[This Transcript is Unedited]

Department of Health and Human Services

National Committee on Vital Health and Statistics (NCVHS)

Full Committee Meeting

May 27, 2015

Hubert Humphrey Building
200 Independence Ave., SW
Washington, D.C. 20024


P R O C E E D I N G S (9:00 a.m.)

Agenda Item: Welcome

DR. SUAREZ: Good morning everyone. Welcome to the National Committee on Vital and Health Statistics meeting. We have a number of people on the phone and a number of people here, present. I know the weather has taken some toll on some of our people being able to be here in person, but we are hoping they will be joining us on the phone.

We will be doing introductions in just a second. I do want to take a minute to, first of all, thank everyone for your incredible messages of support and encouragement. It has been really an honor being appointed the new chair of the national committee. I am going to try to do my best to fill in the very big shoes that all of the previous chairs have left me here with. I know it is a very important time for the National Committee for our healthcare industry and for our nation, really, with all of the transitions that we are going through and the transformative nature of the evolution of our system.

Certainly, we have as a national committee an opportunity to continue to provide the very thoughtful and deep advice that we have provided to the Secretary in the past. We are going to be looking at engaging in probably some new and exciting areas in the coming months as we give shape to the next evolution of our national committee in terms of its priorities and its focus. Very excited about that. Very much looking forward to working with each and every one of you in moving our national committee forward. Thank you again.


DR. SUAREZ: I should have probably introduced myself at the very beginning. I will leave it for the end here. My name is – we should do probably introductions now and then we will go through the agenda and some of the logistics for the day.

My name is Walter Suarez. I am an employee of Kaiser Permanente and a member of the National Committee, now as new chair. I am also, by virtue of being a chair, going to be joining all of the other subcommittees as a member. I will certainly continue to participate and be engaged in those discussions. I do not express any conflicts.

MR. SCANLON: Good morning. I am Jim Scanlon. I am the executive staff director for the full committee and deputy assistant secretary for planning and evaluation at HHS.

DR. STEAD: I am Bill Stead from Vanderbilt University Medical Center. I am a member of the full committee. I am a co-chair of the population health subcommittee.

DR. CORNELIUS: Good morning. I am Llewellyn Cornelius from the University of Maryland School of Social Work. I am a member of the full committee, population health subcommittee. I have no conflicts.

DR. CHANDERRAJ: I am Raj Chanderraj, member of the full committee and member of the subcommittee of the standards. No conflicts.

DR. LOVE: Denise Love, National Association of Health Data Organizations, member of the standard subcommittee. No conflicts.

DR. GOSS: Alex Goss, Pennsylvania e-Health Partnership Authority. Member of the full committee. Co-chair of the Standards Subcommittee. No conflicts. I am also on the Framework Workgroup.

DR. SOONTHORNSIMA: Ob Soonthornsima, member of the committee and the Committee on Standards with CVS Health. No conflicts.

DR. MAYS: Good morning. Vickie Mays, University of California Los Angeles. Member of the full committee. Member of the Data Working Group, the chair of Data Working Group. Member of Pop and Privacy.

DR. KLOSS: Good morning. Linda Kloss, member of the full committee. Co-chair of the Privacy, Confidentiality, and Security Subcommittee. Member of the Standards Subcommittee. No conflicts.

MS. JACKSON: Debbie Jackson, National Center for Health Statistics. Acting Executive Secretary.

DR. SUAREZ: Do we have members of the National Committee or staff on the phone?

DR. BURKE: Morning. It is Jack Burke, member of the full committee, member of the Population Health and Privacy Subcommittee.

DR. ROSS: Good morning. This is Dave Ross. I am a member of the full committee and a member of the Population Health Subcommittee. I have no conflicts.

MS. MILAM: Good morning. This is Sally Milam. I am a member of the full committee, a member of the Subcommittee on Privacy, Confidentiality, and Security. I have no conflicts.

DR. SUAREZ: Anybody else on the phone at this point? All right. Let’s go around the back and do introductions. Is there someone who just joined us on the phone?

DR. WALKER: Hi. Jim Walker. Sorry I’m late.

DR. SUAREZ: Okay, Jim, could you introduce yourself?

DR. WALKER: Jim Walker, Cerner Corporation. No other conflicts.

DR. SUAREZ: Thank you, Jim.

DR. SQUIRE: Marietta Squire, CDC/NCHS.

MS. KANAAN: Susan Kanaan, writer for the committee.

MS. KAHN: Hetty Kahn, CDC/NCHS, staff to the subcommittee on privacy, confidentiality and security.

MS. HINES: Rebecca Hines, NCHS.

MS. JONES: Katherine Jones, NCHS and staff to the committee.

DR. BEEBE: Suzie Beebe, ASPE.

MS. HOGAN: Katie Hogan, Veterans Affairs.

MS. DEUTSCH: Terri Deutsch, CMS.

MS. OLSHAN: Shana Olshan, CMS.

DR. LAZARUS: Steve Lazarus, Boundary Information Group, representing CAQH Core.

MS. WAGNER: Afton Wagner with HIMSS.

MS. TUREK: Kelly Turek, America’s Health Insurance Plans.

MR. ALFANO: Bill Alfano, BlueCross BlueShield Association.

MR. RUDY: Dan Rudy, private consultant.

DR. FULCHER: Chris Fulcher, University of Missouri, Community Commons. I serve on the Data Access Working Group.

DR. SUAREZ: Wonderful. Anybody else? Okay.

Thank you again everyone. I should have also mentioned as I was opening the meeting today that we also have a new co-chair of our Standards Subcommittee. I wanted to acknowledge Alex for stepping up and joining the Standards Subcommittee as its new co-chair. Thank you so much, Alex, for that. Your expertise and knowledge will be really, really instrumental in that subcommittee. Thank you.

MS. JACKSON: I have an update to the agenda.

DR. SUAREZ: Yes. We were going to go through the agenda now. Thank you for that. We have a very, very important and exciting agenda. I think we have some important action items that we are going to be taking on. We are going to be focusing on those items throughout the day. We have also some important updates that we will be hearing. In the morning, we are going to be hearing from our partners at the department with some important updates. We are going to talk about some of the strategic planning regarding NCVHS.

We are also going to focus then in the early part of the afternoon on an overview of one of the important activities that is coming up, he ACA Designated Review Committee activity reported by our Standards Subcommittee. Then discuss and focus on the work that the Population Health Subcommittee has been completing, a letter to the Secretary. It will be in preparation for action tomorrow. We will review that. We will also hear about the framework white paper and discuss the framework white paper that the Population Health Subcommittee has been working on.

After that, we will go into our subcommittee sessions. We will start with the Privacy and Confidentiality Subcommittee and then go into the Standards Subcommittee. Tomorrow morning, we will go into the Population Health Subcommittee in the first part of the morning and then come back as a full committee and engage in the final action regarding our community engagement letter, the letter prepared by the Population Health Subcommittee.

In the later part of the morning, we are going to be hearing about a very interesting and exciting project, eVitals demonstration project presented – we have a host of presenters actually coming to talk to us about this very important project. As part of that, I think we are going to see how standards, population health, and privacy come together really in a specific topic, in this case vital science and vital statistics.

We will hear about the Working Group on Data Access and Use and wrap up our meeting and then move into afternoon tomorrow to the workgroup on data access and use session.

Now, we are going to hear some updates on the agenda.

MS. JACKSON: That’s right. I just wanted you to know that we were trying to get a briefing from the Office of the Chief Privacy Officer, Lucia Savage, who presented the last couple of meetings. She is unavailable this morning as part of the department updates, but has graciously accepted an invitation and indicated her extreme interest in presenting to the committee. I did send out one of the reports, a very updated report that she has from her group. She will be on at four o’clock this afternoon, directly after – as part of the privacy section. Linda and Maya indicated the significance of having that included. I am very thankful and grateful for everyone’s cooperation and flexibility in making that happen.

We have our toolkit. This is the next version for the privacy toolkit. From what the guide that Lucia has pulled together, there is so much synchronicity there. It is very nice. We do appreciate her office in taking that extra effort to join us this afternoon at four.

DR. SUAREZ: Thank you very much for that update. I look forward to hearing from Lucia this afternoon. Any changes or any other suggested points about the agenda? Any other logistical items?

I think we also have a social dinner tonight.

MS. JACKSON: Yes. We will get information about that. It is at 6:30. I will provide that for you at the end of – after the break.

DR. SUAREZ: We are going to go into the updates from the Department.

Agenda Item: Updates from the Department

MR. SCANLON: Thank you Walter. Good morning everyone. Welcome, Walter. I am pleased to turn over the gavel to you. Unfortunately, there is no hazardous duty pay. I don’t think we have a helmet that you could wear.

Let me talk a little bit, since we met in February, about some of the developments in policy and programs at HHS. I am going to talk a little bit about our monitoring of ACA implementation impact and some of the work of the data council that is interesting to the committee and some new projects we are starting as well.

Let me start with on the personnel front, I think I may have mentioned this before, but we have a new Surgeon General who has been confirmed. Dr. Vivek Murthy is now here. He has settled right into his role. Karen DeSalvo, I think you – she has been nominated to be the Assistant Secretary for Health. That position needs senate confirmation. In the meantime, she is the Acting Assistant Secretary for Health. Our previous Deputy Secretary, Bill Corr left about a month ago. We now have Mary Wakefield, who was the head of the HRSA. She is now the Acting Deputy Secretary. We have some new leadership as well.

Just as an overall start, I remind everyone that our HHS has a strategic plan covering the period 2014 through 2018. We updated it last year. It is posted on our HHS website. When we are thinking about our own strategy, we always want to have some way of reference to that.

It has four overall goals and 21 objectives, which we monitor closely. At a very high level, it is meant to reflect not every single thing that HHS does, but the broad themes of what HHS covers. We have, as I said, 21 objectives. We have measures for each of those. We also have a number of other strategic plans and issue-oriented plans in other areas. These are more detailed plans in specific areas. Examples include antibiotic resistance, for example, preventing morbidity and mortality from opioid misuses, delivery system reform, tobacco control, health care acquired infections, and then the National Disparities Action Plan, National Prevention Strategy. I won’t go through all of these.

Generally, we have the overall HHS Strategic Plan. From that plan, these specific plans cascade. In each of these areas, when we develop plans and initiatives, we typically try to have some way of stating the expectations in terms of objectives. We try to have measures associated with those. Data, again, is a big part of those.

On the budget side, we are in the third quarter of 2015. We are very thankful we have a full year budget. Congress is working on the fiscal year 2016 budget. Hopefully, we will have a budget as the fiscal year starts on October 1st. There are always three budgets working at one time. We are already starting work on the fiscal year 2017 budget, at least internal preparatory work here, in HHS.

Let me turn quickly to ACA health reform, which obviously is a major policy programmatic priority and a data priority as well. We are basically coming off the second open enrollment period. Plans are already underway for the third open enrollment period in the fall. We are obviously looking at work in terms of what targets and expectations would be for enrollment. This is also the season when plans announce their premiums. We will be looking at that as well.

On the overall strategy for measuring the impact of the Affordable Care Act, as I mentioned previously, we sort of have a three legged approach. One leg is a little shorter at the moment. That is the electronic health record area. Generally, we are looking at our overall population and employer and provider surveys as a way of keeping track of what is happening.

In addition, we are looking at the administrative data that we are gathering from the marketplaces and from other places as well, claims data and so on. Just as we look at our overall alignment and integration strategy and data, we are looking at electronic health records down the road to get more information on the clinical side and on the utilization side as well. We are making progress in all of those areas.

We published a number – I think we have a commitment that we try to publish the enrollment data on our HHS website as soon as it is available and other issue briefs and research reports when we can. Along the lines of the survey dimension, we have made a number of enhancements to our family of HHS surveys to be able to monitor the implementation and the impact of health reform. We have added probably a hundred or more questions to the Health Interview Survey, for example. We continue to change those and modify those as we get further into the normal operation of the marketplaces.

As I think I indicated previously, we have established here, at ASPE, an NCH research data center. You remember the Census has research data centers where you can access their data. NCHS has data centers similarly. AHRQ has similar research data centers for the MEPS data. We have one here at ASPE, which we use. We have allowed some other federal agencies to use that as well, the CBO, for example. As nice as the trip to Hyattsville is, no one wants to go out there when you just want to do an analysis. They are using our research data center as well.

Our Data Council, you remember, had developed the data strategy about two years ago. One dimension of the strategy – there are two important dimensions and then a whole data gaps dimension. One of the areas was the area we have talked about, the framework has us thinking in terms of alignment and integration as we move forward in the areas of administrative data surveillance surveys and research and electronic health records. Each one is not viewed as a silo, but each one is viewed as relating to each other as we move forward. Generally, we try not to take steps or lock in decisions on one that will hurt the other. There is kind of a look at the others in terms of how do we move forward overall. The alignment theme is one of the parts of the strategy.

Number two was to improve our use of technology to collect data and analyze data and make the data available, basically speeding up the time from our survey’s administrative data to the time we had the data available. We have made a number of improvements with some pilots and others across many of our surveys. The HIS, we have actually developed a web-based capacity to do that. There are some issues with representativeness as you know with web surveys. You miss some parts of the population that can lead you astray. For other things, the web can answer certain research questions.

In addition, we have – for the MEPS, we have added a longitudinal dimension. We have increased – for their employer survey where they ask about the insurance plans, we stretched that out for another year. Now, it is more longitudinal. We are also looking at the ability to do some sort of telephone or Skype or web-based capacity for the MEPS survey as well.

More recently, the Health Interview Survey – well, actually, it has been more than a year now – based on this initiative, developed the HIS early release program. What this does is speeds up the data collection so that order by order, we have the data available for that quarter within about six months of the data collection. There is a six month lag and then we have those quarters. That has been very helpful.

I think with the Affordable Care Act, there is an interest in trying to speed that up a little more. Otherwise, we are going from one enrollment period to another without having the benefit of data from the survey. Again, we look at what the commercial surveys do. It is a little hard to know what exactly it means. We don’t – we try not to give our own imprimatur to those – we just use it as intelligence. I think everyone agrees that the gold standard, ultimately, will be the Health Interview Survey and some of our other surveys in terms of what is happening. The quicker we can speed it up, the better.

We are then working on a project – hopefully, it will be successful – to try to speed up those early releases even faster as we move into the fall.

One other thing and then I will stop here. We were asked by leadership in the department to look at three areas where the interest is in looking at what the data and the measures are and to see if there is an opportunity for alignment, to see how closely the various estimates align and are comparable and then what accounts for the variation, for example. Health insurance is always one. Then are there opportunities down the road to make some improvements?

The three areas are health insurance measurement, where we have actually done a lot of work already and it turns out that the variation was mostly between HHS and Census. It wasn’t so much within HHS. There is a big gap in terms of what Census was reporting. I think everyone agrees it was a difference in the reporting period that they were using. They have now changed their questions. We are now getting a little bit closer. At any rate, we will look for opportunities there.

Second is the whole area of behavioral health. This is substance abuse and mental health. I think the belief is that with the Affordable Care Act and with parity – requirements for parity in behavioral health, we need to get a better handle on the prevalence, the incidence of mental health particularly. Substance abuse we sort of have – we have been gathering that for quite a while. Mental health, different parts of the mental health, diagnostic range, and then are people getting access to care or are they getting treatment and what kind of effect is it having. We will be looking at that as well. We will be looking maybe at common measures used to assess mental health in community settings.

The third area is dealing with the vulnerable population dimension. There we have been asked to look at probably the most recent area we have made some progress in and that is the LGBT area, sexual orientation, gender identity. We have made some progress there. We have added questions to our major surveys on sexual orientation. Gender identity, we are making a little bit of progress, some progress. We are going to ask the – we formed three working groups, in the process of forming three workgroups under the data council. We will be looking at opportunities in the LGBT area. What have we learned from the questions we use so far? Is there an emerging best practice or standard for gender identity? We have some questions. We have to look at what we are getting and the possibility of recommending some best practices.

Let me mention one more study. I think all of the statistics agencies are constantly worried about are declining response rates in their surveys. It just happens. I think the federal surveys still have the highest response rates. They clearly are declining. There are a lot of reasons for that. We are looking at – we are probably going to look at – gather all of our agencies together and look at are folks able to solve this problem through analysis or through bias analysis and other things that – we are trying to see what the best thinking may be in the community.

Walter, let me stop there.

DR. SUAREZ: Thank you Jim. Thank you so much. It is always so great to hear this comprehensive review of ongoing activities and ongoing activities of the Department. Let me ask if there are any – I see Vicki already has her card up. Vicki?

DR. MAYS: Thanks for the update. Some really interesting things are happening. Let me ask a couple of questions. In terms of the mental health, there are two issues. One is mental health has been in and out of the surveys. One of the issues that people are struggling with is wanting mental health to stay in so that it is actually a topic in which we have surveillance and monitoring. People see it as really particularly important because of integrated care and trying to make sure that health reform is working for mental health. If you could talk about whether or not it will be for the long haul that would be good.

The second question about mental health is that one of the steps forward in mental health has been the funding by NIH in the past of the consortium of psychiatric epidemiology studies. What they did was when they funded those, they did a series of studies that were very specific to subpopulations. We now know that there are differences between Caribbean blacks and African American blacks. There are differences in the Latino subpopulation. I would hope that if HHS is going to do this that it also make sure that it doesn’t put us behind again with having these large categories, but that we can continue to build on the NIH-funded studies.

MR. SCANLON: We are just starting. I hope the goal – I hope the option would be to gather at least a core set of mental health information continually. I think the National Survey on Drug Use and Health – this is at SAMHSA – is looking at doing that more consistently and using some standard measures. I will be – any ideas you want to send me individually about what I should give to the workgroup, I would be happy to take.

DR. MAYS: Thank you.

DR. SUAREZ: I do have more of a comment than a question. One important development with respect to population health surveys is in this 2015 ONC Certification Criteria and Standards, there is one new standard that has been included. That is a standard for submitting health survey results from EHRs into public health agencies to accelerate really and improve the quality and reliability of the data. It is a really exciting area. The expectation, again, is that EHRs will have to be certified to be capable of generating those survey data and then submitting it to public health agencies. Of course, the public health agencies have to be ready to receive it. The standard for – the electronic standard for this was developed, actually, by one of the international standard development organizations, but with heavy involvement from NCHS and led really pretty much by NCHS. It is a very exciting new possibility of really merging and bringing and converging, really, the electronic health record capturing of data and the submission of data to public health. This is a starting point really and never had been done. It is an important first step.

MR. SCANLON: That is part of the alignment strategy that we look to all of these sources to be able to get data from their providers. In addition to that, we have actually funded some pilots at MTHS to continue to push the envelope forward in terms of getting electronic reports for the NAMCS and some of the other surveys as well. The quicker – the sooner we can get data from those sources – and, again, it is getting – I think the surveys of the medical care provider, the facilities, and so on, I think response rates are declining there as well for various reasons. Any way we could make this easier to do and continue to get systematic data will help us in the future.

DR. SUAREZ: Any question from the phone? Any questions or comments from the phone?

MS. JACKSON: My follow up would be I know we were trying at one point to get an update at this meeting on the ACA delivery reform. With the convergence of a lot of this going on, do you see – foresee something coming up maybe for the September meeting to follow up on?

MR. SCANLON: Yes. It just wasn’t ready to announce yet. It is working its way through HHS. We will – I certainly think by our September meeting, we will have the dimensions. Again, you can imagine it includes things we have talked about in terms of integration and the role of data and electronic health records and so on and managed care and population health. We can do that for the September meeting.

Let me make one other addition, Walter, just on the administrative side. We have – the Secretary is now looking at or at least the process is now underway – at a package of proposed members, new members, alternates, and re-appointments that would pretty much fill up all of our vacancies. If we get it approved, we hopefully won’t have any more graduating classes that are quite so large.

DR. SUAREZ: Thank you. I think that is going to be really exciting. I think if everything works well hopefully by the September meeting, we will have a full complement of the entire – I think it is 18 members. I know there are some re-appointments and transitions and all of that. That would be very exciting.

All right. Let’s move on. We are going to hear now other updates from the Department. We have Shana from CMS. Welcome, Shana.

MS. OLSHAN: Good morning everyone. I am Shana Olshan, the Director of the National Standards Group at CMS. Before I begin, I want to offer my congratulations, Dr. Suarez, on your recent appointment as Chair. We look forward to working with you in this capacity as well as with the full committee and with the Standards Committee moving forward.

Before I provide a brief update on the work of the National Standards Group, Elizabeth Holland from our Center for Clinical Standards and Quality will provide us an update on the HITECH EHR incentive program. She is joining us on the phone today. Elizabeth, assuming you are there, the floor is yours.

MS HOLLAND: Thank you Shana. I am in the new Quality Measurement and Value-Based Incentive Group in the Center for Clinical Standards and Quality. I am giving you an update on the Medicare and Medicaid EHR Incentive Program. To date, we have invested more than $30 billion in health information technology through incentive payments to eligible providers. We have been busy with proposed rules recently. Our states pre-proposed notice of this rulemaking was released on March 30th along with a companion of proposed rules from the Office of the National Coordinator for Health Information Technology on the 2015 Edition Certification Criteria for Health Information Technology Products, including EHRs.

Our proposal includes major decisions, establishing a single aligned reporting period for all providers, aligning reporting on quality data through CMS quality reporting programs, streamlining meaningful use objective measures and reporting requirements. Essentially, we proposed to reduce the number of objectives to eight. We have also proposed that states would be optional in 2017, but would be required by 2018. The comment period for this stage three rule closes on Friday, which is May 29th.

We have another proposed rule that we released on April 15th, 2015, which is called the Modifications to Meaningful Use for 2015 through 2017. We are essentially working to modify the definitions for this year. This proposed rule is intended to be responsive to provider concerns about things like software implementation, information exchange readiness, and other concerns. In this proposed rule, we are trying to reconcile all of the effective measures across the stages so that providers will report on a set of reduced objectives and measures that have been modified to reduce redundant and duplicative measures as well as measures that have received widespread adoption or are topped out. By that, we mean everybody is getting in the very, very high 90s.

We proposed fewer objectives for providers who are either in stage one or two. We proposed shortening the reporting period for 2015. Currently, it is one year. We have a 90 day reporting period. We also proposed to move the hospitals who currently report on a fiscal year basis to a calendar year reporting period so that all providers would report on the calendar year. The comment period for this rule closes on June 15th.

The last thing we are doing is we are working on implementing provisions of the Medicare Access and Chip Reauthorization Act of 2015, which is also known as MACRA. Most of our work has centered on the merit-based incentive payment system, the MIP. We are looking to have several proposals, I believe, in the physician fee schedule proposed rule. We have been kept quite busy with that. That is my update.

DR. SUAREZ: Thank you very much.

MS. OLSHAN: If there are any questions for Elizabeth, you should ask them now.

DR. SUAREZ: Maybe we should stop for a minute and see if there are any questions about EHR activities. I do have one, but I want to see if there are any questions from the other members of the committee.

DR. STEAD: I didn’t know if at some point, we were going to get an update on what is going on in terms of the ONC committee workgroups, et cetera.

DR. SUAREZ: I think Erica was going to join us by phone. We will probably hear about ONC specifically.

DR. CHANDERRAJ: I was wondering, Elizabeth, if you can give any comment on the drop off of physicians who took the Meaningful Use payment for Meaningful Use I. But for Meaningful Use II, what is the drop off rate?

MS. HOLLAND: We are in the process of finishing our analysis of our April data. The April data includes everyone, all of the providers who attested through the 42014. We are just not quite ready to release that. We should be releasing it in the next several weeks. We usually provide that sort of update when we give an update through the HIT policy committee.

DR. SUAREZ: Thanks, Elizabeth. I think next meeting of the Policy Committee will probably include some of that.

MS. HOLLAND: We are hoping.

DR. SUAREZ: Okay. That is one vehicle to hear about the latest status of physician participation in the program.

The question I have, Elizabeth, is about the understanding that, basically, stage III or at least I believe that the stage III is the last Meaningful Use stage as some people have referred to. I was wondering if you could make a few comments about what will happen after stage three and how do you see the Meaningful Use program evolving. It was interesting that you mentioned MIPS, of course, part of MACRA. A lot of the convergence of the quality measurement programs, including the Meaningful Use quality measurement requirements will be fostered and will come together through MIPS. There is a lot of other Meaningful Use related requirements. Could you say a few words about what you see will happen after stage III?

MS. HOLLAND: Well our proposal is really – it is called stage III because we started with stage I, et cetera. Stage III is almost like a misnomer at this point because we are really moving to one stage that can be sustainable for a longer period of time so that we are constantly updating. Right now, providers start at stage I, move to stage II, and then go to stage III. When stage III is fully in effect in 2018, our proposal is to have everybody doing stage III. With the MACRA changes, Meaningful Use essentially stays the same. When you demonstrate Meaningful Use, you will still do it the same way. That will count as part of your score under MIPS. It is just the payment adjustment of the EHR incentive program that changes. The rest of the program stays intact. I believe it is 25 percent of the score for MIPS.

DR. SUAREZ: Excellent. Thank you. That is very helpful. I think that will probably eliminate some of the maybe misconceptions about Meaningful Use ending after stage III or something like that.

MS. HOLLAND: The law still stands. The only part that MACRA touched was the payment adjustment.

DR. SUAREZ: Thanks so much.

MS. LOVE: Walter, you may have to help me with this question. There was some concern I think in the public health community about the consolidation of some of the reporting measures, that reporting to public health might be lost in stage III. I am trying to follow the threads here.

DR. SUAREZ: Elizabeth would probably know much more. Maybe to frame the question, I think the concerns that have been expressed is that it used to be that people would be expected to report a percentage –

MS. LOVE: To one registry or one reporting measure to public health.

DR. SUAREZ: Maybe I am confusing this with other metrics. Elizabeth, do you want to comment on the concern about public health if you have heard about those already?

MS. HOLLAND: Because we are in the comment period, I can’t comment too much. One of the eight objectives that we did propose for stage III was public health and clinical data registry reporting. We did propose to require more, but to give some flexibility in what you report. Some of the examples are immunization registry reporting, surveillance reporting, public health registry reporting, clinical data registry reporting, and case reporting.

Our proposal is that you have to do so many of those. I believe the number is three out of five for EPs and then there is a sixth one for hospitals so it is four out of six for hospitals. That is just the proposal. We definitely weren’t eliminating public health reporting.

DR. SUAREZ: Thank you. I think the concept of increasing the possibilities of what to do, but providing more flexibility is what might have created some of the sense that maybe there was a reduction – n–t reduction or something.

MS. LOVE: Or they would consolidate measures and maybe knock out the public health feed. This is over my pay grade, but I know there was some concern that it would lose public health reporting in stage III.

DR. SUAREZ: Well by Friday, I am sure there will be comments about that.

MR. SOONTHORNSIMA: Walter, just real quick to follow up, you mentioned earlier that HL7 and NCHS are working on the standards for the public health reporting.

DR. SUAREZ: For surveys specifically, survey data.

MR. SOONTHORNSIMA: For surveys. So that is not –

DR. SUAREZ: No. There are all sorts of different standards for different public health – this is specific to surveys.

MR. SOONTHORNSIMA: Gotcha. Thank you.

DR. SUAREZ: Okay. Thank you so much, Elizabeth, again for your participation. Now, we are going to turn it to Shana.

MS. OLSHAN: Thanks, Elizabeth. So I provided my first update to NCVHS in February. I am pleased to be back to speak to you again. It has been a busy time getting oriented to my new area. I am beginning to make some headway. I have been building a management team. With their leadership and with the knowledge and expertise of the staff, I strongly believe that the national standards group will be successful.

As I mentioned in February, my priorities are to revisit the administrative simplification initiatives, as well as all of the NCVHS recommendations made since 2012. It has been slow, but we are making progress. The areas getting the most attention right now continue to be the transition to ICD 10, the health plan identifier, otherwise known as HPID, and certification of compliance.

