MR. HOUSTON: Thank you very much and welcome everybody. I want to open these
hearings by giving a brief introduction background on the purpose of the
hearings. I think as you are all aware this is being put on improving the
quality of care while controlling healthcare costs. Part of these reductions
are hoped to occur through the adoption of electronic health records systems
and the efficiencies that come from their use. Along with the adoption of
electronic health record systems there is a significant interest in the
deployment of personal health records systems. Hopes for PHRs include better
managing, chronic disease, and greater patient participation by the patient and
their care.

At the present these personal health record systems come in a variety of
forms. We anticipate more forms in the future including greater integration of
PHRs with EHRs, but right now PHRs include PHRs that are tethered to
provider-based EHRs. PHRs that are tethered to pair-based claim systems,
free-standing PHRs, which may be hosted by such entities as Google, Dossia,
Microsoft and others, and general use PHRs and PHRs that are tailored toward
chronic disease management.

But it is likely that there will be significant change in consumer facing
health IT over the next 5 to 10 years and these changes will continue to raise
important issues of privacy and security. These hearings are intended to
explore the privacy, confidentiality, and security requirements of PHRs in
consumer facing health IT today and in the future.

We will start by hearing from a panel of futurists. We hope that this panel
will be able to allow us to better understand what the health IT landscape will
be in the next 5 to 10 years particularly as it applies to consumer facing use.
The next three panels will speak to various kinds of PHRs and the privacy and
security issues that they have encountered. The fifth panel will discuss
privacy related to federal PHR demonstration projects while the final panel
will be comprised of consumer advocates.

This afternoon from 3:15 to 3:45, members of the public may testify for up
to five minutes on issues related to the topics of today’s hearing. There will
be no public testimony tomorrow. If you want to testify please sign up at the
registration table in the rear. Invited witnesses have been asked to limit
their remarks to five minutes. After witnesses on each panel have testified, we
should have ample time for questions and discussion. Witnesses may submit
additional written testimony to Marietta Squire within two weeks of the

At this time if anyone has their cell phone in the on position or any other
electronic device that would interfere with navigation or hearing, please turn
it off or turn it to vibrate.

Additionally we will be broadcasting by the Internet today so welcome to
those who are listening on the Internet. We are also being recorded and we are
being sent by telephone to people who are calling in. I would ask you to please
speak clearly and at a level that you could be heard. Speak in the microphone.

With that I guess Mr. Coffield will go first if you want to.

Agenda Item: Panel I – What Will Consumer-Facing
Health IT Look Like in 5 or 10 Years?

MR. COFFIELD: I want to thank the co-chairs and the committee and the staff
for inviting me along with I think the other panelists to come talk to you
today on what I view as the future of PHRs and the future of consumer driven

I have provided you with my written comments and I want to give a little
summary of what those comments are and take you on a little tour. When I saw
the agenda that I was going to first instead of putting on my lawyer hat and
taking to you about a lot of legal issues, I thought I would take you on a
historical tour and I am a true believe in the adage of history repeats itself.
I am also a believer that personal stories are a wonderful way to convey

What I tried to do is to put into perspective my view on where we sit right
now with regard PHRs. We need to look at the past. We need to look at currently
where we are so that we can determine where we are going to go. What I tried to
do in my written comments is outline for you a story or tell you a story, and a
comparison with the transportation system in the United States. What I wrote
about is talking about the early days of the railway system in the 1800s and
where the railway system started and created a transportation system for the
United States that grew throughout the 1800s.

With that transportation system we then saw in the early 1900s a significant
change with a young engineer by the name of Henry Ford, who came along in 1908
and created the Model T. That Model T became a game changer at that time and
became a new vehicle for personal transportation in the United States. I draw
the analogy between that Model T and where I think we sit with health
information currently.

Health information technology as we look at it historically we go from the
standpoint of the early days of documentation, medical record documentation
leading up through let’s say the 50’s or 60’s. Little documentation was done.
There was no legal reason to document records and that was something new over
the last 30 years. We saw in the 1970s really the first addition of the
electronic health record and really the first mention of PHRs that I am aware
of one of the early mentions of it was through the NCVHS in 2001.

With that background we now are leading up and over the last year or so we
now have seen over the last year really the continued growth of PHRs and the
interest of PHRs.

The other story I want to share with you is a personal story. It is a story
about that same Model T that occurred. I wrote about this in the context of my
own family from West Virginia, who came to West Virginia in the 1700s. For
approximately 150 years they lived there in the hills of West Virginia in the
Northern part near Pittsburgh where John is from, and there was little change.
My great grandfather had two children, both boys, who then went on – they
were teens in the 1890s and with the change in the industrial revolution one
went on to law school and one at that point taught for a few years, went to
undergraduate, taught for a few years, and then went to Cincinnati to medical
school. He came back to practice and starting his practice in 1911 that led up
through 1936. When he started in 1911, he started as a rural medical provider
making house calls by horse and we actually still have his saddlebag that he
used at that stage.

In 1915, a huge change came about. He decided to take a trip to Pittsburgh
and he got on his horse, rode it to Wheeling, he got on the train, and went to
Pittsburgh and went and bought a Model T at that point. He had driven one. They
gave him lessons around the parking lot and sent his on his way. He drove back
into the hills of West Virginia and his life forever changed.

I draw some comparisons between my grandfather and Dave deBronkart, who I
think you have on your agenda for next month, and I think Dave’s experience
with PHRs there are a lot of comparisons and similarities that can be drawn
between those. Both of them were given a new personal device, didn’t know how
to drive it. There were a lot of problems. There were no roads to drive on.
There were no repair shops to fix it so you had to fix it yourself. Both of
those individuals it changed the way and the future.

In closing my remarks I just want to say where I think we are and I will put
forward this in the PHR world right now as we are at the Model T stage and if
we look at the golden era of the automobile over the next 30 to 40 years that
occurred after the early 1900s, that is where this committee needs to focus its
attention and envision what the future may hold. With that I will go ahead and
turn it over to Jane.

MS. SARASOHN-KAHN: Can I ask you to drive my slides for me? As Bob gets my
slides up you have access to a paper PowerPoint and the one I am going to show
you has one addition to it and it is now on the hard drive here so you can get
access to the new deck. I am very thankful that you invited me to share my
perspective, as Bob echoed earlier with his perspective. I want to focus on the
P in personal health records today that is the patient, the person, and privacy
of course. My objective is to provide some context around that P as we think
about privacy in PHRs in the next day and a half and then as you ponder more in

In December 2006, some of you saw this Time Magazine cover ushering in the
person of the year which is you. That’s me too. This represented the focus on
the individual as a project manager of our own lives empowered by information.

Being born in Detroit I often refer to the songs of Aretha Franklin. So if I
were to play a song at this juncture of this talk it would be her song with
Annie Lennox that when sisters are doing it for themselves and in fact sisters
and brothers are doing it for themselves in healthcare as we see the healthcare
world morphing toward DIY, doing it yourself as people are DIYing it and other
aspects of our lives. To engage in a DIY world in health there are enablers
that help people do that. We need to lubricate markets. I am a health
economist. That is my lens here so to lubricate this market of DIY health we
need transparency and information and that leads to knowledge and empowerment.

There are signposts that we all see. You might not realize that you are
seeing them but they are out there telling us we are on this journey to DIY and
health already. In this recession retailers especially grocers are seeing
increase sales of vitamins, minerals, and supplements along with by the way
canning supplies so people can buy big things and shrink them down and save
them when they are cheap and wine. You can decide for yourself whether the wine
purchasers are related to health and lack of sleep and depression. That is up
to you. But wine, vitamin, minerals, supplements, canning supplies are the
three fastest growing items in grocery stores in the last two quarters, late
2008 first quarter 2009.

The role of the Internet in health DIY is here. You know this. You will hear
from Jamie Heywood in a little while from PatientsLikeMe. He will share his
insights as one of the most trusted portals in health DIY on the planet.

I am going to be using the phrase health citizen throughout my remarks as
code for what some of you call a patient, some of you call a health consumer,
or a caregiver. I adopted this phrase health citizen several years ago when I
worked on a project in the European community with Jean Claude Healey not
Kealey but Healey. Jean Claude Healey was an eHealth pioneer in Europe and he
used the word health citizen many years ago and I adopted it then and I know
Microsoft often uses the phrase health citizen. I think it works with what I am
talking about here.

Most Americans are being cajoled and incentivized, nudged, pushed, sometimes
forced into the role of being a health citizen, a health consumer today through
health plan designs, increase copays, the loss of jobs and insurance, and the
search for value in healthcare as our out-of-pocket costs increase and to that
point my blog this morning on Health Populi talks about the new Milliman
Medical Index that came out yesterday saying that for 2009 the cost for a
family of four in a PPO in the US in health in $16,771, 59 percent of which is
shouldered by the employer, 41 percent paid out of pocket by the employee in
premium and copays. That is about $9,000 to $10,000 for the average American
family of four going into a PPO this year Milliman says.

A number of us who are active at this intersection of the Internet and
health have adopted the term participatory health or participatory medicine and
we call out this phenomenon of people engaged and activated with their own
health. People engaging in participatory health look for tools and information
on and off line. Online increasingly helps citizens are using Web 2.0 tools,
logs, Wiki, social networks, shared videos.

As a health economist I will put out that during the current recession more
people are increasingly looking for these tools to help themselves. Survey data
from Kaiser Family Foundation, Spectrum and other sources point out that in the
first quarter of 2009 a growing cohort of Americans are postponing visits to
physicians and not filling prescriptions due to cost. Furthermore people are
looking for more home remedies using the over-the-counter drugs and other DIY
solutions to personal health problems and they are looking for sources they can
trust to help them manage their health. As I showed Bob earlier today in my
mailbox yesterday was the latest issue of Howard Business Review, half of which
is about trust. I feel like Ross Perot. Trust is a new and important currency
in health. It always was but it is now more than ever in this era of
participatory health.

In 2005, Edelman, the global communications firm who is a client of mine,
surveyed citizens the world over to find that the level, citizen’s level of
trust with institutions, governments, corporations was receding and there was
one cohort that was increasing in trust and it was people like me. They titled
that study Trust Media. That was 2005. That was a real shift in consumers and
this was global, America and overseas. People trusting people like me more than

We looked earlier this year at Deloitte’s survey. They are my old employer
before I started my business. Deloitte’s survey healthcare consumers. This was
the second year they did this and they segmented the health citizen marketed
six ways. The one that will point to for today’s purposes is the online and on
board. It is about 22 percent of Americans so one in five is online, engaged,
activated, the most activated cohort of the six here, but important there are
two others that I banded here that I believe are also more engaged than others
as well. At least half of Americans are very much engaged in some way in their
health. I know I am going fast because of limited time but you have the slides.

Here is the new slide you don’t have. The point here is that 9 percent of
Americans Deloitte found are using some PHR. We don’t know what kind. We don’t
know if it is tethered, untethered, if it is Microsoft, Google, Dossia,
whatever, nine percent of Americans about. A lot of that I think is driven by
Kaiser Permanente’s heavy use of personal health records, et cetera.

And then the next slide just the only number I want you to look at on here
because it’s busy is the last one and that is the 37 percent of Americans
Deloitte found are looking for online tools to manage health not just
information online, but tools online.

It is this next slide that is the new one and it is new because the study
only came to me on Tuesday. It is actually a study published in the June or
that will be published in the June issue of the Journal of General Internal
Medicine. It was a study based on eight focus groups and four US metropolitan
areas. You might say well eight focus groups, what good is that? This is an
indicator and I think it is an important one. The title of the report is very
interesting. They said, “I want the computer to know who I am.” That
is a quote from one of the participants in a focus group in Boston. The point
here is that a lot of citizens don’t understand why on a screen that looks like
say your Google screen where you have your weather and your money and your
this, and your that, whatever you want. Why can’t I get that in health right
now? Why can’t I see my labs, my blood pressure trends, whatever? You might
find that if you are a patient like me and saving a personal health record, but
in the main these were main street Americans from all socioeconomic strata
across the two genders and income and most people want to be able to see the
computer serving me, my personal information. So that is a really neat study
and I blogged about it yesterday if you want to read it on Health Populi. I’m
not trying to sell you Health Populi. I did write about it yesterday.

This is part of a key point from the Edelman health engagement barometer
that came out in October and the key point here is the top one. In the blue
area showing that the most important trusted source or touch point for my
health engagement going forward people say is conversations with my doctor not
a lecture from my doctor, not a prescription from my doctor, conversations with
my doctor becoming increasingly important as I health engage as an individual.

The sources that are going to be less important to people are those green
bars going to the left. Traditional media like TV advertising, drug-branded
websites, et cetera. Remember here I am all about trust. Where do people trust?
They trust these conversations, the back and forth with my doctor, and on the
next slide you will see how this works.

Most people when they get information from their doctor will go home and
validate on the Internet and then if people find information on the Internet,
most of them go to their doctor and validate it with their doctor and we call
in the health engagement barometer the new second opinion because this is what
most people do. This isn’t just the health engaged. This is what people do in
real life.

We are going to skip this one for time. Just another data point that
bolsters the fact that people trust their providers especially doctors. In the
BBC America Harris Poll that was done in March most people said I trust health
provider’s number one, as a data steward for my health information not my email
provider, not banks and brokerage companies, health providers. I think that is
kind of interesting to keep in mind as you look to the future of PHRs and in
general just electronic health information.

Now let’s drive down to health records and privacy. In the December 2007
Wall Street Harris Poll, which focused on physicians and just electronic health
information, Americans wanted access to EHRs but they are continuing to wrestle
with privacy and security. People are starting to identify benefits of
electronic health information and at the same time recognize there are security
and privacy issues around them. So there continues to be value and recognition
of risks here and these are the things that have to be balanced.

This is another survey some of you probably heard this in drive time either
morning or afternoon if you listen to NPR last month. They did a survey and
asked people about electronic health records and how you felt about them in
terms of security and NPR found that three in four Americans thought it would
be likely that an unauthorized person would have access to an electronic
medical record. Just matter of fact it would happen. It is likely that that
would happen. So people are really starting to think about these things. From
that same survey then the circle chart following that data point a majority of
Americans are not confident in the confidentiality of electronic health

Finally, from a Harris Poll taken in July last year, you can tell I’m a data
junkie, about one half of Americans believe a computerized health record would
be much more likely lost or stolen versus a paper record. That is the
perception of Americans. We have to look at this and understand we are painting
a picture and how of what people perceive.

So in summary, let me just tell you what I just told you and what I want you
to think about in this issue of PHRs and privacy. First, we have entered
already a new era of participatory health where people are project managing
their health more and more and I believe the recession is driving more and more
people to do this as they are opting out of seeing physicians, following up
with lab tests that are recommended, et cetera, people taking things into their
own hands. Americans are driven by trust in these health journeys as I talked
about with physicians and with people like me, patients like me.

My bottom line here is I have done a lot of work with HIPAA when HIPAA first
came in HIPAA with IT companies and educating providers about it. I don’t
believe HIPAA as it is right now is the solution to slap on PHRs. I think this
is a new era where we are looking at participatory health and in participatory
people are looking for control and empowerment. People who engage in
participatory health based on some of this research and research that I have
had access to with other client work people want to control who can access
PHRs, the PHR, and what level of granularity they choose to share from that
PHR. There are already too many areas in health where people are not empowered
and don’t feel empowered. This is a place we can be proactive and ensure people
do have power control and empowerment with PHRs. Thank you for giving me this
opportunity and I am looking forward to dialoguing with you the rest of the

MR. WEITZNER: Good morning. My name is Danny Weitzner. Thanks very much to
the committee and the staff for inviting me. I teach computer science and law
at MIT. I run the decentralized information group there. Our research is
focused on advanced web technology and public policy issues related to those
new technologies. I should just say by way of background that I had the
privilege of speaking with some of you during my role in the Obama transition
effort. What I have to say here has absolutely nothing to do with that and is
in no way official whatsoever. I should also say that I am decidedly not a
futurist and I would never claim that title except maybe at some point in the
future when everything I say ends up having been accurate.

I want to just say that the remarks that I want to make are based on both
the technical research and the public policy activities I have been involved
with over the years in the design and deployment and regulation are very
large-scale information systems such as the Internet and the web. I think you
all know well that probably the most striking thing about the overall health
information technology challenge we face is that we are talking about an effort
that seeks to instrument roughly 20 percent of our economy. I think it is fair
to say that we are at the Model T. Maybe it is the Model A. I suppose I think
of where we are in this process as a sort of a phase two effort.

I think you are all aware far better than I, of the history beginning
2004/2005 in which the previous administration I think set a series of goals
that were important ones but they were goals that were largely based on
software deployment, metrics, technology, design, goals. I think that the phase
that we are in now, which we might call phase two or maybe it is seven or
eight, I don’t know, but the next phase. I would characterize as one that is
much more focused on health quality outcomes, on health policy outcomes, and
our expectations of information systems I think are really changing and focused
I think appropriately on health outcomes.

I want to talk with you about what I think are the implications of this
period of flux and of the fact that I think we have I think it’s hoped at least
a very substantial reorientation in the public policy communities interaction
with the development of health information technology.

I want to highlight what I think are three important dynamics in this
current phase of health information technology policy efforts and talk about
what I think are the implications for privacy and security considerations in

Number one. I think that the last couple of years have been focused — the
design efforts I think have been focused at a decidedly national effort. The
goal has been to develop a national health information network, to develop
nationwide standards, nationwide interchange of data. I think we are seeing
somewhat of a reorientation towards local efforts. What we have seen is that
overall progress in EMR deployment in particular has been slow. I don’t think
that is necessarily anyone’s fault or a result of any grand error, but it has
been slow and in the context of that slowness we have nevertheless seen very
successful local experiments with health information technology deployments.

You are all aware of the efforts in New York City and in Eastern
Massachusetts, Tennessee, Indiana, and a couple other areas around the country
where what we see a particular kind of focus of what I think is a more holistic
focus on how to use health information effectively and build systems both
technical systems and also practice management processes, local environments in
which we can actually leverage health information principally at the primary
care provider level and the local level to improve health quality.

What I think you see reflected then in the high-tech act in the health
information technology component of the recovery act passed earlier this year
is an effort to encourage more experimentation like that to learn more from
those local experiments and to propagate those experiments. I think this
presents a particularly compelling opportunity for those of us who are
concerned about privacy and security issues in the broad range of health
information technology, PHRs, and otherwise. I think the opportunity is to get
involved to roll up our sleeves as it were in some of these experiments that as
you know now under the high-tech act are able to be funded at an expanded level
by the ONC in order specifically to develop HIT solutions broadly that meet
health policy goals, that meet the soon to be announced hopefully meaningful
use requirements. I think as part of that development there is as I said a real
opportunity to make sure that privacy and security considerations are addressed
practically and tangibly so that as those models are developed around the
country they can be propagated.

The whole goals of the regional health information technology extension
centers that are funded under the recovery act is to develop models and
certainly privacy and security ought to be part of that development exercise. I
don’t think this will happen automatically. I don’t think it will happen
frankly by pronouncing privacy and security goals from here in Washington. I
think it will happen by – that is important but it’s not efficient. I
think it will happen when we have people with privacy and security expertise
involved in those experiments and actually building them into both technology
and business practices that are developed there.

Secondly, I think that this is more an aspiration than a description or a
prediction. I think that we are going to see a gradual shift in the way the
technical standards and certification processes are viewed in the evolving
health information environment. I think that again with the priority on
developing health information technology that meets health policy goals we will
see I think somewhat of a loosening of a single nationwide design for all
health information technology for all the EMRs and we will see a real diversity
of system designs based on a much more lightweight set of common standards. I
think this poses a particular challenge for privacy and security as systems
become more decentralized, as designs become more diverse. We are not going to
be able to just pick technological silver bullets to solve privacy and security
problems. We are not going to be able to just say here use this technology, use
it everywhere, and that will carry our public policy goals with it. I think we
are going to have to learn to articulate privacy and security goals much more
in functional terms in much more generic terms. That is not in any way to say
that we should reduce our expectations of privacy and security, but I think the
hope that we can carry all of our security goals, for example, through a
particular smart card technology that everyone around the country is going to
use. If it was ever true it certainly no longer true.

Finally, as I suggested and as you well know the entire emphasis, well I
don’t want to say the entire, a significant part of the public policy goals are
articulated in the recovery act with respect to health information technology
are centered around assuring that the HIT that is deployed and is funded
federally or at state levels meet these is yet to be defined meaningful use
requirements. I think that that process is going to have an important
connection over time to the overall health policy reform efforts. I think what
is now more or less an article of faith and what I think you have already heard
testimony about as a full committee, is that the gaps that we have in health
information technology deployment and EMR deployment are really not gaps driven
by any particular technical problem or by any failure to find the magic EMR or
PHR or any other kind of system design.

The gaps that we see, the slow deployment that we see as any number of
observers have pointed out. Markle Foundation I think you are hearing from them
later work at the Center for American Progress, any number of other observers
have pointed out that we are not seeing strong health information technology
deployment because the healthcare system does not have the financial incentives
to actually use health information towards either quality or cost results.

What we will see I think, is an increasingly tight relationship between the
developments of health information technology and overall health policy reform
discussions. Health information technology won’t succeed, won’t be widely
deployed, and frankly won’t be very useful without payment reform. This is not
controversial. This is obvious but I think to people who look at it – it
wasn’t to me but it was explained to me – but I think that again poses a set of
privacy and security challenges because the priority really is going to be on
looking in greater and greater detail at the personal health information in
these systems. We are going to want to know a lot not, just at a gross
aggregated level but at a much more detailed level about how the various parts
of the healthcare system are performing. That is going to put pressure from a
privacy perspective on the way these systems are designed. I think as much
attention as privacy got as the first title in the High Tech Act I think the
hard part is yet to come because of the extreme demands that are going to be
placed on this information for reforming the healthcare system overall.

With that I thank you all and look forward to the discussion.

MR. HOUSTON: Thank you all very much. I think it is an excellent testimony.
Next part of this is going to be the NCVHS subcommittee asking questions. I
will start off with a question I have, again, looking forward, I think one of
my biggest concerns relates to the management and control of patient
information and obviously a strong reoccurring theme is data integration.
Everybody sees all data coming together. Today we have islands of information
and each provider typically trusts its information and decisions that are made
by provider are typically based on information that is within its control. In
five to ten to 10 years, how integrated is patient information and who are the
custodians or who is the custodian? I don’t even know. Maybe it is an is or an
are. I think maybe is one is maybe many. It seems like the more I read about
the testimony about where PHRs are going it seems to me the reoccurring theme
is what is the source of truth, who owns the data, who controls the data, how
integrated is it? I would open that up as a sort of an initial question.

MR. COFFIELD: I talk a little bit about and I will put on my lawyer hat now
and talk a little bit about ownership issues. Traditionally the records are
owned by the provider and I view those as a bundle of rights. There are patient
rights in there. There are other payor rights that come together.

One question I have I think leading forward is whether we are going to see a
shift from provider-owned records to consumer-owned records and whether or not
either the government or other factors will play into helping that shift occur,
whether it should occur, and whether the patient now becomes the hub of that
data rather than distinct providers who are siloing data who are in large part,
competitive in a lot of ways. We are trying to build currently a system of
linking up all of those unique siloed information and we may see a shift over
the coming years to a model where I as the patient center my data and it
travels with me and I provide access to provider. I provide access to payor and
those sorts of things.

MR. HOUSTON: As an attorney myself, can I ask one follow up question? One of
the things I guess that concerns me is if I am a provider and I make a medical
decision based upon data that is within my control or at least I have access
to. If that data is no longer – if I no longer have access to it or
control of it, isn’t there an inherent risk to somebody coming back –

MR. COFFIELD: I think that risk is there now. Most providers trust their own
records. They don’t necessarily trust other providers. They may trust another
physician that they know but there are physicians that I know will say I don’t
trust this physician so I am going to redo everything that has been done. I
think that exists within the current system on top of that. I don’t think that
data is all available currently and we have distinct separate data that is not
necessarily accurate across the many siloed pieces that are out there once we
bring that all together.

MS. SARASOHN-KAHN: Can I follow that up? So we know that to be true from the
e-Patient Dave, Dave deBronkart experience, where claims data was brought into
his personal health record and there was some stuff that was really wrong and
not at all corresponding to what he was dealing with in his own situation. But
if you look at the 10-year period, which is what you posed, there is another
source of data that will be very real and in the consumer’s hands. I can
download stuff already on my iPhone and I have health medical applications on
my iPhone now. There are hundreds of medical applications. At the iTune store
the people are already using for tracking blood pressure, glucose monitoring,
et cetera.

There is other health data that is important in managing chronic conditions
and that data has to do with how many steps did I take today, if I am doing
diabesity, metabolic syndrome management. What did I eat today? What is in my
grocery cart? Grocery stores have a lot of great data on nutrition and health
that we need consumers to have access to so they understand that a portion
isn’t a portion the way they eat. We will have nutrition, exercise data. We
will have body sensor data that is populating personal health records.

And to Bob’s point, I think increasingly so much of that data will be
generated and born and housed in consumer records, which complicates this
situation and I think bolsters Bob’s argument for more consumer triage of a
control of health information.

MR. WEITZNER: I guess I don’t really think there is a categorical answer to
this question. I would sort of add to the ownership perspective, which is
clearly one of the dynamics here. What I think is kind of the reliance
perspective. Who depends on any given piece of data to be accurate and
reliable? I think you look at the experience of the web and what you see or any
large information system, data quality is a dynamic process. If you don’t
depend on the data, if you don’t use the data, it rots. We don’t have a feeling
of trust in it and we probably shouldn’t trust it.

I think that the ownership questions are important for dispute resolution,
but I don’t think tell us very much about reliance or reliability. I think we
will learn about reliability or we can affect reliability by being very clear
about who has responsibility and who needs to be dependent. I don’t think there
is any free lunch when it comes to data quality. Ultimately someone has to
invest effort in maintaining data quality. Obviously providers have a real
incentive to do that for both ethical and legal reasons.

Obviously there are cases where users will have an incentive to do it and
will in some cases do it and third parties can contribute to data quality as
well but they don’t do that for free either whether it is going to be add
supported or supported by payors who decide that it is actually good to invest
in data quality, but again they won’t do that unless we have payment reform in
the healthcare system. I think all these questions really come back to who has
the incentive and the ability to create quality data and rely on it. I tend to
think of the ownership questions as falling out of that process sort of at the
back end. We need to understand what they are but we don’t fix this problem by
defining ownership in my opinion.

