[This Transcript is Unedited]

Department of Health and Human Services

National Committee on Vital and Health Statistics

Subcommittee on Privacy And Confidentiality

November 17, 2005

Hubert H. Humphrey Building
200 Independence Avenue, S.W.
Room 443-E
Washington, D.C. 20201

Proceedings By:
CASET Associates, Ltd.
10201 Lee Highway, Suite 180
Fairfax, Virginia 22030


  • Welcome and Introductions
  • Discussion of Letter/Report to the Secretary on Privacy and the NHIN
  • Summary of Key Issues

P R O C E E D I N G S (8:09 a.m.)

MR. ROTHSTEIN: This is a meeting of the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics. Just for the record, we should go around the room and everyone introduce themselves, so it is on the transcript. My name is Mark Rothstein from the University of Louisville School of Medicine, Chair of the subcommittee.

DR. COHN: I am Simon Cohn, Chair of the full committee and member of the subcommittee, Associate Executive Director for Kaiser Permanente.

MS. JACKSON: Debbie Jackson, committee staff.

MS. GREENBERG: Marjorie Greenberg, National Center for Health Statistics, CDC, and Executive Secretary to the committee.

MR. LOCALIO: Russell Localio, University of Pennsylvania School of Medicine, committee member. I am visiting the subcommittee today.

MS. HORLICK: Gail Horlick, Centers for Disease Control and Prevention, staff to the subcommittee.

DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the subcommittee.

MR. REYNOLDS: Harry Reynolds, Blue Cross Blue Shield, North Carolina, member of the subcommittee.

DR. HOUSTON: John Houston, University of Pittsburgh Medical Center, member of the subcommittee.

Agenda Item: Discussion of Letter/Report to the Secretary on Privacy and the NHIN

MR. ROTHSTEIN: Thank you all for coming this morning. A couple of things before we start. One is, I want to add my formal sense that I thought yesterday went very well. I have talked to many of you individually about it.

I’m not sure whose idea it was, I know it was not mine, to do the presentation yesterday. I was a little bit reluctant about getting into a spirited discussion when we didn’t even have a document. I thought it might have been premature and so on, but whoever’s idea it was, it was a very good one. I was heartened by the reaction of the committee.

The other thing that I have been thinking about, and Simon and I had a strategy last night, of how to proceed. Especially Jim Scanlon’s comments have been bouncing around in my head. Jim’s comments — should this not be on the record?

(Remarks off the record.)


MR. LOCALIO: I just want to make sure that somebody has to move forward on this. You need to ask yourself, are these types of questions going to be addressed by other groups, given as you said a little discussion had been out and about on this issue, which strikes us as being obviously important.

So it may be in some circumstances wise to wait until another group has moved forward, but are they going to?

MR. ROTHSTEIN: I think that is a very good point, and it is one that we had been discussing. Our mission is really twofold. We are supposed to help in a broad sense the Secretary of the Department and David Brailer’s office and so forth, but also we have an important role, we represent the public. Not to say anything bad about the current Administration or the people, if the leaders are dropping the ball, we still need to get out as what we see the issues are, so we should be cognizant of the concerns and the timetable of the Department, but that should not necessarily rule what we do.

It seems to me that the problem that we are having in this area is that there are there sets of unknowns. One set of unknowns are the timetable. We don’t know what the AHEC timetable is all about. The second set of unknowns for us involves, we don’t know precisely what we are going to be asked to do yet. We don’t know exactly what they want from us. We don’t know what, we don’t know when. The third thing that complicates life is that we still don’t have a substantive agreement in the subcommittee, let alone in the full NCVHS, about what we are going to ultimately say.

There are different ways of proceeding. We could for example get out a principles type letter sooner, and then plan to get a more detailed recommendations type letter out later. But a strategy that — I want to see what you think; Simon and I thought of this last night, if you like it, it was my idea, otherwise Simon forced it on me — is the following. Why don’t we concentrate in the short run on doing what we can do without any involvement of the Department people, and that is the third point. In other words, work through at the subcommittee level and the full committee level the substantive issues, get agreement on what it is that we can agree on, what it is that we can’t agree on, what we want to say, and by the time we finish that — because we are always going to have to do that — by the time we finish that, maybe things will have worked their way out through the AHEC process and through the OMC office, and then we can plug those things in. Rather than trying to guess what they want and structure our conclusions on that, why don’t we just get out in some form — I’m not suggesting that it would necessarily be a letter or a report, but we have got a series of issues. So why don’t we say, let’s finish up the section that Harry reported on yesterday, which is, how do you establish and maintain trust in the National Health Information Network.