I will start with ICD 10 because it is consuming most of my time. As of today, the implementation of ICD 10 is 126 days away. There is still time to get ready for those folks who aren’t ready. That is a really important message that we are conveying and we would like all of you to continue to convey. CMS has made every effort to ensure that the entire health care community is prepared for this transition by providing resources found on the CMS ICD 10 website to help pave the way to successful transition.

The industry is encouraged to make a plan, train their staff, update their processes, talk to their vendors and payers, and test their systems and processes. To assist with the industry’s readiness efforts, CMS has a comprehensive program of outreach, utilizing free, on the ground trainings, webinars, national calls, and other events conducted with industry partners. To assist small physician practices in building customized ICD 10 action plans, physicians and others can use tailored resources that can be found on the CMS.gov ICD10 website or receive onsite training. That is our Road to 10 program, for those of you who may be familiar with that.

I am also pleased to say that the industry has played an enormous role in paving the way to a smooth ICD10 transition. Hospitals and health systems have been reaching out to smaller rural practices to share resources and infrastructure. Clearinghouses, payers, and billing services are supporting their clients’ testing efforts. Professional associations are offering free ICD10 training and resources and many vendors are including ICD10 in their products at little or no cost to their customers.

As part of our efforts to increase awareness about the October 1st, 2015 transition to ICD10, in April, we conducted a social media rally using Thunderclap. It is a social media platform that allows a single message to be shared simultaneously via Facebook, Twitter, and Tumblr to increase impact and reach. The date of our campaign coincided with the last day of the annual HIMSS meeting in April. The campaign encouraged audiences to prepare for the transition to ICD10 by sharing the message, I am on the road to ICD10, get ready for October 1st, 2015, and visiting the ICD10 website for more information. As part of this campaign, we had over 1,000 supporters and we reached over 475 followers on social media.

In addition to providing free educational resources to prepare for ICD10, CMS is also offering unprecedented external testing for Medicare providers. We are offering two types of testing. The first is Medicare Acknowledgement Testing. It is open to all providers through September 30, 2015. Acknowledgement testing demonstrates that test claims that are submitted with ICD10 codes can be accepted into the Medicare claims system. It ends at that point.

As I said, the testing can happen at any time. We also are offering some special acknowledgement testing weeks. We have offered three to date. The final special acknowledgement testing week is next week, June 1st through 5th. For the first three special testing weeks, we had almost 3,900 submitters submit nearly 150,000 claims. As part of that, there were no Medicare fee for service claim system issues identified during the testing. The rejections that occurred during the acknowledgement testing were largely unrelated to ICD10. The submitters just didn’t know how to submit a test claim, basically. The results of all of this testing can be found on the CMS.gov ICD10 page.

The other type of Medicare testing is end to end testing. The goals of end to end testing are to demonstrate that submitters can successfully submit claims containing ICD10 codes, the software changes that CMS made to support ICD10 result in appropriately adjudicated claims, and that accurate remittance advices are produced. As a result, this testing is sometimes referred to as Submit to Remit.

Medicare is offering three rounds of this testing. The first two rounds were held at the end of January and the end of April of this year. The results of the April testing will be announced by the end of this month. I can’t provide you with the details, but stay tuned. The end of the month is around the corner. The results will be posted on the CMS website as well.

In the January testing, we had 661 participants with just under 15,000 test claims received. The majority of the claims were for professional claims. Only about 81 percent of the claims were accepted. Again, 13 percent of the rejected claims were due to non-ICD10 errors, such as invalid place of service, an incorrect NPI, they put in the wrong submitter ID, an invalid code. Things I understand were better in the April testing. People are learning how to submit test claims. The January testers were allowed to also submit in April.

The final opportunity for Medicare end to end testing will be the last week in July. To allow for greater participation, CMS reopened the window for individuals to volunteer to participate in the July end to end testing. We originally had closed the registration on April 17th. The new window closed on May 22nd and select individuals will be notified by June 5th, by the end of next week. For that testing, each MAC jurisdiction will select up to 50 testers for each testing round. The ultimate plan is to have about 2,250 testers participate in end to end testing.

Once everyone is ready for October 1st – some providers may not be ready. For providers who are unable to submit electronic claims with ICD10 diagnosis codes beginning October 1st, Medicare offers several claims submission alternatives. However, each of these alternatives does require that the provider be able to code in ICD10. The alternatives are free billing software that can be downloaded at any time from every MAC. It is used today. It has been tested for ICD10. About half of the MAC jurisdictions have part B claims submissions on their provider internet portals. Providers who meet the exception criteria to electronic submissions can also drop to submit paper claims.

We are also working with state Medicaid agencies on activities and actions aimed at ensuring that no disruptions occur in paying providers as a result of the ICD10 implementation. To date, most states have indicated that each state Medicaid agency will be ready for ICD10.

Overall, CMS is ready for ICD10. As I said, it is 126 days away.

Moving on to other topics, much has changed in the healthcare industry since passage of the statutory language requiring identification of health plans and the publication of the HPID final rule in September 2012. While the final rule did not require covered entities to identify a health plan in a HIPAA transaction, it did require the use of the HPID if a health plan was identified in a transaction. In June of 2014 at the NCVHS Standards Subcommittee hearing, the industry expressed concerns about the use of HPID in the healthcare transactions. In September of 2014, this committee recommended that the Secretary not specify the use of HPID in HIPAA transactions. In response, on October 31st of last year, CMS exercised its enforcement discretion, which delayed enforcement so that we could review the NCVHS recommendations and consider next steps.

I believe that it is time for us to gather information from the industry as to the use of HPID to determine if our initial assumptions are still relevant. In the very near future, CMS will be issuing a document to assist in this effort. Should it be public during this meeting, I will send notice to the committee through Terri and she will share that with you.

An integral part of the certification of compliance proposed rule is the use of HPID to identify controlling health plans that would be required to provide the documentation of compliance with the adopted standards and operating rules. As a result, the next steps for certification of compliance are connected to this HPID review. I have nothing more to report at this point on certification of compliance, although I know you really want to know something. Soon, maybe in September, I will be able to share that with you.

Finally, we are very supportive of the designation of the review committee to NCVHS and NCVHS’ delegation of the review committee to the Standard Subcommittee. We are eager to hear what is presented at the first meeting on June 16th and 17th. It will be a daunting challenge for the review committee to review the testimony from a considerable number of experts in the industry on the adopted standards, operating rules, code sets, and identifiers. I applaud you for taking on this enormous and important piece of work.

This is certainly an opportunity for the industry to convey what isn’t working and ways to enhance the standards and operating rules’ effectiveness, but it is also a way to learn what is working. We really don’t want to lose sight of the successes that we had with the standards that have been adopted.

My goal for the National Standards Group is to make sure that we adopt standards that are solving a problem and do provide administrative simplification for the healthcare industry at large. The work of the review committee will assist us in determining where we have met that mark in the past and where, perhaps, we have not.

Thank you for the opportunity to speak to you today. If you have any questions, I will take them at this point.

DR. SUAREZ: Thank you. Thank you very much for that. It is a really great opportunity for the committee to continue to work with your group. I very much look forward to that.

I know there are a number of questions here. We will start from the right.

MS. LOVE: First, I want to say congratulations. We are excited for ICD10. We have been waiting for years. Way back I think we did testimony about 2002. It is huge.

Now, I have a few questions that are beyond the CMS purview. Maybe it is more HHS. One of the frequently asked questions I get from surveillance systems and measurements systems are comparability ratios. We don’t really have a dual coded dataset. Does NCHS have any plans going forward so we can help not the claims payment part of it, but these trends analysis, longitudinal and estimates and some of the statistical —

MS. OLSHAN: I know you asked this question last time, too. I don’t know if it was at the meeting or off on the side. I didn’t have a good answer for you then.

MR. SCANLON: I can answer that. We actually have a project with NCHS that is doing exactly that. We are coding two ways basically now. What are the rates would you get with 9 codes and then what do you get with the 10 codes? That project is underway. I think we started it – the staff is here.

MS. LOVE: So as we move forward, some of those methodologies can be shared out in the field.

MR. SCANLON: Exactly. NCHS has the data. You basically take a NAMCS year and code it both ways and see what you get. I am not sure what we are doing for hospital discharges. Maybe we can get there as well. At any rate, we are looking at that as well. The whole idea is to share the information.

MS. LOVE: Right. That is just looming. Anyway, it is good work. I am delighted that it is actually happening. Though I look at the news every morning and I worry.

MS. OLSHAN: We look at the news, too, but I am less worried.

MR. SOONTHORNSIMA: Do you have statistics on readiness for both commercial providers and government plans?

MS. OLSHAN: We don’t have absolute numbers. There have been a lot of surveys out there. They are subject to who happens to complete them. The impression we have is that on the institutional side, we are in very good shape. Things are in the high 90s. The problem is with the physician community largely, especially the small practices. There are surveys that come out as high as 30 percent of the physician population may not be ready. As I said, there is still time. We are working hard to craft messaging and materials to help providers who haven’t started still be able to at least do the bare minimum they need to do between now and October 1st so they can submit claims and keep the cash flow going. They may not get every little bit done, but at least get enough to be able to submit the claims, as I said, and then they can finish up their implementation after October 1st.

MS. KLOSS: Thank you. Excellent report. On the ICD-10 question again, as we read the newspaper each morning, one of the current proposals being floated is this transition period. I know this committee and others spent a lot of time building the rationale for why a cutover, a clean cutover was essential. I am wondering whether that rationale has been freshly updated and is able to be recirculated at this time just to – because some of these things get lost in history. That was looked at. A clean cutover, date certain, was certainly part of the recommendation all those many years ago. I am just wondering if that needs to be refreshed and re-communicated.

MS. OLSHAN: We actually have begun starting to re-communicate that under the auspices of being able to dual code for services rendered on or after October 1st. For Medicare purposes, our systems cannot handle it. It cannot be done. We have a frequently asked question about that. We are getting to highlight that more. I know many payers or other payers are in the exact same situation. There is also the issue of coordination of benefits across payers. You have to be consistent across them all. You can’t be mixing and matching codes. We do include that in our FAQ about Medicare not being able to do it. We go beyond just Medicare. To your point, we are recognizing the need to get that message out. We have been doing more of that.

MR. SOONTHORNSIMA: Is that more of a noise or is that like a groundswell.

MS. KLOSS: No, it is actually a bill.

MS. OLSHAN: It is in a bill called ICDTEN, T-E-N. I have forgotten exactly what it stands for. It was introduced by Representative Black recently.

Any other questions?

DR. CHANDERRAJ: There was a lot of talk about dictionaries or intermediaries trying to take the ICD-9s and transpose them to ICD-10 codes. There was a lot of talk about that. What is happening now in reality?

MS. OLSHAN: Well we have our general equivalency mappings. We have had them for years. They are posted on the CMS website. They will be updated for the next few years as possible. That does provide sort of the mapping between the nine codes and the ten codes. Am I addressing your question or not? I am not entirely sure.

DR. CHANDERRAJ: What happens – there is not adequate mapping from ICD-9 to ICD-10. What happens to that claim?

MS. OLSHAN: If the claim is submitted with ICD-10 –

DR. CHANDERRAJ: It is ICD-9 with the mapping. It is translated into ICD-10.

MS. OLSHAN: But what gets submitted to the payer will have the 10 on it. It won’t have the nine that is happening behind the scenes. I am just trying to make sure I understand exactly what you mean.

DR. CHANDERRAJ: The payer submitted ICD-9 with the mapping, translated into the ICD-10 by the mapping –

MS. OLSHAN: So the backward crosswalks that are happening.

DR. CHANDERRAJ: Right, but not accurate.

MS. OLSHAN: That is going to depend on each payer and working through that. Medicare is not doing that backwards crosswalks. They have changed all of their edits right now to ICD-10 codes. They are moving forward.

There are a few payers that are doing that backward crosswalk. There is – in our FAQ document around the general equivalence mappings, there is a question in there that talks a little bit about that process. I don’t have the reference with me, but I can look it up and get it to you. It does talk about that being temporary. It doesn’t directly address what happens if there is an error, which I think is the point of your question. Again, that will be up to the payer and the provider to reconcile.

DR. SUAREZ: Any other questions? Any questions from the phone?

MS. OLSHAN: Thank you.

DR. SUAREZ: Thank you. We are going to move to Rachel.

MS. SEEGER: Before I begin, Dr. Suarez, on behalf of OCR, we would like to congratulate you on your chairmanship and personally, Walter, it has been a great 15 years working with you. I look forward to 15 more years. Where will we be? ICD-11?


MS. SEEGER: So April was a busy month for us. As many of you know, we have issued guidance on HIPAA and workplace wellness programs. Workplace wellness programs have become much more prevalent. There was also concurrently – we have been receiving questions about workplace wellness on a fast upward tick now for the past couple of years, whether it is related to a breach or related to industry questions. It was really time for guidance to come.

This was issues concurrently with a rulemaking by the EEOC. It was a good opportunity for us to clarify when the HIPAA rules applied to workplace wellness. A reminder that when a workplace wellness program is offered through a group health plan, protections need to be in place under HIPAA with respect to access by the employer as the plan sponsor to individually identifiable health information about participants in a program.

Nothing new or earthshattering here, but it was important for us to send out an important reminder. We, in addition to doing a listserv announcement and Twitter, have been working with many industry groups to increase awareness of the new guidance. Hopefully, that will provide important clarification to the industry.

We also had an important settlement in April, again, underscoring the need to secure the disposal of paper records. This was a pretty good sized breach of protected health information of 1,600 plus patients of a very small compounding pharmacy in Denver, Colorado. The complaint – the call about this case actually came into me from Denver media, who had found hundreds of patient records in a dumpster out behind this small pharmacy.

When we went in to conduct our investigation, we found that the owner of the pharmacy had never touched HIPAA. He told us that he had assumed because all of his employees were working at other pharmacies and had come from other pharmacies that they had been trained. There was nothing there. Really, it is a case of willful neglect. It is a small settlement amount given the size and scope of this pharmacy of $125,000. It is a very robust corrective action plan, as you can imagine, to basically come into compliance with the rules.

I think it serves as an important message to small healthcare providers across the country, especially pharmacies, home health, occupational PT therapy, and others who really haven’t given a lot of attention to our rules. We are hearing about more and more cases as folks are maybe transferring their service over to electronic health records. Perhaps they are deciding that they will just dump their patient records into the recycling bin, which is unlocked and unshredded. It contains an entire patient’s medical history in addition to their financial information and their most personal information.

Again, documents need to be shredded and disposed of correctly. It is always a good opportunity for us to push out our guidance on proper secure disposal of paper records. I don’t expect that these cases will go away any time soon.

The last time we met I had given you an update of some items to come in 2015. The final rule for NICS is still at OMB. I don’t have an update on timing of publication on that. We are also on work on an ANPRM on ways in which an individual who is harmed under an offense punishable under HIPAA may receive a percentage of any CMP or monetary settlement that we collect. That is still in the works. Also, additional guidance is forthcoming on cloud computing.

We are also working on some guidance on HIPAA in the media, which for the rest of the world might not be important, but for me, in particular, who handles all of the press calls for the Office for Civil Rights, there are many misconceptions by covered entities about what can be disclosed to the media and also confusion by media about HIPAA in general.

The other piece that I had promised is coming is the development of a portal to enable stakeholders to effectively communicate with us on issues for which they would like additional guidance. One of those – I am happy to say that we have really made a lot of progress. This is really what is almost our final wire frame for this new portal. It is developed to solicit feedback from mHealth mobile app, HIT developers, and others, what they need to see from OCR and from HHS in terms of HIPAA guidance. We have developed a number of questions to spark conversation. This is through an application called Idea Scale. NIH uses this pretty extensively. It is going to be a great way for us to communicate with the industry about what they are looking for.

In addition to the portal, we have also been engaging with mHealth and HIT developers, app developers in a number of other ways. I never thought I would say that OCR would hold a Google hangout, but we did with the Office of the National Coordinator for Health IT with the Chief Privacy Officer. It was a successful and exciting way to interact with the app developer community about HIPAA and provide them with a little education and give them some guidance on especially cloud computing and risk analysis and a whole host of other questions that they had.

We are moving on to do the same type of forum next week at Health Datapalooza. Very excited about that. Again, it is a great way for us to solicit information and also get some early feedback on our new portal, which we are hoping to launch in early summer. Hopefully, the next time I come back we will have some metrics to share on that.

Lastly, our policy team is very hard at work on precision medicine, aligning privacy protections to this initiative and ensuring that patient safeguards are built in appropriately.

DR. SUAREZ: Wow. Thank you Rachel. Thank you very much. I know there are already some questions.

MS. GOSS: Thank you Rachel. Always a good update and lots to it. Under your update section for some items for 2015, you said final rule for – I think you said NICS.

MS. SEEGER: It is NICS. That is the National Crime Index Survey. If you recall, we had an ANPRM and then a NPRM soliciting comments from our regulator community about – in particular, from states. Many states had expressed concern that HIPAA did not allow them to submit information to – this is the FBI database for individuals who are applying for a firearm. There was not permission within HIPAA to share information about individuals who might be prohibited because of mental health status to own a firearm.

This was one of the president’s 21 initiatives, coming out of Newtown. There are a number of other initiatives that are really in tandem with this one. This one is obviously at the Department of Justice with the FBI with NICS. I can’t speculate, but I do think that it makes sense to have these two final rules come out concurrently. That is just likely what we are waiting for.

Again, there will be another outreach effort to states to, again, clarify – I am sure there will be additional guidance that OCR will write following this final rulemaking, clarifying to states that they can, indeed, submit this information. Our guidance will speak to that.

MR. SOONTHORNSIMA: Rachel, you talked briefly about the wellness program and guidance. Is this the first set of guidance?

MS. SEEGER: With respect to workplace wellness, yes. This is the first time we have addressed workplace wellness specifically. There has been I think a good deal of confusion around the information that a group health plan might hold about members who participate in workplace wellness and how they can make that available to the employer that sponsors the plan. Ensuring that a plan document is in place and that appropriate safeguards are in place also to protect the information of the plan members.

MR. SOONTHORNSIMA: So that hasn’t really changed.

MS. SEEGER: Right, this is not a regulatory change. It is just guidance, clarifying for the industry the intent of HIPAA.

MS. SOONTHORNSIMA: So all the health risk assessment data and, for example, disease management outreach programs that an employer will do with their employees – that is basically the health and wellness program.

MS. SEEGER: An employer is not a covered entity under our rules. The group health plan that they sponsor is the covered entity. There are individuals within the employer’s umbrella who need access to information like HR. There might be other individuals within the employer who need to access information. The guidance clarifies the requirements under the rule of what needs to be in place in order for that information to flow appropriately under the HIPAA privacy rule.

MS. KLOSS: Thank you Rachel. A special thank you for being such a valuable assistant to the work of the Privacy, Confidentiality, and Security Subcommittee. She was a tremendous help in our work at the recent 1179 hearing, which we will talk more about this afternoon.

This is a question I have asked before, I know. It came up, interestingly, at the hearing we held with financial institutions, the lack of clarity around what minimum necessary means. I am just following up to see if this is a priority for the Office and if this is, indeed, something that the national committee can be of help in.

MS. SEEGER: So I did take that point, which was a good one, back and shared it with my colleagues. For the benefit of the rest of the full committee, let me say that there is, just as in general, a lot of confusion about minimum necessary even to the point of confusing minimum necessary with meaningful use.

MS. KLOSS: That did come up at our hearing.

MS. SEEGER: I think there is an opportunity for us to, again, clarify minimum necessary and what the intent of the rule is.

Let me also say that our time between now and the end of December is – last week – I don’t know, Jim, if you mentioned this, but last week Project H, which is the new HHS.gov, the new HHS website was launched. It looks very, very different than what folks are used to. It is a mobile first website. It looks a lot like Windows 10 with a lot of tiles. It is a very non-traditional website.

As a staff div under the Department of Health and Human Services, OCR is first on deck as the guinea pig for migrating our content over into this new format. Our community is very used to our having a free-standing website, which operates a lot like – it is used a lot like Westlaw or LexisNexis. It is very content-rich on the hip side. We are not going to have a traditional website like CMS has.

We are in the process now of taking all of our content and working on migration into this new platform. There is an opportunity when we look at the minimum necessary content to maybe look at an update and a refresh, also looking across the board at where we need to align our language with the Omnibus rule. We are such a small shop. We are tiny. Much of our language if you go out and look at our website, we absolutely need to update and harmonize our website with the Omnibus Rule and Business Associate Liability.

There is much work for OCR to be done. Hopefully soon, we can work on pushing some guidance forward. It is definitely needed. Even I trip over meaningful use and minimum necessary. I don’t know why this happens in our brains, but I do think that it is important to get some clarification out.

MS. KLOSS: It just struck me at that meeting once again. It has come up in the Standards Subcommittee. It is kind of a cross-cutting issue that certainly isn’t black and white and continues to confound. Maybe it is something that should be at least considered as we work on strategic planning. Thank you, Rachel.

I think there is a nice tie-in with our next presenter with interoperability roadmap. I wonder if they are getting any feedback on those concerns and how it is going to relate to standards advisory and pulling everything together eventually between HIPAA and HITECH.

DR. SUAREZ: Yes. I think that will be a great opportunity. Is there any question from the phone? Any other members from the phone have any questions for Rachel? Okay.

I do have one quick question, Rachel. It is about the status of the phase II of the audit HIPAA program, if you could say a couple of words about it.

MS. SEEGER: It has been in the press a lot this week that we are planning to disseminate surveys to covered entities. This is part of a process of collection of information that we are doing to ensure that we can find the right contact within the covered entity to communicate with with respect to a potential audit.

DR. SUAREZ: Phase II audit program hasn’t formally started?

MS. SEEGER: No. This is definitely a step towards getting ready for the start of the program, the next round of audits. We are hopeful to begin them soon. I don’t have an update on timing at this point.

DR. SUAREZ: Thank you very much. I think we are going to turn to Erica, who I believe is on the phone.

Agenda Item: HITECH Interoperability Roadmap

MS. GALVEZ: I don’t think I have had the pleasure of speaking with this group before. Thank you for having me participate. I am sorry I can’t be there in person. My name is Erica Galvez. I do work directly with Karen DeSalvo as ONC’s Interoperability Portfolio Manager. It is my job to usher the roadmap that I will provide an update on today through the development process and into the public space.

We did put out, as most or all of you know, a draft of a shared nationwide interoperability roadmap at the end of January. We put that out for public comment. Public comment closed in April. We are diligently working now on updating that draft version of the roadmap based on the public comment. We did receive comments from Sally Milam. Thank you for those from the committee. Very, very useful. We can talk about some of those if there is an appetite for that.

I thought it might be helpful to provide a little bit of context and refresh on what we say in the roadmap. I would be happy to give you kind of a high level sense of where some of the public comments thematically line up. We received about 250 public comments. Those, by the way, are all posted publicly at this point on HealthIT.gov. Anybody who is interested in seeing what we received in terms of public comment can go to our website and take a look at those.

In the shared – we call this a shared nationwide interoperability roadmap for a couple of reasons. A couple of those terms are really important and I want to remind folks of. One, it is shared. The roadmap is not intended to be only an ONC roadmap or only an HHS roadmap, but is really intended to articulate a path from our current state to our desired future state of health IT interoperability. That includes critical actions, certainly that address ONC – specifically some of the other federal agencies, not just within HHS, but federal government broadly. It also intends to articulate some of the critical actions that need to be taken by our colleagues in states and the private sector as well. In that sense, it tended to really be a rather broadly inclusive document.

We also describe it as a nationwide roadmap because the scope of interoperability that we are talking about and that we are really aiming for is nationwide. We have had a number of successes in regions and states in terms of interoperability. A lot of material actually that we can learn from. Many of the things that we articulate in the roadmap are derived from the lessons that we have learned given the work that we have done over the last 10 years. It is important to remember, as we think about the different components of the roadmap and as we think about making these updates, that we really are focused on quite a large scale in terms of scope.

Another reminder, we framed the roadmap as a support – interoperability as a support mechanism. Not looking to achieve interoperability as the final state just for the sake of interoperability, but rather interoperability as a mechanism to support the three broad aims that we had collectively put forward as a nation: healthier people, a healthier population, spending our healthcare dollars more wisely, and improving our healthcare in terms of both quality and safety. We think interoperability of health information and interoperability of the technology that supports health information is a critical component of that.

That is largely the frame that we have set out in the roadmap. That has a couple of implications, particularly as we think about interoperability as a support for health. You will note that the roadmap is not just about electronic health records. It is also not just about the care delivery system. We actually talked about interoperability of health IT in the sense that information should follow people and should support decision making, whether it is an individual making their own decisions, care providers supporting their decisions, even as we get into public health in our research communities that generate evidence that, again, supports well-informed decisions, we need to be thinking about the interoperability of health information.

I will say that in the near-term, the first three years that the roadmap charts, we do focus pretty explicitly on clinical health information. We do not talk a great deal about the intersection of administrative and clinical health information. That is not because we don’t think that is important. In fact, that is something that is on my list for the next version of the roadmap. It is simply a function of the fact that we committed ourselves to some pretty aggressive timelines to get this version out. Unfortunately, those timelines didn’t afford us an opportunity to have a really robust and thoughtful conversation about the trajectory forward in terms of clinical and administrative data integration. That is something to keep in the back of your minds as a conversation that we will be teeing up in the future.

We did frame the roadmap around five core building blocks. Many of you have probably heard me speak about these before. I think it is important – I won’t talk through each of them necessarily in excruciating detail in terms of this update, but I do think it is important to remember that a good deal of real estate in the roadmap is devoted to non-technical issues. Certainly, there are sections, both in terms of standards, core functions, and certification that focused largely on the technology. I haven’t done the page count breakdown yet. It is on my list to do. I can tell you just instinctively, having read and written significant pieces of the document, a good portion of it is actually focused on non-technical issues that have to be resolved in order to advance interoperability. Many of those deal with things like privacy and security. Many of them deal with our business and regulatory environment. Many of them deal with what we would typically, at least within ONC, think of as governance. I am becoming more and more reluctant to use that term because it tends to incite pretty emotional reactions from folks. A lot of folks we see in public comment we see responding by way of interpreting governance to mean government, which is actually not necessarily what we meant in the roadmap.

Those three areas, though, take up a significant portion of what we think the path forward looks like, issues that need to be resolved, or areas where we have significant opportunities for improvement in order to advance interoperability, but they are not necessarily technical in nature.

In terms of just a general sense of some of the themes that we have heard, I will say we have sliced and diced the public comments a number of different ways. Overall, they are generally supportive of the roadmap. They are generally supportive of having a shared nationwide interoperability roadmap, generally supportive of the framework we have put forward. A number of comments, even though they may be supportive at the gestalt level, asked for tweaks around the edges.

In terms of core technical standards and functions, that is the category in which we talk not only about content standards, transport standards, security standards. This is the technical nuts and bolts. We also talk about core functions like data matching. Some folks may think of this as patient matching. We tried not to use the term patient in the roadmap.

A number of comments that we received back not surprisingly called for a unique health identifier. I think this committee is very familiar with the challenges, at least that HHS faces around that particular issue. That is one thing, as I said, not surprisingly, that came up across a number of comments on the roadmap.

In terms of certification, this category within the roadmap talks not only about ONC certifications, it talks about the need for robust testing. Testing not just within a laboratory environment, but testing technology to make sure it performs the way we anticipate or expect it should perform in the real world. A lot of that has to do with looking at functions and performance post-implementation, post-any type of certification process.

A number of comments recognized the need for this, reinforced what we were saying about this, but also suggested that we make sure we think about negative testing as well as positive testing. Testing not only what happens when the path is what we expect, but when something goes wrong, how does the system perform.