DR. FRANCIS: If you think about a kind of general way you are describing
things and the direction in which they are likely to be going, your suggestion,
Daniel, was that the place of control where we are going to try to get the best
quality and completeness of data is going to start at the local system level
not at the national level. In some respects I took Jane to be saying it is at
the individual because at least in the very last thing that you said about
HIPAA is not going to do it. We need to put it in the hands of the individual.
As we think about the balance between accurate and complete data and trust and
control if you want to kind of put it that way, as I understand it what we then
need to be thinking about is how do we make sure we have good privacy and
security thoughts at the individual control level and at the local system level
that those are the two touch points within a kind of a vanilla national
framework or something like that. I want to know if I got that essentially
right and if so what you think those ought to be looking like if you could talk
to us about. Our ultimate goal here is to think about what kinds of
recommendations as these data flows develop would be appropriate about security
and privacy. I take Bob to be more on the same side as Jane. I’m not sure about
that where you see the locus of control and what you think it ought to be
looking like and what that says about privacy and security.

MR. WEITZNER: I think there is an important relationship between trust in
the quality or reliability of information and trust in one’s privacy rights
with respect to that information. I think one of the really interesting
developments in the high-tech act is this new right of access to audit
information. Bob and I were talking about this before. I don’t know where that
came from and I don’t know what was intended by it, but I think it actually
creates the opportunity to create a more dynamic sense of trust in compliance
with whatever the privacy rules are. I have had Jane’s survey data on lack of
trust really in essentially any health information technology systems whether
it was PHRs or EHRs or anything else. I found that really striking and I think
that we might explain that lack of trust by the fact that people have no basis
for understanding whether there is anyone or anything that is actually
monitoring compliance with these privacy rules and that in fact people probably
didn’t know what their rights or what the rules are.

I think that if we want to increase the sense of trust that I think will by
definition occur at a local level because that is where people interact with
the information and interact with the rules. I think we have to look to a more
dynamic process by which people are able, for example, to look at who has seen
their records and whether those access events were consistent with some set of
rules or not. I have always taken a very important lesson from one of the
pioneers in human computer action field.

Ben Schneiderman who describes user interface design principles, and one of
his principles is if you can’t see it, you won’t use it. That is you think
about the way you use your computer systems. If there is a function there and
it is not visible to you either on the screen or somewhere close by, you are
not going to use and I think we really ought to apply that principle to these
general questions of trust in the information quality and trust in privacy
compliance. People have to see that it is happening otherwise I think rightly
continue to feel an absence of trust and security.

MS. SARASOHN-KAHN: Everything he said and I would like you to think about
this word local for a minute when it comes to health expertise and where people
find health information and tools because in that 10-year period we are going
to see more and more people looking outside of the physical locus to a patient
like me in Switzerland who is giving me advice, a doctor. I mean think of
Farrah Fawcett. Hopefully she is doing well. She consulted with a doctor in
Germany for many months and gallops that came out last month said 24 percent of
people because of cost are now considering going overseas for cancer treatment,
24 percent. This was three weeks ago this poll was taken. So the idea of local
is what is local to me? What is my locus of my -– what is my healthcare

So I would think about all those folks as being again centered -– we
are talking about patient centric healthcare, health citizens centric. So as we
think about these controls, I am with Daniel 100 percent on it if I can see it,
and I can audit it. It’s real.

Since HIPAA came into the market people sign those forms and they don’t
understand what is on there and that is a fact. I’m talking in the main,
probably 80 percent of people. I don’t have the statistics. You go to see your
doc, you want the service, and you sign the form. You are in and out. There is
an attention deficit problem when it comes to understanding health plan
literacy. We know people don’t know how to use health plans who are blessed to
be insured. There is health literacy, health plan literacy, but the concept of
the fact that local is with local to the consumer, and so ensure all those
touch points are part of whatever policy is developed. I think that’s a good

MR. COFFIELD: I will just add. I like the concept local is global. The new
local is global. What was local years ago and what it is now, are totally
different things.

The other thing that I will follow up on is the right to audit and the right
to receive as you and I as a patient to obtain an audit of our records whose
access those records. That has been in place since 2000 under HIPAA as a
patient-consumer right. It is interesting that over that time period, and I
have talked with some other people that do a lot of HIPAA privacy work,
lawyers, we rarely see requests from patients to obtain an accounting of their
disclosures. It is just very uncommon. Whether that engagement is going to
occur and one of the big questions I have with PHR is how is the consumer going
to be engaged and whether or not the provider is going to use this new process,
this new procedure to improve patient care, to improve patient communication. I
think those are a couple of additional points that I make.

DR. SUAREZ: Thank you for the testimony. A couple of comments on the
accounting of the disclosure point. I think part of the issue with that is that
when people started asking for accounting of the disclosure they found out
their accounting wasn’t the one that they were looking for. I wanted to know if
my provider disclosed this to my health plan not if my provider disclosed to a
public health agency for research purposes or some of those things. The account
of disclosure is only a fraction of .1 percent of 100 percent of the
disclosures, but now with the new high tech and requirements for accounting for
all of these disclosures to health record is going to be good.

John mentioned his big issue was management and control. My big issue is
granularity and complexity. Granularity and complexity in the context of the
ability of consumers to control several factors about the disclosure of their
health information. Who discloses the information? What information is
disclosed? To whom that information is disclosed? For what purpose? For how
long? All those factors have created a growing expectation that because we are
now moving into an electronic world in the healthcare field with electronic
health records and more information in electronic form. The system will be able
to afford or to provide the consumer with the ability to control those factors.
The reality is so complex that it is too expensive when you go down into
granular levels of control of health information and then it unravels into a
complexity for the consumer to be able to actually do those controls, a
complexity and very expensive system development to allow for that to happen.
Then a question about the reliability of information at the end of the day when
a provider sees only fractions or sections or whomever is going to receive that
information might see only fractions of it.

Five years from now or ten years from now, how do you see the resolution of
granularity of control on consumer consent being addressed?

MS. SARASOHN-KAHN: For people who are managing chronic conditions who want
to wrestle them down, who want to deal, we are starting to see people saying I
am willing to trade off levels of privacy so that I can get help to manage
this. I am hopeful there is a cadre of people who will be early adopters to say
I am going to give away people who are managing things that they want to. There
will always be a portion of people who will be disengaged and what do we do
them. We will deal with that in another session. We know there are people who
won’t be engaged. C’est la vie.

I do think we are going to see and we are starting to see that people are
willing to trade off. We are seeing it in the patient-to-patient portals online
where people can adopt private avatars or identities, but get access to the
richness of the wisdom of patients, the wisdom of crowds there. I think we
could see the same where clinicians enter and trusted infomediaries can enter
in with patients in that. I could see a trust infomediary between the patient
and the system to help navigate that balance of the granularity and the value
we get if we are chronically ill on managing something to give away some of

I think there needs to be major education of people to really understand and
by written testimony that is longer I couldn’t talk about I suggested a couple
of tactics where you can start to educate people in social networks online,
women on iVillage, which is getting very health oriented. That one site not a
client but we have to use these new media cleverly and we can to start engaging
people into the educational aspects of privacy and security and health
information because HIPAA didn’t do it. It was boring. It wasn’t fun and we
need to get people’s attention we need to grab people in YouTube videos.

I really like what I am seeing now in the Ask Me campaign that the CDC has,
in terms of having dialogue with your doctor. If we can start to use engaging
ways to engage people, sorry about the two engages, that is going to help
educate people to understand the value of opening a personal kimono. I see
education as being important and the use of the new media.

MR. WEITZNER: I think it is an important question. I suppose I’m going to
disagree a little bit with Jane, as much as I have agreed with everything else
she has said. I think that the experience that we have in dealing with privacy
on the web in general, is that there are real weaknesses in what is known in
general privacy terms as the notice and choice model. There are real weaknesses
in expecting people as Jane said, to be able to read these long privacy
statements, understand them, and then make a choice at the point of information
collection or dissemination.

I think the healthcare context puts further pressure for all the obvious
reasons on those choices. But fundamentally I think that you began with I think
the most important point, which is that we are dealing with tremendous
granularity, tremendous complexity, and if you think about this from a kind of
a system’s perspective you can try to exercise control over how personal
information is managed at the point of collection or at the point of use. I
think what we are learning from the web is that there is too much complexity at
the point of collection and intermediate dissemination. I would say beyond
that, it is probably not fair from a consumer or citizen perspective to expect
those individuals to make all those choices, to manage that detailed flow that
instead I think that we have better models that are emerging, for example,
GINA, the Genetic Information Nondiscrimination Act, has some issues, Bob is
rolling his eyes, but that as you know a new set of rules which assumes that
very sensitive personal information will flow around quite freely in a variety
of context but instead protects privacy through limitations on how that
information can be used.

If you ask me where we are going to go in 5 to 10 years, I hope in 5 to 10
years if not sooner, we will realize that putting the burden of privacy
protection on individual choice is a mistake, that it decreases trust in the
system, and that we have to have broader social agreements ultimately in trying
in regulation and law about what are appropriate and inappropriate uses. Then
we have to deploy these audit capabilities that as you both pointed out we have
but don’t use. I would submit that we don’t use them because they don’t produce
interesting results for anyone. As you pointed out the thousand disclosures,
the thousand movements of my health information around the system are really
uninteresting to me. What is interesting to me is if I lost a job because of
one of those movements or I was denied coverage. In order to get a system to
reveal that information to us technically and functionally we have to get
consumer’s rights to be able to act on those kinds of harms.

DR. TANG: Thanks for an interesting testimony. I think everybody here as
well as the panelists would agree that the value of the PHRs and their tools is
an empowerment in participation and this will evolve over time.

I don’t know and I think this relates to the last question whether people
actually know how many people and what kinds actually do have access to your
record. HI may I think studied and showed about an average of 78 people in
hospital admission. Don can correct me later. Trust clearly at the heart of it.
One of your slides, Jane, was very interesting. It showed physicians you
pointed out where the most trusted data steward and interestingly social
networks were the least trusted. While it may be interesting and they being
useful, there is still a perception that that’s not exactly where you would
necessarily want all your information to go.

So the question is, is the status quo good enough and if not, I really liked
Danny’s discussion about how we are going -– well, healthcare is local –
what you said about local is your own definition, but it allows us to
experiment and I like the way you described it. You really need to incorporate
the policies of privacy and security in your health IT innovation. In you minds
what experiments should be conduct? We have some examples and asked questions
about some of the existing regs and are they useful or not. In your mind what
experiments should we do in these local innovations in the policy area
surrounding privacy and security?

MR. WEITZNER: Well I will start. We touched on one. I think that really
exploring how to provide useful audits to patients would be tremendously
valuable. Again in my mind in the end of the day that will happen or not
because of legal rights that patients have, but I think we can – my
assumption about these local experiments is that that policymakers will be
looking to them to understand what rules both what technologies but also what
rules make for a healthy health information environment if you will. I think
that experimenting with audit, what audits are meaningful, what are not
meaningful, how do we get to this line that Dr. Suarez’ is trying to define? I
think that would be one that would be quite valuable.

MS. SARASOHN-KAHN: One thing I am getting more passionate about is the
concept of the medical home. I know talk about people going far field for
information and such, but I still believe in having a place where every citizen
can go to help manage the constellation of everything about me and health and
then from there refer me on when I want to be referred. If you can bundle
– bundle is a loaded word today. If you can integrate a line payment as
Daniel was talking about. I totally agree as a health economist to align
payment with equality outcomes policies and where the medical home is
electronic and it should be and it will be and it is in your neck of the woods
at Palo Alto Medical Foundation where patients are then empowered with data.
Pick a chronic condition or at a tough one because you can do it in your shop,
but I can see marrying the medical home, the payment model, managing a chronic
condition or a set of them. Metabolic syndrome is one to point out because it
is several things, and we can get a good handle on that, and start monitoring
how people bring the citizens into the design of the policies because we can’t
really talk about PHRs without getting that kind of input I think. How people
want to use the information.

I would like to see that kind of pilot done in a context of a medical home
because I do believe that is where opinion we should go, and that is where we
will go. Again, I’m the optimist up here, I think. I think that could be a
powerful thing because then you are empowering people, you are partnering, you
are co-creating health and the incentives are aligned and people will be nudged
through other incentives you can incorporate and again showing them as Daniel
pointed out, and you said, if you can see the information in front of you and
it’s an engaging format, then everybody wins and we reduce costs. That’s a good

MR. COFFIELD: The only other thing. At that local level to educate the
patients and to spend time and efforts to educate the patients of what their
rights are, what their consumer rights are. I think we have had a healthcare
system that in large part has been disconnected from the consumer process that
most Americans are familiar with. It is employer-based health insurance. Cost
issues are in large part until recently, have not been an issue because my
employer took care of those costs. I didn’t compare costs between doctor A and
doctor B. I had no reason to manage a lot of that unless I had a chronic
condition. I think focusing in at that local level in trying to understand what
consumers and what patients currently view their rights and their abilities
with regard to their records, that will help understand maybe what the policies
and the laws that need to be created around that.

From the standpoint of the HIPAA privacy rule, I think it has done a very
good –- I will take the other side – I think it has done a very good job
to frame over the last 10 years when it went into place how we have
traditionally used medical information. We now need to take that model which
has been standardized to some extent across the country, treatment payment and
healthcare operations. Those are uses that most of us as patients believe our
records either should be used for without consent or have some ability to
access that data. We need to now move that and those rules were set up really
with the view of a paper world. We now have a changing world and we start to
see some of those changes with the new rights that come out under High Tech and
I think we need to take that to the next level. Part of that needs to be a
modification of those patient rights to fit the new models moving forward.

DR. TANG: I think Danny hit the nail on the head when he said that the audit
trails are uninteresting until you lose the job. I wonder if one of the
experiments could be – it is almost a black box – it is not interesting
until the plane crashes. So if there is some bad outcome, I didn’t get
insurance, I didn’t get a job or something, you could then peer into the black
box, i.e., the audit trails and presumably we could actually do the cross
correlation and figure out it was there something that contributed to that

That might be an interesting technical application to generate a policy that
is we do have black boxes. They really are uninteresting. People don’t ask for
them but let’s look when something you think may have happened to that.

MR. REYNOLDS: Thank you very much. Excellent things to consider. We are in a
period of very fast change right now. We are talking about 5 to 10 years but we
are also talking about today. I like the DIY. I like that but we are also all
facing BHA, which is better health for all, and so that’s right in the face of
everybody right now and right now things are happening. We have said this as a
committee and we have talked immensely as a committee about the fact that
privacy seems to be walking along beside. You used the term HIPAA. Everybody
kind of says well HIPAA is okay, or you here unduly restrictive or things are
kind of spinning. If we are moving towards this whole thing of meaningful use,
improved health, coordinated care, sharing of information, having your
information being able to be shared.

Mr. Weitzner, I thought you made an excellent point where – what I
don’t think we have right now and you guys can play on this, we don’t have a
set of things that are okay that you can take off the table. Everybody says
public health. Well, the layman doesn’t understand what public health means.
They might not understand what better quality – why would my information
be used for better quality on a physician? Give us any words that you have
because that is going to be something I am listening for over these next two
days because many of us back in our states are figuring out how to implement
ARRA, and start HIEs and do this and do that. Oh by the way we are sitting here
now chatting about privacy.

Well, when those things start happening privacy is going to have to be there
in some way, shape, or form now and for the next 10 years. I like your
philosophies but if you could add a little more on how do we get some of the
discussion to be pragmatic enough that we can go fast now and not wish we had
not gone there 5 to 10 years from now?

MR. WEITZNER: I take Bob’s point to heart that we have a set of rules that
presumably we have very high opt in rates. As far as I can tell it seems to be
about 99.5 percent. I think no one opts out.

MR. REYNOLDS: Is that because of lack of understanding?

MR. WEITZNER: I don’t know. I think privacy surveys are notoriously terrible
and I would be really prepared to believe Bob’s view to a large extent that
HIPAA sets a floor that people are not panicked about at least. But I think to
Paul’s point we don’t know what we don’t know and perhaps a way to use these
experimental platforms that we have through the recovery act and in this kind
of interim period of time between now and 24 team and all of a sudden
everything will work. Perhaps efforts to analyze some of these voluminous audit
trails that are created by the systems we build anyway. To me one of the great
privacy ironies beyond health privacy, general privacy ironies online is that
we have in the form of transaction logs, database access logs, email server
logs, web server logs. We have this enormous amount of data about how personal
information actually is being used. Marketers all sorts of interesting
analysts, businesses, intelligence agencies and governments are great at
looking at that sort of data in order to find criminal activity in order to
figure out what people’s preferences are as to toilet paper, but we are not
very good at looking at that data analytically using the incredible data mining
power that we have that is really pretty cheap these days to understand what
the range of uses of personal information is.

I am certainly not able to sit here and tell you here is what the usage
rules ought to be. Here is what ought to be in bounds and here is what ought to
be out of bounds, but I think we can build these experiments. We can look into
that black box a little bit. Data miners love to do this thing and they are
really pretty cheap these days. We can learn a lot about the flows of health
information and then start to have what I think has to be kind of a community
and a nationwide dialogue about what uses we consider acceptable and what we
don’t. There is not a quick answer. At least I don’t have one, but I think we
can work on the problem in a sort of a deliberative, evidence-based way by
looking into the systems that we are actually running.

MR. COFFIELD: We are at a time now that I see where that definition of
privacy is changing. I think with the increase social networking that is going
on with the younger generations and even the older generations what we define
as private has completely changed. I was fascinated during the election process
on Facebook how many people put up their political affiliation. Everybody
enters that data. It is there. Ten years ago people would not have done that in
large part and it was pro forma. It is out there and it is available on -–
I know what Jane’s political affiliation is because I’m a Facebook friend with
her and along with everyone else.

I think over this next 5 to 10 years the other thing we need to look at is
where is that privacy level. Is it going to move up? Is it going to move down?
Then is there going to be a backlash where it’s going to move back up again?

The other point on, I think, the privacy issue is we need to look at what
are the reasons that consumers and patients want privacy. I suspect and Jane
probably has facts on this and statistics I suspect in large part it is driven
by employment-related issues. That’s probably one. Two is just general
embarrassment of release of health information and three is probably government
oversight. I don’t know where those sit in the stream of top 10 reasons why you
and I have an interest to keep our health data private but those are the issues
that I see that come up when I deal with client issues.

MS. MILAM: A lot of mention has been made of the high-tech act and the
billions of dollars that are poised to start flowing across the country to
governments in the form of incentives to physicians. We are going to see a
surge in health information technology as you have spoken to. We are going to
see vendors, developers new businesses. We are going to see just a huge amount
of attention, money, and effort placed and is happening everywhere all at once.
You have spoken to HIPAA as the floor but also Danny you mentioned that privacy
would be grown organically and each of these microcosms. What needs to be in
place to make sure that one provider can talk to provider across the street,
across the state, across the country? When you look at what is out there today,
is there a vision, a framework, a model that works to help guide all of the
organic privacy development or does something need to be built to make sure
that we can get to the ultimate vision?

MR. WEITZNER: I think you have asked two important questions. One is is
there a way that different components in a local healthcare environment can
share information and do they know what the rules are? My view is that as a
technical matter there are adequate standards. There is adequate understanding
in building information systems in general about how to enable people who want
to share to share. Paul does this. A lot of you do this. You see this happening
and I think what prevents it from happening – when it doesn’t happen, it
doesn’t happen.

The reason it doesn’t happen is not a technical barrier, but either it’s an
administrative barrier or a failure or mismatch of incentives. The provider of
one sort of information has a proprietary system they would like to use so they
don’t want to inter-operate based on the open standards that exist. I don’t
think we solve that problem by developing more standards. I think we solve that
problem by making it clear who is required to share with whom and who has an
incentive, who ought to have an incentive to share with whom.

Getting the privacy rules right. I think HIPAA is a pretty low barrier to
all this for better or for worse. I think anyone who suggests that we don’t
have information sharing because of privacy barriers is really got a different

I think that the second part of your question is really to Mr. Reynolds’
point. How are we going to evolve privacy practices that people feel
comfortable with? I don’t think there is really much of a short cut there. I
think that we are going to have to study what we are doing and study the kinds
of information flows that there actually are and come to a reasonable agreement
on rules. I think if all goes well those rules will bubble up to state and
nationwide laws. Right now I think there is a lot of maneuvering room. I know
that some privacy advocates have concern about that and I understand that
concern. I think there are tremendously valuable frameworks that are out there.

I think the Markle framework on privacy agreements is a great starting point
for all this and I hope also to your question, Paul, again about I hope that a
lot of the experiments include that framework or those kinds of frameworks so
that people are reinventing the wheel. Probably the biggest risk in these
experiments is that you have 20 well-funded innovative activities that somehow
start from scratch on these questions and hopefully most won’t, but that’s also
why I think this could have an important role in the health information
technology professionals who have privacy expertise I think really have a huge
amount to contribute to these experiments just to make sure that we are
starting from current understanding as opposed to somewhere back there.

MS. WATTENBERG: Sarah Wattenberg from the Substance Abuse and Mental Health
Services Administration. So there are a lot of different ideas about how to
address the cause of privacy, different opinions about is it technically
possible expense of easy, not, so forth and so on.

Mr. Coffield, I think that you mentioned briefly the idea one that is out
there is the idea of using the personal health records as a way of disclosing,
providing patient control over disclosure of information. SAMHSA has been
actually working on for the past few years some technology that allows for the
patient to consent or not as they enter into the system. Who can get what kind
of information at what point in time and whether or not this is the wave of the
future where consumers really control things, whether or not this is really the
hub through which data will be better managed and corrected and so forth
remains to be seen. But in the meantime it could certainly be used as sort of
an interim kind of method while everybody else is sort of working things out. I
mean if I have to get an immunization record one more time for my daughter I
think I’m just going to scream.

The question is this is something I would really like to that we are working
on piloting. One question is what advice, right, because our job here is to
develop recommendations on how we can in a fast-changing environment start
moving systems so the experimentation can begin. We can get some broad lessons
and sort of quicken our response to the need.

What would you do in this kind of pilot and experiment and it would seem to
me that as we conceptualize this how you build in decision supports to
patients? What are the risks and benefits and risk to sharing information about
substance use disorders with your primary care physicians or not? What kinds of
decision supports do you think would be interesting and necessary so that if a
consumer is in control they are an informed consumer? For instance just to give
as an example you know the Facebook generation I sort of heard this before.
People have looser boundaries. It is not so important. You know the Facebook
generation is young. They don’t have a lot of wisdom about how that information
eventually might be used against them. So we may see those boundaries kind of
changing a little bit as they age. It is just sort of throwing kind of this out
there. What would somebody need to know?

MR. COFFIELD: I think something would be interesting as you kind of phrased
your question. One of the questions in the medical home model is to have a
health data advocate who is going to serve some capacity and whether that’s the
primary care physician who you trust or whether that be someone else in a
different role who can walk through with the patient the importance of either
releasing information or not releasing information. What the pros and cons of
doing that may be. We all have and I am a little struck by why patients would
not want to release data and withhold data especially when it comes to those
issues like treatment. I want my provider to know everything about me
historically from the time I was a child up until this age. I think maybe
something, a model or a pilot along the lines of some health data advocate who
can serve that role in working through those issues of when to release data and
when not to.

MS. SARASOHN-KAHN: You said that Facebook is for the young, but the fastest
growing group in Facebook are women over 45 and what would be interesting to a
lot of us -– Daniel said earlier there has never been a good privacy
survey done. So what I would do with a tool that you have that is real and
touchable and deployable is to deploy it and pilot with different generations
and genders and socioeconomic groups and try to get some measures down on
perceptions of what people –- track what people share, what they don’t
share, a level of granularity because we don’t have great data. I threw very
general polls at you and I have seen some specific data that specific companies
do that is proprietary but you have a tool you can put out there. Substance
abuse crosses everybody. It would be great to test that with some good
standardized questions across these different cohorts so we can actually see
the there there because it is very hard to judge and that would help from the
pragmatic point of view figuring out what will work with who because people
will behave differently as we know Deloitte has six cohorts. Name your cohorts.
It doesn’t really matter. There will be different behaviors and we will not
crack chronic disease until we understand how different cohorts will respond
and how they value privacy versus the giving up.

MR. WEITZNER: Can I make just two observations about the so-called Facebook
generation? We now know it is more than just a generation. I am glad to know. I
think that Facebook used as this symbol of increased transparency in the world
and there is no question it is true. It is a vivid illustration of that. I have
seen survey data which is not yet public which suggests that Facebook users
particularly the ones we think of, the stereotypical ones who are 18 to 32, in
fact, don’t have a very different idea about privacy than older generations do.
They think about privacy in different terms, but they ultimately have very
similar expectations. They are aware that they are living in a much more
transparent environment. They don’t mind that. They have obviously chosen to
accept that and participate in it, but that does not imply that their
expectations of privacy that their concerns about abuse ultimately are any

I think that it is sometimes nearly sort of condescending attitude on the
part of some privacy advocates who say that if those Facebook users only knew,
if we could only educate them then they wouldn’t do X, Y, or Z thing. It is a
real mistake to assume that people’s behavior indicates everything about their
privacy expectations. I think we have drawn some of the wrong conclusions. I
know teaching a lot of these sorts of canonical young Facebook users they
understand that they are more exposed. It doesn’t mean that they don’t care
about how their personal information is used. I think that in fact what they
reflect is in some ways probably a more sophisticated attitude about privacy
than some of us in kind of the email generation had which is that if the data
is out there it must be that we don’t care what happens to it. I think that we
could actually learn a lot from the Facebook generation. They want to interact.
They want to share a lot but it doesn’t mean that they want to be taken
advantage of. It is very hard to study these things but I think we should look
subtly at the relationship between those behaviors and what actual privacy
expectations are and beyond that just what kind of privacy rules we want to
live with regardless of how indiscrete people behave.

MR. HOUSTON: Time for one more, Walter.

DR. SUAREZ: This is a very quick one and I might put you on the spot a
little more. We have this sort of framework around these developing on EHRs. We
have some state laws now that are requiring within the next five years, to
adopt EHRs by providers and then federal legislation is going already in that
direction. We have certification processes to ensure that the products are
certified. We have now in the development a way to measure the meaningful use
of that. Should we have something like that for PHRs and particularly on the
privacy and security side, should we have a mechanism to ensure the products
are somewhat defined and certified or whatever we call it and they are measured
in terms of its meaningful use of that? Is that something we should consider?