Let’s get agreement at the subcommittee level, at the committee level. Once we do that, we can just lay that aside, and let’s move on and get agreement on the next issue, on the administrative matters that John talked about. Then once we have these positions worked out, even if the language isn’t all polished, then at that point check back, maybe they are ready for it, maybe we will have a better idea of what sort of shape they want.

So that is an idea that I would be anxious to hear what you think of.

DR. TANG: It sounds like we are going to charge ahead, but we will get as far as we can get in a certain amount of time.


DR. TANG: It is the same, only the time it is going to take us, we will probably let it resolve itself.

MR. ROTHSTEIN: I would agree with that characterization, with one caveat. That is, not worry so much about the form or the language of our agreements or recommendations or whatever, because we are not exactly sure whether it is going to be a letter or a report, whether it is going to be two letters or a series of letters or whatever, but just charge ahead, as you say, on getting on paper an agreement among us and also among the 14 other members of the committee.

DR. HOUSTON: I’m still not sure exactly — so we don’t know what the work product is going to be, is what you are saying? We know that we are going to try to come to some consensus in each category, but after we come to consensus on these different categories of things, we are not sure how we are going to present it. Is that what —

MR. ROTHSTEIN: Pretty much. We don’t know the timing or exactly the form, but I remain committed to getting out a detailed document from us. I don’t know in what time frame, but if David Brailer called this afternoon and said, we decided that we don’t want you guys doing any more on this privacy, we have hired some contractor to do privacy, we would still go ahead and get it out, because I think that is why we are here. I would say, get the substance first, and then we will revisit this issue maybe in January after the next AHEC meeting or whenever.


MS. GREENBERG: I also think that — we had this discussion on the whole area at the executive subcommittee meeting, that we can spend all of our time trying to read the tea leaves and not accomplish what we need to accomplish.

What I was thinking is consistent with what you are recommending. That is that possibly after you have gone through this and done this and gotten to where you feel you got agreement or know where you don’t have agreement, that maybe that would be the next thing to do, rather than committing it to a letter or a report that goes to the Secretary, would be to brief the AHEC, or bring ONC, one or the other, say this is where we are, which would then allow them to understand the way the committee sees these issues and the issues that you have been explaining, to factor them into what they are doing, give you feedback, rather than that not happening until you have actually got it all down on paper.

DR. HOUSTON: Let me ask you a question in terms of the order of things. Should that be telegraphed to the Secretary? Should he say that we have done this evaluation, this work, and we plan on as an outcome briefing the AHEC or ONC? Do you tell him that? I always thought our priority was to make recommendations.

MS. GREENBERG: Sometimes the committee has sent letters like that, saying this is what we are doing, this is where we are, this is where we plan to be. I don’t know.

DR. COHN: I am listening to this, and —

MR. ROTHSTEIN: Are you going to disavow yourself?

DR. COHN: No, no, this is what we talked about. I guess I worry that we start micro managing this stuff too closely. I think it is important that the subcommittee go forward with its work. I think some of the things I heard yesterday, and I have not been at all the subcommittee meetings, some stuff was very important principles that make a lot of sense and that we need to internalize and find the right occasion to start having the right engagement with HHS around other issues. I think we can work on that — not until we’re dead, but whatever.

When I hear something where there is major conflict going on, my general view is that we haven’t heard enough, we haven’t thought about it in the right way or whatever. I may be off on this one. I come from a world where there is often solutions to problems as opposed to intractable solutions. But certainly in areas where we continue to knock our heads up against the wall, I think one solution is to investigate it a little more rather than to think about it more. But I think we have work ahead of us to look at.

The question is how we can engage the Department. I think there are going to be a number of different opportunities. We have already been identified as providing advice to the Secretary on privacy and confidentiality, and working with AHEC. We are not reporting to AHEC, but we are working collaboratively with AHEC on the privacy issue.

For my view, I am actually less worried about privacy and confidentiality in relationship to AHEC and more worried about that we advise the contracts, the ONC contracts, appropriately, because I think those are opportunities for demonstration, they are opportunities for making sure — those are the engines, those are the new infrastructure pieces that are going to be going out there. I am hoping that by early in 2006, we — and by we, I mean the Subcommittee on Privacy and Confidentiality — will be able to engage in some conversations.

Now, part of the issue of course is, when is the Department ready to hear our good ideas, but of course it might also be appropriate for us to hear, given the contracts have been awarded, it might be also useful for us to hear where they are and what they are thinking about, so that we can frame our advice in a way that they could actually hear.