In terms of privacy and security, a number of the critical actions that we put forward – there are some that deal with technology, but largely focus on the need for education. There is a lot of misunderstanding across the ecosystem about HIPAA, things like permitted uses, when permission is required versus not. We talked a great deal in the roadmap also about the need for alignment across state laws that apply to permitted uses and apply to consent or permission as well as organizational substates, organization policy.

By and large, the comments that came back on this material were very supportive of the need for additional education, the need for alignment if and when it is possible, and just echoing, again, this notion that there is a great deal of confusion about the current rules and legal framework.

In terms of governance or rules of engagement and shared decision making, there were very mixed comments that came back to us by way of public comment. I will say a lot of the folks who fit into a stakeholder category or description of those who provide care, so organizations or individuals who provide healthcare, as well as organizations or vendors – the suppliers of systems of technology. Those two groups tended to be very supportive of what ONC proposed in the roadmap around governance, which was basically that ONC would put forward a high level governance framework, identify organizations that comply with that framework, but really pushing both the public and private sector to work from kind of a grassroots perspective, ground up, in terms of establishing a coordinated process to make decisions.

The folks who were largely unsettled about that proposal were the folks or the organizations that currently provide that type of framework or structure. We tend to think of them as operating as governance entities today, whether those are the governance arms of an existing networks, nationwide or regional or even state-based networks.

We also, I just want to note for folks, have a pretty significant section in the roadmap focused on measurements, focused on tracking progress and measuring success. We are doing some really significant refinements to that section currently. In the near-term, we are looking at using the data sources that we have and the measures that we currently have available to assess progress around interoperability. Those are imperfect measures. Many of them are survey-based. They are national, but they are survey-based. As well as some data that we have from programs like Meaningful Use.

We are, at the same time, working on developing a more refined set of measures that tell us a little bit more about interoperability. Historically, our measures have been focused a little more on exchange. We want to – it is not that exchange isn’t an important component of interoperability, but we want to get to that semantic assessment, semantic interoperability assessment if we can through our measurement strategies. So some significant updates are going on there.

The document will go through HHS clearance before – as it did in the draft. It went through HHS clearance before we put it out in January. We will put version 1.0, which will be an updated version of the draft, through HHS clearance probably next month or the following month, sometime this summer. Our targeting – near the end of the summer to put out a version 1.0 of the roadmap. We are going to version the document. I don’t think at any point we want to put the label final on it because we recognize this will be a constant evolution.

We do propose updating the roadmap every two years. We would go through this type of process, again, two years from when we put out version 1.0, make updates, assess our progress, and, of course, correct where we need to.

That is basically all I’ve got in terms of updates. I am happy to answer questions.

DR. SUAREZ: Thank you so much, Erica, for that overview of the interoperability roadmap. Certainly, the word interoperability has become now the center of a lot of legislative discussion in congress, including new legislation that has formally passed and been signed with definition of interoperability and widespread interoperability – even that is a term. The new legislation – the farther the findings, expectation, and requirements that are being made part of the large, large initiative called 21st Century Cures – and some of the legislation, if you haven’t been following in some detail that document, actually calls for the Secretary to seek feedback from the National Committee, NCVHS, in addition to the existing Health IT policy committee and standards committee and other bodies. There is that type of an interesting possible expansion, if you will, of the role. Who knows what will happen at the end of all of this legislative process, what kind of a bill.

I know there are a number of questions. I do have a very quick question, Erica, for you. It is more about – it is more than a question. It is really an emphasis and a comment. So you received Sally’s comments. I know Sally may have to leave. Sally, do you have any questions or additional comments before you leave? Then I can mention my comment very briefly.

MS. MILAM: I did submit my comments to our subcommittee on privacy, security, and confidentiality. I understand it was shared with ONC. I can provide an overview, but everybody may already have a copy. I can do whatever you would prefer.

DR. SUAREZ: I think Erica actually received a copy of those comments and she acknowledged that. She has them.

MS. MILAM: For the committee, I offered 16 comments. Six were substantive. Two were grammatical. Eight for clarity. If there is interest, I would be happy to provide additional information on any of the substantive ones.

DR. SUAREZ: We do have some time after the break. Since really after the break we are going to be talking about this, I would suggest, actually, we talk about this now and then take the break afterwards since we have Erica as well as Sally. Why don’t you go ahead? I know people might not have seen it, but if you want to go ahead and do a very brief overview. It is in the book, actually. I apologize. Sally, do you want to do a very brief highlight of your comments?

MS. MILAM: I would be happy to. I would like to first just say hello and to tell everybody I wish I could be with you in person. My husband fell in December and ruptured his quadriceps and then had surgery and rehab and actually fell again and is looking at more surgery. Unfortunately, my participation will need to be over the phone. Hopefully, at the next meeting, I will be able to be present.

Let’s first do the comments. As I mentioned, I would like to focus on the ones that are substantive. I will say a few words about my comments, one, six, seven, nine, thirteen, and fifteen.

My first comment pertains to page 55 of version 1.0, background and current state. I felt like the framing was off. There was discussion of two component, cybersecurity and encryption, as if they were separate components. I thought it would be more appropriate to discuss encryption as an important technical component in cybersecurity.

The next comment with respect to page 58, again under background and current state, second paragraph, in the second sentence, I have recommended that the word security be replaced with availability so that the security rule require appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic CHR.

My seventh comment is also on page 58 in the background and current state. It is in the second paragraph, second to last sentence. I suggested defining authentication options with clearance levels and verification requirements so that the reader understands the differences between these three different terms.

In the last piece of that same paragraph, I have suggested changing the word appropriate to reasonable.

My ninth comment is with respect to page 59. The third full paragraph. There is discussion in that paragraph around identity proofing and authentication and differences between organizations and the barriers that can arise when different – when there is no use for substandard, but different approaches. I also suggested the additional paradox that some providers find themselves in with unique authentication approaches or old authentication approaches, such as where a provider gatekeeper requires input of their social security number to access clinical information in a portal. Some providers are really uncomfortable with that and I know choose not to access that medical information because of the authentication approach. I just suggested that additional paradox, supportive of the argument there in that paragraph.

Let’s turn to comment 13. That is page 62, background and current state. It is really a two-part comment. In the second sentence, there is discussion of law, policy, and technology impacting interoperability. I suggested that ONC also consider including ethics. I remember with the HISPC Project, the Health Information Security and Privacy Collaborative Project, ethics came up as a barrier cited by providers, particularly in the area of sharing mental health and substance abuse information.

Also with respect to that paragraph, you will see there are these sentences, first, second, and third. I really couldn’t differentiate the point in the two sentences, second and third. I was reading them to be the same thing.

Finally, comment 15, with respect to table 65 – this was with respect to the nationwide privacy and security framework principles: Collection, Use, and Disclosure Limitation. I was concerned about this principle with respect to treatment. If providers need to ensure that information is disclosed to another provider only to the extent necessary to accomplish the specified purpose, which is kind of like minimum necessary, I was concerned about these backup(?) treatments that does go further than HIPAA. I am wondering if studies have been conducted or if research has been undertaken to determine the impact of quality of care.

Those constitute the substantive comments that I offered.

DR. SUAREZ: Thank you Sallie. Thank you so much. I don’t know, Erica, if you want to ask any clarifying questions. The idea is not really to go through comment by comment and address them. Certainly, you are reviewing them as part of the process. I wanted to give you an opportunity to see if there are any questions you might have about any of the comments from Sally.

MS. GALVEZ: Thank you for the opportunity. I don’t have any questions. I think they are very useful comments. They make a lot of good sense. We have incorporated them into the other comments that we are addressing as we update these sections. I will say areas such as identity proofing versus authentication, we are striving in this next version to make the distinction very, very clear across a number of those different concepts so that it is really clear for the reader, for example, when we are talking about assurance – what we are talking about related to identity proofing versus authentication. The comments were great.

DR. SUAREZ: Thanks Erica. Thank you so much, Sallie, for submitting those comments. I know most of us – probably all of us also submitted our own comments directly to ONC, either through our organizations or other means. I think we will have a really great chance to look at how the progress with all of those comments come out and then look at version 1.0 later on, perhaps in the fall.

I do want to mention one thing. Erica, you pointed out one of the most important parts we, as a national committee, thought would be important to highlight – you mentioned it already earlier, which was the deliberate separation of administrative and clinical data systems and data exchanges and information processing and all of that.

I wanted to mention that was one of the very specific comments we provided to Jody when she came to our February meeting. We had a chance to hear about the interoperability roadmap and provide her with very specific feedback. That is one area that I think would be very – I am very glad to hear that you are looking into how that comes together. As we see it, really there is an ongoing convergence between these two worlds that have been kept separate, administrative processing and data processing world and then the clinical data processing.

I wanted to mention that in our two most recent HIPAA reports to congress, which we can provide you and they are on our website, we specifically highlighted this convergence between the administrative and the clinical data system. There might be some areas there where there could be some opportunities to bring that information into the final version of the roadmap. I just wanted to highlight that.

MS. GALVEZ: Great. Thank you for that. We will look at those.

DR. SUAREZ: I don’t know if there are any other comments or questions from any of our committee members or anybody from the phone.

MS. GOSS: I echo a lot of Walter’s commentary regarding our individual submissions of feedback to ONC, Erica, and want to propose that maybe some offline conversations could evolve the relationship between NCVHS and ONC’s efforts on the shared roadmap as it relates to sort of our convergence efforts. I am reaching out. I imagine we might want to do that when you get back from maternity leave. Please know that there is a strong interest in collaborating very closely with you to pull those admin and meaningful use related regs altogether.

MS. JACKSON: I was going to echo that exact same thing. Thanks so much for joining us, Erica. As you can see, where your presentation fits in and dovetails beautifully with all of the updates. When your name came up as a possibility to present, you jumped right to it. We appreciate it. It makes a difference.

DR. SUAREZ: I am going to ask – I know, Erica, you also – even though you didn’t cover a lot of other – a lot of the other work that is being done by ONC, certainly I know there might be some other questions. I think, Bill, you had a question about committees. Did you want to mention that now?

DR. STEAD: I just wanted to know if there were any updates you wanted to give us on the changes that have been proposed for the workgroups related to, for example, the Standards Committee.

MS. GALVEZ: Sure. I apologize. I was only asked to provide updates around – (phone cuts in and out). Many of you probably saw the Health IT buzz book last week from Dr. John White as well as the presentation that occurred in the Standards Committee around some restructuring, not with the committee, itself, the larger committee, but with the workgroups that exist under the committee. Those will be replaced with a taskforce approach to getting the work done that those workgroups might typically do.

Those workgroups, as many of you may know, have historically been standing groups. In thinking about the work ahead of us and some of the very targeted subject matter where we need advice, on top of all of the experience that Jody Daniels’ shop has amassed over the last six years managing that, also the Standards Committee and the Policy Committee, the strategy is really to pivot toward a more nimble approach to getting that kind of subcommittee work done within the Standards Committee. You will see, again, this summer, that shift occurring away from standing workgroups and towards time-limited taskforces that are targeted and very focused on specific topics.

That is intended to not only advance some very precise and substantive feedback on the specific topics, but also help the folks who participate in those taskforces understand their time commitment, to keep that time limited, and, frankly, to get a nice balance of perspectives and expertise around a given topic that we are not always able to get with our standing workgroups.

DR. SUAREZ: Thank you Erica. This is very important. I have to say there has been a lot of misperceptions about what transpired during the last HIT Standards Committee where this change was announced. I have heard, actually, from a number of people and people have asked a lot of questions around this, whether there was an intention to disband – this was the word actually used – the intention was to disband the Health IT Standards Committee. I think they didn’t necessarily read the entire context, which was more about, as you point out Erica, ending really and some people used the word disbanding the existing working groups within the Standards Committee and restructuring it into taskforces as you point out. The Standards Committee is still there and will certainly continue. Erica, thank you for that clarification because there is some misconceptions out there about that.

MS. GALVEZ: Certainly.

DR. SUAREZ: Any other questions or comments for Erica before we close? Anything on the phone from any one of our members on the phone? Okay. Thank you so much Erica. As always and as I think has been mentioned a couple times, we are very much interested. You can certainly consider us – I know the leadership of ONC does –another advisory body to help advance the directions and the interest of the department with respect to this. Thank you so much for joining us today.

MS. GALVEZ: Thank you.

DR. SUAREZ: Okay. I think we are going to take now a break. I have 10:58. Why don’t we take a 12 minute break? Come back at 11:10. We are going to start with the NCVHS strategic planning matrix since we already pretty much covered the other item. We will be back at 11:10. Thank you.


DR. SUAREZ: So we are going to go ahead and move on to the next agenda item. Before that, I think there are a couple of things I want to do. First, Bruce, I don’t think you have introduced yourself. Welcome to the meeting.

DR. COHEN: Thank you. I apologize for being tardy. My name is Bruce Cohen. I am from Massachusetts Department of Public Health. I am a member of the full committee, co-chair of the Population Subcommittee, and a member of the Data Workgroup. No conflicts.

DR. SUAREZ: Thank you. I think we wanted to also briefly update you all on the plans for tonight’s dinner social.

MS. JACKSON: That’s right. Right after the Standards Subcommittee meets at 4:15 and after public comment, the meeting will be finished about 5:30-5:40. At 6:30, we have the dinner social at NoPa Kitchen and Bar on 800 F Street. I don’t know if we will have a room, but I have heard that there is a very nice accommodation there for us. As noted here on the note, please bring cash payments.

We will be wishing well for any members who will be rotating off. I know if Jack Burke was on the line, he is only going to be available at about 11 o’clock this morning in calling in. I know he has been a stalwart member, committee member. I just wanted to wish him well and any others who are rotating off at this dinner social. We will also hopefully have a special guest.

Agenda Item: NCVHS Strategic Planning Matrix

DR. SUAREZ: A surprise guest. We are going to go ahead and start with our next agenda item. This one I just want to say a few words of introduction. We wanted to really put this as a starting point for an ongoing discussion. We are going to have a number of other opportunities to really interact about this.

The National Committee, of course, has been operating for over 60 years now. We have been growing in terms of responsibilities. Also, we have been adapting to the changes in the marketplace and to the new demands for addressing new issues – the Secretaries and the Departments needs in addressing new and evolving issues. We are again here at the opportunity to look into what we see is going to be the primary goals and priorities for the National Committee in the coming 18-24 months. Let’s just put a little bit of a timeframe around that.

Certainly, we know a couple of things as we started considering this. One is we know that we have ongoing responsibilities for very specific areas to cover. We certainly will continue to do those, of course. We also have a structure that we have been working on for a number of years now with our subcommittees. As we have seen in the last just year or so, we have seen a lot more convergence – to use a theme that we started to use a few years ago – of those subcommittees. We are seeing more and more overlapping work. It is not really overlapping. It is more converging work that the subcommittees have been doing. Now, we have a structure where we, in the afternoons and the in the morning of the second day, we always meet as a subcommittee, but we have all the members really participate and be engaged.

Here we are looking again with a new group of people probably coming later this year to the National Committee, having the chance to begin to work towards the next development – evolution of the committee. I think there has been a number of really core topics that we have been looking into that are beyond our sort of traditional and ongoing working topics of standards and certainly privacy and security and population health.

There are much more cross-cutting topics and domains that we have seen and we have been asked to look into and address. I am going to mention a few of them as a way of starting our deliberation, our discussions over the next few months with respect to the core areas we are going to be focusing on. The topics – it is more like domains or large areas, again, cross-cutting areas that cover the various activities that we do in the various committees – are things like – and we started talking about this in an earlier development of some of our work plan for this year and early next year.

The areas are, number one, transparency. Transparency has been a measure topic gaining a lot of attention from different perspectives – from the perspective of health information policy, from the perspective of standards development, and from the perspective of privacy and certainly the perspective of community health information. Transparency is one of the topics I think we want to put in there and look into it as one of the areas to consider for our priorities.

The second one is value and value in the context of not just affordability, the ability to really be able to afford care and access care, but also in terms of quality and the new ways in which the healthcare system is really looking at transforming itself into a new set of payment models. That requires, from our perspective, I think, as a national committee, a new set of standards for communicating, a new set of policies, and a new set of certainly population health opportunities. Value is the second larger topic, I think, that I wanted to put out there.

The third topic is equity. It is related a little bit to value certainly in terms of affordability and access, but it also looks at the degree to which the information that we have and the technologies that we use are helping us eliminate disparities and improve the equity in our system. That is another important topic that I think cuts across all of our work.

The last one is trust. Within trust, certainly, a lot about privacy, a lot about governance and stewardship and those kinds of concepts.

That is the kind of thing I think we want to begin to discuss is really what are the larger elements that we are going to be working on as a national committee that fulfill the needs of our responsibilities and allow us to take advantage of the expertise that is around the table, using, certainly, the structure that we have and the evolving structure that we have of subcommittee and certainly take advantage of those discussions that happen between and across various subcommittees.

Those are sort of initial ideas more than anything about what I think will be the vision of our next stage of evolution in this journey. I think there is going to be a lot more to talk about. I think after this discussion that we are going to have over the next 35 minutes or so, we are going to have a chance to identify certain things and, more importantly, identify at the end a series of steps that we want to take to really help the national committee come together and really identify this new set of goals and priorities and look back into our own charter and the charter of the various subcommittees and the work that we do and see what needs to be updated and enhanced.

With that, I am going to stop there. As a way on introducing our next discussion, I know we started this discussion in February when we started talking about the need to really review where we are as a national committee and look forward into what we need to do next. I know we had some layout of work plans that we started to develop, but we thought it would be helpful to really step back and look at the larger picture of this. I really want to thank Alex and Bill for stepping into this and voluntarily, in the back of the room, starting to talk about it and begin to think about it and then putting a lot of effort into developing some of the ideas that you are going to hear. I know Alex has worked and Bill has worked very closed with Terri as well. I want to acknowledge Terri’s significant work around this. I know Alex will probably say a few more words.

I am going to turn it to Alex and Bill for our next discussion.

MS. GOSS: Good morning everyone. Thank you for that excellent set up. It really addresses a lot of the things that Bill and I have talked about, the context. Actually, you took it to an additional level of view with the domains. It sets a great context for today’s meeting and understanding the history that we have had, the collaboration, whether it has been a few of us like Bruce and Bill and I in a metro station sketching out frameworks or late in the day calls and email exchanges with Terri and Bill and I to really evolve a thinking around what could be a crisp view into the NCVHS mission and our work.

I like the fact that you have put a two year kind of framework around that. I think we have all been working very diligently within the projects that we have. While we have been in conversation around convergence, some of it already today, whether it is the interoperability roadmap discussions or the updates that we heard from the agencies.

To that end, a couple of us wanted to help advance the discussion I guess earlier this year. We put together a document that was advanced to you or issued to you as part of the eBook that really is, in my view, an attempt to funnel us from a very high perspective down to a set of “so how are the work products and efforts across the committees or subgroups coming together to accomplish that overall focus that we have”. What I am hoping is that we can have some discussion today based upon your ability to review this in advance and to give us, as a full committee, feedback on this tool, which is really to prompt discussion that can enable the – I believe the executive committee to do some further refinement with that input to make this a productive tool that will enable us not only internally and externally to advance our mission and our charge.

I am really saying that today is the first time we can all come together to have some discussion. We can go over the chart if you want us to. I think it is fairly self-explanatory. If you would like us to – Bill, I’m sure, would be happy to help us walk through that. We should revise this tool based on that feedback and then work with the executive committee to populate the tool and then bring it back into our subcommittees and working groups to have further discussion around the detailed projects that we want to take.

This would also, in my mind, help us identify our resource needs, whether they are financial or human or even logistical to help us pull off the work that we want to accomplish in the next two years. I think that would be particularly helpful back to Debbie and to Jim for budgeting cycles. I heard you say this morning you are developing 2017. I know that I am extremely appreciative of Terri’s time and energy. She enables – she does a lot of detailed analysis and work to support us. Having good staff like her is really critical to our long-term success. I think we have also – I am seeing Vicki’s head nod. Yes, I know in the Data Access and Use Group that that has been an issue as well.

Then I think this becomes a living, breathing tool sort of like we heard Erica Galvez saying. We are not going to put final on the roadmap because it is not. It is a journey. What I am hoping is that we give ourselves some process that we can then use to orient our incoming members, get them up to speed very quickly, and then communicate to the larger community that participates with NCVHS proceedings to have an understanding of where we are going and their involvement in sort of all having a roadmap. Ultimately, it may also help with the convergence of administrative simplification with HITECH as it relates back to some of the framework efforts that we are seeing in the paper as well as at IOM Core Measures efforts. I think this is a lot of aspects coming together. I look forward to having some discussion about it.

Bill, did you want to add anything to that?

DR. STEAD: Briefly, it is an excellent overview of what we are trying to do. This truly is a straw person that we have put up there. What we think is we need something that communicates very clearly in a soundbite, actually, what is the national committee about. That was the purpose of the three purposes. Those could become Walter’s four domains. They could be cross-cutting in some way. We are not attached to any of this except it would be nice to have a short soundbite that really could connect to people.

Then six goals. If you look at the complexity of both NCVHS’ charter, which looks to me as if it was cobbled together over decades, and the various subcommittees, to really say what are the handful of goals that we hope to achieve over time and then one step down, objectives. At the level of objectives, we tried to become measurable. Then a column for each of the subcommittee work plans. The thought was we could then look at the objectives and we could decide which tactics the subcommittees would focus on in a 12 month or 18 month window to move us toward the objectives.

The thought was if we had some such tool, we could then be working as a committee as a whole to layout the landscape and to coordinate in advance, if you will, the use of the bandwidth – because we are very limited in bandwidth – of our different committees. In essence, we would be trying to create a coordinated plan that was more than the sum of the parts instead of converging the details that emerge from the subcommittees. That is the idea. We have no commitment to the elements we put in to populate the example. We were hoping the committee would take that wherever it wanted to if, in fact, it liked the idea.

DR. SUAREZ: Would it be helpful for everybody to, for example, have you guys walk us through one of the rows or one of the core elements of the tool?

MS. KLOSS: Can I just ask a clarifying question? When I read this frame then I should look at focus, goal, and objective as applying to the national committee as a whole and then each of the components.

DR. STEAD: Yes. Because the components would be filled out by the committee.

MS. KLOSS: Right. What is here now in terms of focus, the focus summary – what came out of the charter, the goals? Where did these come from?

MS. GOSS: I would say through a process of analysis of the charters and charges led us to distill those to a point where we felt that these focus, goals, and objectives were sort of aligned, at least as a straw man to get feedback, realizing, as Bill noted, some of the content in our governance documents has expired – is outdated.

MS. KLOSS: So this is an up to date synopsis of really what –

MS. GOSS: Relatively so. Looking for validation and morphing to make sure it is robust. I think I have heard two kind of suggestions. We could either make sure that we understand focus, goal, and objective at a high level and then maybe try to then map it back to one of the committees.

MS. KLOSS: One other clarifying question. Where does the transparency, trust, value – how does that – those are themes, right?

DR. SUAREZ: Those are themes, yes. Those are larger themes that I think can be mapped back to some of the components of – the components of the tool. I think in many ways they describe larger aspects of our work and our goals.

MS. GOSS: I hear them as overarching guiding principles about what we are doing. I think when I look at focus, maybe we can rephrase that, but that is really the what are we going to do in regards to what our mission is, the monitoring and identifying opportunities for improvement for partnering for collective impact and then the forecasting.

DR. STEAD: Are they themes for NCVHS or are they themes for the health system? What the tool is supposed to do is say what does NCVHS do to support those themes of the health system.

DR. COHEN: I thought the point that Bill just made is a crucial one. I am less concerned about developing the specifics of our workplace and more interested in us achieving some kind of consensus about what the focus of the committee is. I like the three ideas that you suggest and how those foci translate into goals.

What emerges for me – so I would like us to focus on the first three columns, the focus, the goals, and the objectives, right now for the higher level discussion and let the committees think about how those ultimately get translated into work plans.

PARTICIPANT: Lots of heads nodding on that one. I think you’ve got concurrence.

DR. COHEN: That is one suggestion. With respect to the foci, when I read them, to me they sort of translated into how our target audiences have changed, at least in the four years I have been on the committee. The first one really is making recommendations to the Secretary. That has always been consistent in terms of opportunities for improvement. We suggest those to the Secretary for HHS. The second, partnering for collective impact really I think resonates with me as we consider more the community engagement of our activities and the impact of what we do on the community. The third, forecast and aligning strategies through the Data Workgroup and other activities were focusing more on a whole new set of customers or colleagues for what we are doing, the data entrepreneurs and the data providers.

I think when we talk about focus, I would like us to also think about who our target audience is for each of our efforts and for the goals that we wish to reach.

DR. MAYS: I think Bruce was starting to get at some of the same things, but I am still struggling a little bit. What I did do is I set up my agenda for the workgroup kind of using this. I wanted to make sure I could hear from the subcommittees what work you think the data workgroup can help with and then want to move us back to who our original customers are.

I think, for me, that is what seems to be a changing landscape is who the customers are. The traditional approach has been it is the Secretary. Then we have things that we are mandated to do in terms of congress and others. But we have gotten much broader. It is like we are starting to talk about community. The workgroup, for example, has kind of this – we move nimbly so we move a little differently. I am trying to make sure that I can walk through it. Let’s make sure we don’t put the straw on fire or anything like that, but I want to, for this straw person, understand.

The focus – it is hard for me in the focus to understand the customer unless we just say we don’t have a traditional customer anymore. It is not just the Secretary. If we are agreeing to that, then I can get it a lot better. It is almost like the way that Bruce was talking about it, which is different than we have operated.

Then it puts me back in the situation of do we have the bandwidth to move that far out? I don’t know all of the things that – if we are doing all of the things we need to do for the Secretary. This committee has always been very vital to helping HHS move.

We have our work for the committee to help HHS. Now, we are talking about helping the community. Then we are talking about a different costumer. Do we also need something in here that says if we have to make decisions where the priority needs to be first or who we satisfy first and then if there is bandwidth, we do these other things? That is a question that I have when I look at the focus. The focus is great, but it is like we could do a lot of people under the focus.

I am trying to figure out how to interleaf some kind of if we finish A, then we get to do B and C. Or if we finish A and we want to do spin-offs, do we have to go back and see does customer A, which is the Secretary, have other things for us and then we have to figure out how to interleaf if we now want to go off to other groups. That is the only other thing I am struggling with, how to do that.

DR. SUAREZ: It sounds like you are talking about identifying some guiding principles for priority setting, too, and helping define, as we look into different areas to work on, how do we prioritize things. It sounds to me a little bit about priority setting.

DR. MAYS: I don’t even know if it is just principles. There are certain things — we need to have our list of things we are mandated to do so that that always is in front of us before we take on other things. Guiding is a little loose for me.

Here is the workload of what we are supposed to do. The Data Council sends us – so I think we don’t know some of the things – they are not in front of us, some of the things that we are really supposed to be dealing with. Jim gives us an update. Are we doing what we are supposed to do relative to back and forth with the Data Council? Are we doing what we are supposed to do – I want in this work plan to have all of these to-do’s like we have HIPAA to do, we have this, we have that. Then I think we may not be so stressed.

MR. SOONTHORNSIMA: Well said. I will echo that just a little bit. Maybe I can clarify what I see from your perspective. So I look at this as top down, in terms of our focus, objectives, and so forth. The bottom up is really when all of these activities hopefully will, as we flush out these things like HIPAA reports and additional transactions, for example, in the various committees, those will be the bottom up that will hopefully align. I think they will. That is kind of – perhaps answers some of that. The details will be coming.

Let’s go back to the top down real quick with the focus. As Walter you were outlining those four things, transparency, value, trust, and so forth – the fourth one was equity – I think one area – I wonder if this should be a focus. When I look at the three foci, those are more – to me, those are actions. Yes, we will monitor. We will partner and so forth.