MS. SARASOHN-KAHN: I would say at this Wild West period of new development
of this stuff you should not in my opinion because we don’t know what these
things are going to do be whatever. A year and a half ago I wouldn’t have
imagined iTunes selling health aps 18 months later and with the trajectory of
growth that is tremendous. I am hearing big companies developing some
applications that are going to blow our minds and they will be out in 12 or 18
months. So the change is happening so fast as you have pointed out some PHR
models will be attractive to some consumers because they are tightly tethered
and my docs involved and I want that and there will be other consumers that
want to be untethered and alone and dealing with social networks where people
will tell everything to that social network and not a whole lot to their doc
and that is their choice whether that is a good clinical choice is between them
and them. I think right now to sort of certify what a PHR is there is enough
aggravation right now looking at certification and EHRs out there that we
should listen and watch and PHRs right now I think are unbound and open sourced
and let’s wait and see would be sort of a watchful waiting would be my advice
on that.

MR. COFFIELD: I take the same perspective from a standpoint of we are in
this whole information age that we are now 15 years into. It is a constant time
of disruption and I think the reaction that either from the legal side, from
the law side, the development of law and the government side is reactionary in
large part or I think it will continue to be involved in that process. I think
the process we should take and I will go back to the analogy of the
transportation and the development of the automobile. I cite in there some
examples seatbelts coming around, guardrails. The development of those
processes that came as a result of the growth of more automobiles on the road,
faster speeds, and as PHRs develop I think you will see those items grow up. I
don’t think we want to though put up the barriers immediately to say here is
what a PHR needs to look like. This is the automobile and that’s it. We are
going to allow that innovation to occur and then be responsive and reactionary
on a quicker pace than we have been in the past.

MR. WEITZNER: I agree with the two previous points. I think the name of the
game is meaningful use and a reformed payment system. I think when we focus on
those things we will get the right flow of health information period end of
story. The next HR acronym that is going to come along I don’t know what it is
and we shouldn’t really be too worried about that in my opinion. We should
regard that as a good thing. I see plenty of EHRs that start looking more and
more like PHRs and that is a good thing. That seems like the result we want
certainly in the medical home context. I think we should focus on outcomes and
we will get to the right place both with respect to the information flow and
the privacy and security requirements.

MR. HOUSTON: I appreciate what was incredibly stimulating conversation. We
are going to take a 15-minute break and start back at about 11 a.m. and again
thank you very much.


Agenda Item: Panel II – What Will Consumer-Facing
Health IT Look Like in 5 or 10 Years?

MR. HOUSTON: Why don’t we try and get started here. The first panel I
thought was really interesting and we have a second panel is going to speak to
similar things. We had so many people we wanted to talk to we split it up into
two separate panels. The second panel we have Josh Lemieux, who is the director
of Personal Health Technology for Connecting for Health, Markle Foundation. Don
Mon, who is VP for Practice Leadership for American Health Information
Management Association. James Allen Heywood, who is the co-founder and chairman
of PatientsLikeMe.

I don’t know who has a preference of going first, but if not, Don, would you
mind going first? Great. Thank you.

DR. MON: Members of the Privacy, Confidentiality and Security Subcommittee
and participants my name is Don Mon and I am vice president of Practice
Leadership at the American Health Information Management Association. We are a
professional society of 53,000 members in various settings in healthcare. The
dual mission of advancing the AHIMA profession through leadership and advocacy,
education, certification, and lifelong learning, but I am here to talk to you
about our other mission which is what I am responsible for at AHIMA which is
advancing HIM and HIT standards and policy.

Our testimony today is based on our core health information management and
experience as well as the experience that we have gained from talking with
consumers and working in standards development. With respect to consumers if
you turn to page 10 of the testimony you will see that we have had a
consumer-oriented web site called myphr.com which gets over 850,000 hits a
month or excuse me. It averages about 24,000 hits a month with a monthly high
of back in February of 850,000. We have done education with consumers regarding
the PHRs. We have had a number of radio spots. The Nielsen ratings company
estimated that we have reached 24 million viewers and listeners. We have placed
media placements in a number of high market areas like the Chicago Tribune, USA
Today, and so on.

Lastly, we have trained a number of AHIMA numbers to be consumer educators
where they in their local communities do town halls and patient education
sessions and thus far we have trained over 750 presenters who have reached
literally thousands of consumers.

In our testimony we want to thank the staff for providing us with the key
questions. We are not going to be able to address all of the questions so I
would like to focus on a vision of PHRs and patient facing online services and
some of the key differentiators in PHRs models but spend most of the time
addressing the top privacy question which is the consumer’s ability to modify
professionally sourced information. We won’t be able to address every PHR model
in this testimony. While we can address things at the policy level, today we
would like to focus on more pragmatic and practical aspects of implementing
PHRs and PHR systems. Some of the points that we are going to bring out today
are points that are not in many people’s radar screens that we would like to
bring into their radar screens.

As to the first question let me just take a few minutes to provide the set
up for getting to the privacy issues. The problems that the PHRs are trying to
solve are well documented and real. You know them well. They are reported in
the literature. AHIMA supports the consumer empowerment principle resulting
where PHRs can help with increase in quality of care, reducing costs, and
providing a better healthcare experience.

The issue in our estimation isn’t so much that of what is a PHR it is more
that the role of the PHR as one of many and sometimes overlapping health
information technologies that are involved in the solutions to the same
problem. So you hear a lot of people who are saying one of the things that we
have to do is exchange health information and you will find that the EHR
vendors will say well we can do not just the vendors but health information
exchange can be done from EHR to EHR without the PHR in between, and some will
say that it is probably more efficient to not build a nationwide health
information network when if we gave everybody PHRs we would have the ability to
provide information to the practitioner.

We at AHIMA and the standards development community are hearing a variety of
perspectives and what I hope to talk to you about what are some of the insights
that we have gained from listening to those perspectives.

Our feeling is that health information technologies will continue to overlap
because all of them strive to be patient centric and they all have the same
health information as their base, but yet there are key characteristics on
which they differ that will help set them apart in the upcoming years and
define their evolving yet interrelated roles.

One of the first questions that we have had to grapple with at least in the
standards community is where is the primary purpose of PHRs? Is it to
facilitate health information exchange between patients and physicians or is it
nearly to serve as a record that consumers keep for themselves. Now that may
seem like a naïve question but in the granular world of records management
and standards development these answers aren’t as naïve as they may

The questions relating to the PHR’s purpose and incorporating individual
participation and uptake are very much intertwined. As to the point about
incorporating individual participation we are still finding that privacy,
confidentiality, and security is the top issue that must be grappled with and
as I mentioned I will spend the bulk of this testimony discussing that.

But there are other things that need to be grappled with and these factors
also increase uptake and that is making the interaction with the PHR, another
patient facing HIT and engaging experience. You have heard that from our first
panel so I won’t need to reiterate that. Responding to an emotional need and
you will hear that from Jamie regarding PatientsLikeMe. But two other factors
that we are hearing a lot about is convenience and the easiest example to
explain there is the auto population. Being able to populate a PHR with data so
that the consumer isn’t encumbered with populating the data and that speaks to
some of the models out there, the provider-sponsored model or the
payor-sponsored model where auto population is a key feature. It may be an
attraction for those particular models.

But interestingly as we are talking with a number of consumers and those
within the standards industry the panel talked before us talked about this but
let me add a couple other things. We called it increased value added
administrative functionality that is going to capitalize on the advances that
we are seeing in technology.

Last week at HL7, health level 7, where I chair the electronic health
records work group we were approached by a manufacturer who manufactures micro
disks and what this manufacturer was saying was that in two years it is going
to be possible to put two terabytes on a micro disk this size that fits in this
adaptor that will go into my cell phone. Two years from now it is going to be
possible with that kind of storage to be able to put PHRs on devices. It may
not be cost effective for consumers at that time. Cost effectiveness as the
cost of technology goes down will probably make it affordable in about four
years. But if we think that we have about a four-year horizon where this could
possibly be somebody’s PHR look at the various options that this now affords
us. Yesterday in computer world there was an article that said smart phone meet
net book where you will be able to have on a device like this not just a phone
but also a net book.

Today I get text messages from my dentist that asks me to schedule my
appointment and when I respond with a C it goes into his scheduling system.
Right now that is the existing functionality. In a couple of years what I am
hearing patients saying is that wouldn’t it be cool that when I also hit C and
it goes into a scheduling system that it goes into my outlook and puts it into
outlook for me. That is convenience. That is increasing this value added
functionality. That is making the experience with the PHR an engaging one.

Here is another interesting thing that we have heard from some consumers.
You know when I have data that is coming from either a claim or directly when I
get a bill from the provider, wouldn’t it be nice if that just went straight to
my medical flex spending account so I wouldn’t have the hassle of having to
take this EOB, filling out a form, sending it to my medical flex spending. Why
couldn’t that all be automated and so the next thing I see is money in my bank
account because it was that convenient. So convenience, making it an engaging
experience, and having value added administrative functionality are many of the
things that we are hearing.

We have also had the opportunity to talk with some of the pharmaceutical
companies who would like to use PHRs as a way of doing case finding. They
obviously for privacy reasons wouldn’t have the ability to go into everybody’s
PHR but if they could expose their eligibility criteria for clinical trials and
the consumer on his own volition access that and compare it to the data that is
in the PHR that might be a way for the consumers to find out something about an
investigational drug or device or whatever and it’s a win for the
pharmaceutical companies as well because they have a more efficient means of
case finding. Those are some of the more innovative things that we have heard
from both consumers and others who have approached us in standards development.

These factors as I mentioned in the previous slide will help with the
increase of uptake, but unless some of these factors are addressed we at AHIMA
believe as we have seen other reports including Paul’s that PHRs may still have
a low rate of adoption over the next three years at least because of many
reasons that have been cited in the literature, but I also wanted to bring out
a couple of more in addition to them.

One is the fact that we currently have low rates of adoption within the PHR.
In the previous panel we saw that it was something like 8 percent and Dr.
Blumenthal’s studies on the EHR showed that they were 8 and 15 percent for
hospitals and doctor’s offices. But this low rate of adoption also gives us an
opportunity that I think we can capitalize on over the next five years or so
where if we do this well we can actually help all these technologies grow in
concert with each other. An example of that is some of the legacy EHR systems
where not all of them have patient portals and because not all of them patient
portals that are keeping the number of providers sponsored PHRs artificially
low and it may give an opportunity for other PHR models to grow. In addition to
that some of the legacy EHR systems are not able to exchange with data with
PHRs. One of the things that we have to do, or at least we recommend whether it
through the certification process or through other kinds of monetary
incentives, is to build this kind of functionality into legacy EHR systems over
the next few years. If we don’t do that then we may have a growth in PHRs where
the PHR has nothing on the EHR side to exchange data with. So we have to try to
grow those two capabilities together and the thing that is holding it back are
some of the legacy EHR systems.

Another factor is the desire for the longitudinal record and record
retention policies. Currently provider-sponsored PHRs are longitudinal to the
degree that consumers received care from their provider over a period of time,
but it is not birth to death. Not everybody is a Beth Israel Deaconess or a
Palo Alto Medical Foundation or a Kaiser that is going to keep their data for
an extended period of time that is 20 years or in some cases they are saying
even longer. The industry currently does not have the experience to know how
long a small or medium community hospital or a small doctor’s office is going
to keep their patient data because they will abide by their risk assessment
practices which then dictate their record retention policies. In some of these
policies and even according to some state statutes they can destroy records
within a seven-year’s timeframe or whatever, but in doing so that means then
that that data is not available any longer in that PHR. Again this may be
focused more towards the small doctors and the community hospitals than it is
for the larger providers. But that situation is then going to place more
importance on nonsponsored PHRs to act as the longitudinal record and perhaps
be the birth to death record and that health information is going to need to be
exchanged either at the end of every visit or soon thereafter because it may be
too late when the consumer finds out that he wants the record and the record
has been destroyed.

I am putting up this slide here just as a mental picture that I am going to
use to talk about the next few slides. What we have here is in the lower row
the provider-sponsored PHRs with a patient portal and in the upper bar what we
have called the nonsponsored PHRs and those might be things like the ones that
you can put on your laptop at home or over the web and so on.

There is another concept of a PHR model that is floating around out there.
It hasn’t received much traction yet as a model that has been fully
implemented, but it is being talked about and that is the PHR as a pointer and
again the record retention policy that is –-

Let me then go to this thing here. The privacy aspect is the consumer’s
ability to modify data and it depends on the type of data. It depends on the
source and the PHR model. When people are talking about PHRs and the ability to
modify data, it is as if they are talking about all of the data and when you
look at the data that can be modified as in this next slide there are data that
can be added to where you can add appropriate administrative data, data that is
in a journal or a diary, or to externally source data which is from devices or
professionally from providers through annotation and that the recommendation is
that the best way to ask for a correction of the data is to go back to the
provider to correct the data at the source and then send an update to the
consumer’s PHR.

The issue of modifying the data goes to the notion of withholding data and
I’m going to back up to this previous slide to make a key point. Here is where
this depends on the PHR model because this is not a one size fits all when you
look at this consumer’s ability to modify professionally sourced data. In a
provider-sponsored PHR the underlying record is the EHR which acts as that
person’s record for legal and business disclosure purposes but the nonprovider
sponsored is not a legal record and so look at how that plays into many of the
things that have been discussed.

In terms of granularity these are the actions that are currently included or
under discussion in the HL7 personal health system functional model. This comes
from the input of multiple countries, consumers, providers, and vendors. But
notice that when we take a look at these when I say not one size fits all some
of these functions cannot be done in provider-sponsored PHRs.

Let me just quickly go down these 9 to 11 here. One of the ways is the
consumer doesn’t even enter the data into the record into the first place,
doesn’t accept an import from an EHR. Another way is to select only certain
portions of the data. I will take this from that EHR but not that. Another way
is to limit or revoke the system access to certain individuals including the
physician. A fourth way is to mask the data. So what the physician will see on
the screen is there is data behind this mask. I know that there is something
present but it has a mask over it which is different from the fifth one and
that is hiding the data. The data is in the record but the physician doesn’t
even know that it is there. The sixth and seventh is deleting professionally
sourced data with or without audit traceability. Seventh is modifying it, which
is different. Deleting it means taking it out. Modifying is I am making a
change to this lab value with or without audit traceability. Then the tenth one
is modifying professionally sourced data with change in attribution and I’m
going to spend one last minute talking about that and then the eleventh is
controlling the export of health information so I don’t even export it to the

Now these are system functions that are included in the PHR system
functional model either now in the draft standard for trial use or are being
discussed in the fully accredited version, which is being worked on. This does
not talk about the consumer’s behavior of not even bringing a PHR at all to the
physician’s office because he or she may be that concerned about what is the
data that is in there to be shared with the clinician.

Lastly, this is a point that is being discussed much in the standards world
but we don’t hear discussed very clearly elsewhere and that is this change in
attribution. In this model the professionally sourced data is imported into the
consumer’s PHR. So the EHR sends data to the PHR. It is accepted. When it is
accepted it is explicitly fabled as having come from that doctor with this
content on this date and so on. However, when the patient modifies his
professional sourced data, the data is immediately attributable to the patient
not the professional. So what appears to the physician then is that it is John
Q. Public who is providing this data on this date. All that traceability of the
original data and the date and time is changed to the patient. The reason for
that for no audit trail modification is the concern that we have heard from
some of the consumer advocates that even having an audit trail will then
disclose to the physician that which the consumer wished to be withheld. One
perhaps viable way of handling that is this change in attribution but in order
to do this we have to absolutely maintain the truth of source. There can be no
way that the patient can modify it and change it back to say oh I modified this
data and I am also changing the attribution and saying that it is my doctor who
said this. The truth of source must be absolutely protected.

The closing comment here is that when people are looking at PHRs as the
source of truth it is sometimes attenuated by all of these different aspects
and desires of consumers which are now manifested in these kind of criteria
within the system functional model. Truth of source absolutely must be
maintained or else the PHR will never become the source of truth.

In conclusion there are definite problems in which the PHR can solve.
Privacy and confidentiality and in particular this issue remains one of the top
issues preventing uptake. The PHRs and other HIT will evolve together. They may
need to have some factors addressed such as convenience, making the interaction
between the PHR an engaging one, but it will take time and investment. Thank

MR. LEMIEUX: I want to thank the subcommittee for asking us to look ahead 5
to 10 years. I thought about it at first and thought let’s look back 5 to 10
years very quickly. If you look back 5 to 10 years, the concept that consumers
could benefit from health information technology was pretty obscure. It wasn’t
a mainstream. It has moved basically a mainstream goal of national leaders. It
has moved from kind of an afterthought in the dotcom bubble burst to now being
embraced as a major initiative of the largest global Internet brands that
exist. If you also look outside of healthcare you see consumers adopting
technologies at an astonishing pace, blogging, social networking, online
banking. Some of this stuff goes back more than a decade but the real growth
curve is quite astonishing. If you take a look at some of the common elements
of these rapid technology adoptions you see that they are very convenient as
Don said. Also they are connected to networks. For example, the phone that he
showed and all these great things is it’s much more useful if it’s getting real
time data if it is connecting to multiple sources and it has network
connections that allow for that convenience. Because if it is just the device
or just the application but it’s not connected to anything then it doesn’t have
that potential for rapid consumer adoption.

Also, consumers like things that are free much to the dismay of some of the
people working on personal health applications, but the potential here is that
there is consumer participation and networks that are enabled by connections.
So I will talk very quickly about what makes those connections possible in the
personal health information space. What are some of the immediate opportunities
under the new law? What is a brief vision for why we believe that personal
health records have a great deal of potential to help people prevent illness,
to manage their health-related transactions and information to coordinate care,
to communicate better with clinicians, to understand healthcare options and
costs, and to take better care of loved ones.

We will start with common sense information policies. That is something that
many of you in the room have worked with the Markle Foundation on. Markle
Foundation has invested in this area of personal health applications since 2001
and tried to do some research and some convening of large groups of people from
lots of different interests and perspectives in order to come up with practical
solutions in order to accelerate the potential of health IT in general and
personal health applications in particular.

What we see in recent years as the idea of personal records has become more
mainstream in the leadership goal is that there has been proliferating options
for consumers to have copies of electronic information, to manage their health
information online, and those options come from health insurers. They come from
start-ups. They come from global Internet brands. They come from lots of
providers as Paul has a very significant success story in Palo Alto. Then there
are start-ups and new people like Jamie who will have better ideas that we
can’t even imagine I think. That is very important.

What we have done though is said that this area is evolving without a common
set of information policies and practices and that maybe we need some common
policy expectations or at least have a good list of the things that any health
IT personal health application should address in a sound public way. Maybe they
don’t address it in exactly the same way but they should address a common set
of information expectations. When we get groups together we have often some
disagreements at first, but as we talk through things we find that there are
practical solutions and that is what we have tried to offer through what is
called the common framework for network personal health information released in
June of last year. It puts together sets of policies that we think provide an
environment of trust and it is not at the level of specificity of say an
implementation guide or a legal contract, but it does provide some guidance and
we were able to obtain through the participation of many groups a great deal of
endorsements from health insurers, from provider groups, from consumer
organizations, privacy advocates, academics, a large array and that’s what we
try to bring to the table and offer to the public domain as a starting point
for these types of things.

Secondly I would like to talk about the opportunities under the American
Recovery and Reinvestment Act. There are as the first panel talked about a lot
of things that could apply to personal health information services in a way
that benefits consumers. I thought the panel before this one did a good job of
laying those out so I won’t go into any detail here other than to say that HHS
has an opportunity to provide guidance and regulations under this new law in
particular with the privacy provisions that set the foundation for an
environment of trust that we just talked about. So that people like these
network connections. They can get conveniences and that the people developing
those new technologies and new services have a stable platform of information
policies upon which to build. Uncertainty in policy is as harmful to product
roadmaps or service roadmaps as this worry about too much regulation.

In my statement here starting on page three there are several bullet points
for the areas the HHS will be issuing guidance or regulation under the new law
and we want that to be in the spirit of consumer control at least the
consumer’s ability to understand the policies. I totally agree with the first
panel about the limitations particularly Danny’s talking about the limitations
of the consent model. I decide everything up front. One of the important parts
of the common framework is no one policy or practice provides the overall
environment of trust. There are several that have to be approached
comprehensively and addressed in a sound of public way by the people that are
creating these types of services.

We took the same approach to the idea of meaningful use by getting together
very broad group of stakeholders and some of them who disagreed quite
vehemently about what meaningful you should be, what qualified and certified
EHR technology should be under the new law and those definitions of those two
things will govern in a lot of ways how the money is paid out under the
entitlement sections of ARRA. Obviously a lot at stake.

We brought a lot of interest to the table and issued a document a couple of
weeks ago that we distributed and urged you to take a look at as a starting
point for considering how HHS can have a productive definition of meaningful
use and qualified/certified EHR technology that keeps us open to the potential
in the future that we want to see of consumer engagement and participation in
these types of things so I won’t go through those principles, but they are

I will say that the final one, the seventh one, talks about consumer access
to electronic information encoded in this new law as also something that we
should put in the definition of meaningful use. In other words, a form of
meaningful use is for providers to fulfill this right of consumers to access
their information electronically and not just on paper and we think that that
could be an accelerator for what we want to see with consumer access

Very quickly because you won’t want to miss what Jamie says. The vision for
the future I don’t know and I don’t think anybody is really smart enough to
know to exactly what the applications will be. The point that we want to
underscore is that we want to be open to consumer participation. That consumers
to be able to learn from themselves, from the industry to be able to learn from
consumers, for there to be connections for the individual to connect to the
many of different services where they get care and that we don’t want too rigid
of software definition or we don’t want certification to essentially lock in
applications that we see today as the only thing that should be rewarded by
incentives that the Federal Government is providing a boost to for this
industry. We also want those incentives to reward, as Danny said very well
earlier, the flow of information because it is the use of information. It’s not
the application. It’s not the aggregation of information that provides the
transformative effect. It is the actual use of information so we want consumers
and clinicians to be incentivized to use information for the outcomes that we
want and those are also clearly stated in our documents. We want better
healthcare. We want protection of privacy and we want to be open to innovation
so that the tools that we will see over the next 5 to 10 years have the ability
to flourish. I think Jamie has a new paradigm for a lot of things and so I
think it is important that we listen to his ideas as well. Thank you.

MR. HEYWOOD: I am going to sort of do a little bit of a mixture of –- a
lot of our formal thoughts are in the testimony, so I just want to do a little
bit of a dialogue about where that future is going and some of the hope and
potential we see and then maybe a little bit of what I think needs to be a
shift in the frame for this information.

I will tell a quick story from a recent negotiation we were having with one
of our major pharmaceutical partners around a large contract and there were
some disagreements about information and how it was flowing and what would be
allowed. My brother, Ben, wrote this email. You need to understand you should
write this contract so that the patient will read it because that is how it
will be deployed into the world. Sometimes when I listen to this dialogue and I
think about the context of my brother and the illness that he dealt with in
going through ALS for nine years and all the patients I know, I think I deal
with a different kind of patient than the average consumer that you think about
in general.

The dialogue always feels very alien in my mind to their words. They just
listen to the issues that we talk about, the concepts of theoretical harm,
these points of contention and they say when are actually going to solve the
problem for me. It is really the end of day and I think that that is missing
which is what problem are you solving for me as a consumer in an effective way.
Are you helping to treat my disease? Are you helping to manage my illness? I
think that this dialogue around records and components and information really
have stepped back from that. Show me the direct benefit to me as a consumer.

At some level I think what is interesting about PatientsLikeMe is that we
shouldn’t actually exist. The idea that patients should be building a health
information framework to manage their illness in a health concept because the
system has failed to do so is sort of absurd but it is one level –- it
came down to the fact that we went to the only people in the system that were
really motivated to develop a build a health information framework. So we are
working towards this idealized model in the future and we call it the network
patient. They have two concepts to that. They have full information. They know
everything that can be known when they need to know and they have the power to
act on that information, the ability to find the right resource to implement
that and use that information.

This is not public health solution. This might not even be a majority
consumer solution but it is a way of using an innovative empowered consumer to
drive change and behavior into our healthcare system and I think it impacts
discovery. It impacts the quality of care. It impacts deployment of new
resources and standards across the whole system, but only when the system works
well. We have worked to build that.

Basically what we do with PatientsLikeMe is that we take three solutions. We
want to understand from a clinical research perspective whether a change in
health outcome can be measured against an intervention. So essentially clinical
trial framework whether it means higher concept of the patient disease. The
clinical care framework, which is that, everything that a patient and a doctor
should need to make an effective exchange collaboratively about a decision
should be on a two-page summary. It is the goal. The patient should understand
everything in those two frameworks. If we work on that not as competing
restrictions but as collaborative restrictions and you iterate to say and it
turns out when you do that, you actually build a very powerful framework within
each disease for how to optimize health outcomes and I will talk about that in
a second.

The two other key things that we do in our platform is that it is required
that it is open. Everyone in our system is sharing every piece of data with
everyone else with their disease in the system. It means if you are discussing
sexual dysfunction, if you are discussing constipation, if you are discussing
some component of your health, you are sharing that quantitatively measured
phenotype with every other patient in our system. That is the price of
admission. We talk about it on the website and it is clear the value to us is
that the openness makes the summarized data meaningful. As a scientist whenever
I read information or papers, I always struggled with wondering where did that
mean come from? Where did that average come from? How do I compare those
statistics? On PatientsLikeMe you can drill every number down to the individual
to see where it came from and that builds a new thing.

This is my brother’s profile. It shows his dying year of progression with
the disease from his first symptom, the very beginning here where he was
healthy against to the end where he actually lived in a ventilator for a number
of years. You will see in here a couple of things that are interesting. One is
the background curves that show’s Stephen’s progression against every other
patient in our system in ALS. It showed that he was in the 75th
percentile. That information alone change the way people think about their
illness. It changes the way they understand – this came from a desire for
us to understand as a family how do we know if Stephen is getting better? How
do we know if it is changing? It was a question asked by a doctor. Against that
was Gantt charted all of his treatments and everything that he did to stem cell
transplants early on, experimental trials he did, both formal clinical trials
and ones that we did as a family collaboratively with the medical system, all
the nutraceuticals and other supplements. And then his symptoms throughout the
illness: fatigue, anxiety, things that he dealt with that are components of the

To give you a sense of just how going back five years we did a patent search
and we didn’t apply for patent in this area, but we did a patent search on the
concept of Gantt charting information and health. Our fairly comprehensive
patent search turned up one example in the history of healthcare of an
individual patient’s outcome being Gantt charted against their interventions.
As an engineer and as a project manager that spoke so clearly at the
disinterest between the relationship between interventions and outcomes in the
real world to the world I couldn’t have said it more better and effectively. I
think we are trying to figure out how to change that by giving the patients
some things.

Here are all the patients in the world like Stephen, male ALS patients in
the United States. Here is the overlay of the census. Actually, kind of cool.
They actually match up very tightly. Here is another data on our system. We
have about 35,000 active patients right now. Just for relative numbers we have
about 200,000 site visits a month on 35,000 active members.

Here is what you can do when you aggregate the data. This is current data on
fatigue. So in the last 90 days reports on fatigue level on 14,000 patients in
our database and you can click on any of those numbers, the severe one,
moderate, mild, and find all the patients in that category status. You can also
look at all the treatments patients take for fatigue and that would include
Provigil and other treatments.

But interestingly, at the bottom you will find here is a treatment where we
are using Prozac to manage fatigue. Now Prozac is not indicated for fatigue but
when you look at this you discover that when you go down to the Prozac level
and you look at it while we have data on hundreds of patients. I think the
number is about 700 patients taking Prozac. And we have data on the side
effects of Prozac as reported by the patients.

There have been several large independent studies of sexual side effects of
SSRIs. Now understand this is all patient language of patient words, sexual
side effects, sexual dysfunction. That’s not our terminology. That is the
patient terminology that has been aggregated up in a quantitative way. They are
being coded back to Medra and we are actually streaming adverse events now to
the FDA prepopulated med watch information. What this information does it
actually matches exactly the independent studies of the side effect indications
of this drug that are actually five times higher than were indicated by the
large scale clinical trials run by the pharmaceutical industry.

In our customer survey we have actually analyzed what parts of our site
patients use and find the most valuable. The part that patients have found most
valuable is this side effect, this experience on being on a drug and in fact
they have said that we are essentially the trusted information source. There
actually have been several analysis of some of our drug information and we now
have more data from patients on the efficacy, self-reported, or computed
against outcomes and side effects and other effects burden and difficulties in
dealing with drug and cost that are on the labels of those drugs then we used
to get them approved in the first place.

We were looking earlier at the level of data. This was a mood patient I
found yesterday and you will see here their function over the last year, their
distress over the last year, which is really an expanded version of the K6, a
standard question to the index.

MS. BERNSTEIN: This is self-reported information, right?

MR. HEYWOOD: It is all self-reported information. Well, I will go through
that in a minute. We can talk about that specifically. Here is their depression
level over a year, their mania level. These are variations. This is essentially
Myers-Briggs of mood. How do we understand the component analysis of your mood
disorder over time and how it changes. You will see this is a compulsive
depressive that is very different than other kinds of depressives in our

But there is a lot more information. This is their sex drive, appetite,
energy, sleep, back pain, dizziness, and hyperventilation over the last year.
These are full large-scale batteries taken weekly. We actually have a daily
summary from every single patient, by the way, how they are doing as well that
we can coordinate against this, track against sunlight location and all these
other variables.

Then there is the part that we don’t track. This is what they tell us they
add on their own. This is not an incredibly unusual patient. This is the level
of data that mood patients are sharing or any patient who is sharing. This is
an incredibly engaged community.

When I find interesting is we think about what we are and where we are going
to go and this is a favorite quote from one of my hero’s, Einstein. I think we
actually have the opportunity here to invent a new way of thinking about
medical care and clinical research. These are integrated functions and rather
than being a process where we define incredibly expensive, time-consuming,
single-point decisions abstracted from all of their context and information in
the real world, the tempt to build evidence-based architectures that are
deployed out of that context in the real world and make good decisions.

One could imagine monitoring and measuring everything that everyone is doing
when the rest of medicine decides to do this or at least the volunteers now,
that are willing to share everything that are happening so we can look at the
consequence of intervention and outcomes in the context of disease.

This is an analysis for doing lithium in ALS. There was a publication in
PNAS on 16 patients on drug that showed the 60 to 70 percent reduction of the
progression of disease, a huge story in the syndication. There is data on 400
patients who have voluntarily reported the use of their lithium in ALS on our
system. That is 20 times the number of patients in the clinical trial published
in PNAS before the first trial to confirm that has been started. So we have
data realistically on a hundred plus patients at incredible risk level to begin
to analyze this. We are building to develop the tools to do this. We don’t know
how to do it right. We haven’t published the result yet. We don’t know the
power of this approach. We don’t have biases. There are problems. There were
immense issues, but the quantity of data is so huge it begins to wash that out.

I will report one interesting thing. There is no placebo effect on any
experimental treatment we have observed using a psychoactive drug where
patients know they are on it and the subjective reporting scale. That is pretty

I think the other change that is happening here that is not just about
health information is this information revolution happening at the biological
-– my background is drug discovery. The tools of this information
revolution have not even begun to be understood, but it is an information
revolution. It is not a discover resolution. This information revolution allows
us to begin to interact with the human body at a molecular level on a daily
rapid process, and when you combine that with an open recursive measure network
you begin to change the entire way of thinking about medicine.

To our mind and I listen to the dialogue about health records and the
dialogue about information exchange, and I have this primary observation as
someone who has cared for several patients and hundreds of patients with
significant illness going through this disease. There is very little
information about health or about cost or about value in our health system. We
just don’t measure them. We have liability reduction issues. We have billing
– but there is very little information about the primary health framework
that matters to patients.

People talk to us about portability and all these questions. We actually
haven’t found any need to take any information out of health records because
there does not seem to be any information in those health records of value to
patients. When we have that problem we look forward to working with people that
have valuable health information. But I think in this context the question is
how do we define and measure health in the context of patients in the health
and the context of illness. That problem requires that we sit down as
engineers, as clinicians and solve the problem in each space collaboratively
with patients about what health means to the patient, define that information
framework, deploy it in the world, and begin to see what we can learn.

Going to this last question for a second about how privacy impacts and what
this means in our context. I have really been struggling with what I want out
of this dialogue. I was on the panel yesterday with Ken Buto(?) at Bio, and he
started out with his great I’m here from the government and we want to help. I
keep thinking please don’t help right now. I know it is sort of a joke and it’s
not a joke, but I will go back to my question. I think about the 35,000
patients in our system and they are all volunteers. We don’t pay them. They
don’t pay us. It is an environment where they are volunteers. The only value
our company has is their trust. That is it. If we lose their trust our business
has zero value. It is funny the Markle Foundation’s framework when we really
looked at after we built our way of thinking about information. It turns out we
basically met every criteria not because we had actually read the criteria but
because the only thing that mattered to us was the patient’s trust and we had
to figure out how to use that to succeed in making a successful business. That
is a primary value driver for us and how we proceed forward and how we make
deals with pharmaceutical companies, with insurance companies, with actually
government agencies and begin to flow this whole of information about the real
world environment of what is happening backwards. We have to live by these
values of trust, openness and transparency.

Thinking forward I wrote a little bit about idealized medicine in the
–- I am going to read something that came to me yesterday right after our
panel. We have this thing internally where we watch for dialogue in the forums
about where people are using our system and how to optimize, how to make it
better, how to improve to health information frameworks. I’m just going to read
this. This is from the mood community. After nearly 10 months on PLM, this
morning I did my first ever mood map. It showed that function level of high and
a distress level of low. Ten months ago when I joined PLM, I never thought that
would happen in a million years, but with the help of PLM, my therapist, my
psychiatrist, the treatment team in my partial hospitalization treatment now
down to their intensive outpatient program, and a rainbow of different
medications I have made some huge changes. Ten months ago I drove headfirst and
figure out how to get better. The resources here at PLM and the forums to the
tracking tools on my profile have certainly played a big part in helping me to
get to the place I am now. Posting here organized my thoughts and different
treatments and the things that I have struggled with. Tracking medications and
symptoms and mood maps on my profile page helped keep me organized and helped
me to see the patterns and even just to remember how I felt two weeks back to
give me perspective. Talking with other patients here via private message gave
me contact with people when I had severely isolated myself. Even the
interactions in the forum versus via private messages that are ever patient
moderator, this is patient as in the other patient, Maureen Oaks helped me
remember how to work with and talk to authority figures, professionals which
helped me in a side way’s way to be able to return to work after taking medical
leave. Writing this is starting to sound a little bit like an acceptance speech
and an awards ceremony. I love this. It is a great talk.

What I loved about it is it hit every value point that we design for and
there are more that we have not even done yet. Can we tell her whether the
pollen she is exposed to changes her mood? Can we tell her whether the amount
of sunlight changes her mood? Can we tell her whether her stock market
portfolio changes her mood?

I am happy to take questions. Thank you.

MR. HOUSTON: Very interesting testimony and before we go around and ask some
questions I want to make two points that I think is important. It is
interesting that privacy may be a surrogate for trust because trust is probably
the most important thing. I think we can lose sight of that. We try to put
privacy in place when the reality is what the most important thing is with the
patient that there is a trust component.

I think the second thing is a quote from Ronald Reagan who said, don’t be
afraid of what you might see. I think that is applicable in the case of your

MR. HEYWOOD: Can I comment on that trust issue? I think it is a really
important one. Any patient that experiences a significant medical problem that
engages with a medical system loses trust. I mean there is no part of this
system that actually delivers effective value in the mind of a patient that
really begins to understand the information failures that it operates within. I
do think that privacy has become a proxy for a failed healthcare system to
address the primary issue of trust. I didn’t mean to be that dramatic because I
think patients just want their problems solved. They don’t really want to hear
about all the philosophical components of that. It is an important transition.

MR. LEMIEUX: I would add that trust is really what makes networks work. Yes,
you need technology for information to move around but trust is really the
core. We saw in the credit markets what happens when trust breaks down entity
to entity across networks. I think that was a very good observation.

MR. HOUSTON: We are going to start from Sally’s end and work around the
table. Sallie, if you have a question feel free otherwise we will move forward
but I want to start that side first this time.

MS. MILAM: Thanks. In thinking about privacy and personal health records,
as you all have indicated it is important to look to the type of personal
health record that is being designed and why it is being designed in its
business model. With respect to the type of personal health record that would
be anticipated and built to be utilized by clinicians at least in part or to be
trusted by clinicians. Don, when I looked to your slides, and on this side it
is entitled consumer can withhold data by and it’s all in the different types
of granular privacy options. Do we have any research that indicates physicians’
reactions to this sort of granular —

(Phone interruption)

DR. MON: — opportunity to do some research.

DR. FRANCIS: I want to ask a couple of related questions. The first is about
patients altering and this mostly for Don Mon. There is a distinction between
masking and changing and I think one of the questions we have had in terms of
thinking about privacy protection has been on the side of the patient being
able to mask certain forms of sensitive information and I wonder whether –
your slides put them together and I wonder whether he meant things particularly
from the side of provider trust whether it looks different and whether those
two ought to be separated out.

Related to that the other side of the question that I wanted to ask is that
to say that as high tech does that consumers ought to have access to their
electronic health records is not the same as saying that they ought to be able
to download them. To be able to go in and look at something is different from
being able to get an electronic copy. What I wonder actually is whether the
PatientsLikeMe model as I understand it is patient-entered data. Do you
envision the possibility? I realize you don’t think there is much useful in but
hopefully there might be more at some point useful and provider kept. Do you
envision the idea that eventually what you might require by way of sharing is
that there be a straight out portal downloading from electronic health from
EHRs into PatientsLikeMe?

More generally on that front you sort of half answered this with saying you
agree with the Markle framework, but are there things you won’t let be done
with your data that you think it is especially important to patients that you
don’t let be done?

DR. MON: Let me answer your questions. Regarding the masking versus
modifying. First let me back up and say that the slide says on your copy
consumers can withhold data and you will notice that I had changed it to what
we are hearing on the actual presentation because I didn’t want to represent
that this AHIMA’s views. These are what we are hearing in the industry from
consumers as well as within the standards community.

AHIMA’s stance on this is that we encourage consumers to disclose as much as
they are comfortable with to their providers and trust that the providers are
going to keep that health information confidential. One of the issues and I
will come to your answer in a second here, but to address a previous point
along that same line. One of the issues is the fact that the consumers’ trust
has the higher level of trust with their direct provider. It is the
unauthorized users that who can access the system that they are concerned with.
You take a well-known case where a celebrity’s records have been hacked into by
15 different users because it is a celebrity. That is what they are concerned
about is that other people are going to know about that kind of health

As to your question about masking versus modifying, the interestingly as we
have talked with other countries masking came up from France and Canada because
in their model, their national model, their underlying record is an underlying
EHR and so that is serving as their record for legal and business disclosure
purposes. They are enforcing the masking as opposed to any kind of direct
modification. AHIMA supports the notion that consumers can add to data with
annotation and may mask. We prefer that consumers do not delete or modify data
without an audit traceability. We are currently from AHIMA standpoint thinking
about this change in attribution discussion that I had talked about at the end
but the standards community is definitely considering that as a viable option.
There are many controversies related to that because some of the vendors are
saying how can we ever stop consumers from modifying data when it is that bar
in that diagram where it is a record that consumers keep for themselves. They
certainly won’t have that capability when the underlying record is the EHR and
that is why I was saying that it is one size does not fit all.

As to your question about the difference between access and download, we
agree that there are distinct differences. We are hearing that there is uptake
on the provider-sponsored PHRs simply because it provides them that access
convenience as well as the auto population whereas being able to download that
data into a PHR has become somewhat of a strain. Currently we agree with the
Gartner reports that there just isn’t universal interoperability. You can’t
take every PHR and every EHR and exchange information across one or to each
other and that issue has prevented much of the download issues.

MR. HEYWOOD: You actually hit two really great questions. On the download
question there are two current barriers to us doing that. One is that HIPAA
does not apply to us because we are not dealing with healthcare source data.
Beginning to change that changes are legal status environment. It’s not that we
don’t comply with it. We essentially follow the same framework and then we can
talk about the issues or advantages to that later on, but it doesn’t currently.
That might change that status –

The second one is it has really more to do with transparency and surprises.
One of the great things about our community is that when you type in the words
Acyclovir, you are clearly communicating to the world that you are taking an
anti-herpes medication whether it be for cold sores or whatever and so
therefore you are actively pushing that information. You are writing it. You
are authoring it. You are committing a free speech act essentially. If it is
ported from some other location, we need to design an interface that really
makes it clear that the information becomes your authored information. It is
not so much for any legal reason as much as it is for a trust reason, which is
that we don’t ever want anyone to be surprised about what is in PatientsLikeMe
because that is one of our primary principles as a company.

You know, on the won’t let be done component that is actually a very
interesting question. I no longer believe that there is any such thing as the
de-identified information. I think that we should all stop pretending and the
reality is that any insurance company could go to our public site to the 20
percent of the patients that are public and match stop dates on medications and
ages and identify every patient with 98 percent certainly really easily. I
think you can do that to anyone and anywhere in anyway. I think Justice Scalia
just had that done to him recently. We can all get his wife’s email address.

What happens in that world? What happens in a world where there is no
de-identified information? Because we are in that world and we can pretend
otherwise, but we are. In that world I think what we won’t let be done, what
our agreements explicitly call out is the use of the information to
discriminate in any way against our members. The companies that do business
with us commit to non-discrimination. I think I would love to move the privacy
discussion both philosophically to the value of openness and secondly and I
have said this to -– in the past. I think it is a weakness in the concept
of privacy that we live in a society that tolerates discrimination and chooses
to punish the flow of information rather than the use of that information to
harm people. I actually think it is an incredibly un-American value. I wrote
this in the testimony. We live in a society where all are created equal and
that philosophical statement has to be applied to every component of our world.
Again, we all have varying health statuses. We all have issues and the idea
that we can pretend and hide that information in a world where everything will
be known is wrong. We just have to figure out how to philosophically live in a
world where we are able to get the most out of everyone in their ability to
live and love and be productive regardless of their health status. If we don’t
start that journey then we are delaying an inevitable problem.

MR. LEMIEUX: I would certainly like to see the possibility that if I were on
a site like PatientsLikeMe or some other site that I would be able to at
minimum taking a look at what data could be electronic and is generally a lot
more normalized and codified right now my labs and my medications. I would like
to be able to download that to an application where somebody can show some
analytics on it. I can do some of my own analytics. The communities can have a
more rapid environment. We definitely want to see as a possibility and a choice
and think that that’s the type of future that we should be aiming for.
Information policies and expectations should be part of that world. I hope that

MR. HEYWOOD: This goes back to that audit question too. Let’s face it. There
are no applications for health information yet. We are trying to regulate a
nonexistent world. No one has any idea what anyone is going to do yet. It was
said in the earlier panel. We need to be really careful about thinking about is
this for research subject use? Is this for billing use? What are all the
utilities that we could do this stuff for? There are so many significant
unintended consequences of the way we could regulate or disrupt this that could
essentially prevent it from getting off the ground. I think it is really
important to use a light hand.

These theoretical issues around worrying about physician accountability back
to primary source or auditing. Those are all great and important but they are
really theoretical. No one is doing it now anyway. Let’s start the process and
see what is demanded why the world as it is building it as opposed to –- I
am not saying don’t presolve but let’s just get started.

DR. MON: Can I address that point for a minute? It goes back to the point
that I was saying that this isn’t a one size fits all solution here because if
you take a look at those nine bullet points that I had there, many of those
things cannot be allowed to be done where the underlying record is the
provider’s EHR. Certainly not being able to hide data or delete data with or
without audit traceability and so on. I believe that there is a certain level
where privacy protections matched against these nine points can apply to the
provider-sponsored PHR. The non-sponsored PHR are where we have the open
questions. The point that I want to make clear is that when we make a statement
as Jamie just made that it is important to understand which model are we really
talking about. It wouldn’t apply necessarily to PatientsLikeMe but it would
certainly apply to the provider-sponsored PHR model.

MR. LEMIEUX: In the digital age almost every piece of information is a copy.
If I send an email document you now have a copy of that document. You can do
with it what you want. It is possible for an organization to actually have or
maintain different copies of information with different rules applying to each
copy. This is a complicated world that we live in but there is not much going
bad. One of the things that was important I thought of the common framework for
network personal health information is that we had a lot of HIPAA covered
entities, very large and prominent health insurers and provider groups that
agreed to a statement that personal health information data flows are special
and that those information flows should not be used for discrimination or
compelled disclosures of information. You shouldn’t tap the personal health
information record for those purposes. Now that doesn’t get us all the way to
what Jamie describes as the societal value where people aren’t penalized for
information about them being sick, but it is an important step I think to
realize that personal health information services and electronic copies of
information that are controlled by or initiated by the patient have a level of
protection that goes beyond what you would expect from treatment payment
options under HIPAA and I think that that was one important accomplishment.

MR. HEYWOOD: Can I share a personal story that relates more to the hospital
side? I am sure we have all used personal stories to relate to this. Going to
this question of theoretical harm versus real harm. Two stories. One is when my
fiancé who works at Boston Medical Center as an MP in one of the general
surgical practices was pregnant. Early on someone accessed her health record to
find that out because she was a patient in the same hospital. They ran the
audit trail or whatever. It was emotionally complicated and difficult and maybe
people knew about it a month earlier or three weeks earlier. Too bad and I wish
it didn’t happen. At Mass General my brother and the respiratory care unit
through a pulmonary embolism and was intubated and because of his ALS had a bit
reflex and he bit through the intubation tube. They had to give him enough
muscle relaxants to essentially kill him and in the process after the whole
experience transfer him up to the critical care unit. In the critical care unit
someone evaluated the replaced intubation tube, felt it wasn’t placed right,
and decided to reposition it, removing the bite guard which he essentially died
because again with a blood pressure close to zero because he bit again down on
the same tube within two hours because the information did not flow from one
critical care unit to another critical care unit in Mass General.

How do I weigh the relative harm of those two environments? Do Liza and I
really care that someone at work stole her data and found out she was pregnant
two weeks early. Did it really hurt us? No. Did my brother almost die in a very
realistic way? Yes. So I think that this sort of assumption of theoretical
versus real harm is just lost. As a discovery person I use this model all the
time. I believe without question that ALS will be cured someday and I think we
can prove pretty conclusive that the approach to privacy in discovery is adding
at least a year to the timeline that will happen. There is no question that
this sort of patient protection is a component of that. It is a very simple
math problem. That means that 5,000 people are going to die because of the
privacy rules we have in place in one disease to prevent the theoretical harm
of protection of these subjects from abuses in the medical system. I don’t see
the downside. I guess we need to really put this debate back on this
philosophical side where openness is what matters.

MR. HOUSTON: Remove stigma and I think you will have more openness. I had
some questions but I am going to defer to Paul so that he can get his questions

DR. TANG: This is a very interesting panel. I have a few questions for
Jamie. Jamie is used to tough questions. I know he is not afraid of them but I
think we will learn something from understanding some of your thought process.
One I appreciate your openness about your openness policy. It may be the
antithesis of privacy but at least it allows us to discuss and put things on
the table.

One you mentioned that trust is everything. I can’t figure out what people
would trust you to do or not to do because you do say you gather the
information. It is all identifiable. You solve the data. What is it that people
are trusting you to do or not to do? That is first. I think probably getting
your response to each one in turn would be helpful.

MR. HEYWOOD: I think we very explicitly speak to this issue on this site in
the dialogue. They are trusting us to responsibly use the information. They are
trusting us not to sell the information to life insurance companies. They are
trusting us not to use the information to allow insurers to discriminate on the
basis of pre-existing conditions. They are trusting us to use the information
to advance their own personal disease management, interest and ability, and as
a community the community’s disease management and interest, the ability to
understand and improve the condition of the disease.

There are areas where we have questions we have to deal with. Do we give one
pharmaceutical company exclusive access to a particular kind of data? How do we
balance some of our customer’s data needs against the patient’s data needs?
Those are very complicated questions. I guess there is no other way to say it.

Actually it is interesting we were discussing whether to enforce our
trademark against other companies. One of our board members said what is in the
best interest of patients and that is what trust is. Trust is that you answer
that question in that context.

I would say I will turn the question around to the medical system that is
essentially asking us to justify our own trust in this environment. I think on
every one of those merits the current medical system is demonstrably
financially and implementally failed. It is an interesting parallel which is to
say that in an environment where as often as not there is more harm than good
than comes from going to the hospital to question the trust information
process. I think that is the gist of it.

DR. TANG: Let me go to the next one then. It feeds off of that. These seem
contradictory and so I’m just asking for your explanation. You say you make the
buyers of your information assert that they will not use it to discriminate.
You did say in your written testimony that among the folks you sell data to
pharmaceuticals, but you did say insurance companies as well. You said just now
that not life but –- why are they buying this information in the first
place if they are in the insurance business and don’t you think they could
discriminate against patients like you, the generic, and like your family? I
understand what openness and detailed quantitative information as you described
brings to your model and I can understand what voluntary participants get out
of that participation. What I guess I don’t understand is how do you protect
others. I assume even though your side is about openness and it is the price of
admission, you respect other people who want to be private for whatever reason.
How do you balance that clearly other people either like “me” or my
family members also have been admitted to this? Are there unintended
consequences of that?

MR. HEYWOOD: You asked several questions. Why do insurance companies buy the
data? What we have in the diseases that we operate is a new primary source of
health outcome information as to the best practice of management of a disease.
Companies that are in the healthcare business are presumably interested in
healthcare by that data for that purposes. There are a few insurance companies
that actually believe they are in the healthcare business and they want to do
better at it. We are one of the sources that we can do a partnership in that.
Again, if you listen to the case of the patient whose example I read, there is
a 33 percent, one percent, one month readmission rate into inpatient mental
healthcare. It is incredibly expensive. It is a huge cost for every insurer. If
the participation and essentially our equivalent of a voluntary peer care
environment reduces that, everybody wins and the patients go back to work. I
think that is the interest in that space.

The second part you asked and I am trying to get it. Tell me again

DR. TANG: One of your value propositions that you can predict. You have this
model for what is going to happen to people like you. Clearly each of your
participants is in a group so any impact on “me” has an impact on the
group. That group can be either patients with the same diagnosis or family
members who have the same genetic predisposition. Aren’t you making a decision
collectively both the individual giving up their information and you
aggregating it and republishing it? What is your sense of responsibility for
other people like them?

MR. HEYWOOD: I think there are two parts to that. We will get to the
genetics and reeling of other people’s information in a second. The first one
is I think in essence the best you can do is getting it right. When we redefine
a part of our ALS communities having primary lateral sclerosis and offered an
option to have a different diagnosis, it changes the curve because the primary
lateral sclerosis patients that used to be very slow ALS patients first,
second, third, fifth percentile now left the pool, shifted the pool down, the
curve changed, and then all of a sudden you could be a 50th
percentile primary lateral sclerosis patients. I think the issue is you have to
deliver that information ethically well as best you can put the patient as the
primary framework around that problem. Again that is a trust issue. If you blow
that – by the way they tell us when we get it wrong. It’s not like we have
a quiet community.

The second part that has to do with if I reveal something about myself, I
reveal something about my family is a complicated one. There is one thing by
the way. We don’t put names on the website so it is not like we are putting
people’s names out there. We don’t have any evidence that anyone has really
gone and found someone other than they revealed their own name. I think that
issue has been dealt with for a long time so we just added this genetic search
engine. You can go to one community. You can type in a mutation and you can
find everyone else in the world with your mutation with the disease and in fact
were building tools that will show the variation for your progression for your
mutation within the context of the specific genetic indication. You can see
whether an A4V is faster than a D90 in ALS. We thought about that and if you
say that you are an A4V patient or you are an SOD1 patient with an A4V, you are
revealing something about your children and your siblings. You are revealing
they all have a 50 percent chance of a perfectly penetrate disease. But in the
same way if you write a letter to the editor of a paper and say I have
Huntington ‘s Disease, you have done the same thing.

I think that if you think about what the people do on our website is that we
give them a place to commit free speech in the medical realm. All I can do is
help someone to understand the impact of their free speech. But it is someone’s
right to discuss themselves and due to the fact that I went to MIT does that
mean that my brother was more likely to go to MIT? We all do that in every part
of our lives and he did. There is coincident data that you can pull up and
these inference engines will be visible as we get better and better
computational tools to solve it. I think that’s not a new issue. I don’t think
that it is particularly a health issue. I think it is just a societal issue
that we have to deal with as how we as individuals in communicating about
ourselves have a responsibility to communicate with others.