One thing that came out from the four things that you mentioned around value – it transcends everything, every committee, every subcommittee, talking about access, quality, and cost. Should that be a focus then? Shouldn’t that be one, the fourth one? I am just wondering. They kind of hang everything else that we do quite nicely.

DR. SUAREZ: In some ways, we are looking at this sort of organically and almost orthogonally, if you will. One thing is the domains – sort of transparency, value, those that I mentioned and others probably – another thing is the description, as is described in the document, the focus, which are more tactical aspects. Monitor and identify opportunities for improvement. That is a responsibility that we have. We are bringing together different —

MR. SOONTHORNSIMA: Right. So I am offering – because it is aligning. Those four things – I think one thing that really aligns very well – trust is somewhat – trust is a result of our activities, hopefully. When you talk about value, you really tie quite a bit of the results of the activities, as well as our plans and deliverables. I wonder if that shouldn’t be a focus and not just peer monitor, partner, and the last one is forecast. Just a thought.

DR. CHANDERRAJ: My issue is we don’t want to reinvent the wheel. Every foci, like Bruce mentioned, I think we should look at the history of what the national committee has done with this topic, a particular foci, what was looked at, what was done, and what was sent as a memorandum to the Secretary. I think history should be a top priority in every foci, what was looked at and what was done.

The second thing is the trust issue. We should bring more people into the conversation. I see most of the meetings that I have attended here, there are more people concerned about healthcare other than physicians. Physicians are not at this table. We should try to bring them into the conversation to what we are doing. We don’t have them at the table here. The consensus among most of the physicians in the practice is they don’t trust anything that the government is trying to do. We have to bring them into the conversation and bring them into the fold to help them understand what we are trying to do and try to build it as part of the coalition.

DR. SUAREZ: Good point.

MR. SCANLON: A couple of thoughts just overall. Number one, we exist to advise the Secretary. That is sort of our, as my little grandchildren would say, our prime directive. Any strategic plan should reflect that is our primary sort of way of doing it or primary goal, to assist and advise the Secretary and HHS leadership. There are follow-up and secondary – there are recommendations that may be through the Secretary of HHS that are useful for states and communities and providers and others as well. It would be a mistake not to link a planning document like this to that mission and to that goal. It would be harder for me to obtain resources and direction if it looks like we are going off in a thousand directions. Focus really means focus.

Number two, we are a data committee. We are a data and statistical policy committee. We are not a health policy board. Again, we have to always think of what our role is in all of this. It is through the data, through the standards, through privacy, through that whole framework, ecosystem, and apparatus is how we hope to achieve the goals, which I think are – the goals are more like the triple aim kind of a concept, I think. It is really improving – it is to improve information for decision making and other means in order to improve the health of the population, healthcare quality access, trust, disparities, and so on.

Then there is a third that we have a little bit more freedom with. I don’t think we have to only be content worrying about efficiency. I would rather think of us in that way. Everything we do, whether it is standards, whether it is privacy, whether it is statistical policies, surveillance, it all helps to support that ecosystem, but it does it through HHS. Again, this is the same process we go through in HHS. You could argue that the outcome is good or bad.

You almost need a mission statement that is short and brief. The goals are to improve health and to provide information – to improve information for decision making, whatever you want to call it in order to – what? To improve the health of the population. To improve clinical care, clinical decision making, administrative efficiency, and so on. It is along those lines. Then people could see why we are doing it, how we do it, and then there are sort of specific things. The way we do it is through some of the focus things.

I would also suggest and I think we have done it before that we have in mind a set of principles, a decision tree that we go through before we commit resources and bandwidth to an issue. It would include that there are kind of these ideas that there is an HHS nexus, there is interest, that there is a client in mind or more than one client, that it focuses on data and information policies, statistical policy, that we have the resources and bandwidth before we do it, that we prioritize to get the most out of the resources that we have, which are limited. We probably won’t get additional resources, in terms of staff and funding. I think we are probably at a level funding level now. And that we not duplicate what other committees may be doing. I think we should just use those when we decide where to commit resources.

MS. GOSS: Jim, it sounds to me like you had that already prepared. You went through it so fast I couldn’t take complete notes.

DR. SUAREZ: I was furiously taking notes.

MR. SCANLON: This is a bit of stream of consciousness.

MS. GOSS: Can you translate that?

MR. SCANLON: I am only modeling this after – I would like to see it reflected in our work, sort of like the HHS – at least to see where it fits in in terms of the strategic plan. The HHS strategic plan is so broad – to advance healthcare.

MS. GOSS: I think there is a crosswalk that we can do. We have already done a lot of that analysis, but looking from within our own documents. I think it does have to go back up the layer.

MR. SCANLON: Just so we can – folks will see how we relate to that. We have a nice one page summary of the strategic plan goals and the objectives. A lot of what we are saying will fit in there.

MS. GOSS: I think it also goes back to helping answer Vicki’s question, which is primary audience. Is HHS – by extension, we all realize that HHS has a bunch of customers behind it. We kind of all have to work together in alignment.

MR. SCANLON: Right, and there are sort of indirect clients.

MS. KLOSS: I think we are gelling around the issue that was concerning to me that we kind of lost that core, which is to advise the Secretary. I think that is where the intrinsic value of this committee comes from. I think there is a benefit in a plan like this to start with the specific and very clear goal. We can always go beyond some of these emerging issues and raise new areas and forecast. I think we would be hard pressed to keep the group from doing that. We wouldn’t want to. At the end of the day, we just have to know we are delivering on the few things that we really have to do and we are doing that as well as we can.

MS. GOSS: Great feedback. I think we need to update the tool. How would you like us to proceed?

DR. WALKER: I just wanted to follow that excellent comment. It seems to me that if we categorized it in terms – we have a primary obligatory audience and then good communication practice would mean we ought to be sensitive to the fact that there are other audiences that may be listening in to whom we could be helpful. We ought to make sure that we don’t communicate in ways that close them out. I think it might help us to have a consistent and understandable way to focus on what our core is, but take account of other potential audiences also.

DR. SUAREZ: Thank you Jim. That is a critical aspect of what we need to do, good communication practice.

DR. MAYS: I would like one more column. That would be those things that we have to do. I know we have to do the HIPAA report. I can’t even remember how frequently. If we had like committee deliverables and we had dates around them so that we even know like when we start thinking about hearings that, oh, we have to have in this month the meeting devoted to HIPAA so that we can plan around some of it.

MS. GOSS: I would love a schedule of events of our yearly cycle with what we have to do and where. It would make my life – I think we need a detailed one, but I think either a column idea or have an annotation that shows that.

MS. KLOSS: That would come up in the subcommittee column. I don’t think we need –

DR. MAYS: The distinction I am making are the things the whole committee has to do so that you backup then to the subcommittee to know what it should be doing in terms of its work and when to land something. There are things – even though – how do I say it? Even though we are acting as a committee of the whole, there are things that the NCVHS has to get done. The subcommittee has to, to some extent, then second itself to those things that have a congressional mandate or whatever for us to do. I think from a planning perspective what I am trying to do is not have us like two or three of us need to have something done at the same meeting, if we already know that it is better to stagger them so that we are working just as hard, but I think efficiently and not ragged from kind of trying to get a lot landing at the same time and then we don’t have as much discussion time.

DR. SUAREZ: Let me see if there is any other comments from the phone. Anyone else want to jump in? Okay.

This has been actually exactly what we had hoped for, which is to get this started. I think the input and the feedback that we have gotten and some of the guidance from you, Jim, particularly, I think those are really excellent ways to start to reframe the way in which we are going to formulate this. We do want to formulate this and hopefully – the idea would be, perhaps, to have something ready to further discuss at the September meeting. Hopefully, we have new members at the September meeting. They will be introduced to that and engage in the discussion as well.

In order to get from where we are right now to there in September let’s say, I think – we have been talking about doing something like this, but I think we need to convene at least some follow up activity. I think one of the things that we need to consider – I know this means some additional resources, but one of the things we need to consider is an executive committee retreat that we have talked about for some time. Perhaps the summer time might be a good time to consider doing it if it were to work. We have to start thinking about it if we want to do it. I am talking probably more about late summer than anything else if that is a possibility.

Certainly, we want to work in smaller groups to help flesh this out a little more. I think Alex and Bill have been helping with Terri. I will be happy to also join. We can frame offline some of the basic ideas that we have heard in preparation for the possibility of having a formal retreat where we can actually really define all of these elements.

The idea would be out of that discussion we would have the basic components – Jim, you mentioned some really critical things like a mission statement and a series of goals, short and coupled goals, and all of those points that are going to be very helpful to redefine, really, our responsibilities, our role. I think, Vicki, your points about identifying the actual required deliverables as a committee is very critical to help us frame really beyond those things what can we do as well. I think those are the kinds of steps that we can – Jim Walker mentioned about the communication strategies and categorizing our audiences. I think all of those elements are the ones that we can put together into this strategy. I don’t know how to call the document – strategic plan or what. At least a framing document for what we will be doing.

What I think we can do next, again, is offline, a smaller group can begin to flesh this out. Be ready for convening potentially a retreat, an executive committee retreat. We can do it in different ways. Ideally, it would be an actual retreat, in-person retreat, but we can look at other means of trying to do it, knowing and understanding the constraints that we have.

MS. KLOSS: I have one more comment. As we are thinking about this, could we also be thinking about the orientation of this new group of members that might join us perhaps all at once in September, a sizable group? I know we have talked before about wanting to do a more thorough orientation. Maybe this – thinking through this and thinking through the orientation would be really helpful. I would strongly suggest if it is possible to even think about bringing the new members in a half a day early and doing an orientation a little more formally than we have done over the telephone. Give them a sense of the historical work that the committee has done.

MS. GOSS: I think you have a really good point, but I think knowing the composition of the new class so to speak is key because some people have been brought onto the committee who have a robust relationship with the committee. Other people are still learning to spell NCVHS.

MS. KLOSS: Good point, but everyone has to be on the same page.

DR. STEAD: Can I try to put a sharp point on a couple of pieces? First, I think we ought to have the transcript of what you did. If you don’t – I think you might take that transcript and briefly edit it into one page. My sense is that is the first piece. This table would sit under that page. We could, as a committee, work the page. If you got us into the right lake, our work would be a lot easier. That would be very helpful.

I think, second, Debbie or somebody you appoint should give us a list of the mandatory activities and the timeline. Both of those pieces would be wonderful orientation for what Linda is suggesting. Then the work of the committee could be on the still high level, but more detail around the focus, goals, and objectives and how we integrate the themes into that, assuming that it is living and anchored under the mission mandatory responsibilities, except for that those two things had laid out. We might could do that pretty quickly and then have the committee convening that you are suggesting. Just suggesting a way to move the ball.

DR. SUAREZ: Absolutely. This is an excellent idea.

DR. COHEN: Just one final thought. At this executive retreat, if we are re-examining the focus and the goals, should we be re-examining the subcommittee structure as well?

DR. SUAREZ: Absolutely. I think the idea would be to rethink how – not only what we do and where we are going, but how do we do it, how do we achieve it. I think rethinking the structure would be completely part of that process.

MR. SCANLON: The only wild card would be we probably will be having six, I think, new members join. They do reflect – knock on wood – they will reflect – both the proposals and the alternates will reflect the standards area – they kind of reflect the subcommittees – the standards areas, privacy and security and ethics along with that, and then population health sort of research. We have primary care represented as well and then sort of the EHR and automation.

It is a big group to be coming. They may have different ideas, but I think we would like to at least have this framework to work with.

DR. SUAREZ: I think that will be a benefit, really, of having people with all of that background. Like you pointed out, it is not like we are going to wander into other areas that are way off on the side. We certainly have a core responsibility in the enabling legislation of the committee around health information policy and very specific responsibilities under other legislation. I think those areas are going to help us still constrain our focus and maintain our focus and not really go a lot beyond that.

MS. LOVE: I am just a newbie. As I think through these priority areas, I think transparency is where a lot of the rubber is going to hit the road. In your committee structure, do you have like ad hoc, like a temporary one that could be set up or is it a standing – your subcommittee structure?

DR. SUAREZ: We can do a number of things around how to address that. I think like Bruce was suggesting, we can look into the how, what is the structure that we would use in order to get there.

MS. LOVE: In my world, transparency brings so many factions together. It hits all the high spots from trust to the whole —

DR. SUAREZ: All of these points – all within the concept and the focus of health information policy, health data policy, which is our priority, all these larger domains that I mentioned are I think still very critical.

MS. LOVE: Transparency has little special sparks and fireworks. That will be fun.

MR. SCANLON: The other way to do it with the five at the beginning to go through the goals and the objectives and the transparency and value and equity and trust would be in a manner that – do it in a manner that is cognizant of that and promotes this. It is an end in itself, but we have specific things that we do. We want to ultimately achieve these.

DR. STEAD: For example, those things might replace the Triple Aim when we are talking in here.

DR. SUAREZ: Yes. Conceptually, they become the quadruple aim I guess.

DR. MAYS: I was getting a little nervous about Bruce’s proposal. We are not talking about just upending the actual structure of the groups, but instead it is the processes, right, of how we work.

DR. SUAREZ: We might still – who knows? After we reach to the point of defining this larger mission and goals concept, we might find that the structure that we have would work better if we had a different name, perhaps, of the elements. I know that some of our committees are defining structures like the Data Access, our Standards Subcommittee. Some of them are pretty well entrenched in the way we do the work. It is something that we should still consider and be open to think about as we move forward.

DR. MAYS: What I think then that we need is that when we are in that meeting to have the terms that we can use. For example, sometimes I want to say, okay, let’s make an ad hoc group. Oh, we can’t do that because of this. I want to know what the range of things are that we can do.

Then I want us to be mindful of we need an identity that the people outside can recognize. When you say Standards, then your customers know how to find you. When you say Population Health, people know how to find you. I am not saying that we don’t have any change, but I think we have to be mindful – it is almost what Raj is saying. In the past, we have had this room kind of packed. Part of it, I think, is we keep moving back and forth. People don’t know where we are. We do need to think of ways in which to have a visibility that attracts the people that we want. Like the community groups don’t know – you know we keep talking about doing community this or that in Privacy and Pop, but they don’t even know to look at our stuff. Let’s think about having these such that it helps us with our marketing and our customers, but that we also know internally what we easily can set up as a structure and still be in compliance.

DR. SUAREZ: You made an interesting point. The concept of community work that we do is so distributed across all of the elements that we do, but the word community is not in any of our committees or subcommittees. Yes, you are right. A community organization will be looking at which group should I participate in or join. There are those interesting possibilities when we think in terms of the future and the goals of the committee and how do we look at structuring the work.

I think we are ready for our lunch break.

MS. GOSS: Can I just summarize – just to make sure we are all on the same page. I am hearing that Debbie will get us a list of mandatory activities and timelines. Scanlon is going to give us a summary of his great stream of consciousness that he provided to us. Then there is going to be a meeting with Walter, Terri, Bill, and Alex to incorporate the feedback. Then we are going to figure out how we go to an executive committee level of activities, which could be conference calls, in-person, but evolving work. Ultimately, to get to a September agenda item of something that is robust that also then supports orientation of new members.

DR. SUAREZ: Perfect. Excellent summary. Thank you, Alex. Thank you so much. We will take our lunch break.

(Luncheon recess)

A F T E R N O O N S E S S I O N (1:00 p.m.)

Agenda Item: ACA Designated Review Committee/Process and Implementation Plans

DR. SUAREZ: We are ready to start. We have a busy afternoon and so we want to take as much advantage of the limited time we have. So we’re going to start this afternoon with a review of the activities from the Standards Subcommittee and Ob and Alex I think are going to be presenting that. So I’ll turn it to you guys.

MR. SOONTHORNSIMA: Thank you, Walter. On behalf of Terri, Alex, I and our subcommittee, congratulations Walter. But thanks for the hard work that you’ve done over the years to sort of pave the way and kind of get us in the mode of operations, if you will, the MO of the Subcommittee on Standards. I think what you’ll see today is really a culmination of those years of hard work and evolution as a subcommittee and as part of the overall National Committee.

So what we’re going to talk about this afternoon is basically the Review Committee. I think this will give you a high-level overview of what it is the Review Committee and, more importantly, what are the business areas that we’re going to be covering leading to the June 16 and 17 conversation. So that’s basically the outline.

So let me jump right in. So you may recall, most of the Committee members were here that how the Review Committee came to be. It was an ACA that kind of created this, the need for this. And the Secretary has appointed or assigned designate NCVHS.

And the purpose, in a nutshell, you go and read the Charter and all that for yourself, but in a nutshell, what we do is we are charged with assessing the effectiveness and efficiency, the usage of the HIPAA health care transaction standards, code sets and operating rules that have been adopted. Adopted, that’s a main operative word here. Nothing new, we’re not going to look at anything new. That’s really the function of the subcommittee and that’s our current function.

The recommendation to the Secretary may include, add, change, delete, we just said changes here, to the standards and lastly, we conduct our hearing at least every other year, a minimum of every other year. So the first one is coming up and Terri will talk about this a little bit in terms of the magnitude and the type of entities that are coming to the table and you can chime in later in terms of the enthusiasm and interest that’s occurred.

So if you think about the Review Committee itself, it is a part of the National Committee in the following –

DR. SUAREZ: Maybe a point of logistics for those on the phone did we distribute this presentation to them? Do we have anybody on the phone that needs this?

MR. SOONTHORNSIMA: So when you look at the activity of the National Committee what we just went through, we were talking about a strategic direction, the theme, the focus, and all that. Basically, that sets a stage for what the Subcommittee does.

So things like population health, public health, those are the issues that were emerging a couple years ago when we started looking at that and now we’re continuing to do that as a part of our overall population health focus. All payer based is a new emerging topic for us to sort of explore. So that’s really driven by the National Committee’s agenda.

And then we talk about the evolving standards, we’re talking about remaining transactions, attachment, things that are actually, Vickie, to your point earlier, what are our deliverables. These are sort of the mandated, the deliverables that are part of our core function. The remaining operating rules.

So down here you see the ACA, admin simplification, all the industry mandates. So we went from a strategic view as a National Committee than more tactical things of looking at the standards in all the mandates that we’re having to do.

Then the implementation. So the most recent one, the current activity of course is focusing around implementation of ICD-10. So you’d see how that’s evolving. Then if you think about post implementation, the review committee is really about let’s look at all the things that have been mandated and adopted or implemented. And realize let’s review that we need to do any adjustments, do we need to – can we capture some of the benefits. Let’s rationalize some of these things.

And hopefully this will feed back into the natural cycle of our work as a National Committee. Does this make sense? That’s the context of how this is relevant and congruent to the work that we’re doing. So we have a lot of opportunity to influence the way we shape the future standards, long before it becomes sort of adopted standards. So that’s why these things sort of align pretty well for us.

So let’s get in a little bit more from the contextual standpoint, how then are these adopted standards being used in the business environment today. We’re talking about in health care transactions. So if you think about half of health care transactions starting with quote to card, that’s a term I use. That’s when you enroll a member or person into a health plan or benefit plan as well as when the premium is paid in order to sustain the membership. So these are the different, there’s a very, very high level now.

So I’ll give you a little bit more of a context, when you think about commercial side of health plans today, you’re talking about commercial plans and you have government sponsored plans. So in this case you have insurers and TPA. TPA stands for third party administrators.

So the employers interact with them in providing enrollment information and health insurance exchanges, whether – FFM stands for federal facilitated marketplace and then SBE, state based exchanges. They use this new HIX 834 which really is a modification of the existing 834. HIX 820 is the payment transaction. It remains to be seen as to how that is going to be adopted. So that gives you a little bit of the context from quote to card.

But there are other enrollment membership activities as well from other entities, like Medicare and there’s several thousand transactions that are exchanged and they don’t use 834. Medicaid, state Medicaid agencies across the country, they don’t use that and oftentimes people ask why not. Why don’t they use 834? It just doesn’t work for the government plan.

And the idea here is not to force standards on all entities and all kinds of business. So the standards are being used where they make practical sense. Hopefully this is helpful because later on you will see we have representatives from health plans, payers, Medicare and Medicaid. And you will hear different perspectives from them when it comes to using the standards. So far so good?

So quote to card and let’s continue with the health care process. So you also have, from the provider standpoint, when you see patients you have patient admission, patient registration, and so forth. Sometimes you have to do preauth, preservice authorization and of course you code and you bill.

And then when it gets over the payer side, whether it’s a government plan or commercial side, you have claims intake process, you claims editing to make sure the data is correct and lastly you adjudicate and you pay.

So let’s talk about from the health care transactions what are some of the standards? And there they are. And you can read this on your own. We’ll make this available. So on the provider side you see transactions going back and forth in terms of eligibility verification, and response.

Preauth, so when you hear about authorization 278, we’re talking about 278, 278X, this gives you sort of that context and now you can identify. I’ll tell you the truth, I’ve been in this for a long time, I still don’t remember all the numbers so a diagram like this helps.

Anyway, so that gives you the high-level perspective of what these transactions are. So the conversations that we will have will really center around which of these are really being used because a lot of them are being mandated or being adopted already. And some of them are not. So how they’re being used, are they effective and efficient? So basically that’s a scope of what we, as a Review Committee, will be looking at. So far so good?

Another context, another view is more behind the scenes. This is EDI, stands for electronic data interchange. There is a batch approach to exchanging claims eligibility and things like that. And, by the way, by and large, 99 percent of transactions are pretty batch today.

So this is another view, from enrollment eligibility referral, preauth, health care claim status, claim submission and remittance, so forth. Another view of looking at it, more simplified way of looking at it.

So why is this important? And I pulled this slide up just for Denise. So we talked about why is this important, Denise? Why is this important because we’re talking about administrative data, enrollment claims and so forth. So here’s another context which kind of involves all of us as a National Committee. It’s not just about claims. It’s not just about enrollment data. It’s also about clinical data and the focus again is patient centricity and a population-centric sort of view. In order for us to look for capabilities or run analytics in population health opportunities, individual opportunities that’s –

So later on when you see the set of questions that we will be asking we do talk about secondary use, even though that’s not necessarily the focus of the Review Committee but it is an outcome of effective adoption and usage of these statements. And that serves us really well as a National Committee. It gives us a context in the congruence. So far so good?

So the third part of our conversation today is really how are we framing this thing up. What are we going to be asking of the panelists, the testifiers? So without reviewing all the questions, we’ll have time to do that and you can actually read that on your own because it’s posted.

We’re really focusing on four key areas, value in terms of effectiveness, efficiency, how is it used, whether you’re getting the value as intended. The barriers, we’re always talking about adoption barriers. Why does it take so long? So level of usage, some time you may have a standard sitting out there but it’s rarely used, for whatever reason. So we’d like to understand that for each and every one of those business transaction.

Opportunities, do we have room for improvement and/or are there other means of achieving the same goal. For example, preauth. There’s 278 out there but there are other means that exist today of how health care payers and providers are communicating with one another in order to get the preauth, preservice authorized.

And lastly, any sort of changes that we want to hear from the industry, any suggestions as to changes and advances in technology that are emerging. So we’ll be hearing a little bit on that as well. So that, if you look at all the questions basically they frame into these four different areas.

So Terri, can you talk a little bit about June 16th, by the way Terri has done a beautiful job of getting, I think the last count is 2000 people are coming. It’s becoming Congress.

DR. SUAREZ: Quick question. Are you focusing on the transaction standards or the operating rule as well?

MR. SOONTHORNSIMA: Walter, we’re not going to look at the classification, we only look at the transactions.

MS. DEUTSCH: One of the things that we want to also know is are the transactions or are the standards operating rules meeting the use that it was intended to do. And that’s really critical in understanding why something may not be utilized. So that will be something that we’ll be looking at as well.

We’ve had a lot of entities requesting to present. This is the first time, at least in my experience, where I’ve received as many requests to speak rather than having to ask people if they would like to speak. So that was really very nice.

And to date, every request has been accommodated. Because there are some entities that were listed to speak and some of the panels that felt that they really didn’t have anything to contribute and they requested not to speak or they would send written. So that opened up some spaces so that the overall number did not increase but every one of them have been accommodated.

We have some of the usual individuals who tend to present at each and every one but we have so many that are brand new that we’ve never had. And, for example, we have the VA asked to speak. And so they’re going to be presenting on two of the panels. We have a dentist who is representing the ADA who is going to be presenting. Mental health, long-term care asked to speak on several of the panels. So we have a great number of new people to hear and a very good cross section of all of the areas where the standards transactions can be used.

So I think we’ll get a really, really good picture based on this. There’s been a great deal of enthusiasm. I’ve heard that a lot of the organizations have done surveys of their members so that they can find out what is working, what isn’t. They’ve sent the questions. Medicare has sent the questions.

And so just focusing in this process where we have questions that are given to the presenters to help them in the direction of what they should respond has been very favorably received. So I think that you will all hear some really good testimony.

They all promise they would speak in five minutes. I’m not sure I believe that but we really are going to try because we have to. We’re never going to get done if we don’t push it. So I think it’s going to be very, very informative and everyone’s looking forward to it and we expect a very large crowd in the audience as well. Any questions about that?

PARTICIPANT: Is there time for public comment?

MS. DEUTSCH: Yes, and after each of the panels, we have allowed for public comment and then for the committee to ask questions. So rather than waiting to the very end, it’s after each of every panel so we can close out what needs to be identified for each of the panels.

MR. SOONTHORNSIMA: But we will be very judicious of how we manage the time. This is very critical. And that’s why I think Terri you are also requiring written testimony.

MS. DEUTSCH: Yes. I have asked, telling them that give the key points and then supplement it with written so that we would have the total picture and not try to squeeze it all in. And most have said that they will comply so I anticipate they would.

I just want to just kind of remind everyone because we only have allocated 10 and maybe 15 minutes in some of the panels for question asking, that the questions really be focused because we just won’t have time to go through everything and if there are other clarifications, et cetera, that we can do that offline.

MS. GOSS: To that end, I think there was a question on one of the meetings held in Hyattsville. And I think that Terri you hit upon a point which is really critical which is this is an overwhelming number of testifiers who are going to have some great content and we’re going to have to really manage ourselves and them to pull this off in two days. And then do all the subsequent analysis work of all the written testimony with the oral testimony. So I think that all of you are going to talk about how to manage those expectations and the logistics.

MS. KLOSS: Are we sure we have physical space, the room space for the number of people that are attending.

MS. DEUTSCH: The answer I think is that we have over 80 but that’s over two days. And so within each of the days, I think that we’ll be okay.

MS. KLOSS: But we’ve double-checked that.

MS. DEUTSCH: Well, if there are more observers than on panel and there isn’t room, I think a decision would have to be made how we ask them perhaps to stand or we’ll have to deal with it at that time. I don’t know how many observers would just come.

When people have asked me I have encouraged them to have their observers listen in because of limited space and that our priority is to have space for the panelists and make sure that they have a place and are present and that the others have the opportunity to listen. To that point, everyone’s going to have to be very careful about identifying themselves and speaking into the microphone and speaking slowly so that people can hear it.

DR. SUAREZ: A quick point on the space and then we’ll go to Vickie. Do we have the two rooms? We normally have one room where we have our table for the team and then on the side, we have the chairs.

MS. JACKSON: We’ve got, i think, all three, the conference room is available. At least even if we have the two, what I wanted you to keep in mind was – participants realize that they are in for certain panels. And as you’ll see, they kind of wrangle in panel by panel. So it’s not like everybody will be staying all day.

DR. SUAREZ: I think we have to probably figure out some distribution of the spacing so that we have enough chairs for at least I would say 60 people I would probably estimate.

PARTICIPANT: So 60 people in the two conference rooms I –

DR. MAYS: Here’s where I’m going to kind of get back on us again about these technology issues and that is CDC can do streaming. Is it possible to do some of that so that it’ll take some of the load of off actually being in the room?

DR. GOSS: I think you need to ask Debbie that question.

DR. MAYS: Here’s the issue. Do you want it? And then we ask for it.

DR. SUAREZ: We are always having – all the hearings are webcast.

MS. GOSS: I think she’s talking about video streaming. Actually having cameras in the room, projecting –

DR. MAYS: What happens is, at least what I hear from people, is like just sitting, being on the phone for like four or five hours is like deadly. And they always ask why can’t – because HHS does stream stuff and I think we have to start thinking a little bit more about doing stuff like that. As an example, we can meet in other places, at some of the – you might be able to meet in College Park at University of Maryland. We just have to think about it because I think it’s kind of time –

If they can’t do it, and it’s not there, it’s like state buildings, as long as we’re not being charged. If we go to state buildings and other places, we sometimes can do it. And that’s one of the things you’ll hear about when I talk about what we’re going to do in the Data Workgroup to make access a little bit better when we’re in Hyattsville.

DR. SUAREZ: Yes, thanks for that comment. I think there are sort of three levels of ability, one is listening only on the audio, another one is listening plus seeing what’s being presented and then the third one, the highest one is basically audio and live video being transmitted sort of in multiple cameras. And being able to ask questions too. The thing is this is a hearing so the public will have the ability to ask questions too at their time.

I know that from the experience from other committees, the Health IT Standard and Policy Committees have always used the same kind of approach of a video with a link to the presentation material but you don’t have really the visual, video view of the entire room or anything like that. And then if you want to have questions asked you can also interact virtually. So at least as an interim step. Any other questions thus far?

MR. SCANLON: Would we want to, after the meeting, would we want to leave the docket open for a couple weeks for follow up or do we want to close it out.

MS. GOSS: I think we need to set a firm date to that. There’s just going to be a tremendous amount of analysis so to be able to manage getting all the feedback.

MS. DEUTSCH: We have given a deadline of when the written comments should be sent in for those that are testifying and for those that are providing written comment that are not testifying and we’ve reiterated that several times and there will be one more reiteration when I get a list of all of the speakers.

I’m going to send them something and just ask them to check if that’s the right panels they’re on, that they haven’t made any changes, reiterate about when the written comments have to be in because logistically that has to be loaded and dealt with and we have to have the written documents too.

DR. WALKER: A couple of thoughts as a veteran of these things. I would recommend that we consider scheduling them to present after we receive their written testimony and I would recommend – and I’ve been in meetings where it worked great – that we have somebody, it’s usually a strong woman, sorry, who turns off the microphone at five minutes. There shouldn’t be any of this, oh, please stop at five minutes, no one will. You just turn off the microphone and once you establish that that’s the game plan, everybody’s grateful even the presenters and it’ll work fine.

DR. DEUTSCH: I can tell when in February when we had the snow storm and we started an hour and a half late and we had the same testifiers there, it was amazing how everybody followed the five minute rule and as one panel got out the other one was lined right behind and sat down and we ended on time, starting an hour and a half late. So I’ve reiterated a number of times about five minutes. I will do it again. But I think when people see the list of speakers that they’ll realize that if they go over we’ll never get out.

MR. SCANLON: We are giving them an opportunity to send in all their details. It’s like a Congressional hearing. They have five-minute deadline all the time.

DR. SUAREZ: One quick additional question. First of all, is there anybody else on the phone that wants to make any comments or questions?

But before Linda, just one quick clarification because I think it’s important to understand, this being the first Review Committee and as Ob was pointing out, this is the opportunity for the industry and the National Committee to listen where things are with each of the transactions.

When we say each of the transactions, each transaction has four major elements in it, each transaction, a transaction being claims or claim payment. But each one has something called a standard, the actual electronic technical standard that is used to do the transaction. It has the code sets, many code sets, that are used internally.

It has something called identifiers, which identify the provider that delivered the care and the provider that admitted the patient as well as the patient ID as well as the plan ID or payer ID. And then it has something else called operating rules that apply to those transactions, for some of the transactions. The responsibility really of the Committee is to review all those four elements for each of the nine or so transactions. That’s why it’s so complex.

MR. SOONTHORNSIMA: Thank you for that clarification, but for this meeting, we are only going to focus on the transactions and the operating rules.

DR. SUAREZ: The standards you mean? The standards and operating rules I think there’s some code set questions about certain codes that are specifically used in certain transactions, like Clark and Rorke, and there’s some – and I don’t know that there’s any, I was looking for identifier questions. I just wanted to make sure that people have in mind that this is a really very large complex –

MR. SOONTHORNSIMA: We are actually going to put that in our tutorial as well. That’s a very point, those four different things.

DR. SUAREZ: Yes, the four components of each transaction. Because we sometimes mix transaction with standard and with the –

MS. KLOSS: I was just going to make a plea for the sanity of the members of the Standards Subcommittee who are going to be there. Could we organize the testimony as it comes in by topic and in order of those presenting. Because I can envision this pile of stuff coming in and it’s just going to be hard to get through this.

DR. SUAREZ: You mean the packet of material.

MS. KLOSS: If you could organize it for us and even if you throw it into a PDF and just send it out in seven chunks, that would be great.

MS. GOSS: Building on what you were discussing there, Walter, who here is going to be at the Review Committee? So I see pretty Vickie and Bill and Lou are the ones that we really need to make sure have a perspective about the standards, the transactions and the code sets.

We would like to set up an hour to an hour and a half conference call over the next couple of weeks to make sure that we impart to you some understanding about what we’re doing and how we’re doing it. And Walter gave us a great update building on the overview from Ob and there’s a lot of complexity in the standards world and the transactions that we use. And I have a deep appreciation having been the Insurance Subcommittee chair of X12 and also developed the Health Care Task Groups, or lead the Health Care Task Group as well.

And so to help us all be effective with a very tight set of testimony, we’d like to get together and we need to solicit from you an opportunity to get together in the next two weeks or so, so that when we all arrive on June 16th, we all have an understanding of how it fits together and we level set the expectations for how we’re going to interact and ensure this is a successful hearing.

DR. MAYS: Is there something we can read? I know for the privacy one I didn’t have a clue and I was able to go to our internal people and they gave me a little tutorial and then I started reading. So if you have stuff that –

MS. GOSS: Most of the implementation guides can range from 200 to 700 pages. And just talking about the technical standards themselves, not even the federal regulatory policy that’s was adopted under HIPAA transactions and code sets. So we’ve attempted to give you sort of the thumbnail sketch of what that looks like here and we want to talk more about it to –

MR. SOONTHORNSIMA: Maybe a little bit more, maybe a couple layers below what you see here. So we might talk about the 270X, 27X transactions, what are they? . That will give you sort of a lay of the land what the context is. We won’t get in the weeds. We will not because this is a National Committee. We’re not –

MS. GOSS: One of the things we want to make sure is that as the Standards Subcommittee is going through this process and ultimately bringing back a set of recommendations to the full Committee that has to be vetted, adopted, and then submitted. We want to make sure that we’ve got a good management of questions and how we’re tackling topics with the testifiers with balancing that time limitation. So there’s sort of a sweet spot between the education we can provide and setting a good context on which to build the recommendations.

MR. SOONTHORNSIMA: So what we’re anticipating in that hour, hour and a half conversation is really more of a discussion around those transactions and operating rules. Then probably deep dive a little bit in the questions. These questions have already been asked of the industry and they’ll come back and answer them. And how those questions are relevant to efficiency, effectiveness, adoption, opportunities and all those things.

So the idea is to keep the time limit to five minutes and then limit our questions, so the questions will be much more powerful and we’re not drifting to something too deep or educational in nature. It has to be very specific, otherwise, sometimes it’s probably good not to ask a question because there will probably have enough content in the testimonies already. So we’ll have an opportunity to go through that. So Terri will poll everybody, or somebody will poll – Marietta will poll everybody’s schedule over the next two weeks and we’ll get it going.

MS. DEUTSCH: I think that, just to add to it, is that the expectation is that, not that everyone’s going to be an expert on that, that would not be realistic at all. It’s to give an understanding of what you’re hearing so that you can at least appreciate what it is that you’re hearing. And that the members of the Standard Subcommittee that have worked with this for a long time and understand it, would be able to focus the questions or to really help in putting it all together.

And so this is the first time this is really being done and so this is a good opportunity to give exposure because it is presented to the full Committee. And in order to be able to vote, you have to have an understanding of what it is. You may not know all of the details but at least to understand that if a recommendation is being presented, that you have an idea, oh, they’re making this recommendation about this standard and I remember this standard had to do with this transaction so that you get the appreciation of it. And it will I think help you in understanding.

MS. MTUI: A question from an online listener. Is there a deadline for written comments in advance of the in-person hearing, if you are presenting in person?

MS. DEUTSCH: Yes, the individuals who are presenting need to submit the written comments by June 12th and for anyone who is not presenting, the written comments have to be sent in by June 17th.

DR. SUAREZ: So June 12th so presenting and June 17th those not presenting. Thank you for the question.

DR. CORNELIUS: I had a quick thought. Is there a way to think about this dynamically during the meeting where the members of the committee can have one or two persons to literally send our questions to so that they can represent us in asking questions so that you don’t have 10 of us sending it in, but we send it to you, Ob, and – because we’re going to have to really work this.

MS. GOSS: That’s interesting because that was one of my ideas. Ob and I met last night to talk about some of this stuff and I think even within the subcommittee we’re going to have to figure out what we get our questions and how we do it and we’re all going to have to be sitting together and then we’re going to have to, I believe as we’ve done in the past, to funnel things through the co-chairs or even just a co-chair, like have Ob –

MS. DEUTSCH: We did this in February when we had the snowstorm and short time and it worked. We were able to get the questions –

DR. SUAREZ: We just need to make sure that we have internet connection and I think we do at NCHS.

MS. GOSS: Or maybe before we go into questions and answers, we have like a minute huddle, people come with their written questions and we figure out which one we’re going to ask because it cannot be our usual full or subcommittee deliberations and exploration of the testimony.

DR. SUAREZ: I do have a hotspot that I can bring and some of us at least – I think it carries like five or so who can be online and so if you are online, if you send emails and texts we can set up that.

MS. KLOSS: I think it might be useful just to spend a few minutes on what happens after this hearing, because this is just a means to the end. And it would help me to be reminded of what our thoughts are about products, letters and reports coming out of this.

MR. SOONTHORNSIMA: Of course, we will be reviewing those. Remember the four areas, value, barriers, opportunities, changes. So hopefully we call out sort of what we heard from the industry and then we would rationalize because we really – realistically there won’t be a whole lot of quantitative data, data point, there might be some general information adoption trends and that type of thing but specific data won’t be available. So we have to really take to heart the testimonies and the written testimonies and really try and evaluate those four areas. That’s the first point.

So the outcomes for this transaction we recommend further development, continuation of or consider abandon, maybe that’s too strong a word, or sort of moving away from, whatever the right word is. So that’s basically the function of the Review Committee, to make those types of recommendations.

MS. KLOSS: And the output is letter or a report.

MR. SOONTHORNSIMA: It is going to be a letter. It is required that we write –

MS. DEUTSCH: It doesn’t specify in the statute that it has to be a letter. It just says a report. But we tend to do recommendations as a letter.

MS. KLOSS: I was wondering if we were doing a report.

DR. SUAREZ: I think it would be more of a letter, the way I see it, that would have observations around the transactions and findings from the hearing about each of the transactions and then recommendations about each of the transactions. I would think it’s going to be a long letter. I’m thinking it’s going to be like eight different or nine different transactions and for each one there are going to be specific observations and findings and recommendations.

Like Ob was saying, I think the intent in this first Review Committee and consistent with the statute that created it, is to really take a picture of where things are in terms of the use of the transaction, how valuable it is in meeting the goal of the transaction, what’s the volume in general.

That’s the kind of thing that you are going to hear. This transaction is done day in and day out. Like the claim transaction, this is day in and day out. We do it electronically in hospitals, 90 plus percent are doing it, in physician facilities. And dental, we’ll hear about dental. These are the volumes in general and we’re going to get a sense of the usage. And then we’re going to hear also about the barriers, as Ob was pointing out, and some of the issues.

Some of the transactions have a more limited number of barriers according to what we have seen over the past few years. Some of the transactions have some significant issues with them, very low usage, very limited benefit apparently in the industry. And so that’s the kind of thing that we are going to hear and those are the things that we’re converting to a letter and –

MS. KLOSS: Can I just do a follow-up comment? It seems to me there may be another opportunity we should at least think about that this has raised a lot of interest and there’s clearly people understand their siloed part of it. There might be an opportunity for the Committee in its role of helping people see the bigger picture, of taking some lessons for the industry from this and finding some way to communicate those out and not just rivet down into what a specific recommendation is the Secretary. Because it’s not just these seven, it’s how all these seven knit together. And that’s the piece that I think perhaps we can raise the –

MS. DEUTSCH: To your point, Linda, the responsibility was to have a hearing and a report that includes the recommendations for updating and improving such standards and operating rules – shall recommend a single set of operating rules per transaction standard and maintain the goal of creating as much uniformity as possible in the implementation of electronic standards.

So what I heard is a suggestion of let’s fulfill that obligation to the Secretary but there is a benefit to the public but I think that the public benefit could be further refined to what do we need the standards and code set maintainers to be doing or reflecting upon from a lifecycle perspective as we move forward.

MS. KLOSS: But also those who have to adopt them. To not look at this as a siloed obligation but as their opportunity to try to advance administrative simplification. It just seems like there’s an opportunity for a broader message and to the extent that we can leverage all the time we’re putting into this to do something.

MR. SOONTHORNSIMA: To your point, I think you’re talking about opportunities to one) to make sure that the users actually see beyond the siloed transactions and see better use, if any.

The second one I think you also alluded to is kind of this diagram that talks about we, as the Committee, can use this to help influence future changes coming down the pike and we have – because once you get past this Review Committee, there’s a lot of lessons learned. Let’s not repeat some of the mistakes in the past.

If it takes 10 years to adopt a standard, okay. At least then the standard is going to outlast the next five to ten years. That’s really I think a second dimension. So there’s a whole lot of opportunity to do this report or recommendation. We’ll see what comes out of this but I see a lot of potential opportunities for sure.

DR. STEAD: Do we understand clearly enough what the structure of the report would be that we could have some template that we were trying to take notes against? So that’s one question. To the degree we don’t, or maybe even if we do, if we’re going to try to channel questions to one or two people, should we have one or two people trying to create a picture of what we’re hearing at high level, not all the detail but as we go along. Would that be –

MS. GOSS: I think we have the questions, which is the Guide Post. So we have a structure. So if you look in the ebook, starting on –

DR. STEAD: I went through the questions. I just –

MS. GOSS: So there’s a correlation between the structure of the flow of the hearing with the questions that is ultimately the data we’re trying to get at. It’s a complex situation to try to funnel everything right during the hearings because so much is going to be coming at us.

DR. STEAD: So in essence, we’re supposed to be listening and recording what we hear about the answers to those questions to each individual standard and operating rule. We’re not supposed to be recognizing a pattern that comes up above and across all of that.

MS. GOSS: I think it’s a yes to both.

DR. SUAREZ: Ob created the template of questions really about the value barriers, opportunities and changes. I think that’s a – trying as a member trying to make sure that I understand where are we with the value of this transaction. Where are we with any barriers? What are the opportunities and what are the changes? I think generally if we can understand, in general terms, because there’s a lot of details about many things, about each of these four points in each of the transactions, that’s kind of the best template I can think of.

MR. SOONTHORNSIMA: We will follow up on that one. There are some things that you can actually template, create templates around. But others are a little bit more subjective, if you will.

MS. DEUTSCH: I think what Bill was alluding to is when we had the February hearing, I think you all received a summary with the topics and then some of the comments or themes that came across from there. And I think that’s what you’re asking. So that when you’re listening and you’re taking notes, are there any particular themes and could you create something where you could jot notes down. Because remember, there are going to be 80 plus commenters and you want the key phrases.

Ob and Alex and I are going to be talking tomorrow and see if we can come up with something that would take the questions, take what Ob has pointed out there as the areas of focus, and are there any key buzzwords or themes so you could fill it in. Because that’s how probably summarizing all of the comments will have to be done anyway in order to derive any document that’s going to be developed, is to pick these themes.

DR. WALKER: I thought on that, both from the presenter’s perspective and from the team’s perspective, I’m thinking of this as a sort of a semi-structured interview might be useful. And I apologize for my ignorance but you can say, well, what are the difficulties that the standard poses to you as the user and what are changes in the standard you could imagine that would make them more useful. Some simple things like that that might both help focus the presenters and also make it easier for the team to come up with some reasonable summarizations.

DR. SUAREZ: Exactly. Those are the kind of questions we have listed. There’s a lot of questions actually in those for everybody on the website. I think those are the kinds of questions that we are –

DR. WALKER: What I am proposing is that we consider actually posing those to the presenters as at least part of what they –

MS. DEUTSCH: I think at the end of the agenda are the lists for each of the questions. There’s a set of general questions for all seven panels and then there are specific questions for each of the panels so that the presenters know that their presentations are to respond to any of the questions that apply to them. And they have them and when they got their invitation, they got the invitation that had only the questions that applied to the panels that they were asked to speak for. So they have all of that.

I think that what Jim was getting at is how can we take those questions and put a format or a template so that as the responses and testimony are being given that notes can be taken more easily and then summarized from that point. So I think we have both of those, one of them we just have to create a little bit more.

DR. SUAREZ: And I think anybody can ask the question Jim that you have during the session actually.

DR. WALKER: That’s exactly what I was trying to say except that it was said vastly better, thank you. If you have that kind of framework that everybody is working out of, you have foreclosed someone saying something that doesn’t fit but it just makes a lot of the work easier.

DR. SUAREZ: So thank for that, Jim, definitely we’ll work on that. I think we are ready to move on to our next agenda. So thank Ob and Alex and Terri for their work on this. It’s going to be an exciting and incredible hearing. We’re going to move very quickly now to our Population Health Subcommittee and I’m going to turn it to Bruce who is going to facilitate our next discussion.

Agenda Item: Overview of Population Health Letter to Secretary in Preparation for Action Item on May 28

DR. COHEN: Thank you, Walker. We are going to try to accomplish two things quickly. One just tee up the letter that we’re going to be voting on tomorrow. And then Bill is going to spend more time going into explaining the framework and where we’d like to go with this activity.

So if you could turn in your books, or you got a handout of the recommendations on supporting community data engagement by increasing alignment, coordination, technical assistance and data stewardship education. This has been a really dynamic and wonderful process. There have been many iterations and I want to thank everybody who has been involved and given us such great feedback.

This is a really important milestone I think in the National Committee’s journey around empowering community data use. We’ve held workshops and roundtables. We’ve issued reports around learning systems and now we’ve developed a set of broad but very actionable recommendations for the Secretary to consider.

And we’ve done this by grouping three sets of findings and recommendations. One on alignment and coordination, one on technical assistance and one on education about stewardship. And we’ve created 13 specific recommendations. I’m just going to run through the recommendations at a very high level and if you have any specific comments, now is your opportunity or you can see me afterwards so we can do – Bill and I can do some offline wordsmithing to prepare for tomorrow’s vote.

So the first set of recommendations are on page three of the letter and they have to do with alignment and coordination. Recommendations one and two are creating a virtual home for community-facing data work in the Department and creating a Community Health Data Coordinating Committee to coordinate that activity.

Recommendation three I think is potentially of huge importance which is essentially creating a strategic plan for community health data. There have been several strategic plans that parts of the Department have created. One message we got loud and clear is there are a lot of folks who are engaging communities around data, pulling this all together throughout the Department in a strategic plan would be fantastic.

Recommendation four, we heard in several venues, which is encouraging or figuring out a way to get more community representatives into federal health data policy activities. And five, we also heard when we talk about community data health engagement, at the community level, public health is broader than some narrow definitions. So it’s incumbent on the federal government to expand beyond HHS to bring in other agencies that are playing in this sandbox as well and we want to encourage the Secretary to do so.

And six, building on five, is not only other federal agencies but what we discovered, the growing and important non-governmental community of data intermediary organizations and of foundations who are – with whom the federal government should be, I think, more proactive in creating these alliances.

So that’s the set of recommendations for alignment and coordination. I will stop to see if anyone has any specific comment.

DR. SUAREZ: Thanks, Bruce. Any questions or comments on these first six recommendations?

MS. GOSS: Thank you. This is a really good letter. I have a couple questions. Ongoing funding for sort of this effort seems to me to be something that’s missing in these recommendations. I also wonder if there’s an opportunity between four, five and six, considering how interrelated they are, for some possible consolidation, that not really being a priority.

I’m curious as to creating a mechanism for ongoing input into relevant federal health data policy. Is this proposing a new channel and if so, why? Because it seems like one of the problems we have right now is there’s too many ways to get tapped in and not necessarily a coordination overall.

DR. COHEN: So I’ll take the first crack and Bill please feel free, or others who’ve been involved in these discussions. We decided not to include anything about funding and we discussed that a lot because we thought there was less frankly – it would be great if whatever we can do would be funding neutral and use existing resources rather than recommend allocating resources or taking resources away from other areas.

And community representative, this is specifically about community representation in the policy, data policy discussions that we feel has been missing. We haven’t, there are lots of different levels of health data policy discussion, some around specific data systems and some in more general. We haven’t, we’re not suggesting an explicit mechanism or set of mechanisms but this is a broader recommendation that we didn’t have I think the traction to be more explicit to make specific recommendations.

As you’ll notice as we go through these recommendations, we tried to cast them broadly to give the Secretary and the Department an opportunity to respond in a flexible manner to these suggestions. Some are more specific than others so we thought it was important to sort of interweave those two levels. And frankly, we don’t know how to do this right now.

DR. MAYS: Great job. And I’m sure the community appreciates the efforts that the Committee is putting into this. I just want to go to five and talk a little bit about some of the entities that I think you may want to have here. Not that I want a laundry list. Veterans Administration, I think you may want DoD as opposed to Veterans Administration.

DoD actually does – I’m learning this from being on the IOM board that I sit on that does military stuff – I think you want – DoD does the funding. The Veterans Administration, I’m not sure that they actually have community-level data and data relevant programs. So you just need to check that but I think its DoD.

I would add in USDA. I would add in Department of Transportation and I would add in the Bureau of Indian Affairs because I think those are really good customers for us in terms of health to those particular data.

DR. COHEN: What’s the first one?


DR. COHEN: Department of Agriculture?

DR. MAYS: Yes. They fund great studies around nutrition stuff.

DR. COHEN: We have that listed. It’s the last one listed. You can Transportation, Indian Affairs. Okay, great thanks. Let’s go on to the second set –

MR. SCANLON: The census bureau.

DR. COHEN: So we will expand this list to be more representative and more inclusive of suggesting allies for the Secretary.

MR. SCANLON: I would say expand on four and six, creating mechanisms is fairly exciting recommendation. I would say expand opportunities maybe. But let the Department worry about how but expand opportunities for input into relevant policy and for coordination and collaboration and then let – they are going to be different. It’s likely that one mechanism is not going to be the way to go.

DR. COHEN: Thank you. The second broad area that this letter addresses that we heard substantial feedback from the community was around providing technical assistance. Recommendation seven focuses on specific expansion of online technical assistance for data use. Number eight is focusing on developing of tools and using these tools to complement the groups we had mentioned before, the data intermediaries.

Recommendation nine is using the existing HHS regional office and other regional offices to really provide more – sort of a disseminated approach rather than a totally centralized out of Washington approach to provide technical assistance and really build on these offices that are closer to the ground. And number ten is using learning networks for information exchange as a cost effective way to provide more technical assistance for community data use. I’ll take comments on seven through ten.

MS. GOSS: In regard to the technical assistance section, which these recommendations reside, we have some terms that may not have been defined and one would imagine that the Secretary would know those terms but if other people are reading it, it might be helpful to have certain things like, CDC WONDERSYSTEM and what DATA2020 is. Some people may not even know what NCHS stands for. So it struck me that we might – I didn’t know if you were going to be thinking about a glossary for all of this.

DR. COHEN: We tried to provide footnotes that referenced these particular systems. I don’t know whether that’s –

MS. GOSS: That’s probably good enough, if somebody really wants to know they’ll go look it up.

DR. COHEN: Your point is well taken. Thanks.

DR. MAYS: This is for number eight because what you’re directing them to do is develop tools and I guess what I’m a little concerned about is there’s a lot of stuff out there. And I don’t know that HHS needs to necessarily develop the tools as much as to have some kind of clearinghouse or education around what tools can be used for what. That’s what the entrepreneurs and developers and all that kind of stuff are doing. So we want them to develop a lot of those tools.

But what we need is people don’t know, for example, how to use kind of some of the simple things that are out there. So I think listing and educating about what’s available. So the role is to me more of a coordinating and highlighting the tools and how it can be used with specific things. So, for eight, it’s that.

And then the other is I guess I still don’t get it. I’m not quite as understanding why we’re being very specific on two groups that are funded by other means. So like county health rankings and roadmaps, RWJ funds that. And I think there’s going to be some changes. And then Community Commons is also funded in other ways. So I just worry we get ourselves in the middle of being so specific that the market needs to do what it itself as opposed to us listing who.

DR. COHEN: So there’s a such as there. I guess our concern was when we didn’t give specific examples, it wasn’t really clear what we meant by non-governmental intermediary organizations. I think this level of specificity helps if you have suggestions about how to frame it so we don’t appear to be endorsing any particular approach. That would be really helpful.

DR. MAYS: Let me think about that. Because what I’m trying to get at is that one of the things I think at least the Data Access and Use Group is to do is to help the people out there who want to develop things to see a market and to have them say, ooh, that’s a gap, and I can help with that.

So it’s more the description of what the need is because – I don’t know exactly how to write. I’ll think about it and try and give you some language. But I’m just trying to do like what the workgroup is to do which is for HHS to want them to build something.

It would almost be like if at Datapalooza if you said we need this, would they be able to come up with something. So I don’t want it to seem like oh, it’s kind of done and these are the groups as much as somebody may build a better widget or do it in a different way. So I’m just trying to look out for what I think the workgroup is supposed to be doing with data stuff.

DR. COHEN: How about, and I don’t want to get into a lot of detailed wordsmithing, but something like identify existing tools and promote the development of new tools where appropriate. Does that address the issues?

DR. MAYS: I think it gets at it. I could think of it if I could put a little more time on it.

DR. COHEN: I think Bill, Susan and I will probably be polishing this off this evening, if anybody has any specific wording.

DR. WALKER: Overall, hats off to all three or four or more of you. This whole thing seems to me to hang together and read cleanly. Improving it’s great but you’ve really done a beautiful job.

The second thing, about the market, I think leaving it general the way kind of suggested – or some way of acknowledging that some of these needs there will be a market for and some of them there won’t. Not a market that anyone can make any money in. It will cut both ways. And my guess is that the more disadvantaged a community is the more we’d like to help them the less there may be – because it’s usually thought up as a market.

DR. COHEN: I guess that was where we were coming from initially to put the burden on the federal government who has deeper pockets than communities for developing the tools. I guess we want all three. We want to identify existing tools, we want to promote the non=governmental sector to develop tools, and as the pocket of I don’t know whether last resort but as where needed, if the federal government needs to provide these tools for data use and access we want to promote the federal government from doing that. So I think our intention is to have all three of these situations included in this concept of providing tools to community for better use of data.

MS. LOVE: I want to echo what Vickie just said and I think rewording it along those lines, but I think the federal government should direct some of that energy or funding or support and tools to filling data gaps. There are these gaping data gaps for community assessment that county health rankings can’t fill. So I just wanted to echo that. Maybe reword it such – kind of blending what you said and she said.

DR. COHEN: The gaps – yes, you’re absolutely right and I don’t know – this was more about tools for using data rather than generating new data where data do not exist. And I think, at least that was my initial thought but both of those are really important. I don’t know whether the focus of this set of recommendation was filling those data gaps.