MR. TANG: Final question and this actually is – you were at a Markle
conference way back in December of some year, and you made a challenge to the
audience. I haven’t solved the puzzle yet. For a $100 you could find out
everything about anybody in the audience. How do you spend those hundred

MR. HEYWOOD: I think if you buy a credit report -– there is actually a
fair amount of evidence that the cost to buy someone’s medical record out of a
medical –- 20,000 people that have access to your medical record at your
center. You look at that and you say in a system where there is a network of
thousands, there is always a weak link.

The other way I think about that problem is -– I just applied for life
insurance, and I have a very public profile so my life is hidden. None of the
life insurance companies googled me to find out any of the information about my
life. It’s not like we don’t have that information. Maybe they do at some
level. But that’s a question for me to think through. Maybe they should have.
Exactly. What we have to do is eliminate the value for that information from a
discrimination standpoint.

I will tell it one other way. When you are a small business owner you deal
with discrimination on a regular basis and I will give you three very specific
personal examples. The first was in my research lab. We hired a cage cleaner
and he was a really nice guy. We had a high-end research lab, lots of expensive
employees, great benefits package. We just ran through this analysis that said,
he has a family and we are paying him $9 an hour to clean cages and the
benefits package for a family is $17,000 and the benefits package for a
nonfamily is $8,000. We are going to spend literally 50 percent on his salary
extra because he has a family. We hired him anyway but businesses don’t make
those decisions. They always act in the interest of money. So that’s why if you
are single and low-income wage you are going to get the job because it costs
more to take care of benefits for a family.

The second is hiring someone that was HIV positive who revealed to me ahead
of time that he was HIV positive. Small insurance pool, 30 people on the plan.
He is going to blow the plan up. I am looking at a net cost probably the
business of $50,000 to $60,000 just as a rough estimate for moving this out of
a low-risk pool to a high-risk pool. Do you do that as a small business? Can a
small business afford to hire someone where their entire salary is going to
-– the answer is I did it anyway because you have to make the ethical
decision. But this is the problem that we deal with in our world. Should I
blame that person for telling me that they were HIV positive? Should I blame
this sort of nice guy that we hired that has worked now for us for six years
for telling me that he has a family? This is the wrong way to think about
information and problems. Businesses shouldn’t bear those costs. They should be
separated. We live in a world that tolerates discrimination and punishes –

MR. HOUSTON: If you would like to ask a question, Walter, please. This will
be our last.

DR. SUAREZ: By the way just a comment. Thank you for this. This was very
stimulating. I do have to say PatientsLikeMe seems to me to be more of, you
explained it a little bit, is a platform, is a social network of health-related
issues. You put us into a very unique position of perspective of looking at
personal health records from a different angle in the sense that the
traditional if there is such word of traditional patient health records,
personal health records are actually very protected. They are painstakingly
protecting the data with patients that enter the data by the patient they have
received from a provider into that record and they have also some protections
and mechanisms to avoid anybody else accessing it. You look at it from a very
different perspective. You look at the value of sharing that data with others.
It is a very different perspective of personal health information sharing. You
do have a component as you explained on a personal health record where people
can put in their data and things like that, but the biggest value or the
biggest aspect of your venture is really the ability for sharing information.
It has created in my mind a challenge of now seeing a completely different
aspect of personal health record information use and so I appreciate that by
the way. I did go and try to log in. Of course my Blackberry doesn’t have a
java application so I couldn’t, but I did read your privacy statement and there
are some very interesting things about it that I think would be worth
commenting. I will stop there and I appreciate you.

MR. HOUSTON: We thank all the panelists. This is really again stimulating
conversation. For everybody who was in the first panel as well as you if you
want to supplement your testimony feel free to do that as well. Otherwise we
are going to take a one-hour break. Actually a little bit less than one hour. I
would still like to reconvene at about one thirty for the next panel in the
afternoon which is I guess is non-provider/non-plan-based PHRs. Thank you very

(Whereupon, a luncheon recess was taken.)


Agenda Item: Panel III – PHRs Offered by
Non-Provider/Plan Entities

DR. FRANCIS: On behalf of John Houston and myself, I am delighted to welcome
you to the second part of today’s hearings on Personal Health Records. This is
a hearing conducted by the Privacy, Confidentiality, and Security Subcommittee
of the National Committee on Vital and Health Statistics. Our panel this
afternoon panel three of these hearings, is on the topic of personal health
records offered by non-provider/plan entities.

We have four participants: Marc Donner who is the director of engineering
from Google Health; Colin Evans who is the chief executive officer from Dossia;
Philip Marshall who is the vice president for Product Strategy from WebMD
Health; and Michael Stokes who is the director of Policy and Compliance in the
Health Solutions Group of Microsoft.

I want to welcome all four of you and invite you to discuss with us briefly
the written testimony that you submitted in longer form and then we will move
to discussions. I guess we should just go in the order that you are listed in
the agenda and we will start with Marc.

DR. DONNER: I will try to be brief. Google Health was a PHR launched in May
of 2008 so just a year ago. It is a non-tethered PHR in which the information
inside is user controlled. It is free to users and partners. As of this date we
have in the tens of partners and twenties of third-party services integrated.
There are no ads. It is a platform model which basically means that we source
no data though the consumer whose profile it is can enter information about
themselves, as well as get stuff from pharmacies, from labs, and from medical
record systems that can transmit appropriate CCR data.

The business model question is addressed on this slide. It is again free to
users and partners. There is no advertising within it. We get asked that
question of course because our core product is very advertising funded. Our
current objective is to provide good service to drive ultimately people to
allow people to remember to go to google.com for search. We do not and will not
sell user data. The core understanding in our design of this is that the user
controls the Google Health account. The data is not shared with anyone unless
the user tells us explicitly to do so. Data sharing is revocable at will by the
user and data can be deleted at any time. It is an open standards based. HL7
released three CCR and working on CCD. We are measuring success by the usage
both in terms of number of profiles created and in terms of the amount of
regulate activity.

The three key principles we outlined in the testimony for the PHR. Consumer
empowerment is one of the key drivers of the design of the Google PHR. We
expect consumers to take charge of their health information. They can store
medications, allergies, you can read the stuff as quickly as I can, diagnoses,
conditions, test results, immunization records, anything basically that is
health relevant they can enter. We can either download it from capable source
systems or manually entered.

We built the system around privacy protection. That basically means that the
owner of the profile is in charge. They control who sees it. They control what
is in it. They can delete information that comes in from an external source
though they can’t modify it back to the point made in the previous panel. If
they self-enter data they can modify that, but data that comes from an external
source are either present or absent. It is not altered.

One of our key objectives is to support data portability so we are strongly
behind the efforts to standardize the data interchange in this space. We have
implemented as I said HL7 CDA released three CCR and we are working on CCD. We
are considering adding the ability to take in HL7 released two records that we
don’t expect ever to be able to admit them.

Things we have learned from doing this so far. We learned as everybody here
knows from the e-Patient Dave incident in Boston that raw data must be clearly
interpreted for consumers and there is a lot of deep assumptions in the
communications among specialists and professionals that consumers are not aware
of and that becomes a very substantial issue when data whose purpose is
communication between professionals is then made available to consumers who
don’t have the background and the context. The challenge will be to figure out
ways to interpret and translate that information effectively.

It’s a very early days for these kind of things. We don’t believe that a lot
of the possibility space has been explored in terms of what might be done with
this, but we scratch our heads and think about what could be done with these
data. I would love to get a text message when it is time for me to take my
pills or whatever the case might be.

We think that acceptance by the physician community is important because
they are a key source of data that is currently not in any meaningful way
flowing into these systems. A lot of the very fundamental issues of the
language of communication have to be addressed before that is going to be a
comfortable thing.

Identity verification is a critical piece of the puzzle. Many of the systems
with which we would like to integrate don’t have a clear concept of an identity
of a patient. They have a bunch of information with some identifying markings
on it that are not coalesced in a clear way into a well-identified unit. They
often don’t have a consumer facing relationship that you can deal with. Given
that our model basically is mutually authenticated it is very hard for systems
of this sort that don’t clearly identify an entity, a person at the other end
for them to send us data in an effective way. That represents a lot of risks if
I do a partial match, which says I got the name approximately right. I have the
address approximately right. I send some data and it turns out to be the wrong
person. What is the recovery process for that?

Fundamentally right now we observe as we work through the integration of our
systems with various providers that the incentives aren’t there for people to
really want to play.

Quickly and finally, policy recommendations from us. Make patient data
accessible to patients. That involves the standardization efforts and
certification efforts for the core systems and in some sense the patient’s
rights to the data in the form of their standard in the container of their

Interoperability is a key to this. If a patient is going to move from state
A to state B, they need to be able to take their information with them because
their body goes with them.

We need to really begin to drive clear sense of identity in the source
system so that when I hook up my system, my PHR to a source system I get the
marked on or that I am not the other marked on that might exist. And then
continue protecting consumer privacy. The breach notification stuff is a good
first step in that but I don’t think the regulatory environment is complete. We
expect there to be more stuff to happen in that space. Privacy is a big issue
for Google. We worry about it all the time. That’s the end for me.

DR. FRANCIS: Thank you. Mr. Evans.

MR. EVANS: Good afternoon. Thank you for inviting us to participate. I don’t
have any slides so I appreciate your consideration on this important and timely
topic. For the daunting homework assignment you must have had to read all the
stuff that we sent so I don’t repeat the stuff you have already read. So I just
want to make some contextual comments about how we see this world evolving and
some of the challenges we face.

Dossia’s primary focus as a system being paid for by large employers who
want to build a system for their employees to have a truly independent
repository for their health information whether they collect it themselves or
whether we can collect it for them from institutional sources or from their own
instrumentation in some way. Our promise is to get a life-long personal,
private and portable repository and that portability is important because it
gives people a chance to change provider, change plan, change employer, change
whatever and not feel constrained as a buyer of healthcare for moving in the

So six, half a dozen points that I want to make quickly. I will probably
echo some of the comments that have been made this morning which were
fascinating and I am sure I will say some of the same things. First point it
disappoints me greatly but as a CEO of a PHR company, but people don’t get out
of bed in the morning and say boy I wish I had a PHR. They have their problems
in life. They want to manage their diabetes. They want to get help from a
friend because they are going through chemotherapy. They want to get their
father signed up for Medicare Part D in its bewildering complexities or they
just want to get into a dress size two sizes smaller for the 20th
school reunion. They all have problems that they are dealing with and health
information is critical to all that, but the PHR itself is not an end. It is
merely a means to an end as a repository and a toolkit for getting people to
engage their own health.

Secondly, it is fascinating to listen to the EMR/PHR labels we put on
things, but I think that EMR/PHR labels are really way too limiting in scope.
It seems that’s already come through today, the idea that these are computer
systems. One has a person with a white coat in front of it and one has a person
with a chest pain at home in front of it, EMR/PHR. The world is a lot more
complicated than that. First of all the mythical EMR doesn’t exist. It is a
very fragmented system today as we know and mainly on paper. There is probably
a reason why HIPAA rhymes with paper.

We are also on kind of a beginning of a pretty expanding universe of
personal health systems. We have home monitors, retail genomic testing,
patient-to-patient portals. We have some of those discussed this morning.
Health clubs and bicycles that produced data. Connected glaucomatism(?) weight
scales. All of these systems that are just beginning to be used. Creating data
at a very large rate and it is all being created with an individual putting
themselves at the center of the universe. They want a dollar for their doctor
but at the end of the day the one thing the Internet explosion has told us I
think, is that people see themselves as the content whether it is Twitter or
email or health data. People want the world to focus on them. I think health
data is no different. We are in the very beginning of something and the puzzle
of regulating and defining that is premature. It is bit a like in mid-90s
deciding that a 56k modem is the definition of connectivity. If we locked that
in as a standard then Lord knows where we would be now. I think we need to be
careful as we consider this.

Thirdly, I would argue that this isn’t just about medical data even though
there are a lot of doctors in the room here and obviously clinical data is
important, but it’s not the only thing that people want to manage. They want to
get their fitness information, their personal diaries, their advice from
friends, private emails with – there is a gentleman here representing a
group of people exchanging information about cancer diagnoses and so forth. I
think all that information constitutes somebody’s nexus of their health
information. There is an awful lot of useful information. There is a lot of it
that is already digital, but not all of it is medical in a sense that it has to
come from a doctor.

Fourthly, I would say certainly from an employer’s perspective healthcare as
we know it is not sustainable. From a cost and quality standpoint any serious
attempt to reforming healthcare I think really has to rethink the care model.
Any rethinking of that model whether you call it medical harm or you call it
care in different context or different location. All of those new care models
focuses on I think a need for new forums, new communications, new dialogue, and
a great deal more in individual involvement. As much as we like to think about
doctor performance being the core of our cost and quality problem, in fact
patient performance is just as equally important part of that overall equation
particularly in chronic care where most of the actual care takes place outside
the clinical setting. Empowering individuals to me is also critical about
health reform.

Overall the focus on the individual, we are delighted that Congress extended
that codification in the high-tech act and gave people the right to actually
download their information not just to see a copy of it. We think that is a
very important part of freeing information up and making it liquid for people
to actually to use. I think a lot of the discussion we had today about what we
should do with healthcare seems a little bizarre and in fact we are also trying
to get the information to the patient. I think we need to be really careful
about how patronizing we end up being with individual’s data.

Sixth, and last point. PHRs really are a brand new animal, new creature,
probably new species. I don’t know. I don’t want to take that too far – that
need appropriate rules. HIPAA clearly was not designed for universe of
empowered healthcare consumers and certainly from a Dossia’s perspective, the
expectations from a consumer’s perspective about personal health systems is it
they have a much greater degree of granular control of what happens to the data
than they get from their blanket granting of HIPAA admissions to a healthcare

I will just call attention between controls and data liquidity. There is
even bigger attention I think between our ideas of what consent and control
might look like and the actual complexity of that in consumer’s eyes when they
confront how easy it is to use nonhealth systems and see how hard it is to use
health systems. We are actually creating kind of an inverse of what we are
trying to do. We are getting people suspicious of systems because of the
interaction rather than feeling reassured because they have all these check
marks they put on boxes.

I think as you consider your recommendations to the Secretary and the
Congress, I think we should really ask one very simple question when we are
considering any rules. One is does this help every American get the health data
if they want it? Are we making that an easy, simple, cheap thing to happen? If
we can actually create some consistency between HHS, FTC, and the states, and I
realize that’s a little bit of a tall order, the people at this table could
probably build systems that will empower individuals to change health and
change healthcare. I would very much like to enroll your help and figure out
how to answer your questions to make that happen.

DR. MARSHALL: Thank you and thanks to the committee for the invitation to
participate today. We took the decidedly creative approach to listing the
questions and then our answers to each of them. So I am sure you share our
enthusiasm for that exciting approach. It is printed now by the way it was just
recently printed. It is available for you in that form.

I am going to be summarizing really our answers to some of the more
important questions not that they weren’t all important, but to some of the
ones that we felt were more pressing. With regard to question number one, what
is the problem that we are trying to solve and what is the business objective?
We really see personal health records as a way to help consumers to gather,
store, manage, and share their essential health data and we think what that
helps to do is to achieve some of the objectives that are actually shared
across all the stakeholders in healthcare be they payors, employers, consumers,
or providers and that is to provide a greater continuity of care in order to
improve quality and outcomes. That is the role that we see them playing.

When it comes to the business model that we have around personal health
records at WebMD, while the business model is still emerging around how they
might be used by consumers and the benefits of that in the WebMD.com free to
the consumer environment today and as has been the case for now almost 10 years
the PHR is licensed as part of a broader WebMD health and benefit manager
solution to large employers and health plans which they use then in part to
support their health management objectives, their decision support, and
consumer-centric objectives that they have.

On question number three, how do you envision your offerings, as well as the
health IT industry and, specifically, patient-facing online services, evolving
over the next 5 or 10 years? This obviously is a very important question. As we
see health information exchanges, RHIOs, the National Health Information
Network being a great area of focus right now especially as we look at the
stimulus funding and while they certainly hold promise on helping to connect
doctors to a variety of different data sources, we actually see personal health
records as helping consumers to connect to also a variety of data sources and
that may be that arises in the relative near term. By doing that then not only
is there not only potentially the opportunity for a greater continuity of care
from information that is available as it is facilitated by the consumer, but it
can also support a variety of services that help the consumer lead better life
and manage their expenses all at the same time.

Question number four, how do you envision the relationship between PHRs,
electronic health records, providers, plans, health information exchanges, et
cetera over the next 5 to 10 years? Certainly we believe that the relationship
between all of these parties will continue to elevate the consumer and while at
least by our observation the patient hasn’t necessarily been prioritized as a
participant among a lot of the health information exchanges. We do see that as
evolving as we see health record bank efforts emerge and some of the more
recent health information exchange efforts emerge. We are seeing patient
connectivity being prioritized among them and we feel like that is a very
important trend. Even with regional organizations or community-specific
organizations there is still going to be the challenge of having true
continuity of care for the user especially as they move from place to place. So
certainly we feel that the personal health record can help to offer some
solutions to that problem. We do see the personal health record as
complementing the electronic health record and I will speak more to that in a

How does information come to reside in the product or the service that we
are offering? We now have coming on about 10 years of history with the personal
health record and certainly at the beginning of that time after our initial
launch in September 1999 self-reported data was really how data got into the
PHR. Data could also get into the PHR through the taking of a health risk
assessment which as you might know is something that is a very common activity
within a beneficiary population whether that be of a given payor or of an
employer. So things like past medical history, current health conditions,
biometric values, family history, social history. These are the kinds of things
that health risk assessment at least by our observation can come from tools
like health risk assessments and they can do a great job in delivering that
data to the PHR.

However, over the last now more than five years we have facilitated the
import of professional data into the personal health record that includes
laboratory test results that includes medication history from medication
claims. It includes a variety of data elements from administrative medical
claims data. There are increasingly large number of data sources that can be
useful for the personal health record and certainly as I have already mentioned
that is beginning to now extend into the electronic health record and health
information exchange realm.

Question number eight, what kinds of privacy protections and policies are
you building into your products and services? We employ a variety of security
and privacy practices. We have participated with the Markle Foundation’s
Connecting for Health and the Common Framework and certainly the policies and
practices recommended there. We certainly enthusiastically support. Also the
policies and practices that we have developed we feel are consistent with the
high-tech provisions as well. And of course central to the personal health
record is the user, the consumer control over their data and certainly that
just as a matter of practice is certainly one of the most important aspects of
what we do to ensure privacy and security.

I am going to go ahead and move down to question number 13. In what ways is
the model notice proposed by HHS helpful to you, or not helpful? This was an
interesting question for you to ask and I am actually glad that you asked it.
Since I don’t know when many, many years ago we worked very hard to make sure
that what we are telling the consumer when they sign up for our service about
their privacy and security and their control over the user data and their
rights. We have tried to make that as easy to understand by the end users as
possible. There are certain guiding principles that groups like TRUSTe and URAC
have provided to help us in that regard. We have really attempted to make that
as easy to use and as understandable as possible for the user. When we talk
about the model notice certainly the intent behind the model notice, we respect
that very much.

What we are concerned about is that the more you put this kind of check list
or three, four, five-page notice in front of the user and even under the most
recent version of the CCHIT PHR criteria the user is asked to confirm that they
have read and they understand this. This begins to add more and more and more
steps into a process that the consumer was really kind of hoping would help
their healthcare experience be more efficient, quicker and easier. Certainly
again the intent is well respected. I think we have to be aware of the true
impact because the truth is that people see 20, 30 check boxes in front of
them, I’m exaggerating, but I think you understand the point. They actually
they don’t increase their trust of the service because it deviates between
those services that they are most used to whether it is online banking or it is
other services that they trust and use everyday. I think it is something that
we need to be aware of.

What challenges do you find in managing individuals’ authorizations and
consumer-directed access to their PHRs? Consumers understand the idea of making
their essential health data available in case of emergency. They understand the
idea of being able to email their doctor, be able to print their immunization
list on their children. What’s not yet certain is to what degree they will
embrace a more granular level of discretionary access control. I think many of
you are probably familiar with the CCHIT criteria with regard to third-party
access. It’s I don’t think yet clear on how well consumers will embrace that
level, detail that they might have to go in order to share their information. I
think as long as others and we make that as easy as possible then we should be

Moving on to question 18, to what degree do you anticipate providers
accessing patient information through the PHR? Another very good question.
While WebMD has created a “break the glass” model of access that the
consumers can opt into to enable care providers even emergency care providers
even when they are unconscious to be able to access their authorized
information. That is any information they haven’t specifically withheld for
purposes of sensitivity. The truth is that we see that as a safety net for end
users, but really the use of this information in the clinical work flow we feel
will come when systems become more interoperability. That providers will
continue to use the systems that they have adopted that they have purchased for
their clinical work flow and when they are seeing a patient for the first time,
we believe they will leverage a CCD or CCR snapshot of that user that might
imported from the user’s PHR to the extent that the PHR can more accurately
reflect what the person might otherwise try to represent verbally then we feel
that that is a great value. Certainly the PHR unlike the EHRs are probably a
little bit more likely to represent data from across the continuum of care. It
is really through interoperability that we feel that information will be
utilized and we feel the PHR can complement the EHR in that way, but we don’t
necessarily feel that the PHR at least as we perceive it is built first and
foremost for direct care provider access.

How have physicians’ practices or relationships with patients changed with
the advent of PHRs? Well we haven’t observed that to occur just yet, but again
I think utilizing some of the interoperability methods that I mentioned, the
availability of this kind of information when seeing new patients in
particular, or being able to utilize some of the home monitoring information
that might have arisen since the last visit. These are all ways that the PHR
will complement EHRs and through the interoperability standards that should
become more available.

Finally, how do the changes to HIPAA in the Recovery Act affect your work
with PHRs? First of all let me say that the HITECH Act’s provision that allows
consumers electronic access to data held in electronic form is a great
addition. I think it will help to support the furthering of personal health
records and their adoption. We may be a little bit unique in this regard when
it comes to HIPAA that we actually have served as a business associate with
each of our employer and health plan customers for some time. So the provisions
that may depending on your interpretation require that PHR serve as business
associates to cover entities when they are taking in professional data don’t
change what we do at least at that highest level. Some of the more detailed
provisions may and in fact will cause us to go and ensure that what we have in
place with our customers is consistent with the new provisions but the business
associate position is a position that we have held for some time. Again, thank
you for the opportunity to speak with you.

MR. STOKES: Thank you for the invitation to testify. I would like to first
say I am not a doctor. I am not a lawyer. I haven’t had a career in the health
field. I am a software guy but I have been doing software for quite awhile. I
have code in all three major platforms and probably over a billion different
devices that have been in service for a number of years now. So I do know some
about the software side of this. Microsoft offers a number of health solutions.
On the enterprise side we offer our Amalga service. I mention it because both
of our approaches are customer centric. A customer on the enterprise side is
the CIO. We try to provide the CIO access, management, transparency into all of
the information and their enterprise. On the consumer side with HealthVault we
try to do the very same thing for the consumer. It is a very similar approach.
What we have found with control it’s about choice and if they don’t have
transparency into their information then they don’t have control of their
information and they cannot manage or choose what to do with their information.

I have a number of points that I’m not going to repeat my testimony, but I
want to talk a number of points based on some testimony earlier today. I want
to give the flip side of James’ hospital breach story from this morning. One of
the many times my wife was recently giving me a ride home from the airport. She
was quite upset and wanted to talk, she knows what I do, about HIPAA, which
after being at work for on the road that was not high on my list. She had a
friend that was quite upset that had been in the hospital for a situation that
is covered by substance abuse and mental health regulations. It turns out that
the friend had a friend who had a doctor at the hospital as their husband and
was curious and the doctor went into the record. The mental health records were
mixed with the other records. He looked and told his wife, the wife told the
friend, the friend was humiliated and embarrassed and stopped going to those
social circles and at this point is looking at quitting her job and leaving
town. There was no physical threat or harm but the emotional damage was

This is not an isolated incident. We have talked to people at SAMHSA. We
have talked to psychiatrists and others. It isn’t just the physical treatment
of a breach that causes harm and the emotional and reputational damage from our
side a lot of the criminal and civil liabilities involved are not near as much
as a threat as the reputational damage to our company. We note that that is
true for our customers as well.

The second story is I have a very dear friend whose husband of 60 years is
going through the transition from curative to palliative care with bladder
cancer. He probably has days or weeks to live. By being able to share their
personal health information with their friends just for the emotional support
and he was in a lot of pain and couldn’t sleep. They have not bought a new bed
in a number of decades. My friend that they were sharing the information with
asked well why don’t you get a hospital bed. They said we had never thought
about that. No provider had mentioned it. The nurses hadn’t mentioned it. But
after 60 years of sleeping with the same person you get a little awkward about
even thinking about that. But they found out they have wide hospital beds and
by being able to share that very sensitive information with not the providers
but their circle of friends, they had a hospital bed within two days and he is
able to get back on the computer which he wanted to do to stay in touch with
his friends around the world that he wasn’t able to do for support. That is
what we see of people in control. It isn’t necessarily cure but it is them
managing their own health and being responsible.

For us as I have testified earlier in the year with Dr. Houston on privacy
it is about control transparency and security. We had talked earlier about that
being a proxy for trust. I think that is accurate and a lot of it is about
choice. Whether the choice is to be completely open with your information under
controlled circumstances like PatientsLikeMe or completely controlled and
confidential with your information should be the customer’s choice whether that
customer is our consumers in the personal health information or not. It isn’t
about whether the information is open or closed. It is about respecting that
consumer’s choice and enabling them to have the choice, and if you don’t do it
in a way that they can make informed decisions then it isn’t transparent.

For us we have spent a lot of time recently on how do we enable consumers to
make truly informed decisions. That is an ongoing area of research. We all are
used to the click boxes, check boxes, forms, and everything else. We are
actively doing research on how to make that a better solution. There is no
panacea that I am aware of today.

We do spend a lot of time in other parts of the world exploring different
privacy regulations and security and other regulations. We essentially act as
what the EU would call a data processor not a data controller. The consumer in
our case is the controller and that is one of the ways we differentiate between
this discussion about EHRs, PHRs, clinical claims and other data. But it leads
to what is a PHR.

If I strictly read by the ARRA definition of a PHR some legal friends of
mine have pointed out that Facebook could be a PHR. I wrote a friend that’s in
the policy side of Facebook. He is a little concerned with that. Our friends at
Google should also be concerned because Gmail could be a PHR and subject to the
breach notifications with the current definition.