DR. STEAD: I think this letter is meant to be a first of more than one letter. And so what we tried to do with this letter was word the things where the input we had received to date gave us adequate comfort making a first round of recommendations. In the Pop Health task work list, we have a series of other things that arose through these Roundtables that we need to address but we haven’t done enough work to even say something that we were willing to put our weight behind with the Secretary. And the framework will also be another way we can get at gaps. It’s a very important issue. We just need to –

DR. COHEN: I think tomorrow during the Population Health block when we begin talking about our fall activity and coming up with a set of indicators or endorsing a set of indicators, the data gaps issue will be paramount in that discussion.

MR. SOONTHORNSIMA: Real quick, to go back to Vickie’s point, I actually support the way you wrote this number eight, develop tools – because I think this is a very deliberate and specific role that we define because you want the government to help connect the dots, to facilitate because that’s really the unique role that the government can play. So I hate to dilute that with any other action verbs.

When you read this it’s in the context and the role and the scope, it’s very inclusive in terms of how they can connect those dots, whether it’s governmental, non-governmental capabilities that exist. Because if you start diluting it by assessing or I forgot some other words, inventory, identifying existing, exactly.

Then you kind of dilute it, because if you think about it a tool can mean a library of resources. That’s a tool. It doesn’t have to be a technical capability. But it has to be really concise and crisp. I think that got it there. We talked about this several times in the past.

MR. SCANLON: I think for the first few paragraphs, the Secretary is going to think we’ve already done this in open data and healthdata and data.gov and that’s sort of the story OMB and others are telling as well. I think it would be smart to include somewhere in the first two paragraphs acknowledgement and praise of those efforts and continue additional directions.

I really don’t think, my own view, if anything you’ll see those kinds of applications rather than program-specific applications and there’s just – resource issues are just – we can even do state estimates from our national surveys, well, we can in a couple cases. So I just think the idea that 1000 flowers full bloom is just not going to be attractive.

But I would emphasize the progress and success of health data, the open data efforts, healthdata.gov and data.gov, the efforts to create, to make the data available to anyone who wants to use them to encourage applications, whoever wants to do it. The community doesn’t necessarily have to do it itself but it has to be as part of this ecosystem, sort of the Tom Park idea, I think otherwise it’s a little bit ’70s, kind of the federal government has to do it.

So I would do it in that context, just say that you applaud and recognize the progress and encourage further work to help communities in their attempts to improve health and health care and then you could say to that end we’ve had these meetings and – because that’s probably the way everyone’s going to react to this. Oh, we’ve done this already, this open data, it’s just a matter of not having the right tools up or that sort of thing. Anyway, that’s the way I would – it’s the way they’re looking at it now.

DR. STEAD: Let me make sure I know where that needs to land, are you meaning the first two paragraphs of the letter. So it’s not down in the detail section.

MR. SCANLON: I would probably put it right between the first and the second paragraphs and then I would say the Committee has inquired specifically into the needs of communities and then – so you’re approaching the health data initiative from the point of view of reaching communities. And these are the ideas that would get at it. Because I think that’s what they would be – that will make sense to them in terms of the policy now. That’s a nice transition then.

DR. COHEN: Thank you, very helpful. The third section of this letter focuses on data stewardship education. And clearly, this has been an ongoing theme, not only that the Population Health Subcommittee has been working on but to a greater extent the Privacy Subcommittee.

Recommendation 11 focuses specifically on state data. State data flows in both directions. It flows up to the feds and it flows down to the community. And focusing on reminding folks who are state data users and particularly state governments I think is – as state data become more used by many folks and become more available, reinforcing good stewardship practices is paramount.

Twelve is focused on the data stewardship toolkit and recommendation 13 focuses specifically on secondary uses of data and reuse of data. These are I think one of the primary data sources that communities and neighborhoods end up using and in general, from what we heard, there isn’t much awareness of potential concerns around the legal and potential issues of using these secondary data. So that’s an area of recommendation as well.

Bill made the point earlier the last sentence is we will continue to explore other ideas with an eye to develop further recommendations. Now what we really intended that this is the foot in the door, both at a broad and specific level and as we move forward, we really want to build on this letter and the ideas that will continue to emerge.

MS. GOSS: To that point, would it make sense in that last sentence to bolster or enhance it to talk about our sense of obligations with maintaining the artifacts such as the Community Data Stewardship Toolkit so that they can see – it’s an evolution but it seems to me that’s a part of the work we plan to do. Maybe not, maybe that’s a little ahead of myself to pose the strategic planning effort but we’re putting a lot on them and to some degree we’re funnel point so we’ve –

DR. COHEN: If you have some specific suggestions to enhance the wording here that focuses more on our responsibilities and obligations to promote these ideas, particularly with respect to stewardship and other activities that you envision, that would be helpful.

DR. SUAREZ: Can I make two comments, quick ones? On the first recommendation, 11 actually. It seems to me highlight and document best practices stops short on disseminating. So the way I would suggest considering modifying that is instead of highlight and document, I would say identify, document and disseminate best practices so that it does the three things, identify, document and then disseminate best practices. That’s one suggestion.

And then the other one is in number 12, using NCVHS Community Data Stewardship Toolkit, I think it would be helpful to put a footnote with a link to the Toolkit.

DR. COHEN: Great idea.

DR. SUAREZ: Any other questions?

MS. LOVE: You know, we can drive ourselves crazy wordsmithing, but as I sit and read this number 11, I’m wondering if better than stimulate is strengthen because I might have some states come back and say well, we already have broad data sharing, what more can we do to stimulate it. But I’m just saying strengthen but again, wordsmithing can drive us nuts and it can be disregarded.

DR. COHEN: I am comfortable with that. That’s fine. Please, never be shy.

MS. LOVE: But I can read it both ways. But I can see some states saying, what do you mean stimulate? We’re doing a great job. It’s the other guys that aren’t doing a great job.

DR. SUAREZ: The comment is actually stimulating and strengthening the letter.


MS. KLOSS: I found this letter so readable and I think it sets a new high water mark for letters to the Secretary. So I hope they’ll all read as easily as this.

DR. COHEN: Congratulations to Susan. Susan Kanaan was the initial drafter and the promoter. She’s done beyond a Yeoman’s job, whatever that is.

MS. KLOSS: It was really interesting to read. I like it.

DR. SUAREZ: Thank you. So we’ll come back tomorrow with a final revised version.

MS. KLOSS: Do we get a response back?

DR. COHEN: It probably will.

DR. SUAREZ: Yes, we usually do actually. Okay, I’ll turn it back to Bill. Bill, I think you’re going to be doing it.

DR. STEAD: We had a discussion in the Pop Health block on the framework at the last meeting and after that we asked to bring the framework after revisions back to the full Committee for further discussion. Just to remind people, this is a project of the full Committee. It’s being facilitated by the Pop Health Subcommittee. There is a workgroup that includes Bruce and me, Jack, Leslie, Alex, Linda, Vickie, Walter, Lea and Jim Walker.

The version that is in your agenda book has a new executive summary that attempts to clarify both the purpose and the target audience in response to the discussion at the last meeting and so one of the things we need to know today is whether this is now clear or whether there are further questions or suggestions about that.

Then draw your attention to the methods taxonomy which is in a different format now at the back of the document and it, on page 20 through 22, has two new sections. One that adds an initial version of the analytic and visualization methods taxonomy that Bruce and I collaborated on. And the second that contains the additional category on stewardship principles that Linda and Leslie collaborated on and we need to know if there are questions about those two pieces.

And then, if we have time, which we may not, the question is what are our next steps in trying to pilot, if you will, in a dry lab mode how we might use this so we better know how to extend it, et cetera. So that’s what we wanted to do in this discussion. If we don’t get done with it, we’ll have to figure out when and how to continue it.

This is just directly picked up out of the white paper, what we’re trying to do. To support a systematic approach to thinking about, talking and acting with respect to data. With three goals, develop this evolving set of data and method classification resources which is a data structure and the methods taxonomy represent that are designed to help data experts support communities and others to systematically use data.

The second goal is to generate recommendations to the federal government and the supplier ecosystem on high-impact gaps because we should, with this, both in the data as we show how things fit in the data structure, gaps should become clear. The same as we look at the methods taxonomy and we know where we do and do not have methods, gaps would become clear.

And then finally to catalyze development of interactive tools based on the framework. I think in the last discussion, and Vickie you may want to – in the last discussion we really needed to clarify that we’re talking about supporting experts as they help others. We’re not actually expecting everybody to be able to work with these resources.

And I think we also as we went through this tried to say our work around supporting communities is one example of how these things can be used, but they actually would be used by many things that touch the interests of the National Committee. So is that part good with people. I’m seeing shaking heads.

Then target audience, we’ve just said so I think we can move past that.

Then the sections that were added, I don’t know if they raise questions. If you look at page 20 through 22 or if Linda would like to provide some color commentary on her thinking based on hers and Leslie’s feedback in the beginning to populate that part.

MS. KLOSS: I think when you look at what we added, you will see the stewardship framework emerge because we really tried to make this align with the categories in the toolkit, the framework, but collapsed a little bit into the toolkit. So I think it helps align.

So the first category – just to take one – openness, transparency and choice includes policies and practices regarding community and personal data. So the practice is that the policies and practices are publicly available. They’re made known. They’re open and transparent.

Data are obtained through legal means. Communities that are subject to the data use are provided notice. And then as we flesh that out to the third level, we talk about notice practices. Not specific. And we stop short of specifying specific practices but, for example, on notice 3.1 notice processes are in place.

So it’s not just ad-hoc, that there is in fact a process. We’re not saying what’s a right or wrong process but that there be a process. And that secondly there is a process in place for asking and getting answers to questions.

So I think we held back from getting too technical and just talked about these practices in generic terms. And you’ll see that same sort of logic thread through.

DR. STEAD: And from my perch, this works well because in the toolkit, we have the principles and we have examples of how to do this within each piece of the toolkit. If we take the taxonomy and use it as metadata then somebody that develops a notice that is defined to inform a subject on data use, it would then be tagged with that link into the taxonomy.

And as other such things were done and tagged that way, you would then be able to easily search and pull out all the practices relevant to that. So that’s in essence how the toolkit would work with the taxonomy.

PARTICIPANT: So I think it certainly could be converted and aligned with the checklist also in the toolkit.

MS. LOVE: I’m just trying to understand and I’m a newbie so I will apologize. But I am just thinking of a community initiative versus a data owner and I go back to discharge data shop. So a community initiative using discharge data, they are combining it with maybe other datasets. When they have a combined dataset do they tag it or is it the original date source that’s tagged with notice –

DR. STEAD: My thinking would be that the original data sources would be tagged with data, primary data source classifications that are on page 19 through 20. So it would include things like the purpose of capture, what the proposed use was, identification, other kind of metadata that would be relevant to how you deployed the stewardship practices.

As a person tried to assemble two primary datasets into a secondary dataset, they would tag or use the metadata in the secondary dataset characteristics and as they either created or pulled together the notice forms that they were going to use, they would either come tag from whoever had created them or they would tag them.

So the idea is that once the taxonomy which will actually be quite simple, as difficult as it is for us to put it together the taxonomy is turning out to exist on a few pages. It’s not volumes. And then if people that produce primary sets or do more secondary sets or do the stewardship around how they’re going to disclose or use the secondary datasets use that taxonomy, that’s how we’re envisioning this working.

MR. SOONTHORNSIMA: To follow on Denice’s question, that means if I own that dataset discharge, I would want to make sure that I go back to my metadata and update it with some of these, like you said earlier on page 19, make sure that I have some of those relevant information. At least add it to my metadata.

DR. STEAD: And the thinking is it would actually probably be added to the metadata for the dataset, not for the individual data.

MR. SOONTHORNSIMA: That’s exactly right. So it’s data about that dataset that she has.

DR. STEAD: Which if we externalize and make visible upfront as we create that dataset, it allows systematic and appropriate use downstream. Otherwise, experts are coming together and trying to figure out what did people do?

MS. KLOSS: Where do they come from? And where did it come from? And have we checked all the –

MS. LOVE: I’m just being a devil’s advocate here. Because each data steward that I work with has a pretty extensive data users guide, data submission guide, definitions and laws and all of that. So I just want to be sure we’re not asking them to –

MS. KLOSS: I would assume that if those are good guides and agreements, they’ll have these elements spelled out. So I don’t think we’re talking about doing something that’s beyond what good practice but we are suggesting that if you’re doing this without the benefit of a data use agreement, there are some methodologic parts and pieces that need to be assessed and applied. I think if you had a data use agreement, you’d covered all this –

MS. LOVE: Well, if it’s in the dataset, it’s got a stack of papers this thick with each data element, each definition, who gets to use it. It’s just very extensive and so I just wanted to be clear. And then sometimes we’re using primary dataset for secondary because it may be tertiary datasets by the time it gets to a community assessment – so my brain’s still trying to navigate through this.

MS. GOSS: So from the perspective of trying to get an overarching agreement to how we’re going to look at data and then be able to use that data in its framework, there’s a step that I think needs to be taken after we get our framework kind of solidified which is to do that outreach and figure out all the different pieces of the puzzle potentially and to get people to take this framework and then create that data commonality.

For instance, the work that we’ve seen on the JASON Report as it relates to EHR data and discreet metadata about each of the data is a direction that we’re headed in but I would imagine that we need to reconcile that one piece of the puzzle back up to this framework.

MS. LOVE: There’s some work that’s been done USHIK –

MS. GOSS: Not everybody may be familiar with USHIK, the United States Health Information Knowledgebase harmonizes some of these datasets, probably not this detailed but in a metadata way. So also to make sure we’re allowing that.

MS. LOVE: It goes even all the way down to standards. So yes, it is pretty robust.

MR. SCANLON: But I think I hear Denice making the point that this is not a one size fits all. It’s kind of relevant to number two that if you have the equivalent or the comparable protections and guidance in place that you don’t get to change it. Is that the – we do the same thing with ONB and HHS. We way we’re already doing that. Don’t make us do something different now.

MS. LOVE: I have some other comments but I’ll wait until you want me to.

DR. STEAD: And the idea here would actually be to have a harmonized standard set of this kind of metadata so right now everybody’s largely figuring out it separately and then each new – each time an analysis needs to be done, somebody has to come in and try to do the archeology to figure out what was actually done. And that’s what we’re trying to see a way to get passed.

MS. KLOSS: I just want to make sure we weren’t seeing this as a set of rules. It is a taxonomy. How you choose to implement and how you incorporate it into data use agreements and other things is beyond the scope of what this is. It’s just making sure that you’re covered, organize the waterfront.

DR. STEAD: So the last question is this idea of how we pilot use, and from my perch, this somehow means probably a dry lab exercise but I don’t know if other people have better examples. I think to begin with, from a National Committee point of view, we’ve got to get this to a point that we either say this was a bad idea and we’re going to quit worrying about it or this is at a point that somebody grabs it and it actually becomes something they work with going forward.

I think for me the best example of something like this is about where the Unified Medical Language System was in 1985. And it’s now a major resource. And so hopefully we’re getting it to the point that somebody could then see aha, this is how somebody, I believe in the federal government, is going to have to begin to say, this is how I could actually speed up my day job.

And then this would become an organic part of what people do and it would grow and develop. And I think the question is how do we help it along that journey and get it to that point. And I don’t know if people have ideas about that.

DR. SUAREZ: One consideration perhaps is to what extent there is a need to develop a simplified guideline on how to use this framework for – with sort of a step process guideline that a community health initiative can take and say, oh, this is where I start and this is what I can do next. We are making it a –

DR. STEAD: My first cut at that, at high level, were the scenarios that I put in. They were beginning to get there. Let me read you what I wrote to Denise and in a separate thing to Dave Ross.

One thought about the dry lab exercise would be to, step one would be to take a primary data source, tag it with the cells in the data structure on page seven to show the levels that that data source obtains. I actually think we might do that with the core metrics effort. It might be a very interesting way to see what the gaps and coverage of the core metrics from the IOM report are.

Step two might be to tag the primary dataset with the characteristics from the first category of the methods taxonomy on page 19 to 20.

Step three might be to tag a proposed or preferably actual secondary use with the applicable characteristics from the second category of methods taxonomy. This category is very sketchy now so we may discover that all the characteristics in the primary set need to be repeated in the secondary because you’re only going to pick the ones that relate so it doesn’t hurt if we have things that don’t relate.

Then the fourth step would be to tag the analytic method to support the secondary use with the third category. Then the fifth step would be tags to show if the primary – would be to use the tags to show if the primary dataset, secondary use and the analytic methods were compatible or not. That would be an initial dry lab.

Then if we didn’t get blown out of the water at that point or if we fixed that, then step six would be to tag the proposed or actual stewardship plan for the secondary use with the fourth category and then we would be able to see, use the tags to see if the primary dataset, the secondary dataset, the analytic method, and the stewardship plan were compatible.

And if we didn’t get blown out of the water there we would need and maybe, Walter, you could help, we need to stub out what the standards parts of the category looks like and we would obviously do that. Then you would use all those to show it was compatible. That’s what I mean by systematic use and if we could work our way through one example then I think we might could write the manual you’re talking about. That was the only way I could think about it.

DR. SUAREZ: That’s excellent. That’s exactly what I was thinking needs to be done.

MS. LOVE: And another thing that I missed, and I could go through, I tried to work this in my own little dry lab in Idaho. But what I’m missing, I guess, is really the business case where a data agency or user to invest in doing this. And I think then if we can make that vision happen, it would make it easier because I’m worried that we propose something that isn’t going to be operationalized or isn’t – I just don’t see it systematically in the world that I represent them tagging this.

Now, that doesn’t mean that it doesn’t make sense and it doesn’t mean they’re not doing it probably on one-on-ones with their data users guiding them. But I’m not sure that the community groups I worked with have a clue how to even apply the taxonomy to be honest.

So I don’t want to be the wet blanket here. I’m just a little concerned about how it’s applied because on the discharge data it says the original collector and aggregator – does that mean hospitals or is it the government that makes the data come together for 300 hospitals or is it the vendor ETL loads the data or is it all three?

So I kind of work through this and I had a lot of questions. And then the analytics were even more difficult to be honest. But I won’t get into the weeds here because I don’t think that’s what you want me to do.

DR. STEAD: What we have to do is come up with – we either need to say that we’ve – from my perch, I think I’ve done the best job I can do at trying to describe this. I’ve enjoyed doing it and I’m comfortable putting it on the shelf. I think as a Committee, we need to decide whether this really is necessary. I still think it is and I think at one point many of us did. I don’t know where we stand on that. If so, we’ve got to figure out how to answer those questions.

MS. LOVE: And also to describe the vision of how if you tag your data, what will happen as a result and not just tagging it.

DR. MAYS: I want to kind of tap into a few of the things that Denise said. Because I guess what I’m thinking about is somebody like Damon, and I know that you had a conversation with Damon. There is the group that has all these huge numbers of datasets that could do this but the question is will he really do it. Does he think it – I shouldn’t use him but – as an entity, because I’m sure it’s beyond just him. But would they put the time and energy into it. So I don’t know where –

DR. STEAD: He has responded positively but has not done anything.

DR. SUAREZ: So I think it’s a matter of finding a possible – because I do believe that in order to document the business case, there’s almost a need to test the model in some example or fashion with a particular project or initiative. And I think it’s a matter of finding that kind of an initiative and I don’t know if within the department there’s such an initiative.

MR. SCANLON: The Committee is not operational arm so we have to know when you’ve done the standards and the policy and the framework and when it’s time to ask for comment or hand it off to someone. I think we’re wondering now Bill are we at the stage of getting it out for profit or someone else to hand it off. I don’t like the Committee getting into sponsoring tests because it’s beyond the advice and assists.

So one thing we could do is ask for comment. Are we presenting at Datapalooza? We could just see in that ecosystem of how they – what their reaction would be because we’re sort of assuming we know based on what we heard from the communities, that this is what they need and use. But we may be going over their head; they may be going over our head.

There is some need for that kind of reaction from the folks who know more about that side of the world. We could ask for comment. We could publish it as a working paper of the committee. We could ask for comment. We could ask people to think about it and react to us. The tests I’m just a little – other than to do sort of a tabletop –

DR. STEAD: I think a tabletop, I would hope we would do a tabletop before we tried to put it out for comment. And I’d hope that also could stub in the standards part before we put it out for comment.

MR. SCANLON: And the application you’re thinking would be community common indicators or something like that? Or the application could be almost anything I suppose.

DR. STEAD: We could almost go back to some of the datasets we were working at the meeting we had last year.

MS. KLOSS: I had one thought that – I think based on this discussion, maybe we just need one more time to go back to the statement of purpose and talk about why this is needed to bring the data universe kind of together. When we think about how this project was initiated it came out of the fact that we just don’t have a common framework that we’re drawing from to make any of these decisions. Now we’ve got a good draft of it.

But I had kind of an idea that it seems to me the next group that could really chew on this perhaps would be some of the medical informatics students, perhaps at Vanderbilt, could have a really interesting project, or OHSU. I just think they’d get all over this. Anyway, I just thought it would be kind of a great quarterly project.

MS. LOVE: I just struggle, and maybe it’s just because I’m new and I’m coming in a bit late. Like applicable regulations, I guess you could all apply because really HIPAA, state, each dataset is governed by probably a dozen and some that I don’t even know about. Just because it’s not in my state law doesn’t mean federal law doesn’t apply because of federal privacy laws so I think FERPA, HIPAA, C42CFR, all of that may apply. Just going through this like a worksheet, I thought I’m stumped.

DR. STEAD: Before I – if you have a taxonomy, and what you’re doing is tagging the dataset, the way you would actually do that is go to the lowest level of the outline which you know the answer to and tag it – so you tag it, so you may just tag it with they’re regulations that apply. At that level alone, you’ve created a useful piece of information, even if you don’t know which ones it is. So the point is not that you have to have the precise answer for each piece of this. The idea of tagging as opposed to a data model is that you tag it at whatever level of specificity is known. But if you do that upfront at the time you created it, you provide information that is useful downstream and very hard to find out downstream.

PARTICIPANT: And it is not all or nothing.

DR. STEAD: No. It’s whatever you know. So you just pick but when you pick something, you’re picking it from a standard set. And therefore, you make something that is easier for both people and systems to work with.

DR. MAYS: In the workgroup, part of what we’re trying to do once we get back on track is this kind of guidelines for people in terms of how you put a dataset out so that more people will use it. So my suggestion would be, if you want to kind of test this out, I don’t think at the meeting tomorrow because they need to have read it and thought about it, but I would be willing to do is to have a conference call with that workgroup to talk about this and let them give you some feedback.

And some of this will fit into guidance that we’re trying to give anyway but I think you want to hear from them how much does it take to do this so that realistically we understand whether people will really do all of it and I’m glad somebody said it’s not all or none. They might tell you to prioritize some but that is a lot. And we’ll see also, we’ll try and get Damon to tell you whether he would be willing to do this for all the stuff.

DR. STEAD: The real question for Damon is whether he needs this type of metadata which I think he does. I think he said that at the last meeting. And if he does, is this a one away to get at it.

DR. MAYS: He does need it. The Committee is talking about it. I don’t know whether this is where they would go. That’s I think the issue –

MS. LOVE: Can I ask one more dumb question? Didn’t DataFerret and DataWeb do this at one time. Because I had to do a metadata for three state datasets for the DataWeb at one time and they were tagging and harmonizing. I just don’t want to redo also work that –

DR. STEAD: We have not been able to find anything at all like this in terms of the multilevel data structure or in terms – we’ve taken everything we could find and used it as a source to populate what we’ve got.

MR. SCANLON: I think what Vickie says is actually an interesting to go. For anything we put any dataset or tool we put on healthdata.gov and that makes it up to data.gov, we’re supposed to be tagging those anyway but I don’t know what we’re using as the dictionary for tagging. And Damon doesn’t actually do the tagging. The dataset users –

PARTICIPANT: Because we got a whole bunch of stuff from data Census and HHS for the tagging the time. That’s what I was just saying. Check with –

DR. COHEN: I don’t know whether Bill Davenhall is still involved at all but he started a project at a much higher level but the focus was on essentially doing what this is but not at quite the detailed level to think about how you provide information and structure about the data to make it ubiquitously usable. So Vickie, I think your idea of processing it through the Data Workgroup is great.

MR. SCANLON: And I think rather than going in different directions in terms of the tagging dictionary, it would be good to see what we’re using now or what GSA is requiring.

DR. COHEN: And if folks know of other efforts and I’m sure some of the Data Workgroup members may that would be very helpful if there’s something that we’ve missed, if you could get those references.

DR. SUAREZ: Thank you so much. I think we’re going to take a 10-minute break. Let’s come back at 3:15 and we’ll just adjust the backend of the schedule a little bit more but we’ll give you – because I know the Privacy Subcommittee has a lot of stuff to be – so we’ll be back at 3:15.


Agenda Item: Subcommittee on Privacy, Confidentiality, and Security

DR. SUAREZ: I think we are going to go ahead and start again. I know we have a lot of material to cover in this next session. I am going to turn to our co-chairs of the Privacy and Security Subcommittee to lead us on this. If people could join us back at the table that would be really very much appreciated.

MS. KLOSS: Thank you, Walter. We are going to get that chairman a gavel. This is the portion of the meeting dedicated to the work of the Privacy, Confidentiality, and Security Subcommittee. This is the time for everyone to engage with the work that the subcommittee has been doing. We have four items on our agenda and we have one hour to complete it. I am going to move.

First, we want to bring you up to date on the toolkit and where that is with regard to its being finalized and launched.

Secondly, we want to review in a little more detail and take the majority of our meeting to give you a high-level recap of what we learned at the May 6 and 7 public meeting concerning the 1179 exemption for financial institutions, exemption from HIPAA.

Third, we want to discuss where the subcommittee focuses its efforts next.

And fourth, the chief Privacy officer from ONC, Lucia Savage, is joining us at 4 p.m. and she will give us an update on the Privacy and Security Workgroup of ONC’s Policy Committee and also a Privacy and Security guidebook that was recently distributed and also anything else she wants to report to us. We have 45 minutes for the Subcommittee work and then she has 15 minutes. Though we may spill over a little bit.

On the toolkit, I think you saw colored copies on the table. I put one on that side of the table and have another one here to pass around if you need it. But we are making progress.

In February, when we together, we shared a draft launch plan that called for distributing this as a PDF on the NCVHS website in March. We are about one-quarter behind, but we still intend to advance according to that launch plan. Debbie is going to give us a little status report.

MS. JACKSON: Yes. Thank you. Hats off to the printing and editing office at NCHS and to Linda who reviewed reams and reams of the document for the editing for clear language. We had wonderful and several editors who did a dual project on that and really went through to understand the concepts and the terminologies. The intention in looking at the audience was to bring it to the audience and making it as accessible. We think you will see from the graphics on that we want this to be approachable and that is the first step on that. Despite being a quarter late in what was kind of an ambitious launch timing anyway, I think that this is a great project to start to show where the committee can go in getting into the communities.

This summer was going to be a key time period to get materials out. So far, we were still able to make most of that, but just to keep in mind. This document that you are holding is not the complete document because we are still working on the appendices. Those alone took another couple of weeks to just pull together for that. This is the text itself. The appendices are coming and then that will be a complete document that will be reviewed for 508 compliance and then posted on the web. It is at that point that we will have a link.

Ideally, we will have some interaction, as Linda was saying. The thing is to look for the future as for possibility having back and forth in material or interaction and getting feedback. We can always target that. For right now, it will be the regular static PDF. But at least we will be able to use that as a frame of reference to launch and to send out.

You should have already gotten — if you are on the NCVHS gov delivery service, you would have gotten the announcement about this meeting. If you have not gotten that kind of announcement, please get on that list serve. But that is where a lot of our constituents and stakeholders get our material, notice about the meetings, notice about the major events going on. We have that targeted.