There was an article in CNET this morning about young doctors using
electronic health using Twitter. Thus Twitter could be a PHR. We are urging HHS
to clarify the definition and consider other parts of HHS like the FDA, which
talk about intended use because as a legal corporate entity if I am going to be
regulated depending upon the actions of my users that I don’t have any control
over after the fact, that puts me in a very interesting legal and liability
position, which leads to one of the other topics we haven’t heard a lot talked

If I have a lot of clinical and medical information flow through a much
wider system that leads to some interesting medical malpractice fraud and other
litigation possibilities and could be kind of the depression recovery act for a
lot of lawyers. We would prefer to avoid that. We think there needs to be a lot
of attention placed to these topics that have not been openly discussed. I know
tort reform is a very political issue, but you ask what could this look like in
5 or 10 years if we take a risk management approach these are risks we should
proactively look to manage as we do health reform so we don’t end up being
blocked by those?

The other side I have done standards for quite a while. We are watching the
whole CCHIT, HITSP, NHIN approach where historically HITSP was a protocol
point-to-point message-based protocol. The CCHIT certified a number of features
almost from an application-oriented perspective. NHIN took a very network-based
approach and when we started putting all these together we end up with
prescriptive guidance on what an EHR is with some of the aspects of an
application, some from a network, some from the messaging protocol and some
from the documented-based perspective. That ends up being very prescriptive and
very limited and we have some serious concerns about that with respect to
innovation going forward as well as assuming one size fits all and this is
going to work.

The other side is when you deal with international standards you deal with
intellectual property and you deal with patents. The chain of linkage to the
regulations and the money to the certifications to the harmonization of
standards to the original standards bodies to the patent disclosures in the
committees of those original standards bodies is a rather obtuse change. So we
could end up with regulated mandated certifications based on somebody’s patent
that we are all going to pay royalties to. This is another side of the
litigation that people should pay attention to otherwise we are not going to be
able to manage our risks well.

Finally, I would encourage the committee as we have done as we have gone
into other fields to ask what went wrong or right with the 85 percent adoption
rate by family practitioners and the United Kingdom before the National Health
Service got involved and did a tremendous amount of health IT funding in that
area. Or what went right with the veterinarians in the US where there is
tremendous electronic documentation or adoption of electronic records for pets
without a lot of government intervention funding or mandates or
interoperability. We know about the pet situation because when we launched our
service we had actually lived with customers and asked what they wanted and did
a bunch of surveys. They were very clear that the order of a family health
manager is important so the children are first. Somewhere second is either the
wife or the pet depending on the wife or the pet. The vast majority of family
health managers are the wives. The husband is fourth. These are our own
internal statistics. What we found is having support for pets are part of the
family health ended up being really important.

It also gave us kind of a sanity check that we have in our case a pseudo
anonymous service, which means I can make a hotmail or live ID account. I can
have my name being John Houston and my email address being JohnHouston@live.com
but it is really my record. We do know ID proofing of the natural person within
our service itself. We delegate that to the actual clinical provider who has
the face-to-face relationship. I could open an account with a different name
but it would be my records. There are a lot of assumptions of if I have a
personal health record then you know it is me and the service actually knows
who I am and can go track me down. We do offer open ID authentications that
provide two-factor authentications for people that are more comfortable with
that and other ways to do two-factor but we tend to put that type on the
clinical side of the house and our clinical partners and it provides a little
more sanity check on is the information staying within the service or are
people asking for additional information that we have in our privacy statement
that we will not share.

The last comment. Somebody talked about the difference on access versus
acquisition. Given our work in the accessibility for people with disabilities
we have quite a bit of experience with tools called screen scrapers. So if you
can see it on your screen you can capture it or scrape it. So if you have
electronic access you can acquire that information. It’s not always easy but
there are a lot of inventive people around that share tools freely on the
Internet to make it easy if people think that’s a prohibition again acquisition
of information. Thank you very much.

DR. FRANCIS: Thank you. We have I think about 40 minutes for questioning
from the committee so I’m just going to get right to it. Walter, we will start
with you.

DR. SUAREZ: Thank you. This is the big heaters, personal health records. I
appreciate the comment and I appreciate the testimony. Clearly some of your
products are being provided as a platform for providers and payors to deliver
personal health records. There is that aspect of your product that is used as a
platform by providers and payors who are covered by HIPAA. So we now have
electronic health records that are heavily controlled and regulated and
protected by HIPAA. We have personal health records provided by these entities
through your platforms that are subject to these controls. Then you have the
stand-alone products that you offer which are outside of the realm of most of
these protections. I totally agree with the concerns around regulation of
products on functionality that would limit or even eliminate any innovation

But there are two areas I am concerned about when it deals with personal
health record stand-alone and those would be privacy and security. My concern
and my expectation I think is that there should be some basic protections
provided to consumers that use those products. Now we have those protections on
the provider and payor side when there is a record in there, where there is an
electronic health record or personal health record provided by your platforms,
but we don’t have those protections on the stand-alone personal health record.
So my question is from your perspective what should be the basic protections
that should be required to be afforded to consumers within your stand-alone

DR. DONNER: The model that we have in our head for the Google PHR is —
think of it as your electronic manila folder. I have one at home. I throw stuff
in there as it comes in. Occasionally I rummage around in it. Fundamentally the
privacy that I have and I expect of that is the privacy that ultimately the
patient should have, the expectations they should have of anything we provide
in this fashion. That means that it should be protected against disclosure to
unintended parties. It should be protected against the destruction or
alienation of the data. Beyond that I am not certain what privacy protections
are required in the sense that if I take this piece of information which has
let’s say my EKG on it and I post it on my blog, I am entirely within my rights
to do that. What kinds of regulations would you put on me about my use of the
data about me?

MR. EVANS: From Dossia perspective we absolutely fit right in that
intersection of conflicting needs from a regulation standpoint. We sort of take
the position from the beginning that HIPAA is not necessarily the set of rules
and regulations that govern us. We also believe that the FTC promises we make
the consumers. Having published a privacy statement that is very specific and
very complete as to what consumers should expect if they use the system whether
they are an employee of an employer whose health plan is authorizing us to
actually paying to provide this service or whether they are doing it
independently of their own volition. We assume that we are making consumer
promises that we have to keep and whether it is HIPAA doesn’t get us. The FTC
will or state’s attorney general would probably be more aggressive in this
field at pursuing people in these particular cases. As I said earlier I believe
HIPAA is a bad fit.

The reality is the way we read the current set of laws is that we are trying
to comply with both because of the way we are operating. I think that does
create an awful lot of concerns and confusion for us because in some cases the
roles are conflicting. The promise we make to our consumers is that their data
is life long. It’s personal. It’s private and it’s portable.

If you have been getting data for the three years of you working at Walmart
from Blue Cross/Blue Shield of Arkansas then you go on and work for somebody
else, we’ve told you can take your data with you. But if all of a sudden now we
no longer have that covered entity relationship with your health plan, we are
legally supposed to destroy the data. Well, we just made a promise with the
consumer they can keep it forever.

We actually have some real concerns about the inconsistencies and won’t even
go there as far as the state inconsistencies also. We recognize that we are
trying to navigate between in two pretty turbulent streams that are coming
together. I would certainly make a strong request that as you are looking at
this and making recommendations that we try very hard to rationalize and
normalize and make consistent the different set of rules in which we operate
because otherwise it is almost impossible to operate actually.

MR. STOKES: I agree with what Colin just said. Our primary concern is around
regulations that would dampen or hinder consumer control of choice whether that
is conflicting within the states or conflicting at the federal level. As I
referred earlier we spend a lot of time with other regulatory jurisdictions
that tend to have stronger privacy rights such as the EU or different parts of
Canada. Other than the concerns about limiting consumer rights or consumer
control I don’t care because if your regulations are forcing me to higher bar
then I have not been consumer focused. If it’s FDA, if it’s HHS, if it’s FTC,
it is whatever it is, but we believe as James implied earlier if we have really
focused on the consumer we should be doing better than the regulatory floor.

DR. MARSHALL: One of the things I haven’t really been able to reconcile. I’m
not lawyer. I’m probably not what could be called a HIPAA expert by any
stretch. But what I really haven’t been able to reconcile is the intent of
HIPAA to protect unauthorized disclosure when information is being shared
between parties that aren’t the patient and that law being used with regard to
a product that is by definition controlled by the patient. I will just admit
that up front. It seems to be somewhat inconsistent. Certainly when we partner
with health plans and employers it has been a relatively natural agreement to
have with them, the business associate agreement. But when it comes to offering
a direct to consumer solution where consumers are able to choose among a
variety of data sources and the like and they aren’t doing it in the way it is
sponsored. I wouldn’t call it tethered. It still I think considered independent
but when it’s not sponsored is HIPAA a good fit? I don’t have an answer. I just
want to admit that I haven’t been able to reconcile it with a
consumer-controlled solution.

DR. TANG: Just a variant to that question before I get to my question. While
I think covered entity would be not an appropriate label or responsibility for
any of you.

MR. STOKES: Actually that depends upon the clearinghouse definition and if
we are translating into and out of standard formats.

DR. TANG: And I understand that but there is other things that would go with
covered entity just would be inappropriate. On the other hand a business
associate agreement would make sense from my point of view for you to have that
kind of relationship with a source of data like a provider. It is a quick
question and I already know Phil already is a business associate. For the other
three is it okay for you to be a business associate from a covered entity who
gives you data? Would that be okay?

MR. EVANS: Our view of the world is reacting on behalf of the consumer, the
individual employee. On it legally if one of our founders is self-insured and
the trustees of their health plan contract with us to provide that system, they
actually are not providing the health data themselves. They are just paying us
to get the data from somewhere else. That is what I understand the law is
establishing a business associate relationship. We don’t think that’s the
appropriate relationship at all. We think we are establishing a relationship
with the individual patient because they can tether with this employee today
and untether them and tether with somebody else a week from that. That
tethering is not specific to that particular arrangement. It just happens to be

It is a very difficult question to answer. Frankly I believe that as a
minimum we should have some consistency in the rules between the different
agencies but as I said we started off with a preconceived notion that we were
in fact governed by and we are making commitments so we are consistent with
consumer promises that will be upheld by the FTC.

DR. DONNER: To follow onto that and to reiterate a point made earlier. The
business associate relationship when it is terminated requires the destruction
of all of the received data that is tied to that relationship. As a system
intended to provide data for the consumer, the notion that one particular
provider is no longer connected then makes the data unavailable to the consumer
seems somehow inappropriate. Our view is that appropriate regulation of PHRs is
expected and appropriate, but that it should be carefully thought through I
think from first principles around the needs and expectations of the consumer
recognizing the fact that the medical establishment is not the only source of
health relevant data to the consumer. The business associate relationship is a
particular model that is sort of monolithic and doesn’t quite fit the need.

DR. FRANCIS: Maya wants a quick follow up on that.

MS. BERNSTEIN: I just want to know if you used the example of the
requirement to destroy the data as a problem or are there other things in the
business associate relationship that would be inappropriate your business

MR. EVANS: I just think it creates a lot of very awkward complexities in the
way we operate. The data we get for an individual employee isn’t just from one
place. We get data from a pharmacy, from a clinical source, from claims
sources. Any one patient could get data from dozens of different independent
clinical entities. So to figure out who controls that relationship, who are we
acting for at any one moment in time, is a very complex thing for us to do. We
are not acting as a subcontractor to a health plan to provide a system. We are
acting on behalf of the consumer to write a system. It just happened to be
connecting to Covedent(?) just to get the information.

DR. MARSHALL: I know that while we do act as a business associate most often
times. I would say that there is something I have been wondering about as we
head into an environment where more and more doctors have electronic medical
record systems and now we have a high-tech provision that says if that data is
in electronic form that the consumer can have access to it in electronic form.
I have wondered what the practical implications are of requiring that a system
like I suppose any of ours getting data electronically from that provider’s
practice. If the requirement of us being a business associate to that doctor
has such immense practical implications maintaining what a signature from every
doctor in the US for each of us, for example. It works against the intent of
the transparency. I know that there are ways that the vendor as a
representative of the provider can keep and are carried through of that
authorization. But still I do wonder what the practical implications are. I am
concerned about the practical implications and I do think we need to think very
hard about is that a cost that we want to pay when we are talking about systems
that are consumer controlled to begin with. I’ll just bring that up as yet
another question without an answer.

DR. TANG: I guess it was indirectly trying triangulate on how to be
accountable to the consumer in some legal way. I think everyone believes that
all four of you have your reputations at stake so it’s not likely that any one
of you would violate the principles you espouse, but you partner with an untold
number of partners and how the consumer – do they have the same reputation
at stake et cetera? That is part of Walter’s question and part of my question.
I was trying to reach to BAs as a way of getting to your in some sense your
subcontractors. Although that probably isn’t even the way you do it.

MR. EVANS: Yes, we clearly have all reputational risk if we screw this up,
but that reputational risk is also followed up and pursued by again by the FTC
as part of their normal pursuit of – when I read our privacy statement I
think that is a contractual, legal document. It’s not a marketing document
that’s put up on the site to impress people and convince them that we may have
privacy. It is a legally binding piece of paper. If we don’t deliver on those
consequence to that, we can be pursued by the FTC and the state’s attorney
general. That is a very high bar in terms of individual consumer commitment
that we take seriously, the three words that I think Michael are the control,
transparency, and security. They are all implied in that commitment that we are
making. So I don’t believe we are just thinking about it as a marketing
reputation risk. I think there are legal teeth behind what we are actually
saying into the outside world.

DR. TANG: Would the legal teeth reach to your partners?

MR. EVANS: I think if we are housing information in Dossia, for instance,
and the patient through our -– through our arrangements with the partners
decides they want to share their information with the health club, the
individual is then agreeing to a process whereby their information shared to
the health club. I can certify the health interface. I can check them against
the API. I can verify on a periodic basis they are complying technically, but I
am not accountable for the disks and computers and stuff in the health club. I
think if someone -– an application lost the data then they would be the
one from a breach standpoint would be accountable.

DR. TANG: That is the theory I was trying to get at with the BAs. The
covered entity in that case is responsible to the patient in this case for the
BAs and that’s where your chain of trust breaks down. That is what I was trying
to test. Is that a way to fulfill that chain of trust?

The other question is all three of you have similar goals with respect to
the consumer and you want to untether it from all the other sources of data. It
is a bit ironic that none of the four of you exchange data among yourselves.

MR. EVANS: Discover, Visa, and Master Card and exchange data with each
other. There competing alternative to fulfill a similar problem is room for
– there is more than one in the market place.

DR. MARSHALL: We do in some cases work together. Certainly Dossia and WebMD
work closely together for large employer clients who have chosen both
solutions. Dossia as a data aggregation service and WebMD is the application
experience for the end user. I am certain that that kind of cooperation will

DR. TANG: Final question has to do with – I think it was eDave or
whatever it was, e-Patient Dave. There is a risk for having information that
can influence in an unintended but negative way. I think all four of you import
claims data into your systems or used to at least from one source. What do you
think about that because you are all out for the consumer good, the consumer
health, and what about the downside to recognize downsides of the data that you
are housing and making available not only to the consumer but the tools that
the consumer then uses?

DR. MARSHALL: That is a great question and I am so glad you asked it. I
actually had about two pages of my written testimony on this and our team
decided no they weren’t asking about that so take that out. I said but I really
want to answer that question. This is an important question because out of
approximately I think it is now 300 million Americans. About 250 million are
insured and the truth is that their experience across the continuum of care.
The encounters that they have are centralized at the payor through the claims
process. While each given provider may have a little bit of information, the
truth is that the payor has data that reflects that more complete continuum of
care experience. If you look at, for example, the Markle Foundation’s recent
work on meaningful use for EHRs, they focus on medication data and continuity
of care. Both of those are potentially valuable outputs of administrative
claims data. We have been utilizing claims data selectively and carefully I
believe as a data source for the PHR for a few years now.

I can tell you that the consumer is proactive in managing their record. They
have the ability to accept data into their record. If you process that data
relatively careful so that you are not taking in the codes that aren’t
necessarily consistent with the objectives of the PHR, if you have translated
those accurately so that the consumer can fully understand it, that it can be a
very valuable source. I personally feel that considering its relative ubiquity
compared to other data sources, considering the kinds of data that are in there
that reflect the continuity of care I believe it to be a disservice if we were
to dismiss it out of hand. I know that not necessarily most people are
dismissing it out of hand. Is it reflective of the patient’s health history as
well as a primary care doctor who helps to coordinate a person’s care such as
in the medical home model? The medical home model is a good model and when EHR
enabled certainly that’s a great model.

I have been managing my own personal health record that is claims driven for
years. We have a lot of experience where yes sometimes things come through, but
the truth is that even though things do come through from time to time that can
be a little unsettling for end user. What we have found to be the result of
that more often than not is that the user understands the source of that and
then goes back to the source to make sure that it is corrected. The truth is
that CMS has put out some pretty clear guidelines on not putting things into
claims like rule outs or tentative diagnoses or otherwise things that aren’t
accurately reflective of the person’s care. I think that some of the result of
some of these unsettling codes that might arise that are not reflecting the
person’s health is that the person goes and tries to correct them. I think
everybody wins when that data is more accurate than not. There I put my two
pages of testimony in front of you. That is our experience with claims data.

MR. STOKES: I do not believe we currently take in claims data but I will
verify and get back. We are in the process of investigating that. We did do our
own follow up on the recent press and our understanding is there is an
underlying ambiguity in the upstream standards that do not differentiate
between billing information and clinical information and the original coding
standard. Those processing streams need to inject that type of semantic source
information. I think it’s not an isolated issue whether it’s claims or
clinical. It could also provide additional information if the consumers knew
whether the information came from their primary doctor or a secondary doctor or
a secondary opinion. There is a wide variety of information if we had more
semantic meta data attach to where the sources were. Consumers could make more
informed choices as well as mental health data that should be blocked before it
comes to us and stripped out in many circumstances.

DR. DONNER: Back in the 1500s doctors were educated and conversed among
themselves in Latin. In some sense ICD9 and the discourse between physicians
and insurance companies is today’s Latin. Buried in those conversations are a
lot of context that is not accessible to the layman and a lot of understanding
of particular workflows that are well known to practitioners and to insurers,
but again not well known to the public. The e-Patient Dave incident highlighted
the fact that this is in fact 21st century Latin and that
translating the bible into English is definitely in order and will be viewed
with similar dismay as people begin to make hitherto inaccessible discourse

DR. FRANCIS: May I switch this to Harry now?

MR. REYNOLDS: Narrow down my 43 questions to two. The other 41, John, you
are going to have to answer later. Two things. This committee has done a large
body of work in this subject so it’s not the first time we have been in the
privacy environment. That’s for sure. But there are two things that continue to
not ring clear with me not because of you guys. Just in general as we hear it.
One is identifying all this disparate data that is coming into you and without
a unique identifier how are you putting it together and as you mentioned they
can even change their name and do it that way.

The second and I would like each of you to comment. The second is this whole
idea –- we did a lot of work on sensitive data categories. On the one hand
will go back to the do it yourself earlier and not being a doctor if I
eliminated some diagnosis but didn’t take out the lab result, but didn’t take
out the drug, but didn’t take out the other thing that Paul has taught me, I
would still be disclosing what I presupposed I didn’t disclose. Because that
drug that I am taking if I eliminated just a piece that drug being sent forward
still stays. Aha, here is what you have. I think it is great.

So consequently when we completely turn it over to the layman –- yes,
the data belongs to somebody but you are turning a bit of an art over to a
nonartist and then you are saying to them do this in a way that it is okay. So
help me as we try to figure out because if you pragmatically start to define
some of these things and I know earlier I think it is right. You can’t
pragmatically define them to where you shut everything down. On the other hand
you can’t leave the free for all that the kind that it looks like it might be
going on right now. So help me with those two things because those are real
underpinnings as to how we share this data and what data we share and what it
means when we share it because I have heard from all the doctors on the
committee that as soon as a person pulls data out, they need to be notified
that the person has pulled some data out not what it is exactly otherwise how
can they ask a question as to whether or not they have all the data. Those are
the two issues; the identification and this whole idea on selected information

MR. STOKES: I’ll jump in. As I put in my written testimony we don’t
differentiate between sensitive data. We tried to and we went to a lot of
consumer advocates and said is this not sensitive data and we came up with
clear use cases. Every time we thought something wasn’t sensitive to where it
could be viewed as near life threatening or catastrophic to the patient or to
the consumer. We had a very difficult time and we went from genetic data to
partners like injecting RFID chips in their arm and the whole bit of is
anything more or less sensitive. The advocates basically held us to a bar of
it’s all sensitive. You better treat it as the highest sensitivity.

The second part of your question is when we provide transparency. If we
don’t provide transparency without the informed part of that, it’s like reading
one of our infamous ulas(?) from years ago that was written in legal ease which
it predates Latin I think. Our approach has been two-fold and it is a work in

We provide a number of mechanisms in our platform that we call
reconciliation mechanisms that essentially walk the user through the more
complex data as it comes in so that they can make choices and categorizations
and understand it in a bigger context. We also work with a variety of partners
who add a much more robust experience to this. Neither of those is bullet proof
answers to the concern of is the user going to get all this information – and
it could cause them damage due to their ignorance. We are balancing that with
the user’s right to access that HIPAA provides even before all the issues.

MR. REYNOLDS: How about the identification? We don’t have a single
identifier for people.

MR. STOKES: We mandate that we put the ID proofing on our partners through
contractual obligations. So nothing gets into that user’s record on our service
from a clinical system without the clinician having done explicit ID proofing
on their end.

MR. REYNOLDS: But you are taking stuff from payors. You are taking stuff
from others. What is the number? Do you use 12 fields? Do you use a number?
Payor has a number for somebody and –

MR. STOKES: The matching occurs on the partner’s end. So the payors have
their number. They have the patient in front of them. The patient gives them
their account.

MR. REYNOLDS: Thank you.

DR. DONNER: This comes back to the point I made earlier during my initial
remarks, which are that many of the extant health IT systems don’t have a
concept of a patient. They have some paint on information that is related to
the patient’s identity, but they don’t actually have an ID. In fact you don’t
need a single galactic ID. You need one ID per major locus of information. But
again as my colleagues have all said the responsibility for knowing the patient
exists on the clinical end. We can’t fix that. If it’s not fixed at that end
there is no magic.

As far as sensitive data are concerned, there are two pieces to an answer to
that. One is ultimately it is again at the clinical source because we don’t
have the understanding to discriminate one piece of data from another. We
aren’t medical people. You guys with the clinical world are. You guys will
ultimately have to sort that out and decide yes the substance abuse data and
all of the things dependent on it are classified this way. They don’t flow
except under some kind of extraordinary circumstances or whatever.

But the other piece of the puzzle again because this is the consumer’s
controlled thing if information ends up down here that the consumer does not
want visible, she deletes it. That doesn’t delete it from the source system. It
is still there. The fact that it is there – oh, I get again notification
in my PHR that I am pregnant. Well, that is manifestly impossible so maybe I
will protest it and say you’ve got some kind of an error. My methadone
prescription is listed. Maybe I don’t want that seen. I will delete it. There
is no simple solution to that. This is big complicated stuff and it’s going to
take time to sift it all through.

MR. EVANS: We are identifying participants by virtue of their employment. If
someone opts in I think enough of the opportunity to other person’s health
record collected on an employer side, we take their opt in as a fact of record
in our system and we use information provided sort of out of the demographic
information from the employer to identify who they are so we want to
communicate with health plan or the pharmacy or whatever. We have effective, a
unique number that does identify them. We are not trying to do some fuzzy math
kind of general trolling for information. It is a very specific connection.

The same answer as far as the data. This upstream obligation on the part of
the provider or the plan to decide whether data should be disclosed to us but
if the patient has a right to the information and we request it and they send
it, we are assuming we are allowed to have it on behalf not we are having it,
but the patients are allowed to have it in our system. We don’t have any
special firewalls or categorization.

The same issue if someone wants to annotate it, hide it, whatever they do
the same thing. We don’t – delete the data in fact from the system. They
can hide it. They can’t delete it.

DR. MARSHALL: It sounds as though WebMD’s experience is very similar to my
colleagues. From a sensitive data standpoint we too have not found any reliable
way to create rules that are system driven around that but instead leave it to
the end user to choose whether or not piece of information is sensitive.
Frankly I believe that’s the only way you can possibly do it.

Then when it comes to identity whether it’s an employer-driven data source,
a paired driven source, or a third-party data source we too rely on an
identifier that is usually specific to that data source with some additional
parameters that are used for verification. There are relatively new ways of
doing that. The older way are things like eligibility files being securely
shared between parties that we can verify against. Relatively new ways would be
for a consumer to direct their own connection to a data source that they have
an online web account with perhaps their online pharmacy, for example. So they
can verify there. They verify their account with WebMD and then they are able
to securely connect the two. But that again that data sources identify as
shared with WebMD.

DR. FRANCIS: I want to give Sallie and John each a chance. Sallie, do you
have a question?

MS. MILAM: You talked about putting data into the PHR that comes from
clinical sources and a comment has also been made that a goal or a vision is to
be able to impact the continuity of care of the patient. So data comes from a
provider, clinician, and patient under your direction. You put it in a PHR and
then it closed to another provider. When you look at public policy around
especially protected information like HIV, mental health, substance abuse,
state laws and part two substance abuse laws require that the provider attach a
notice that would put the receiver the information, a notice that they are
receiving specially protected information and it also includes special handling
rules. Different states have different requirements. What are you all doing
with those notices when you receive them? If the state’s law requires any
special handling, how do you deal with that? Should those issues not be
relevant because the laws were written before we ever had a PHR? Let me throw
that out to you. What I am hearing is part of your goal is for that information
in part to get back into the healthcare system so the public policy issues
around having a notice would again be relevant as the information travels
within the healthcare system.

MR. EVANS: Our goals are to get the data to the individual so they can
decide how best to engage their own health and do something with it. If the
individual decides they want to share that information with another clinician
because they changed doctor or they are out of town then I think that’s their
choice. I don’t think we are not tracking, attaching those kinds of disclosures
if the data has been given to the individual patient. We are treating that as
something they are entitled to get a copy of independent of what the doctors
has to do if they choose to pass that information to another doctor. At the
moment we are not contemplating a system as an automatic conduit of data from
clinician to clinician. The nexus of this is the individual consumer can decide
what they do with that information.

DR. DONNER: At present we don’t receive any of those kinds of information. I
have no meaningful answer. I can speculate on what we would do if we were to be
offered it which is to preserve those notices and make sure it is passed along
with any sharing, but we would have to really analyze the policy stuff and get
the appropriate advice and so on. At present we don’t take any of those data.
If someone sends them to us by mistake, I suppose we would have them. But we
don’t. Our arrangements with the various sources we talk to are that they will
not send us those protective data.

MR. STOKES: Our policy is essentially as was repeated. We try to treat this
transaction into our PHR as if the clinician is giving the information to the
patient for use at their kitchen table. As I understand your question those
type of information a clinician would be prohibited from giving that
information directly to their patient and our policy prohibits that type of
information to flow in. It leads to a different question of where it might not
be prohibited and how to get provenance through the system and our policy is to
strive to not treat our consumers like data mules for the inefficiencies of the
healthcare system. We actually have talked with the folks at SAMHSA and take
that very seriously and my understanding today is we prohibit that type of
information from coming in.

DR. MARSHALL: I couldn’t possibly top that metaphor.

DR. FRANCIS: Thank you all very much. This has been wonderfully informative.
I want to do two things just right at the end. The first is to remind you that
you can submit further thoughts to us if you would like to do that within the
next couple of weeks. The second is if there is anything that hasn’t been said
about privacy or security that you think we absolutely need to know, would you
say it now?

MR. EVANS: I said my piece in terms of what I would like to see in terms of
consistency of regulation. I was in a forum last week and I was trying to count
the number of ways I could go to jail and it got to be a very large list and I
would like to get that list down to just one would be fine. Apparently I think
yesterday we can harmonize all the regulations when it comes to auto mileage
standards apparently so maybe we can at least do the same thing around the
health privacy. That would be nice.

MS. BERNSTEIN: So you say you prefer federal regulation to 50 different
state regulations?

MR. EVANS: I would like one set of regulations. Right now it is a nightmare.
I guarantee you that things that are mandatory in one state are illegal
somewhere else. There is levels of inconsistency which make doing business in
Russia seem like a preference.

DR. MARSHALL: There are some areas that it is particularly true on whether
it is laboratory information, which I am sure you are all aware of. There are
restrictions there. Or it’s dependent access of rules that are certainly
state-by-state. These are particularly gruesome barriers to consumers gaining
access to their information. These need to be addressed.

MR. STOKES: I would encourage you to track the new trend of security attacks
recently that have escalated in the last year. Our own internal data as well as
those of other services indicate that this has switched to organized crime for
a majority of security attacks. I think the recent news from both Virginia and
California support that, but there is objective data that the security attacks
are no longer as unorganized or as unincented as they were previously and this
is a very serious threat.

DR. FRANCIS: Thank you very much. We will come back in about 15 minutes.


Agenda Item: Statements from Members of the Public

DR. FRANCIS: Any public testimony?

(No Response)

Agenda Item: Open Committee Discussion

DR. FRANCIS: So this is the time for our first time slot for open committee
discussion of what we have heard, what we think might want to be doing with it,
how we might want to be changing questions if at all. We will be reconvening
tomorrow at nine and have the second part of this hearing and a third part June
9th followed by additional time for committee discussion. With that
I am going to open the floor to the members of the committee and staff.

MR. HOUSTON: Maybe I can ask a question too because I think tomorrow -–
I thought the three groups today worked really well. There was plenty of time
for discussion, testimony, even though I think one of testimonies went longer
than five minutes. I don’t think that was a problem at all. I think it actually
worked very well.

MS. BERNSTEIN: It is always frustrating because we never have enough time to
ask all the questions that we want to ask.

MR. HOUSTON: We had a lot more time than normal. I think it worked really
well. My thought is sort of housekeeping. I think if we kept sort of the same
process in June, which I think we would have had. If we needed to modify this
we could for June. I don’t think we could modify things for tomorrow, but I
think the June’s testimony. I don’t see any reason to deviate from how things
really went today unless somebody else has a strong opinion to try to refocus
at all.

DR. TANG: I would just second the notion that it was very helpful to have
more time than usual to discuss. I think it was very helpful that almost
everybody submitted testimony had a time. I would keep more to the time that
they were originally request the five minutes because we did read this material
and the probing I think is really helpful. I think keeping more to the time
would give us even more time.

DR. FRANCIS: I reminded people ahead of time this afternoon’s session but I
didn’t hold up a timecard. We can consider doing that.

PARTICIPANT: The only problem with that is that we always try to do that and
it never works.

DR. FRANCIS: We will stick the same and perhaps use how well it went this
time as extra clout when Maya goes to people for getting testimony.

MS. BERNSTEIN: I think for the June 9th hearing I asked people
for the testimony I believe it is May 26th which is the Tuesday
after Memorial Day so it would be two weeks in advance. They have already been
invited. They have more time than the people that were here today and that will
be here tomorrow. I will send them a reminder that it is due which I did not do
this time too much in advance until I realized people weren’t coming in with
them. I will try to get them to you. If you have really two weeks to read
everything then. We have some of it already actually, but for that we don’t
have yet.

MR. HOUSTON: I think the biggest dilemma that I had in reading stuff like
this last panel. Certain things didn’t quite gel in my mind until I heard
everybody together starting to talk. I guess that probably holds true for the
first two panels as well. I don’t know how you get around that. I guess that is
why you have panels and have people come and talk. It does seem to reinforce
things that made clearer of things that maybe weren’t as clear when you ran the
testimony separately.

MS. BERNSTEIN: Do you want to talk before you get onto the substantive and
off of the procedural about what may happen next in terms of what the committee
wants to do just so we have an idea of looking forward of what we are heading
toward. I have been assuming that if we were going to make recommendations on
this topic that the earliest we can do it is at the September meeting because
they have to be voted on by the committee as a whole and the committee meets in
September. We have the June meeting. We have both times after the hearing on
June 9th. I presume we will have a couple of hours for break out
during that meeting. Is that right?

MS. GREENBERG: I actually think that the privacy subcommittee as currently
-– I’m looking for Debbie Jackson. She is probably downstairs having to
woman the desk down there.

MS. BERNSTEIN: I have been running back and forth by the way trying to get
them freed.

MS. GREENBERG: I think that maybe the privacy subcommittee currently is not
down for any break out session because you are having a meeting the day before.

DR. FRANCIS: We have time for discussion in the afternoon of the

MS. GREENBERG: Right, but on the 10th is a full committee meeting
I think we only have working sessions for the other.

MS. BERNSTEIN: Not on the afternoon of the 10th or the morning of
the 11th like we usually do.

MS. GREENBERG: Neither. I don’t believe either.

MR. HOUSTON: I think it’s going to be difficult. It always seems to take a
lot more time. You like to think to come up with recommendations and put some
together. It seems like everything is three or four times as long. It’s going
to be the summer time. September is going to be rather aggressive to try to get
something together. I think what is going to happen is in September we are
going to probably have an idea where we want to go with this, spend the
September meeting and the break out to try to come up with more substance and
then after that meeting try to get something together for review. I suspect
that’s a time.

MS. GREENBERG: Also that would give you an opportunity to which we’ve been
trying to do more to kind of preview for the full the committee the type of
recommendations you would be expecting to bring forward in November.

DR. FRANCIS: My hope would be that we could have stuff ready for a first
draft preview in September that could then be voted in November because
otherwise we have pushed it to February and that’s way too – if we are
going to have anything to say that will influence the development of events
over the next six months we need to be in the fall cycle.

MR. REYNOLDS: I would like you to consider in the June meeting to go ahead
and restart this subject. Every time we have done a privacy letter it takes a
little more work with the full committee than some of the other considerations.
Even if during the regular readouts that we have if you would just update the
group that these are going on, the kinds of things that we are focusing on then
in September actually be able to really get people warmed up on the subject and
then for the November to have something done because otherwise we are going to
have bring the full committee forward.

MR. HOUSTON: Without a letter surrounding the recommendations it would be
nice if we could have sort of straw man recommendations that we would just
simply put before the committee in June. Even it’s just a straw man. Here are
the four or five bullet points of things that we think are important and not
even try to get a letter around it.

MR. REYNOLDS: Or even the categories of consideration.

MS. BERNSTEIN: Can I ask Marjorie if it is possible or appropriate, I know
it’s appropriate, if full committee members want to come to our meetings they
can come if they are in town. We are not going to travel them specially
probably, but because they are coming in already for the 10th and
11th we can invite them to come for the afternoon discussion on the
9th if they care to be there and if they have the time to be there.
The idea is we could have them be listening to the discussion and that has
happened before for better or worse, but we get an idea from some of the other
committee members. We can give them an idea of what we are doing and we can get
an idea from them where they might –

MR. HOUSTON: I would try to keep it really succinct.

DR. TANG: I don’t know whether you intended to say June but I think to be
relevant to any of the meaningful use, it has to be in time for the final rule
to come out by December. Even if we don’t get to recommendations just like we
handed over an entire hearing of meaningful use it would be useful to share
observations or even at the findings level. Even with the June ambitiously and
no later than the September so that can be incorporated. So even if it is no
more than trying to make sure that privacy protection and security are part of
meaningful use which is not defined in the law, that would be a contribution.
Through the testimony we heard today and June 9th we will have
enough to say well that makes sense. I would like to see if we could get the
committee around that kind of idea and then see what we could do in advance
beyond that.

DR. FRANCIS: We could produce something like a summary at least of what we
have heard today and will hear tomorrow. Obviously we can’t do the morning of
the 9th in time for the full committee. But we will have the
testimony in advance and we can certainly have something that looks like the
same kind of summary that we had.

MS. GREENBERG: Meaningful use is principally of the electronic health
record, right?

DR. TANG: It wasn’t excluded. PHR was not excluded.

MS. GREENBERG: I think all of you were at the meaningful use hearing, excuse
me, all but Sallie. You all have the full summary, which we have submitted to
Dr. Blumenthal. Now he has received it so we will be sending it around. In any
event it would be good to take just as you suggested take this set of hearings
also in combination with that set of hearings and think about what kind of
recommendations related to privacy and security you might want to make to the
full committee. If June isn’t too early to do that that would be good I think.

MS. BERNSTEIN: One of the things I asked you this week was about the
availability of the transcript for this meeting today and tomorrow and it was
not clear – we thought we might get it before June 9th but you
told us no it is probably ambitious because it is only –

MS. GREENBERG: Well actually Janine who is more with the contractor. I was
just saying it was 10 working days so it was cutting it kind of close.

MS. BERNSTEIN: But even if we had it 10 working days we also need time to
assimilate it and summarize it. It would be very challenging to do it.

MS. GREENBERG: I think it would be challenging to have any actual
recommendations in June but it might not be challenging to be thinking about
whether you are going to have any and then in what areas they might be.

DR. TANG: Margaret did that ahead of the transcript too. It can as simple as
that certain privacy protection provisions are in the meaningful use definition
and criteria.

MS. BERNSTEIN: At that level or slightly next level down of detail.

MS. GREENBERG: Also whether meaningful use does include anything related to
personal health records.

DR. FRANCIS: That is a separate question.

MS. GREENBERG: That is two separate questions.

DR. FRANCIS: I didn’t hear anyone say in the analytic summary of the
testimony that interchange functionality with PHRs was part of meaningful

MS. GREENBERG: No, but patient access was –

MS. BERNSTEIN: To be fair did not tell the people who came to talk to us
today or tomorrow to prepare information about meaningful use or that we were
going to connect it up or any of that. Although that is one thing that we could
use this information for, there are broader things that we want to do with the
information from this hearing.

MR. REYNOLDS: I guess I would say is I know our normal process and I know
how we do things. It’s the right way. But Paul mentioned meaningful use and
that is being worked on nationally. All 50 states right now are wide open on
getting ready for this. As you heard earlier they are building HIEs. They are
thinking about building HIEs. They are thinking about hooking –- I just
drew some bubbles here. I know what we are dealing with in North Carolina. You
have health information exchanges. You have ePrescribing. You got disease
management. You get PatientsLikeMe we heard from today. PHRs, EHRs, lab
results, quality data and public health is on in play right now, full speed in
every state and it is all electronic. This group has done a lot of work on
privacy. We heard today, for example, a reversal of our belief philosophically,
I didn’t say we agreed yet, that sensitive data could or would be defined or
should be defined as we heard in the testimony. I didn’t say we are agreeing or
disagreeing yet. We haven’t talked about it. What I am saying is we do have on
the record a journey on some significant privacy discussions.

Well now we have a whole lot of work going on nationally. As Paul said
December is way too late because most states will have already applied for how
they can make this work well in advanced in that. I can just take my own state
as an example. It is a rocket to the moon how fast we are going. As I said many
times before the train has left the station on the technology. The train has
left the station on these implementations. Even imprecisely and not through our
normal exact way of doing it if we don’t keep some subjects forward and some
thoughts forward and some ways to think about it forward then I’m telling you
we are not going to be relevant as relevant as we need to be. By the way,
putting on my day job hat the world needs some relevance on some of this right
now because it is going real fast.

MS. MILAM: What is sounds like maybe what we need to do is to take a step
back in a way when we decided PHR was the next area we were issuing
recommendations on. That was before the high-tech act. Perhaps what we need to
do is in our discussions right now until we complete this hearing is really
focus on what privacy and security ought to be in meaningful use and then
develop the recommendations around PHRs after the hearing is completed.

MR. HOUSTON: The only concern I have in that respect is I am not sure
whether we have been asked to make recommendations in that respect and whether
that would not be viewed. I am looking at Marjorie because they are very
specific they wanted us to talk. To help the meaningful use hearings they
wanted us to simply provide back a summary rather than make recommendations
above and beyond.

MR. REYNOLDS: I agree. I don’t think we should direct it straight at
meaningful use. We should put any other privacy issues either old ones we had
or new ones we heard out there to make sure that they are considered whether
it’s a meaningful use, whether it’s in a state that’s doing something, or
whatever it is.

MS. GREENBERG: I think we agreed to take on an activity, the National
Committee did, and I know it was appreciated by the department organizing the
Meaningful Use Hearing and what we were asked to do was to provide a summary of
the hearing and we have done that. We are also talking about a possible
expansion of that from a point of view of observations. But as an advisory
committee to the Secretary, you pretty much have cart Blanche if you want to
develop recommendations whether you are asked for them or not.

As Jim Scanlon, since he isn’t here –- we try to do that if one of us
isn’t there we quote the other one. As Jim Scanlon has frequently said, you
want to have a customer. You don’t want your recommendations to be dead on
arrival or when you send them there is nobody to open the envelope. But I think
that the legislation itself says that the recommendations of the National
Committee should be taken into consideration. We couldn’t come up with
recommendations from the Meaningful Use Hearing by the deadline of when they
wanted at least a summary, when ONC wanted the summary, because we weren’t
having a full committee meeting. Subcommittees cannot make final
recommendations, they have to go through the full committee, but now it’s only
a few weeks and the full committee is meeting. I still think it is an open
question whether you are going to even maybe follow up with some
recommendations other than Meaningful Use Hearing. You aren’t precluded from
doing that even if you weren’t specifically asked for it. I can see a desire to
do so and I think it wouldn’t be seen that you were –- I don’t think it
would be seen that you were going beyond your role or mission or scope, because
it is right within your scope.

The question I do have and I am hoping that maybe Paul can help us a little
bit with this since you are on the policy committee, is it is my understanding
that at the time that NCVHS held its hearing on meaningful use the two new
advisory committees had not been established. They certainly hadn’t met. They
now have been established and have met both last week. I think the Standards
Committee at least discussed having a Subcommittee on Privacy and Security but
didn’t establish one. Or it was the policy committee. I think the Standards
Committee did set up some other subcommittees but they weren’t specific on
privacy and security.

In any event I think now we are at the point where we do want to make sure
that we are not tripping over each other these different advisory committees
and everyone knows there is more than enough work to keep everyone busy I
think. That would be more of my concern than whether we had agreed to do
recommendations or not on the meaningful use. Do you have any sense of that,
Paul, or any guidance?

DR. TANG: I think it is a valid point. So the three groups that were set up,
one is on meaningful use, another is on certification and HIT adoption, and the
third is on health information exchange, which includes the infrastructure,
workforce, et cetera. Privacy and Security originally was going to be one and
then it was decided well that should really permeate and integrate with all the
work groups so that’s how that’s been set up.

In a sense that kind of recommendation certainly could and probably is
expected to come from the advisory committee to David Blumenthal, who was the
one to help construct the policy recommendation and regs. I guess what we could
do is not act as if we were that but provide input based on another set of
information we just obtained. Just like there is no sense in tripping over each
other. There is no sense in that committee conducting another hearing. So there
is clearly something we have learned that we could communicate to the rest of
the Department to be used. That is why I think the summary idea would make
sense because we are then basically passing on what we have just heard and we
certainly could say because this a subcommittee of another fact, that it says
this is an area that should be considered as part of meaningful use. You
couldn’t disagree that it wasn’t part of the intent of the Recovery Act because
there are tens of pages dealing with this although it wasn’t in the meaningful
use component bullets.

DR. SUAREZ: I have two comments. One is I think we got to be mindful and
that’s why probably David and others have asked this committee to provide first
of all, the summary and then some observations now. We ought to be mindful and
careful not to come up with a series of recommendations that then a policy
committee that is set to do would have to either validate or contradict or then
put in a position David Blumenthal to have this two or three bodies giving the
different or conflicting -– I would be cautious around that. I think the
most we can go to is into the observation side and be mindful that those
observations are going to be used by the committee that -– provide the
actual guidance to the Office of the National Coordinator on this point.

The second item I want to be mentioning here is I am not sure I understand
the connection between meaningful use and personal health records in the
following sense – Meaningful use as I understand from the Recovery Act, focuses
exclusively on EHR in the sense of insuring that there is a way to validate
that the EHRs are being used in a meaningful way. There is nothing about
funding PHRs or evaluating the meaningful use of PHRs. Now we heard in the
discussion on meaningful use that there is a value to and there is even some
question about how much we heard about that. There is value in having the EHRs
be able to as a meaningful use connect to different outside sources including
public health, including quality reporting, externally reporting, and including
connecting to PHRs. I don’t know necessarily that we can frame a series of
recommendations or meaningful use around PHRs. I have been having trouble kind
of creating that.

The other issue is really this committee specifically focusing on privacy
and security. Now around that I think we can create a summary of what we heard
in this day and tomorrow and present that from a personal health record what
the privacy and security framework or components of a framework should be and
the importance of having a framework and all those things. Beyond that I’m not
sure how much we can necessarily do.

MR. REYNOLDS: I will say two different things. This subcommittee has clearly
dealt with the privacy issue for a long time. This is just one more piece of
the ecosystem that we are hearing in this hearing, but all of it still plays
together because if you listen to today where it was clear that with a personal
health record if all a person’s information is sent to a personal health record
then they decide where it goes then that says philosophically if you believe
that as an end game then two EHRs could not send data back and forth to each
other through an HIE or that would go against that premise philosophically. I
didn’t say it was right or wrong. Those are some things just to consider.

Stepping back as the Chair of the Full Committee for a minute and starting
there, we have a Privacy Subcommittee and we are looking at the entire
ecosystem. I would like all of our recommendations to be based on what we have
heard, to be based against things we have already said, how it affects the
ecosystem as it was then and it is now, and then we could forward those to
anyone as input to their deliberations, but I would struggle to all of a sudden
that the only direction we think about and the only thing we focus on is how we
dive into meaningful use because that is not clearly our assignment, but we do
have an assignment of dealing with the privacy ecosystem as it relates to
electronic records. Everyone of these things that we have talked about today in
one way or another if you just took that panel there and listened to them that
is going to drive how information flows possibly even between –- if I have
a patient after to say a doctor can send this, well should I send my personal
health record or should they this? All I am saying is it is all the same
subject. It is me as a person in my electronic records somewhere. I would like
to see us stay focused.

As NCVHS we have delved into this privacy arena pretty much longer and with
more depth than anyone. Let’s stay in our comfort zone. Let’s do what we do and
then we can share that information in ways that if it fits into other
categories as people could use it. I agree with Paul. Let’s come up with some
of this information sooner rather than later so it could fit in the right time
in some other discussions but not in any way say that we are recommending that
if you are doing meaningful use or you are doing this, this is what it means.
Then I think we are right where we belong because then when it comes from the
Full Committee it goes to the Secretary as Privacy, not as Privacy in
Meaningful Use, and oh by the way, I’m glad you guys are meeting over there.
That’s where I would like to see us go then I am real comfortable that we are
playing where we should and we are doing what we should because we are looking
at an entire ecosystem not just necessarily as you said EHRs or some of these
other specific implementations. We are out a little bit ahead too on how the
next step of this might be.

DR. FRANCIS: That would suggest what we do is an analytical summary of what
we have heard and will hear combined with any privacy and security
recommendations we want to make based on that.

MR. REYNOLDS: Or that we have made previously.

MR. HOUSTON: The stimulus package didn’t just contain health IT and the need
for a definition and meaningful use. There is the whole provision related to
privacy and security and that is separate and distinct from all of this
stimulus money going for health IT. In my mind when I read through that whole
summary not the whole summary but the whole privacy portion of the stimulus
package. I was really left with thinking boy there is still a logical gap with
regards to PHRs. I was underwhelmed with the treatment of PHRs in that. I
understand the Congress has now spoken and to go back and to raise concerns or
to raise recommendations after the bill has been passed. I don’t know if that
is bad form or not, but I was really underwhelmed with the treatment of PHRs
from a privacy perspective and I just wonder whether there is a method to maybe
bring some more insight into how do we better –-

MS. MCANDREW: It is certainly one piece of the High-Tech Act call for a
study which HHS will be doing in consultation with the FTC specifically focused
on personal health records and what is the best privacy and security practices
to have in this arena and what is the best mechanism for oversight which is now
by the statutes, but between HHS and the FTC.

MR. HOUSTON: When I read through that – maybe it’s the way I read it, I was
underwhelmed with what the outcome of that was. I will go back and reread it
but what I read I was thinking okay, that doesn’t really accomplish much in the
end. Maybe I just have to reread it again but I didn’t see that language as
being all that –-

MS. MCANDREW: What it potentially provides the platform for is an outcome
that says the Department is recommending based on things such as the
recommendations of this Committee and others, that now all personal health
records become part of this business associate model or that all personal
health records become under some other model because they don’t really hit with

MR. HOUSTON: I’m going to go back and reread this this evening, but if that
is in fact your interpretation of that, then I think then it becomes quite
meaningful for us to continue on.

MS. MCANDREW: That is due in February as we are looking at the statute. It
doesn’t accomplish anything in and of itself, because it depends on what the
solutions are, but to the extent the solutions do require Congress to act on
them in order to bring them into being then it is. It is just a set of

MR. HOUSTON: That is what I read it to be. It was just recommendations.

MS. MCANDREW: But clearly when they designed the interim breach notification
requirements for the FTC, they wrote in a V subset when Congress acts in this
area. Which in earlier versions of the act which tied much closer to study
report recommend and then we will rewrite the breach notification if not the
broader oversight requirements for personal health records. We are just not
prepared to do that right now.

I think that may be a more natural target for the complete information that
you will get from the series of hearings and that some initial meaningful use
observations cannot also come out of it.

MS. WATTENBERG: I would just say that I agree with you. I think the point is
that it sort of opens up the conversation and it is also an acknowledgment that
people have talked about today, which is that it is even less well developed
than EHRs are. It is clearly high tech was about moving EHRs and there is in my
view sort of circling back to the beginning of the conversation I think we have
more time on PHRs. We didn’t take testimony today on meaningful use of PHRs.
That is what Maya said in the beginning. To represent that we actually have
something meaningful to say about meaningful use and PHRs is really I think
prematurely foreclosing on that topic and to even represent to the – it’s
not AHIC. It’s something else now where they would then not take testimony
really would I think do a disservice to this whole area because in fact we only
just got a piece of it today and I think we do have more time. We can buy more
time on this issue.

Yet I do understand, Harry, what you were talking about which is this is
unique opportunity in time and if there is something we can really target and
suggest like HER meaningful use really needs to account for in the near future
being able to import and export data to PHRs then that is easy and simple, but
it should be put as the easy, simple, quick and dirty kind of thing.

MR. REYNOLDS: To restate my own words. We are not having a hearing on
meaningful use. We are having a hearing on privacy. This is a fast moving area.
If this committee comes out with things that are of interest to the whole
environment, good. They can be shared with anybody working in the environment.
One of that group right now, is some of these other committees. It may be
useful to them. But we will continue forward on what we are doing. We did hear
some things today, for example, that may override what the industry has been
touting as things we wrote before that may be used. On the one hand we say well
we don’t want to influence something. On the other hand we have already
influenced a lot. A lot of our documents that are out there right now are being
used as the basis for how people are thinking. So if we hear anything now that
makes us change what we think this would be a real good time to do it because
things are moving so fast now that all those recommendations as people are
implementing everything that they are needing to do – if somebody swept
them up and now as a group we may not agree with some of those or we may want
to change or we may want to reiterate we still believe them. That is all I’m
saying. This stuff is happening so fast. In no way should we be talking about
addressing meaningful use because we did not set that hearing up nor have we
set that. I did not say anything anywhere near that.

MS. BERNSTEIN: That may have answered my question, but let me clarify. I was
going to ask you after your previous comment, Harry, was whether given the
– I’m trying to find the word you used for ecosystem of privacy. Even
though this particular hearing and the one on June 9th, are focused
on PHRs, what we are hearing is related to EHRs. What we know from our previous
hearings – we know lots of information from our previous hearings that
might relevant to meaningful use. I admit that while I am privy to the
Executive Subcommittee’s emails because I am staff to the Executive
Subcommittee, I have not been reading them much because I have been working on
planning this hearing but I do tend to read what my co-chairs say. One of the
things that somebody said in an email was gee we have this summary of
meaningful use but even though we heard people skimmed over privacy. It was
mentioned vaguely. In the summary it came out as negative pejorative something.
We need to fix that.

The question is would it be either appropriate or inappropriate for this
committee aside from the fact that we have been hearing about PHRs particularly
and we didn’t ask about meaningful use. Rather than one of our long,
complicated letters if we wanted to make one or two recommendations that said
meaningful use ought to include this and this on privacy. We probably have the
information and tools to do that if it would be appropriate to try to put
something together for the June meeting and so that it would be timely.
Something very narrow. Because I understand that in the meaningful use out of
the meaning we are not specifically making recommendations, but Harry also said
there’s nothing to preclude us from -– and Marjorie said of making
recommendations on anything that we think might be timely and useful.