Rachel, who is here, suggested and offered graciously to plug things on to her serve as well. Once we have it identified on the NCVHS home page then lists and groups can resort to that.

Someone mentioned the datapalooza. I got a notice to try to pull — that they are trying to pull some of the key points together for that. You know that kind of a target audience. As well as a conference. I have not really focused on and negligent on my part. The National Conference on Health Statistics. The NCHS conference will be this August. I will get those exact dates. I think it is the 16th and 17th. I will double check and get that out to you. Along with, of course, the data council.

If all that can occur within the next two to three months, that would be a pretty luscious launch for this toolkit that can help get the material out and launch what is going on with the National Committee with this project.

MS. KLOSS: Thanks much. We will look for more communication on what our timing is.

PARTICIPANT: Datapalooza is next week though, right?

MS. KLOSS: Yes. I assume we got the latest and greatest to Lilly so she can do it. But the format really does look great and the time taken to get it looking good with enough white space on the pages. Time well spent.

DR. SUAREZ: Very quickly, very briefly, with respect to the datapalooza, I am actually going to be there joining Damon on the data lab as a co-motivator. It is a two and a half hour session. I will have a chance to present a very brief, not even a presentation, but more of a few remarks with an overview of the National Committee. I was planning to actually mention our products from Population Health as well as —

MS. KLOSS: Do you have a copy that you can hold up while you are speaking? I thank you for doing that, Walter. That is great. Any questions on that? We will be coming back to you and asking you for your good ideas about dissemination as we are ready to launch.

As you know, we had a hearing, a public meeting May 6 and 7. We just want to update you on — I want to first really thank Maya who did a huge job in pulling together speakers. This was a hard meeting for us to organize because we were into some new territory. It was not the usual people who know NCVHS and who are in our rolodex. This was challenging.

Before we finish giving you an overview, we will talk about a couple of areas where we have some gaps that we are going to fill in through additional telephone conversations.

On the whole, we really feel like we achieved our objectives for the day, which were three. To understand the current and anticipated financial services practices involving personal health data. To review how HIPAA section 1179 is currently being interpreted and applied in light of these evolving practices. And to identify what and if NCVHS should recommend anything, do any further outreach or any further development in this area. We will have a recommendation for the group as we come through it. We kind of wanted to take you through the learnings and then see if you land at the same place that the Subcommittee landed.

We start just to make sure we are all level set that section 1179 of HIPAA creates an exemption from compliance with HIPAA and accompanying rules when a financial institution is engaged in authorizing, processing and clearing, settling, billing, transferring, or collecting payments. We learned in the financial parlance that these are kind of called the treasury functions. It is just this processing of payment and not really doing anything else with the data other than that processing.

We had a start of the meeting. We had kind of an overview, a briefing of why this provision was inserted into HIPAA in the first place. What we learned was — that maybe isn’t crystal clear, but it was to distinguish the banking, that process that we just talked about, that process of paying the bill from other kinds of functions that were clearly itemized and under the HIPAA umbrella such as clearing houses.

One of the points of confusion is that banks refer to their ACHs, another terminology that we became very familiar with. The automated clearinghouse, the financial clearinghouse function. And obviously, there could be confusion and at the time probably was confusion about what is a medical or a health clearinghouse versus a banking clearinghouse. This provision was most likely inserted in order to make that crystal clear.

One of the really important points we learned in that overview was that we had to remember that at the time that was inserted, there wasn’t such a thing as a business associate because the regulations had not been written. The notion that a financial institution handling PHI could fall under the business associate agreement kind of wasn’t in the universe. I think that is really important because what our hearing turned out to be about was less about the specific 1179 exemption, which is pretty straightforward. It has to do with paying a bill. And more about the definition of business associates. I think that kind of encapsulates one of the important lessons we learned. It is more or less clear of what falls under 1179 as long as you define it clearly. What falls under business associate agreement and what is completely outside of HIPAA, but has implications. It was those second and third issues, the business associate, and what falls out of HIPAA that has implications for privacy that focused a good deal of our attention.

Interestingly, one of the other lessons we learned and I guess we should have known this, but we don’t go back this far is in 2004, the NCVHS Privacy Subcommittee actually did address the same issue and had hearings and issued a letter to the secretary on 1179 and made three points. First that the secretary should clarify the nature of 1179 exemption to whom it applies, recommend to providers and payers that they use business associate agreements with financial institutions and consider whether encryption should be required for PHI moving through the ACH, the financial clearinghouse. That is 11 years ago.

In many ways, one of the other things we learned is how has that environment changed because it was very helpful then to find that letter and have that as framing the state of the world in 2004 and how it has changed.

I think the Subcommittee would agree that it has changed. There were certainly more health care services being provided by financial institutions even acknowledged in the 2004 letter. That has grown tremendously in the last 10 to 12 years.

We had the passage of HIPAA, the insertion of 1179, the HITECH changes, which really became important to our thinking because we were reminded that under the HITECH changes, business associates are now subject to HIPAA rules directly even without a business associate agreement. Just get your mind around that.

Banks, in some ways, there is a gap here. That if they are performing these functions that should logically require business associate agreement and even if there isn’t a business associate agreement, they still are subject to those rules. It is not the same world as it was in 2004 when the recommendation from this group came forward that we should be using business associate agreements. Now, those provisions and rules really apply.

And the allocation of responsibility becomes more important because of issues like breach notification that kick in. There are gaps in our understanding of how all of these apply. We learned that in the first hour of our hearing.

Our first two panels we really merged it into one larger panel with two sections were financial institutions of different flavors and types and focuses. One of the challenges we had throughout the day was to get a taxonomy, if you will, of what are the financial services being provided for health care by financial institutions. We think this list is pretty complete and again we got several ways of categorizing that through the day, but our last speaker actually had a very inclusive list that kind of rolled it all up. Cash management. There are thousands of banks doing lockbox services for health care organizations, some of which are governed by business associate agreements and some of which are not. We will talk a little bit more about that. There are interpretation differences.

Just the financial clearinghouse networks. EDI, payments, processing, including remittance consolidation, lockbox processing, health care credit practices, online mobile payments, revenue cycle consultation, credit card operations, all of the health savings accounts and varieties and data analytics. This world looked much narrower in 2004 than it does today. That certainly was one of the lessons learned.

Let me just stop. Are there any questions here? I am going to keep plowing along, but I certainly can stop.

MR. SOONTHORNSIMA: I get everything except the last one. Data analytics. When you say data analytics, in what context of the financial services folks are using PHI?

MS. KLOSS: Well, that is a little hard to pin down. Big data stuff.

MS. BERNSTEIN: I don’t want to use the term big data in particular because it has different meanings to people. Looking for patterns and identifying trends, identifying anomalies in large collections of data, which banks have in their transactions. The same kinds of things you would imagine doing data mining. Some of those things have pejorative connotations. I did not to use something pejorative. We mean those kinds of things.

MR. SOONTHORNSIMA: Everything else seemed more substantive. It has more specific content and substance. Data analytics is just so general so it is hard to —

MS. SEEGER: Just to add on to that, some of the activities we heard them described were actuarial type services like pharmacy benefit management.

MR. SOONTHORNSIMA: I get that. Banks do that? They do PDM?

MS. KLOSS: Let’s remember. We are talking about financial services organizations. The sophisticated organizations have set up subsidiaries or separate companies that certainly have the firewalls needed to allow them to be in other businesses. It is not right to say that the banks do this.

MS. BERNSTEIN: Big banks are doing some of these things as well.

MS. KLOSS: But they are doing it through an organizational entity.

MS. BERNSTEIN: They are. They can create a hybrid entity in order to do this. But banks like Chase, City, the very large banks have a more vertically integrated service is what we understood. And some of the smaller, community and medium-sized banks are staying out for the most part of things that are covered by HIPAA, but larger banks are providing this as a more comprehensive service to some of their clients.

MS. KLOSS: But in ways that are sophisticated and using the kind of firewalls that would be — organizational firewalls.

MR. SOONTHORNSIMA: I get your point. I think larger entities — they have subsidiaries and by default the fact that you have systems of subsidiaries, you have different set of business rules and so forth. There are firewalls between these subsidiaries. I just won’t to take a general statement.

MS. KLOSS: That is why I want to clarify. Banks versus financial services.

MS. BERNSTEIN: And also among the services that these entities are providing. Not all of the entities are providing all of these services.

MS. KLOSS: I don’t believe and certainly other subcommittees can — members can correct me if I am wrong. I don’t think there was much confusion about the treasury functions that clearly fall within 1179. That the issues were around other services that we saw on the previous slide and how that work is falling under HIPAA and how it is being appropriately managed according to the requirements and regulations of HIPAA.

MS. BERNSTEIN: I think there is also the case that I think maybe are a little — looks a little uncomfortable with this answer, but part of it is not just what the HIPAA side of the thing is doing, but on the financial services side, there are different banking regulations and this is one of those gaps that Linda is going to get to. But my understanding is more open with respect with respect to how they can share information particularly with their associated companies. Information could be coming in, which you don’t expect and being shared among all those subsidiaries in a way that you would not expect if they were just covered by HIPAA.

MS. KLOSS: We try to frame how financial institutions think their functions fit into HIPAA, they contrast the legal structure and requirements of HIPAA versus the banking statutes and clearly, there is a range of statutes that banks and financial institutions are obligated to uphold.

What we learned was that they don’t step into these health care data use issues lightly. That they know if they are going to undertake HIPAA, they have to staff up. They have to organize. They have to invest the dollars to do it well.

What we learned is that compliance is really a strong part of the culture and that for top-level banks, they are not taking this lightly. If they take on a compliance obligation, they do it well and thoroughly.

Now, I think it is like talking about the provider community. You have seen one group of providers and you have seen one group of providers. We are going to get to that because it was clearly distinguished from us that the big 20 banks follow the letter of the law and are probably model compliance. Like small providers who have never heard of HIPAA, there are small community banks probably that are doing lockbox and other functions and neither they nor their provider partner are entering into or solidifying their agreement the way they need to be.

I think what represents the very best practice that we heard is the 20 top banks, not the level of function for the full 12,000 banks across the country. Many of our testifiers made the distinction.

But on the other hand, when you think about the top 20 banks, how much of the payments and other things do they process? Probably 85, 90 percent. The 20 really do represent the norm. And then if you were looking at a bell shaped curve, there are a few edges.

We learned that there were conflicts and gaps among the legal regimes that govern banks versus HIPAA. We learned that there are opportunities for clarity in interpretation and opportunities probably for harmonization.

We learned also that for some in the financial services industry, even some who testified before us, their understanding of the more complex issues around HIPAA was relatively immature. For example, there was testimony that confused minimum necessary with meaningful use, as you heard this morning from Rachel.

There was testimony that said that they were avoiding needing to comply with HIPAA because we did not want to go through this onerous process of amendments and corrections as required in HIPAA and that that just would not be possible when it came to financial records.

But at the same time, this attitude that we are exempt under 1179 so we don’t need to worry about it is just not true anymore. Because even though there is no business associate agreement, it does not absolve them of liability.

Any other comments on that?

DR. FRANCIS: Just one. The general tone of this that I think is really important for everybody to realize is that the banks really want some help with this. I did not sense an adversarial tone at all. There are places where they want clarification.

MS. KLOSS: They don’t want more regulation.

DR. FRANCIS: They don’t want more regulation, but they do want clarification.

MS. KLOSS: I think that is right.

Now, our afternoon panel was the providers commenting on their relationship with financial institutions that they do business with. We learned about gaps in the health sector as well and their management of their relationships. Inconsistencies in when and how BAs0 are being executed.

We had a chief compliance officer from a very large health system who is at the pinnacle of her career and certainly says they have all their act together in their organization with regard to business associate agreements. But she certainly knows that is not the case across the country even in hospitals, much less small practices. We certainly know that there is going to be quite a gap in services that should be covered by business associate agreements, but are not.

Furthermore, we learned or reiterated that even when the business associate agreement is in place, in large organizations given the thousands of BAs now, it is just not practical or possible that the providers are staffed to really do the kind of job they need to do in monitoring and auditing those relationships and compliance. We certainly saw some gaps that can be addressed there.

We learned that there is really unevenness and competencies in vendor assurance, risk assessments, security risk assessments, privacy impact assessments, things that we would hope health care organizations are able to do, but certainly are doing unevenly.

Let me say that we went through an interesting process as a subcommittee. We were able to have our meeting on one day and then we had a full half day to hear what — to pull together the lessons learned. We actually walked out of that meeting with the slide deck pretty well done.

One of the take-a-ways was that we have some opportunities in health care to learn from the financial industry. Certainly, strong audit functions with some exceptions. Compliance as part of the culture. Investment insecurity, cyber security and really advanced focus on security because it is absolutely core to the business. Whereas health care continues to lag in security and while we ought to be talking about health care and cybersecurity, we are still talking about passwords. Stepping it up. The banks being a real source of know-how there that probably could be of great help to health care. Then the whole area of vendor assurance. We identified some areas where health care could really collaborate and help — where banking could help health care step up, most particularly in the security area.

One of the comments that was made and I think this resonated with me. One of the banking representatives said banking is an industry. Insurance is not. Because they cannot talk to each other. I think we kind of need to keep that in mind. The things we were talking about in the hearing coming up is to try to get our industry to adopt the same data standards and adopt interoperability and talk to one another. I think that is a compelling lesson to learn that we keep talking about health care and insurance as an industry. But by their definition, it is not because we haven’t done the hard work of getting the industry to talk to one another.

MS. SEEGER: I just want to add one thing that I think was an excellent illumination. Many of us forget that 15, 20 years ago, there were no interstate banking laws. Even there was no intercounty banking. There was some discussion about the roadmap to interoperability that the financial institutions undertook. I think for many of us who worked in the space for a while, there were some aha moments.

DR. SUAREZ: That is a good comment. I think the point that they were making was that — they were saying it very strongly. We are a national industry, national as in we are not subject necessarily with respect to exchanges and all that, to state laws. It is a national activity that really — that one picture. In the health care sector, we have many components and a lot of them are regulated at the state level and restrictions and all that. That was a very interesting perspective. We are a national industry. Health insurance is not, meaning health insurance is more like a local, regional —

MR. SCANLON: Can I ask one quick question in terms of the backbone for all this? The ACH is the banking and financial advance action clearinghouse. What is the HIPAA administrative simplification backbone? Isn’t it the same? The claims processing and everything we do electronically for industry — isn’t it the same ACH?

MS. KLOSS: It is.

MS. GOSS: Actually, technically, the 835 transactions are owned by the finance committee at X12 and the insurance subcommittee then has coordinates with them on the maintenance of that.

MR. SCANLON: But the ACH is the same —

DR. SUAREZ: For the electronic fund transfer, the ACH is a vehicle. It is changing that, but the actual 837, the actual payment transaction or electronic remittance advice is a transaction that happens outside of the ACH network in many cases and is going directly from the payer to the provider system. Those two are connected. The ERA, the electronic remittance advice, which is an explanation of the payment and the EFT, which is an order to transfer funds based on the —

PARTICIPANT: But when I pay my co-pay to my doctor with my credit card, which is probably using the ACH. I am paying the dentist or the doctor directly. That is the basic ACH system. You are right. When the provider pays the bank or —

PARTICIPANT: If you paid with a check, then it would be the ACH. Financial reconciliation that happens every day among the banks. Credit is another matter.

PARTICIPANT: The clearinghouse is —

PARTICIPANT: Along that line if you use your HSA card, that still uses the bank’s network. When you use your HSA card, which is a cash card, then you use the ACH network. But you are not necessarily passing your PHI data.

PARTICIPANT: But the ACH actually does the reconciliation — I am just wondering why are we creating all these new information exchanges if we have to —

MS. KLOSS: We also saw some opportunities for financial services to learn from the health sector. One of the areas was the fundamental notion of privacy as a value promoting trust. This is an area that we felt the need to do some follow up. We did not have chief privacy officer from a major bank on our panel. We heard some conflicting —

PARTICIPANT: We were challenged by the fact that the representative of a major bank could not be there that day at the last minute. We talked with him afterwards and identified some gaps including this one.

MS. KLOSS: His belief was that some of the privacy practices, again, at the top echelon organizations is top notch and privacy is strong commitment certainly as security is.

The limitations on data sharing functions. There is more clarity. Your comments on HSAs. The processing of information and your patterns of health services use through an HSA would be analyzed by a separate company, the HSA company, which would be covered by HIPAA. Again, strictly paying a bill or charging a credit card would go through the ACH. Again, the firewalls that exist with greater clarity on data sharing functions.

And then a third area, which was a fascinating part of our — and really was a theme that ran through the day. This issue of the consumer as part of this. We cannot look at this ecosystem anymore as banks and providers. We have to look at it as banks, consumers, and providers. Mobile banking and mobile health are converging. This world is changing. Whatever lens we view it from today by the time this committee is holding its 1179 hearing in 2024, it is going to be a really different world and it is going to change quickly.

In fact, we ended our day with some discussion about those related issues in a changing environment. Wearables, mobile apps for health banking and other services that are certainly converging. Alternate payment services bit, PayPal, other services. Noncovered entities with no BAs.

PARTICIPANT: All kinds of new services that are not covered, some of which we have talked about here in this committee before, but new ones are coming along all the time. Wearables, for example. They collect all kinds of information not covered unless your insurance company gave you the Fitbit, it is not covered.

MS. KLOSS: I read an interesting one yesterday and this would be HIPAA covered, but it was just fascinating to me. I had to send it to Leslie immediately. The insurance companies were finding a way to find out when a woman gets pregnant, not just wait to pay the bill when she shows up for prenatal. The company is saying they are getting notice that you are pregnant too late to bring good care management services. It blew my mind.

Expansion of the big data. We actually thought we could tap into the data work group to give us more examples of these kinds of related issues that are blurring all of the lines, as we knew them.

Here is where we kind of where we pulled together the recommendations. We had a number of rich recommendations. But one of the recommendations was of great interest to us is that there really should be some kind of health financial cross industry work group that shares best practices, shares policies and looks for ways to advance privacy and evolve the role of consumers. We saw the output of a project that has been done under HIMSS to look at the revenue cycle of the future. It is more technology oriented and what kind of technology will be needed to produce this more consumer-driven. We are not thinking of the revenue cycle, but we are thinking of this exchange and information exchange ecosystem.

We do conclude and we did conclude that a business associate agreement guidance continues to be needed for providers for health plans for financial services organizations. We think we are done with that, but guess what? We are not. For providers, certainly, but also business associate guidance for financial institutions. There was acknowledgement that that would be helpful.

We also concluded that it would be very helpful to have more detailed gap analysis of HIPAA versus the banking regulations as they related to privacy and security.

We live in our own world of regulations. Some of those conversations were hard to have because nobody understood the whole picture. We were not sure that that hasn’t been done by somebody. We really think that could be brought to light in some way.

MS. GOSS: I am not sure I want to ask you this question or if I want to ask Rachel this question. Maybe it is for Lucia who is coming on shortly. Wasn’t there a prior update that ONC with OCR wanted to look at some of the provisions of HIPAA and update them from really what is happening as well as resolving some of these misconceptions or cross industry implications?

MS. KLOSS: With respect to banking specifically?

MS. GOSS: No, I just thought we were going to open HIPAA a little bit and look at it and maybe try to make some improvements. I wonder if this then might be something we need to include.

MS. KLOSS: I think we were just looking at having someone construct a side-by-side. There is Gramm-Leach-Bliley. There are other kinds of banking specific, office of the controller of currency. They are not regulations that certainly roll off our tongues. But it would be interesting to know how they line up. We really felt that that could be a clarifying step.

MS. GOSS: I think that if we do that analysis then down road if there is some opportunity to modify regulations, then we should be thinking about the timetable linkages.

DR. SUAREZ: I did not hear during the hearing any necessarily evident-conflicting issues, at least they weren’t presented. From the back end, industry is saying we are a banking and here we have HIPAA, Gramm-Leach-Bliley, all these — even privacy and all this. They have then all the mapping I am sure. They at least did not express any issues with respect to conflicting aspects. There might be some more complementary and some more stringent than others. I don’t recall any specifics about that.

Now, your question maybe goes more into this is HIPAA backing, but there is HIPAA the bigger picture of all the other things, backing and whether there is a need to — exactly. Go back and revisit it.

MS. GOSS: Make the language more aligned like to the point of 1179 exemption initially, but then you have the Omnibus Rule, which kind of takes that away. Just to refresh some of the text. If we are going to open it up, this is really my question. Is there any thought about really opening it up?

DR. SUAREZ: There is only one part that is being opened up is being considered in Congress, which is HIPAA sections related to research and in the 21st Century Cures legislation, but that is still in legislation and there is still a long way to go.

MS. KLOSS: I think that the gaps have not presented huge problems in the past because we are siloed. But the gaps when we bring consumer into this will become more of an issue. This is all going to be driven by the consumers over the next decades. Then the gaps in privacy are going to be revealed because consumers will expect a certain baseline, not two different baselines depending on whose issuing on notice of privacy practices or whatever. I think that is one of those issues that is going to be impacted by the world we live in.

DR. FRANCIS: Relatedly, the whole expectation that health savings accounts are going to be massively increasingly because that is the space in which the consumer is most involved.

MS. KLOSS: I will just read a quote from one of those who gave testimony. The Office of the Controller of Currency is very clear about banking services that are part of the business of banking. HHS needs to be equally clear in what medical banking market structures are subject to HIPAA. I think there was a recommendation to support the outreach to financial services sector by OCR by way of clarification.

We also thought there needed to be further study on the use of big data analytics if it involved any health care services data.

I think our conclusion was as follows. We wanted to hear from the data work group about the evolving world. We wanted to do a little more digging into predictive analytics and how that is being used in the financial services industry.

We wanted to follow up on the privacy functions in a large bank. We have some names of people to do a telephone interview with. And non-traditional financial services. We have a little more data digging to do.

But the subcommittee came to the conclusion that we have enough to write a productive letter to the secretary. We have enough recommendations that we think we can stand behind.

But then it would be our preference beyond filling in a few of the gaps to write that letter and be done with the subject. It was not our conclusion that there was a need to hold another hearing or to really go further. In fact, we would be well advised to go to another area or topic where a practice is less governed by laws and regulations.

That is our presentation. I will really stop right there. I hope that was helpful. I hope you took away something that can be usable. Whether you would concur with the subcommittee’s conclusion that we have enough to write a letter and then we are moving on.

MR. SOONTHORNSIMA: The only one maybe we would have sideline conversation. If you go back one slide that talks about the potential recommendations. Predictive analytics. Further study on use of big data analytics. Because it is broader than financial service —

MS. KLOSS: But we are only talking about it in this context. And really, the question is if financial services are using health care data and merging it with financial data, are they doing it in a way that is applying the stewardship practices that we would recommend even if it is not specifically covered by HIPAA. Is there an application of the stewardship?

The issues in banking are the same as the issues in health care. The things that are beyond HIPAA are just a problem. That is a good segue to —

DR. SUAREZ: Particularly when the entities are the subject to HIPAA in the first place, but they take different roles. And some of those roles become subject to HIPAA. A bank can play the role of an administrator. A health plan can play the role of a financial business associate of a covered entity and play different roles. The issue that I think we were probing on data analytics was to what extent a bank that collects data and has access potentially to patient-level information — call it PHI, would use that type of data to make financial decisions about a consumer. This person is asking for a mortgage. I see that they have XYZ conditions. Clearly, we oppose that —

MS. BERNSTEIN: That particular thing is against the law. That particular thing — in the FACT Act. But there are other things. Marketing and sharing with your affiliates and other things that are allowed. I just don’t want to keep using that as an example when in fact it is already against the law.

DR. SUAREZ: We did probe that and they clearly pointed to that fact. They don’t do those kinds of practices. But there are others.

MS. KLOSS: Our subcommittee has a decision to make, which we won’t make today given time. But we need to talk about what area we advance next in our work plan. I think we will have a subcommittee meeting to talk about it and spend more time on it in September. Our plan would be to try to have this letter drafted for action at the September meeting. We don’t see a reason to drag it out to that end.

MS. BERNSTEIN: To that end, we circulate perhaps in August. We would really benefit from everyone actually reading it and responding to us with comments and we are not having to deal with them directly at the meeting, but we want to be able to accommodate whatever concerns you have in advance and then bring something more mature to the table in September.

MS. KLOSS: Any other questions?

MR. SCANLON: Can I just ask if Rachel found out — you found the information that OCR was looking at as well in terms of assessment of where things are?

MS. SEEGER: I think that the information that we gleaned was extremely helpful to us. It has sparked a lot of good conversation today. I think that we are very interested in taking a look at seeing what we could do to further clarify at least business associate agreement requirements for the industry.

MS. KLOSS: Thank you. I would like to introduce Lucia Savage. We are looking forward to hearing about the priorities.

MS. SAVAGE: I think that circulated to you yesterday was our privacy and security guide, which we published on April 10 with the incredible list from OCR to get it through clearance. Thank you to OCR. The audience for that document is small to medium-sized practices. We had three primary goals in our update. We last published that in 2001. Since 2001, we not only have the Omnibus Rule itself, which has further elaboration on some features in HITECH like patient access to electronic health information, but we also have a couple of rounds of certified EHR technology rules from ONC and Stage 2 of meaningful use. We tried to account for all of that substantively in the update.

We had a programmatic drive. I will have to say. They said it was ready to publish and I sent it back because it was not written in clear enough, crisp enough, obvious enough practical language and practical examples that I really want to reiterate that OCR heard what I was saying about people need really practical updated examples that they can rely on and they really stepped up to the plate to help us deliver some of those.

Third, we really wanted to account in particular for the way that certified EHR technology allows a physician and a patient to securely message each other. There was some very updated guidance, the old guide that did not catch up to not only the needs of consumers today, but also what the technology that we have required EHRs to supply and the way we asked physicians to behave under the meaningful use program all works together as a machine.

Here is my question for the room. When I shop for my new physician, I would only pick one who is a meaningful user that allowed me to message them. But how many of you are actually using your physician’s portal to message your physician? I know Walter because he is at Kaiser. That is great. That is probably more than in your average crowd. Thank you guys for all being the test bed for that.

That guide is kind of the first step in a commitment we proposed in the roadmap and we are busy executing on the commitments we made in the roadmap for those of you who read it, which is to really work in partnership with OCR to identify areas where people need to have additional guidance and truth in a way that is meaningful and reaches them in their lives.

We, as lawyers, are pretty well trained to open up the Federal Register and read the three-column eight-point font, but most of the health care industry is not. We need to get information to them where they need it. That is the first step in what will be many things we do in collaboration with the OCR to bring that to people.

Our next project is we are working on some materials where we are trying to tease apart what are the health care operations for which exchange without consent is supported under the HIPAA rules and to give really practical examples of what is case management versus care coordination versus quality improvement. We are working on that in conjunction with our own clinical quality safety team and OCR. We will have it done when it is done. Hopefully, you guys will applaud that when it is done too. Again, the rules are out there, but we need to make it tangible for people.

We have also been working really hard on various behind the scenes activities relative to improving the cybersecurity response and infrastructure for the health care sector. In our federal health IT strategic plan last fall before I came aboard, we had talked about there needs to be more information sharing. That is obviously something that is reflected in the President’s January Executive Order. We know Congress is thinking about it. We are doing a lot of things within HHS over all with ASPR, ONC, and the different offices within HHS to try to put the wheels in motion to improve the threat sharing information about cybersecurity. I want to really clarify members of the public sometimes think when we talk about information sharing and cyber terms. We are talking about sharing data. Actually, the only data we want to share is the diagnosis of threats. They got to my system in this way and here is how I prevented the second round. It has nothing to do with data about people.

Then moving on to the list you have on your wall. We have also been really busy since December working on a deliverable for the White House. They asked us to use our health IT policy committee and our privacy and security workgroup framework to analyze and summarize issues related to how to take advantage of the opportunities for learning presented by big health data and what were gaps in regulation that would need to be accounted for to policymaking level.

This was in response to PCAST and the first JASON report. If you are really a wonk, and I know people who are, you can download the audio file of the ten hours of testimony from our website. The key dates are December 5th and 8th. There is also a date in February. I don’t remember the date. We have several hours of testimony about legal gaps, how HIPAA works, what are the differences between health care operations and research, what happens when data is de-identified, about re-identification and partial re-identification, about just what you guys were talking about, which is what tools do we have right now to ensure that we are on the one hand, eliciting actionable information that improves health care or that improves consumer’s lives from our analytic processes, while at the same time ensuring that we don’t start a whole new genre of essentially health data redlining.

PARTICIPANT: Leslie provided testimony at those 20 hours of hearing.

MS. SAVAGE: That is right, among many other people. Fascinating hearings and we will be summarizing all that in a report that probably will go to the policy committee in July. That is the tentative date. And then the coordinator will take steps after that to deliver what she thinks is appropriate to the White House.

And financial data came up in that with the first couple hours were all about how data about health is not data from the health care transaction anymore. It is your Fitbit. It is PatientsLikeMe. It is health social media, et cetera. Lots and lots of dialogue about the regulated versus not regulated space.

That leads me to the next topic on mobile health. We had hearings about mobile health in 2012. We recently published those findings. They were published in an academic journal. They have been on our website for a long time. What did developers want? What did consumers want? What did people three years ago, which is lightening elapsing of time in health IT, that was a long time ago, think about mobile health?

We have been undertaking some work this year with the FTC. My staff person in charge of this kind of describes. You know how if you use Turbo Tax, it asks you questions and then one answer leads you to the next question. Create a tool like that that a developer can use to figure out if they are in FDA land, in OCR land, or in FTC land or no land at all. The timeline for that, again, is hopefully this fall. My dream is I would have that ready for health 2.0 in October, certainly, the December version. It will come out sometime this year. We are going to see if we have enough resources left to add a fourth element, which is a building on the FTC’s excellent website on this right now, which is what you as a consumer should be thinking about with regards to mobile technology that is collecting information about you.

And then the last thing I want to say is about that mobile health. How many of you saw the news that Fitbit now has a contract with John Hancock for the John Hancock employees? That is my best — I am an ex-employee benefits lawyer before HIPAA. That is my best fact pattern ever because I say all the time to people. We have these great entrepreneurs. They come up with these fantastic ideas. The consumers like them. The president wears a Fitbit. And then they change their business model and it changes the nature of what they have to do. Now, John Hancock is going to be a business associate for a covered entity. Fitbit will be the business associate for the covered entity, which is the John Hancock plan. That is really going to — I don’t think it will throw a wrench in their engine, but they are going to have to make sure they do all the things that the covered entity has to do. We do observe that that is happening.

A business model may start retail and end up being a device through a physician’s office or start in the covered entity space and migrate outwards into a non-regulated space. It is something that we hear a lot. A lot of people besides you guys are thinking about it so don’t feel alone. We have to figure out at the end of the day what are the great policy questions we need to answer to protect privacy, ensure security, grow the economy, and get good information for the health care system and all of those goals.

I will stop and see if you guys have any questions.

DR. SUAREZ: Thank you so much for the update. This has been really good. Congratulations again on the release of the new toolkit. That was very helpful. I have two quick questions. FTC. You mentioned in a few of the new areas. And FTC has expressed concerns about the amount of personal health information that medical devices and other mobile type devices are capturing and maintaining in their systems, in the device itself. You mentioned mobile health as one of the areas that you have looked into.

But one of the concerns that I think we are experiencing and I think a lot of organizations are experiencing is the amount of mobile devices, the specific devices beyond the concept of mobile health, but the specific device interaction between our systems and the device itself. Having data be captured in the device by the consumer. That is the consumer responsibility in many ways. But when the device has to interact with EHR, for example, transferring data whether the device is a cell phone or a Fitbit or something else becomes a challenge on a number of fronts. Is there anywhere that it is being done from your perspective around that particular area of how to deal with — interacting with mobile devices?

MS. SAVAGE: I think that under the hood of your questions is really more about the data standard side of the equation. I think we clearly have a lot of things to sort out privacy wise and that is my expertise. But I will say that ONC has been very clear that it has a mandate beyond electronic health records. It has a mandate to identify and point to standards for health information technology in general and that the roadmap sets out. The draft roadmap. Of course, we are looking at everyone’s comments right now. Sets out some specific timeframes and deliverables regarding that and we have to bite that elephant one bite at a time. When we get to things like standard clinical data sets if they are adopted and of course there are limits to one’s rulemaking authority implicates what you can require somebody to do versus what you can exhort them to do. We have to be realistic about that. Then we should start to see some relief there.

It has many different facets. It not only has the facet of if you have the — who saw the Google contact lens. It is going to measure your hemoglobin A1C. It is just so cyber to me.

You have something like that. What is the way that it is capturing that blood sugar and how is it sending it to its home server and then how is that feeding into as a patient-generated health data into whatever is needed in the care stream whether that is at the physician’s office or at our facility, all of that. It is one step at a time.

DR. SUAREZ: And data provenance being — and the standards — electronic technical standards for capturing data provenance and meta-data is one of the big issues.

MS. SAVAGE: Interestingly, we learned recently that Apple’s health kit actually has a way of capturing provenance so that when the health kit user, which is all one of us because it all resides on the phone sends that data somewhere to rise with provenance tax. That was definitely interesting that we are still struggling to figure out the standard for that and Apple seems — certainly, they have dictated one for health kit apps.

DR. SUAREZ: The other quick question I have is about one of your favorite topics probably is the computable consent.

MS. SAVAGE: We are doing a lot of work on that. There are many steps on the path. I think a couple of the initial steps, which again are in the roadmap. In identifying standards among the standards, we need to help people be clearer about what is appropriate identity proofing for a patient versus a physician for their book of business versus a super user of an entire system with thousands and thousands of records in it. And then what are the appropriate levels under NIST of authentication for that identity-proofed user?

And interestingly, I was just at a presentation today and somebody was mentioning how the vice president of sales at some very large covered entity was a super user. We were all kind of going why. Why would you want the responsibility of having access to all that PHI just because you are in sales? We definitely have a plan for that. That is squarely in my team’s bailiwick under the roadmap.

And then after that, we work on — once a person is authenticated, how do we then get to the point where we can — everyone can agree on what needs to be — when does consent need to be documented, what need to be in that consent, and how does a downstream user confirm that consent applies. This will be a particularly acute problem relative to the learning health system and our growing desire to use computable technology for that in research consents. That is definitely on our plate.

DR. MAYS: Thank you for a great presentation. I want to build on something that Walter was asking because it is something that we are struggling with where is the guidance for us. We get funded often by NIH or NSF and we are doing studies that are using either wearables, using wireless or using mHealth. Often for the amount of money you spend, you want an intermediary to actually be — because you don’t want to build everything. You might use some company that can do a certain kind of texting for you. You are doing some health information back and forth. We have really been spending lots of time trying to find out what the standards are in terms of when you are giving people information about privacy, when you are trying to figure out how much can you really — the issue of using a HIPAA compliant computer and all that kind of stuff is the easy part. The harder part is to figure out when you have a business entity and you actually get them to agree. They won’t use this. But then there are mash ups that happen in big data.

I guess to some extent what I am saying is that it would be great if there was a guidance for researchers in terms of as we do this, that is kind of boiler plate that we could put into our consent forms. It is really hard.

MS. SAVAGE: I will say two things about that. I think everyone here knows that certainly four years ago, Office of Human Research Protection started down the path of trying to — they took in feedback relative to the common rule and I think everyone recognizes that whatever the conclusion of that work is, it needs to happen for the researchers to have confidence in what they are doing in an eHealth environment. I think that work will continue a pace. Although I am not directly involved in that work. We are involved as an advisor as we do for all the other HHS agencies.

And the second thing I will say is in fact remember under the PCOR Trust Fund. There is PCORI. They have a big chunk of change, but there is a balance which then HHS is responsible for tasking up various activities including a privacy and security framework and technology to support that — it is a research policy framework for privacy and security and then technology to implement that. I know that that is certainly in my offices and other parts of ONC have some responsibilities under that PCOR funding grant. I just don’t know how much more I am allowed to say here. I am looking at Jim because he knows probably too.

MR. SCANLON: We do have as part of PCORI as Lucia said. The HHS received — remember, the trust fund itself. They can make grant awards and they have a number of projects. A lot of it is network kind of research. HHS received some of that as well. Some of it goes to NIH. Some of it goes to AHRQ. Some of it is managed out of the Office of the Secretary. We entertain proposals to do work. I think the Office of the Secretary work is really aimed at building that infrastructure for privacy and security and standards sort of the overall policy. I thought that was the best use of the money that we had.

MS. SAVAGE: I would say that we have the task of making sure you have guidance. In terms of the research community and the public health community, I think that people have listened very intently and have a very acute understanding of the fact that in an eHealth environment, people need more information about what they should and should not be doing. To get it right is very painstaking and requires a lot of effort and a lot of public input and a lot of work behind the scenes. Unfortunately, we cannot really just talk about the behind the scenes work very much. Jim is nodding his head. I think most of the people in HHS who are thinking about this have heard the research community very clearly and are trying to be as responsive as we can given our institution.

PARTICIPANT: We are just spending hours with the lawyers. If there was anything —

MS. SAVAGE: I will say this about that. I go out. I talk to groups of lawyers. There are definitely groups of lawyers who can totally see ahead into the future and there are other lawyers who have no idea. They don’t even know how to use their Smart Phones. I have friends in that universe.

I will just tell you a story. I did a continuing add on sort of ONC’s mission under HITECH for the Virginia Bar Association. We were walking out afterwards. One of the lawyers said to me I am just afraid what is going to be in that electronic health record when I get sued for malpractice. In ten years, you are going to be sued for malpractice if you don’t use an electronic health record, which is probably true. Just like we saw today in the news. Cybersecurity. There is a 25 percent growth in cyber insurance sales. We will get more lawyers to you, but I don’t have a magic wand there. It will help you figure it out instead of scratching your heads. We don’t people scratching their heads.

MR. SCANLON: Remember that our Office of Health Research Protections, the human research protections issued as Lucia saying an advanced notice or request for information back a few years ago.

MS. SAVAGE: 700 responses.

PARTICIPANT: 1100 responses. An average page length —

MR. SCANLON: Things have changed since we issued that. Very smart folks are working on revising that common rule and trying to strike that balance between protecting confidentiality and privacy as well as not creating artificial barriers in the way of sharing research information, medical information. There are very smart people trying to do this. You will all get a chance to comment on the proposed rule down the road.

MS. SAVAGE: Whenever it comes out.

MR. SCANLON: But there are a lot of people working on it. They are well aware of all these issues. All these issues have been brought up in terms of how do you strike that balance.

MS. BERNSTEIN: Our subcommittee chair had to leave to catch an airplane. I am sorry that Linda is gone. Are there any other questions for Lucia while she is so kind enough to take this time with us? I suggest move on because we still have an hour to go and it is a long day.

MS. SAVAGE: It was a pleasure to see you all again.

DR. SUAREZ: We are going to move now to the Standards Subcommittee. I think we still have a good half hour. Then we will go to public comments before we end.

Agenda Item: Standards Subcommittee

MS. GOSS: While we get ourselves technologically oriented here, we would like to have some high-level discussion with you about some of our thoughts about where we are going forward in our Standards Subcommittee work. We appreciate very much the feedback we received in today’s earlier discussion on an upcoming review committee hearing. We will have some more back for you on that. Please remember your Doodle poll that will be coming out to those who have expressed their intent to participate on that meeting so we can provide education, expectations and level setting.

MR. SOONTHORNSIMA: Once we get the slide up, what we intend to talk about is high-level activities and the deliverables. Remember, early on, Vickie, you talked about what are the deliverables. Hopefully, we can shed some light at least for our subcommittee, things that we are charged to do such as the RC activity we already talked about. Some of these might be a repeat. But also we want to talk about how then are we going to achieve these deliverables, how we can get these things actually done over the next 12 months. What you see is a high-level gantt of what we are hoping to achieve. That will be a series of conversations in terms of do we have capacity to do all these things. This is just one — subcommittee — standards. We have to bring all this together at the national level, the National Committee level. That way we can see do these things align. This dovetails really well. This could be the other end of the bookend before we adjourn today.

DR. SUAREZ: I am just amazed as we have always been as a National Committee with the output and the products that we put together that we present. It is like every one of the meetings has a theme and has a primary focus. This one, for example, we focused quite a bit on the population health products. We heard about the work that had been done by privacy and security. In September, we are going to focus quite a bit on the output of the Review Committee. It is very engaging.

Conceptually, the idea of developing a timeline with some of the expected deliverables that we know happened will help us really shape quite a bit.

MR. SOONTHORNSIMA: Hopefully, we will see that in a second. One of the concerns we have and some of you have already expressed that. Linda said what do you foresee in the deliverables. Is it going to be a report? Is it going to be recommendations? Maybe all of the above. We have to give us a pretty decent amount of time considering our resource availability to adjust and then debrief among ourselves and then synthesize. We are going to get way more than 80 pieces of testimonies. Terry alluded to the fact that we will get additional testimonies.

MS. GOSS: Janine says she is getting there. But if not, we might be able to offer our public attendees an opportunity to make some comments. Making the opportunity for public comment.

DR. SUAREZ: Let’s do that. Is there any public comment about any of the topics we covered today? Anyone from the public?

Agenda Item: Public Comment

MR. LAZARUS: I am Steve Lazarus with Boundary Information Group and it is that capacity in which I am making this comment. I want to congratulate the Privacy and Security Subcommittee on getting it right with the banking industry, the financial services. The security provisions that the banks go through are highly lined up with HIPAA, but they are not quite the same. In our work with this field, we find that some of the record retention time periods under HIPAA are longer than the banks are required to do out of the banking regulations. Look to that issue as being different.

In privacy, it is all over the map. There are substantial differences which is how you framed it correctly in your interpretation. I think that any work that can be done to educate the financial institutions and these differences would be time well spend whether it is done through NCVHS or some third party that is directed or encouraged to do it.

We have done some audits, which is not quite the gap analysis you talked about. We have lined up the HIPAA requirements versus what banks are doing in our work. We have not looked at the banking regulations. Just what the performance is with respect to HIPAA. There are significant gaps in the privacy side. Security lines vary directly and the gaps are few. I think a lot of financial institutions take comfort in the fact because they spend more on security than privacy that they are doing a good job when in fact there is a gap.

Also, you might find the audience for the bank and finding what is going on to be the compliance officer and not the privacy officer. I don’t think they take privacy quite the same way that we take it from a HIPAA perspective. There is certainly sensitivity to social security numbers and bank account numbers. The scope of what is involved in PHI is much broader than a financial institution would think is privacy.

DR. SUAREZ: Any other public comments?

DR. RODE: I am Dan Rode. I call myself a consultant and an educator. I had four comments I just wanted to make on the day’s business as we were sitting through. I hope, as you are looking at the strategic plan — one of the things you will look at is an ongoing environmental assessment. Jim gives an excellent one for the department and in data. We hear from the various agencies and offices. This committee itself is an excellent source of environmental scanning. But we don’t do it on a regular basis in the various meetings.

I think one of the things that is very important to me is this committee’s ability to look forward. As I listened to the conversation even today, what was coming up in my mind is hopefully after October 1, we will be thinking about ICD-11. We will be thinking about data standards that we are not using. If Marjorie was here, she might talk about functional status. I think as you are planning and looking at schedules, I just encourage you to consider an ongoing environmental scan if from no one else, from this committee itself because you are all over the map and that is a very good thing.

With regard to the hearing in June and this comes out of my long-term engagement with standards before they were standards, I would urge you either in June or later to look at the process that we are currently using with regard to the HIPAA standards. We have very numerous groups.

MS. GOSS: Could you be a little more narrow in what you mean by process? Are you talking about the APA, the federal rulemaking, the standards development —

DR. RODE: I am talking about the way that we actually first adopt and then revise standards, which were part of the conversation when this part of the ACA was being developed as legislation, having been involved in that discussion. The process to update a HIPAA standard or to update a version of the standard. All these things do create some of the same issues that we talk about when we are looking at the standard themselves. When we say it is a standard usable or does it still fit with where we are, I think one of the things we have to consider is just how we handle that process under existing regulations that came out from the department. We have coordination groups. We have the standards bodies themselves. We have now CAQH working with the business rules. Is that process of pulling all that together something we would consider?

When we did the legislation, one of the things that we were able to come up is it takes on average seven years to change a HIPAA standard. That is not counting the terminology standards.

As we look at this and how we might want to make any changes, I would urge you to consider that as part of what are the barriers, what are the advantages of doing business the way we do it?

To that same extent, I would also take a look at some of the business practices that maybe we ought to reconsider at this point in time. As we talk about data and this committee had done — I cannot tell you how exciting your meetings are. I know people might not think that, but I do. But as we talk about data and data in the future, we are still working standards that were built on a paper-based process. We are still looking at a number of those things in the way we did business under paper and we just transferred it to an electronic status or an electronic media. I think that also becomes a question to me. We still have three versions of the claims form. We still have multiple versions of other things. Is that something that ought to be considered?

And then my last comment on the day’s conversation is there are some bills in Congress right now on cybersecurity. Fortunately, the first one I looked at exempted HIPAA organizations. That was a good thing to see from my perspective. But I think we are going to have to watch cybersecurity as it is being developed by the White House, as it is being developed in various committees in Congress because I think we could find ourselves with a set of regulations that from a health care industry standpoint could create significant problems if we are trying to again add another master to the group of people that we have to work with. Those are my comments from today’s meeting. Thank you.

DR. SUAREZ: Any other public comments? Anyone on the phone? Thank you very much. We are going to turn things back to Ob for the Standards Subcommittee.

Agenda Item: Standards Subcommittee

MS. GOSS: The Power Point slides that we developed have been converted and we are having technology issues with the new format and how to advance them. Give us a second if you would.

MR. SOONTHORNSIMA: Very quickly, we talked about the review committee. I just want to give you a sense of what we think — again, this is really high level, off the cuff. We think it is going to take us a while to again take all the information we will have gathered in June, synthesize them, and then come up with some of the themes and the usual things that we go through and deliberate. Come up with themes and potential recommendations. Hopefully, sometime after September, we have a much more robust set of recommendations. If we can work faster, we will. It is going to be a lot. We don’t want to set expectations too aggressively.

MS. GOSS: To that point, it is the first time we are doing it. It is really hard to forecast how long it is going to take. And with the volunteer status of the members plus limited staff support with the volume of testimony, it is going to take us a time to get through all of them. I like the opportunity for the September checkpoint with the Full Committee because I think we have experienced a better work process if we incrementally eat the elephant one bite at a time.

MR. SOONTHORNSIMA: Any thoughts on that?

The other ones are things that you have heard of before. The remaining items will be the subcommittee work that we typically do. We have remaining operating rules. You may call CAQH CORE. Earlier this year, we heard that they are in the process of doing this. We heard a lot of feedback from industry. But we did not write any recommendation reports because there was nothing to report on. Simply wanted to hear the status. By September, we will hopefully hear back and see what the progress is and then at some point, we have to deliberate on that some time towards the end of the year. Those are the remaining operating rules, claims enrollment attachment and so forth.

ICD-10. No action really from us, but that is what is happening in October. At some point, we may want to do a follow up because this is a code set that is going live. But give opportunity, some time for the industry to absorb the change, shake out any post-implementation issues. Then we will hear in a much better context and more complete perhaps later on.

MS. GOSS: I appreciate how this is a dotted line because I suspect that it will be likely much later than March. We might want to start to do the calls so people can start thinking about the lessons learned, but we need to start planning there for hearing that somewhere beyond that because you are going to need some time to really get the lessons.

MR. SOONTHORNSIMA: Follow up on attachment. Again, this is a sketch.

MS. GOSS: One of the things I would like to get some more guidance from the Office of National Standards is where they are at on those activities and whether we really need to be doing that. That may also be a coordination point, not just with the National Standards group, but also with ONC because basically if you have care document, maybe your problem is solved.

DR. SUAREZ: There are three things playing around. One is the development of the standard and the revision of the standard with respect to attachments. HL7 is intending to finish up later this year the revision of the attachment standard that was submitted to us back two years that we recommended for adoption. The other first really part of it is the standard being completed. Then our National Committee receiving that and reviewing it and then making the recommendations to ONC, the National Standards Group. I think that is probably the sequence that they are looking for. I think in some ways, the National Standards group from CMS is going to be asking us where we stand with respect to —

MR. SOONTHORNSIMA: This would out even more than.

DR. SUAREZ: It depends. We could receive a submission from HL7 by the fall of this year and there could be — we have September and November as two points where we could consider convening a hearing perhaps if there is —

PARTICIPANT: Are you talking about 16?

PARTICIPANT: He is talking about 15.

DR. SUAREZ: This year we have two more September and November timeframes.

MS. GOSS: I think September — we could look at it — the correlation with HL7 standard and when they do their draft trial for standard use and that reconciliation of the votes. Is that in the fall?

DR. SUAREZ: The HL7 just is finishing up actually. The validating of that standard. It should be ready for September.

MR. SOONTHORNSIMA: It is still in flux.

DR. SUAREZ: Attachment is an important step to complete.

MR. SOONTHORNSIMA: Now, this is more of another dotted line because I think this is more of an action for the entire committee, which is population health standards. Follow up from over a year ago now.

MS. GOSS: I hope you will feel differently and remove the dotted lines tomorrow after the vital records —

MR. SOONTHORNSIMA: This may be an action for the entire committee, not necessarily just the subcommittee on standards alone.

DR. STEAD: It seems to me that also could conceivably intersect in some way with the core metrics —

MR. SOONTHORNSIMA: That is why there is nothing definitive yet.

In June, usually we have an SDO update. We can choose to do this or not, depending on what the outcome of our review committee and so forth. But we have had one in the past two years I believe. Right, Walter? We did one this year. DSMO report. We put that out there as a placeholder.

And of course, lastly, this is the last one. Potentially, we could do a HIPAA — we call it a health care update. It is not just HIPAA report, but almost an update from the entire committee. Just a thought. If you look at the last HIPAA update report, it is more than just HIPAA.

DR. SUAREZ: Well, it is more than just HIPAA administrative — it includes HIPAA, privacy, and security. You talked about the HIPAA report to Congress.

MR. SOONTHORNSIMA: That is exactly right.

DR. COHEN: — a national committee issued an annual report of accomplishments?

MS. JACKSON: We have almost every couple of years. Susan Kanaan was our writer for that. We have not had one since the 60th. That kind of incorporated a lot of the activities and accomplishments for the committee. And then this HIPAA report started to incorporate what was the dynamics that was going on with the other subcommittee. It just seemed to run its course. That is something I was going to check in with the committee in time. The last two reports to Congress especially as they have been published and printed have been dynamically comprehensively. That is kind of why you have not seen those.

DR. COHEN: — part of the strategic planning session and the executive committee — we could think about visibility —

MR. SOONTHORNSIMA: We are on the same page. That is why we did not call it a HIPAA report alone. You could use this as the National Committee update.

The next step for us as the subcommittee is really to ensure that we have complete alignment with what we talked about this morning. This is where we will get the co-chairs and Teri will kind of huddle and go over our piece on the deliverables and staffing and the activities. Can we time box this thing? What does our realistic timeframe look like to deliver? And resource efforts based on the resources of volunteer resources as well as staff. We want to make sure that we do a good job not to be overly aggressive. Make sure we deliberate the very important topics that we will be covering from the review committee. We want to do a good job there.

Another activity that we will be working on is preparing high-level on boarding, getting people familiar especially new members and hopefully with some of the new members are already experts so they can actually help us on others as well. That will be another activity for us as a subcommittee to do on the side.

Lastly, for the remainder of the year, we want to get better and smarter with how we use our time as a subcommittee and be sensitive to everybody’s schedule because we are all over the country and our day job and so forth plus the tactical plan that we are showing here. We want to make sure we leverage everybody’s time, effort and so forth. That is the tactical aspect of it. Hopefully, to Vickie’s point earlier, this will be the meat that will make our strategic plan more aligned.

Any other thoughts, comments or suggestions?

DR. SUAREZ: I think there are two or three comments. The first one, if you go back to the slide with the timeline. The SDO, DSMO updates in June. We normally would have a hearing on the state of implementation of standards, which usually we would have it in June. We are transitioning that into the review committee activity. This year we are going to have the very large first review committee. This will serve us the baseline for where things are sort of like taking a pulse of the country around where things are with all these transactions. I am not sure that we necessarily want to do it every year necessarily unless there is a special announcement or a special request.

For example, if the SDO or the DSMO, which is our source for recommendations regarding changes in the standards, if the DSMO is ready to come forward to the National Committee advising the National Committee that the industry based on their feedback and process is ready to begin to move towards the next version of the HIPAA standards. Let’s call it 7030 instead of 5010. 5010 is the current version. Then we might want to schedule a hearing in June. Again, it all depends on the degree to which they might be ready. If they are not ready to provide any formal such recommendations, we might not need it.

MR. SOONTHORNSIMA: If there is no substance, we are not going to have —

DR. SUAREZ: That is one. The second one is there is another very significant topic that I know we are going to be asked to address in this hopefully before the end of this year, which is related to the bigger picture of transparency and specifically related to the standard being used for national all payer claim databases.

Right now, there are about 14 or 15 or so states implementing APCDs. There are new grants under CMS pursuing. It is called the State Innovation Model Initiative of our program that is providing funding to states to begin to implement those or if they don’t have it, to establish one of those. There is an ongoing concern about it to the degree to which there is standards being used around that particularly standards for reporting that type of data and use of that.

MR. SOONTHORNSIMA: That is one thing that has been missing.

DR. SUAREZ: I have been informed that we will be receiving formal requests for the National Committee to convene a set or a hearing or some sort of an activity to listen to testimony about this. That is the second topic.

And then the third topic, which is something I know — there is an ongoing concern. Again, this might not be anything we could do anymore or more than what we have done. There are ongoing concerns about this issue that we uncover. I think it was earlier this year or last year called virtual credit cards. I think we set a series of recommendations as a National Committee about that for the industry for HHS. We might be hearing back from the industry.

In fact, maybe even in the June hearing about ongoing concerns with respect to — for those that do not recall the topic, the concern being that there are some practices among particularly payers that are auto enrolling, basically, automatically enrolling providers into payment for their services using credit cards. By virtue of doing that, of course, when a payer is paying a bill to a provider using a credit card, there is a fee associated with it and sometimes the feed could be significant — being a significant payment. If it is a million-dollar payment, the fee could be $50,000. Then it has become an ongoing concern. That might be another topic to consider.

MR. SOONTHORNSIMA: I forgot to include all payer database. That is correct. We have not really substantively talked about all payer database and what context and this is where we want to work with Denise and your colleagues.

MS. LOVE: Really sooner the better. We have states passing legislation this week.

MR. SOONTHORNSIMA: Why don’t we take that off line? And the virtual card. Allison and I were talking about it. Given the privacy discussion with the HIPAA privacy rules and the financial service industry, I think that is where probably we could leverage privacy and security team to do that.

PARTICIPANT: CMS might be looking at the virtual cards as well. It is a little hard for us as a data committee.

MS. GOSS: Except I think there is an intersection with what we heard potentially on 1179 hearing. That is why I think we wanted to talk to privacy and confidentiality, but we have not had a chance to talk to Linda yet.

MR. SOONTHORNSIMA: Good suggestion. Any other thoughts or comments? Thank you.

DR. SUAREZ: Is there any additional comments from anyone in the audience from the public about any of the topics we covered? Any announcements or any other — I think we are ready to adjourn. We can officially adjourn.

(Whereupon, at 5:10 p.m., the meeting adjourned.)