DR. FRANCIS: I think the way you put is helpful because it is a separate
question I think whether we want to weigh in on meaningful use and what we want
to say about PHRs. They are just separate issues. If we do want to weigh in on
meaningful use what we are going to need to do is have this subcommittee look
at the summary of the testimony when it gets ready for together with whatever
-– John and I spent a fair amount of time. We read through everything. I
think there were 120 documents that are up on the website looking for what was
said about privacy. We both have what are our small – here it was, here it
was, here it was, cut and paste out of the various submissions on that point
and we could bring that to this committee as part of our discussion June

MR. HOUSTON: But I don’t think we are necessarily compelled to have to be
relying upon anybody’s explicit input or hearings. We could provide common
sense recommendations, right, from our perspective.

MS. GREENBERG: I assumed particularly after your review of the meaningful
use testimony that one of the observations of the committee or of the executive
subcommittee that people who participated in that hearing would be exactly what
you just said. Certainly there was recognition. Nobody denied that privacy and
security weren’t foundational or important and it did come up occasionally, but
that it was dealt with very cursory way. I don’t think there was a specific
question related to privacy and security so we weren’t leading people that way.
I think that is a very reasonable observation. Anything that I think was either
dealt with a lot or not very much that you consider a gap. That is where I
would see observations. The question is then I think that observation should be
made. The question then is whether the committee wants to base on its work or
in this area of privacy and security over the years makes any recommendations
because they are related to meaningful use and privacy.

I understand where you are coming from, Harry. I think maybe it’s just
something we have to think about some more. I don’t really think it’s
inappropriate for the committee to do that. I do think it should come from work
you have already done from really recommendations you have made in the past.
There is more than enough to draw on. I don’t think it is just a question of
gut feeling or whatever. It doesn’t have to come out of this hearing or the
previous hearing.

I will make an analogy when there was the rule making on the FDA rule making
on controlled substances. I was having a hard time with that adjective. The
committee commented based on work that it had done before and said we made
these recommendations in the past and we think these are relevant, sent it to
the departments. These continue to be relevant and in particular in this
context. There is precedent of doing that although they didn’t hold a
particular hearing on that rule.

MR. HOUSTON: Here is my only concern though. Meaningful use has to be
described in quantifiable terms. At the end of the day somebody is going to
have put some criteria down that however many hundreds of thousands of
providers can then certify to which means there has to be some, I hate to say
it this way, laundry list of privacy and security things that somebody is going
to say certify, yes, I comply with these things. It’s going to have to be

MS. BERNSTEIN: I would call that list fair information practices.

MR. HOUSTON: But it is a checklist that’s going to have to be fairly limited
because I don’t think you can have too many measures.

MS. GREENBERG: I am not recommending that you make a recommendation. I am
just saying I don’t feel it’s inappropriate to if you decided to.

MR. HOUSTON: I think though that we have to be very –- if we wrote a
letter, I think the criteria that they are going to be willing to agree to in
terms of meaningful use, in terms of privacy and security is just a few, very
clear, very demonstrable measures that people can in a quantifiable way say
either yes or no or I got this.

MS. BERNSTEIN: My idea, John, would not even get to that. When I had mine
one or two recommendations is to say that there should be such a list and
somebody should put it in their meaningful use and think about it. It doesn’t
have to be us dictating what it is but even if we had the simpler form of
recommendation that said our observation at these hearings from what I
understood from the email traffic was nobody said much about it but everybody
acknowledged it was important. We want to recommend that something like this
ought to be taken care of. There ought to be a measurable list.

MR. HOUSTON: But somebody needs to do something.

MS. BERNSTEIN: But the department can do that if you make that kind of

DR. SUAREZ: It is an interesting process here. Number one I think the rule
of order here is that committees – I mean that’s my understanding from my
hearing when I came into the committee is that in order for the subcommittees
to make recommendations, the recommendations have to come from hearings or from
past evidence. If this committee were to make recommendations on meaningful use
and privacy and security, it would be either from past testimonies or some
other links because not all of us were at the meaningful use hearing. My
recommendation is the meaningful use hearings were done, there is a report
coming out, there is a series of observations being done that said that
meaningful use whatever we were going to be asked us to that to do with respect
to meaningful use will have to wait. We have to be respectful of the ONC
process to ask for specific advice from specific FACAs. That would be my
perspective. That’s just my opinion I guess.

The other point I wanted to make is on this particular hearing that we are
having here they are about personal health records and privacy and security.
That should be our focus and people are going to be looking at the
recommendations of that, how they fit into the larger ecosystem. Certainly
there will be opportunities to discuss that, but I think we got to focus our
attention on what we are doing.

DR. FRANCIS: Let me try to organize this for a second and say it is now 25
after and my thought would be that we ought to see if we can agree after the
draft of the report is available. When will that report of the meaningful use
hearings come out? It’s done? Okay.

MR. REYNOLDS: It’s already in David Blum’s office. It’s done. What I want to
do is I want to read the observation that is currently in the draft that we are
putting together.

MR. HOUSTON: Do we need to do anymore based on –

MR. REYNOLDS: I want to make one comment about that. We have been writing
privacy stuff on the NIH all along. The NIH is still in play as a philosophy.
We have written a number of privacy letters related to things whether it is
PHRs. We have been playing in this game for a long time. The statement we have
in the draft observations not for public dissension. You know not announcing it
but just using some wording that is under consideration, under things that
testify or said as common observations. Privacy and security must be addressed
in a definition of meaningful use of EHR and got a few other sentences in
there. I’m not going to go any further for purposes of the right reason. The
next thing is we have a PHR hearing that is continuing to add to the ecosystem.
We make privacy recommendations based on the ecosystem and if they can use them
in any other venue, good, but trying to take over a venue, trying to take over
a definition, and trying to act like we own that definition would not be a wise
opportunity with three FACA committees in play. I think we can just continue as
we are, do what we do. We’ve done a good job of it in the past and keep moving
at it and if somebody can use it in some other deliberations on this specific
definition whatever it may be. Maybe it’s PHR definition somewhere else. Maybe
it’s an HER. Maybe it’s meaningful use. It doesn’t matter then it can be used.

MR. HOUSTON: I went back to the stimulus bill privacy rule and looked at the
language. I’m just going to read the first part because I think it’s
meaningful. It says study not later than one year after the date of an
enactment of this title. The secretary in consultation with FTC shall conduct a
study and submit a report under paragraph two on privacy and security
requirements for entities that are not covered entities or business associates
as of the date of enactment of this title including. And again I guess my
thought is that is the language I see that really relates to PHRs. I guess when
I read through the whole thing I’m not left with it saying that anything has to
be done with this study after it is completed, but I do think that this is an
opportunity to put some information into play that might be considered as a
study is performed. So I guess probably the timing is good to put our two cents
worth in. It is a nonbinding study as far as I can tell. It does contribute to
the ecosystem and I guess if the FTC and HHS decide that they are going to go
off and do a study and don’t consider it then so be it as well.

MS. MCANDREW: I do believe at the end of that it does call for us to make

MR. HOUSTON: Unless it’s under a separate section and I’m missing. I just
went through the one –-

DR. FRANCIS: What I had actually wanted to do was close off as of four
thirty the discussion on meaningful use and move to PHRs. I think what we
should do on the meaningful use point I think what we should all do as members
of the subcommittee is have a look at the analytic summary of the discussion
that the committee had on meaningful use and see if there is anything that any
of us want to bring from our prior work on privacy to simply point in
connection with that analytic report. We could discuss that we could set aside
a half an hour or 45 minutes on June 9th to discuss that. That seems
to me to be a sensible way. Harry, does that work for you?

MR. REYNOLDS: The work we have done in the past is in play at all times. We
can reference it for any number of reasons. Everything that we have written and
done including what we are doing today and including what we did the other day
was heard in hearings. We’re not magically making anything up. We are pulling
from what we used to have and we are pulling it from what we heard now and we
are pulling from this hearing and we are deciding what we ought to say about

DR. FRANCIS: We will set aside some time specifically to discuss where there
are things from our prior hearings, our prior documents, that we want to make
sure to remind people of. Does that make good sense?

MR. REYNOLDS: I’m not running this committee. I’m just throwing it out there
that when it comes to the full committee, if I’m sitting chair in the full
committee, I’m going to struggle. One if we are making something up. Two if we
are taking an assignment we don’t have. But if we base it on everything we have
done against an entire ecosystem I think we are making a service to a lot of
people because again there are a lot of people on the ground running full
speed, wide open full speed.

DR. SUAREZ: So you are saying June nine will bring this up for the full

DR. FRANCIS: No, that’s our subcommittee.

DR. SUAREZ: The subcommittee hearing that we will have before the full
committee. What would be the impact of that? My question comes because right
now we have delivered the summary, which will be published later in hopefully a
few days, soon. We are expected to deliver some observations soon also. By the
time we get to June 9th and 10th things would have
already kind of out there. By virtue of having that discussion are we going to
put something in a letter separately to bring up? Who would be the audience of
the result of that discussion that we would have on meaningful use and privacy?

DR. FRANCIS: It was Harry who brought it up.

MR. REYNOLDS: The point is that we have to get the full committee warmed up
on the fact that we are going to be putting out some more privacy stuff and
every time we’ve done privacy it has taken more than one opportunity in the
full committee to make anything happen. If anything came out of here that we
could start warming them up on and if it was anything that was worthwhile
that’s reasonable comments that could be used by other people, fine because
they are going to be announced and we’re going to say it public. It’s just
happening fast now so let’s don’t talk about December to begin starting to do
some things when a lot of the discussion that it is needed for –- and
remember we were the ones that said over and over again we got to get privacy
moving along with everything that is happening and there is going to be a lot
of effort and a lot of money and a lot of time spent in the next few months
making stuff happen. We need to say what we are going to say and then we need
to figure out whether or not how we do with it. I’m not making that up for this

MR. HOUSTON: So what’s our priority?

MR. REYNOLDS: I will leave that to the chairs of this committee.

MR. HOUSTON: What is our priority? Let’s throw priorities and dates out
there then if we want to make sure the train doesn’t leave the station.

DR. FRANCIS: There is the question about the meaningful use point and we
could simply say something like what you just said and what some of the others
of us said a little while ago which was that the meaningful use hearings didn’t
include a lot about privacy and there should be some measurables as Maya said.
That is something we could observe. Then we could decide if we wanted to say
something more or we could our discussion for the remaining half an hour that
we have to what we have heard about PHRs and what we are thinking about as we
go forward to make what could be important recommendations that would be taken
into account as part of the study and so on on the kinds of privacy issues and
security issues that are raised by PHRs. So we could open the floor now. We
could resolve if we are going to say anything. I haven’t read the final draft
of the report yet. It just went around and that’s not even I’m sure an exactly
a final draft. It’s not a public draft in any event. I don’t know that we are
even in a position yet to say anything.

MR. REYNOLDS: The summary is done.

MS. GREENBERG: I don’t believe the summary as submitted although I think the
final version was sent to everybody.

MR. REYNOLDS: — is available to everyone.

MS. GREENBERG: It is actually available to everybody but I am wondering if
it has actually been sent to everyone. I know it hasn’t been sent yet to the
full committee. The question is whether we have sent it to the executive
subcommittee and –

MR. REYNOLDS: Other than a few basic edits it is not different than the
summary that was reviewed on the phone last week. That is a fact.


MS. BERNSTEIN: Is there some action that the executive subcommittee now
needs to –

MS. GREENBERG: That is essentially it.

MS. BERNSTEIN: Is there some action that the chair or the executive
subcommittee now needs to take to make that public?

MR. REYNOLDS: All we wanted to do was since Dr. Blumenthal and ONC were our
customer we wanted to make sure it was in the hand of our customer so we knew
they had it so that it didn’t hit the Internet, it didn’t hit anything and read
about in the paper –- that is a courtesy that we afforded.

MR. HOUSTON: For the purpose of this committee does it make sense to the
read the couple sentences about privacy and security that are in the summary? I
could do that. I have it in front of me if you would like.

MR. REYNOLDS: Purposely today I would love to – what we just heard. You
guys figure this out as to how you think –

MS. BERNSTEIN: Can I just make a couple of observations and then we can move
on. I think the only reason we are talking about this is just because this is
the first time this subcommittee has met since the ARRA has passed and all this
activity is happening. I don’t think it is a problem that we are talking about
this now.

The second thing is in response in particular to Walter about – I don’t
want the committee members particularly the newer committee members to get the
idea that we respond only to assignments. We do not and that is what Marjorie
was saying. You are free to make recommendations on any topic you want to the
secretary that you think is appropriate and timely and so forth or if you are
wrong about that your recommendation just won’t be well received. Basically the
idea of the committee is to figure out what is timely and useful and you don’t
have to wait for ONC to ask you or for anyone to ask you to do something and we
are basically not confined to what they have asked. In this case they asked us
to do something in particular we did it, but that doesn’t mean that’s all we
can do on that topic. If at some point we decide to make further
recommendations about that we can.

The other thing I wanted to say also to John’s point about legislation just
because the ARRA passed it’s not likely the Congress is going to take up that
thing again, but if you believe that there is something wrong in it or that we
need to make recommendations for legislation, you can make those
recommendations. The Secretary should make a recommendation for the following
sort of legislation and that’s a fine recommendation as well if you think there
is legislative change that is needed that is a recommendation you can make.

All of those things are open to the committee. I don’t want you to feel
constrained in a way on the kinds of topics that we are thinking about.

MR. REYNOLDS: I just want to add one thing to that. In the past there
weren’t three FACA committees. We owe a courtesy to the new process. That’s all
I am saying. Everything you said I am not disagreeing with so don’t anybody
take it any different than that; however, until we all understand we just owe a
courtesy. I’m the one that is recommending us moving forward on privacy so I
don’t want anybody thinking anything different, but I am just saying what we
will for the right reasons consider courtesy and consider communication because
what we are doing and what ONC are doing are both under HHS. We have to keep
that in mind in all instances. I just ask for a courtesy. That is all I am
talking about is courtesy. If we become too courteous we have no purpose
ourselves. If we don’t become courteous we may have just stepped on something
we don’t need to be stepping on quite as hard as we think we would step on.
That is all I’m saying. Just take that into consideration. Please move forward.
Please be the privacy subcommittee of NCVHS. Please recommend what you want to
and some of the rest of us will take the courtesy items into consideration.

MS. BERNSTEIN: I agree. We have had these similar committees anyway for
several years now. It hasn’t always worked so well and I think the fact that we
have leadership that wants to make it better coordinated and to figure out how
to make that work is a good thing.

DR. FRANCIS: Could I turn us to the PHR discussion? I was going to suggest a
slightly different way of handling this which is to go around the room and
maybe even to start with Amy one at a time and to have each person say one
thing that they think we shouldn’t lose sight of from what you heard today that
we should not lose sight of. One important thing that as we move forward in the
questioning or thinking about recommendations or even pre-recommendations
thinking about an analytical summary. One thing that you heard that you want to
make sure we don’t lose sight of.

MS. CHAPPER: We will come back to you if you want to think about it.

MS. KHAN: What I thought I heard was that education is a really important
aspect. Education. Educating the public whether it is by the website or
different modes of education.

MS. MILAM: I am going to add a little preface. I think we heard that there
may be some gaps with specially protected information and I think we also know
in ARRA that some personal health records could be business associates and
there might be an opportunity to help HHS figure out what those regs are, but I
think I heard overwhelmingly is that this is a really new tool for consumers.
It’s not like anything we have had before. I think it needs its own set –
I heard that things need to settle for a while and once they settle we need to
look at this entirely new paradigm and help clear away some of the existing
barriers that may be in state law or other places that really have no relevance
in this model today.

MR. REYNOLDS: I guess what I would summarize today is I think with where we
are now versus where we are going we have a naïve vision of where we are
at the moment, a very naïve vision. You asked my personal opinion because
we talk about the health citizen. We talk about some of these other things and
that is one piece. There are complicated contractual relationships between that
person and many other entities. Those companies and many other entities and so
I think consumerism is fine if it’s point to point, just that person, just to
that environment. In this health system there are so many relationships that
are contractual and so on whether it is a doctor/patient, whether it is the
payor/doctor, whether it is whoever has the PHR system or these other things. I
think just looking at one piece by itself is a little naïve as to how it
is all going to work in the end and where the data is going to end up being and
so on. Great information today and it made me think a whole lot differently.
I’m not sure what to do with it yet.

MS. BERNSTEIN: One thing that I heard in different ways from more than one
of our witnesses is that putting the burden of protecting privacy on
individuals and individual patients is a mistake and that we need to think
about what the right rules should be not in a paternalistic fashion but we need
to have I think Mr. Weitzner said some kind of national dialogue about what
those rules should be and perhaps how they should be enforce. Other people sort
of described this in a different way by saying a long checklist of everything
you have to think about. That is not helpful. It doesn’t increase trust. It
decreases trust. I would like to keep mindful of that. That where we are
placing the burden on helping people probably shouldn’t be on the people we are
trying to help.

DR. FRANCIS: I guess I will just comment that I heard a lot of tensions
about what the right if any regulatory environment is and whether it is the FTC
which is really viewing it as commercial and contract and fair information
practices and putting it on the consumer or whether the right regulatory
framework is something more like HIPAA which people were clearly not thinking
it was and the state/federal interface as well.

MR. HOUSTON: I really don’t have any thoughts yet.

DR. TANG: I think that we need to explore the privacy checks and policy as
we accelerate adoption of HIT and increase the innovation around HIT.
Personally I think that the status quo is not good enough. I think in the
context of today which is not PHR as a software, but the spread of personal
information outside of the traditional covered entity is one that is
potentially more dangerous than where the EHR is. The reason is because EHRs
are operated by covered entities. They already have a federal form. I think the
consumer data that is out there some of which are in PHRs have now protection.
That is what I mean by this status quo is not good enough. There is a sense of
urgency for the same reason that we are urgently or accelerating at least the
adoption of making health data into computers. That means there is going to be
more personal data outside of EHR existing and I think we need to have policies
that protect that on behalf of the consumers.

DR. SUAREZ: The most significant thing I heard was the challenge of finding
the right balance on what the regulatory framework should be. But one important
thing I think I heard was when you ask people do you think we need a regulatory
framework for PHRs, I heard in the very first panel all of them said no. It is
too early. You don’t want to minimize innovation. This is a starting and it is
just the beginning. We are in the beta or alpha or however they call it model
one, Model T, model A. But then I think what I thought I understood was they
were thinking of regulations in the sense of how we are looking at EHRs,
certification, meaningful use, those kinds of things, but when you turn around
and refocus the question around shouldn’t there be some privacy and security
protections afforded to consumers that use the products? The answer was in my
understanding was yes I think there should be. My concern is that there is a
lot of hiding behind the sense that this is so early, this is just starting;
this is a new kind of set of products. We shouldn’t regulate it yet. But at the
same time there is that type of urgency of saying it is because you are so
early. It is because of those kinds of things. You are already collecting
millions of records that there should be some immediate protection, privacy and
security protection afforded to consumers that are going to use those products.
When you begin to refine the question around regulatory framework, you begin to
understand. Their own views I think was yes I think there should be some
although there were some variant perspectives around that. That was quite an
interesting element.

The second thing I wanted to mention was a point that I have been in my mind
so much and that is the granularity of the controls. I think that is still a
major challenge on what data to protect by -– for what purpose to be
released how. Those kinds of features and aspects are still very much troubling
in the sense that there is no guidance around that.

MS. GREENBERG: Let me just say first I thought it was a really interesting
day and thank the chairs and co-chairs and Maya for working with the rest of
the subcommittee and putting together this very interesting day and I am sure
the rest of the hearings will be equally interesting.

I would say that even though we haven’t yet gotten to the panel on consumer
advocates and attitudes, it was the most consumer-focused hearing that I almost
ever been to of the National Committee. I thought that was really great in that
I think obviously the people who are working on personal health records their
main constituency are consumers, citizens, citizens, that is whom they are for.
Now what their business model are et cetera is another story. I won’t get into
that analysis.

They have to listen to consumers and need to know what is important to
consumers or otherwise they wouldn’t have any business model. I think that was
kind of refreshing to me. A lot of things that we have talked about in other
subcommittees or on other days or whatever whether it is medical home or things
related to other privacy, issues was kind of like a microcosm of them almost.
They were coming back or bubbling up, but from this new perspective or this
somewhat different perspective and for understandable reasons, but in the
meaningful use hearings you didn’t hear them much about consumers. I thought
this was a nice complement to that.

I agree with Hetty. I am glad Hetty picked up on the education. We have
talked for many, many years about health literacy, education, whether it is
related to privacy, whatever it is related to. We have never really been able
to get a handle on what to do about it other than to maybe make some
recommendations that other people should do something about it. It does come
back to that as being very important.

Just one other thing, and that was again a déjà vu in a
different context, the quality workgroup when it was a quality work group, but
this whole issue of claims data. Truth in advertising here. I am eager to meet
Dave and I think his experience was important. He will be here June
9th. I think it was a very telling experience and it certainly
caught everyone’s imagination, but I thought that the rationale that was given
principally I think from the WebMD, for the fact that -– it is sort of
like when we talked about it with quality stuff. We don’t want to use –
data, we want to use electronic health records and that was several years ago
and nobody even had electronic health records. Even now we know the penetration
is very low. There is this data out there where the penetration is very high
for everybody who is insured. I think there has been somewhat of an
overreaction to that and I thought what he said was very useful and I look
forward to that being captured in the minutes.

Also the fact that we should know. If our claims data – if data going
into claims are completely not representing really what our health problems
are, ignorance is not bliss. That told him and maybe there was some missed
coding or other problems we won’t go into it, but I thought that was a very
useful exchange and I thank Paul for raising the question.

MS. WATTENBERG: To pick up on what Maya said about what she heard is don’t
burden the patient or the consumer with having to be the decision maker and
controlling all this stuff. I heard that but I also heard a difference of
opinion, which is that it depends on the model. I think it is important to
understand that there are lots of different models that are blooming and that
the extent to which consumers control the information needs to relate directly
to that model. One of the things that I thought was interesting was that some
people said the amount of information is just overwhelming. There is no way for
the consumer to understand it and yet I also heard I think it was from
Microsoft say that they have this method of pursing out data so that people can
make very meaningful choices. I think that is also a difference of opinion and
I would like in the future testimony to kind of hear from people what they
think is helpful, what they think isn’t helpful.

The other thing is just to always keep – I notice not so much in the
testimony but in some of the paperwork that we had gotten the use of language
and how still and precise it is. In some of the paperwork the way in which they
were talking about consents really does not comport with how we have used
consent here. It didn’t even really comport with how we use authorization under
HIPAA which is when you are talking about a truly consumer-oriented tool
becomes even more important both in terms of education and all of that stuff
that were clear about what all these different terms mean were clear about who
the customer is and what does that mean because it takes on a different kind of
necessity when it is now their personal health record that it is a different
kind of education and understanding that they need to have in the context of

MS. MCANDREW: I think the thing that I took away really came up from the
first panel which in a way goes to the importance perhaps of continuing a
distinction between the expectations of an EMR and the expectations of a PHR
and the consumer facing values of a PHR but not the health reform values that
the PHR is going to be a side show with regard to health reform. I think what I
was keying in on was and it may get back to the meaningful use definition, but
the health reform impact of electronic information and interconnected
electronic information is the use of this data and pushing the use of this data
and the tensions that that does bring in terms of privacy to the point that
there may well be much more room in the electronic health records space for
uses that are assumed going back much more to the current HIPAA model of
TP&O and making sure quality is in there, making sure even public health is
in there, possibly even making sure that research is in there going forward.
That they will be automatic assumed uses of this information in order to get
the most value out of this information in order to get the most savings out of
going with electronic systems. This does push against privacy. It certainly
pushes against control and choice other than a general in or out. I think that
that to me says at least with respect to personal health records that there is
still value there. There is great consumer value there. This is going to be the
portal for consumers to have their access to this information to be able to use
it as they want even while the underlying system is doing what it needs to do
in order to get the efficiencies and the economies making all of this
information digital and an inner exchangeable. I think that presents a slightly
different environment as this committee proceeds with making privacy and
security not so much security because I think that’s always going to be there,
but certainly privacy expectations with respect to this information.

The other observation that I would come away with is that trying to come up
with a balance in particularly, regulatory balance in this area is hard and so
welcome to my world.

PARTICIPANT: Sarah wants to say one more thing and I also want to go back to
Amy. Is Gail on the phone still? Do we know? I want to make sure that Gail gets
her two cents too. Gail, do you want to chip in first?

MS. HORLICK: I think some of the couple of the points that I had were just
made. I think that one of the things that struck me I think maybe Harry
mentioned earlier about after all the deliberations the committee did on
sensitive data and blocking and flagging and masking how we heard more than one
person say that the advocates all say no. It is all sensitive. You can’t
distinguish. I was very struck by that and how it was balance to everything we
had discussed. That and the regulatory issues as well.

MS. CHAPPER: Well, I guess I should have gone a little sooner since
certainly a lot was said, but from the beginning it seemed like a lot of the
testimony was about trust and what is in the best interest of the patient and
then our own concerns about privacy and security and yet all these PHR vendors
and activities going on with their data and this idea that well we will let
this go while we look at other things. Let it all kind of play out. I just
think that’s a really big concern that it’s all out there or a lot of it is out
there. Then when I hear about the meaningful use discussion, I have to say I
really thought that related to the EHRs as opposed to the personal health
records. I’m just a little confused with that, but you all know.

MS. WATTENBERG: Just in thinking about this issue of what does the future
really hold. It got touched on a little bit and we were talking about it at
lunch a little bit too is depending on how this whole health reform thing
shakes out. You know the whole privacy paradigm could really shift. You know
the easy one to think about is if part of privacy is protecting against
insurance discrimination and we move to a system where health and pre-existing
conditions don’t matter. If you leave one plan there is an opportunity to go to
another one. You have removed a sloth of discrimination that no longer needs
protection against which you no longer need protection. I think that the
consumer perception of privacy need is really going to undergo big shifts if in
fact privacy is a proxy for failed health system and the health system improves
those kinds of things. That those really I think are the paradigm shifts that
are at work. I don’t know where it’s going to all play out, but I just feel
like I always do which is we are going to do all this work and then in three
years nobody is going to care anymore about this and we are going to be onto
something else. But I do think that that’s really when you look at the future
it is about information merging. It is about systems changing so radically that
whatever we do have to be sufficient but a loose fix so that we are not overly
getting tied into something.

DR. FRANCIS: We are at five o’clock. I want to thank everybody for a
wonderfully rich day and we will resume this set of hearings tomorrow at nine
in this room.

(Whereupon, the meeting adjourned at 5:00 p.m.)