DR. HOUSTON: Is ONC or AHEC, are they expecting to hear from us? And is it going to be a surprise, or are they going to know what to do with the information that it is provided?

DR. COHN: It depends on what information are we providing and in what form. I think ONC expects us to be advising on privacy and confidentiality and on security to both AHEC and also to the contracts. They said that in FAQs, we have had conversations about it. It is no particular secret.

Now, I think they might be surprised if they got a 20-page document from us before they have even had a meeting of the contractors to discuss anything. We were talking about this last night. Remember, there has been a transition. A year and a half ago, we were asked to go out and look at this area. Well, this is the world unfortunately, where things change. So what has happened is, they have gone through this whole reorganization. We are going through assuming that there is this receptacle and that they can do something with it. I think we need to be strategic and pick the way that we have to give them the information and help advise them on the principles so they can come through.

At the end of the day, I think we may have a document, we may have a set of recommendations. I am very concerned that our responsibility is to advise the Secretary to make sure that the infrastructure comes together in a way that supports privacy and confidentiality. Rather than us just sending documents, we have ways to actually help make it happen because all of these structures are coming forward. I want to make sure that we do that in the most effective way.

MR. ROTHSTEIN: See, we are in a curious position. You will remember, in the spring when we were having our hearings, the first couple of rounds of hearings, there was some sense that we were moving too slowly, that they wanted stuff yesterday, our report. Now the sense is that we are moving too quickly, that we are getting ahead of them.

DR. COHN: No, that is not what I am saying.

MR. ROTHSTEIN: No, no, I’m not saying you, I am saying my sense from the Department. I think that is a fair inference from what we heard from officials.

Although the suggestion that we made earlier makes some sense to me, one of the things that I am very concerned about is that we get our recommendations to the Department in a timely manner so that they can be used in terms of the architecture development of the system. I was very disappointed that in the RFP process, in the contract process, in the conceptualizing of how these pieces were going to fit together, that there was no consultation with us, if we are in fact the privacy advisors to this, and that that there was no consideration given to the role of privacy and confidentiality in the design of the NHIN or even in the pilot projects that the contractors are doing.

From our discussion yesterday, it continues to be our view that privacy needs to be a major structural component of whatever people come up with. I think we need to get that message across at a time when something can be done about it.

But that may be a discussion later on. We certainly can move ahead on the substantive issues and then hope for the time being that these other issues will be worked out.

We do have a very strange relationship with AHEC and ONC for the following reasons. It is on the website, it is in the speeches and so forth that we are to be the advisors. In San Francisco David came over to our meeting and asked us to do this. The understanding is that we have no charge, we have no timetable, we have no specific areas that we are supposed to be doing. They haven’t asked us to talk to them, they haven’t talked to us. We are just sort of —

MS. GREENBERG: On retainer.

MR. ROTHSTEIN: Yes, we are on retainer, don’t call us, we will call you, and it is a little bit strange. I don’t know what would be appropriate at this point.

MR. REYNOLDS: My view is, I thought David said one interesting thing yesterday. He called us a peer group to AHEC, and we are.


MR. REYNOLDS: He called us a peer group to AHEC. But that was an interesting thing.

Second, I don’t know if any of you noticed, one of his staff members came back in during the privacy discussion and sat there for the entire privacy discussion.

MS. GREENBERG: The person in charge of policy.

PARTICIPANT: Jody? Are we talking about Jody?

MR. REYNOLDS: See, they all left, but then she came back.

MR. ROTHSTEIN: I didn’t see her come back.

MS. GREENBERG: Yes, she was there.

MR. REYNOLDS: So the point is, we are not under any radar. We are clear. So obviously ONC had staff at the hearing, so it will be interesting to see any relationship — as you continue to meet with David, everything was clearly open yesterday, the issues in discussion were clearly there, the subjects were there.

But the other thing I would like to open, we spend a lot of time in hearings, we got a lot of information. Each of these are individual subjects. Some of them are overlapping. I don’t know why we don’t get every one of these subjects ready for prime time. Whatever the vehicle is, I don’t care personally. If it needs to be Simon sitting down with David, I don’t care if it needs to be a letter, but each of these subjects, whether the executive summary is, here is one of the things we have been working on, or here are all the things we have been working on, doesn’t really matter to me. But if we don’t close this deal, then the longer we wait, all this testimony, all the effort we put in and everything, we are going to lose what we got to. Then if it goes to the full committee, if it is not ready, each of these, that will be clear too, but whenever it is ready, then I think that is the time — whether we talk to Jim some more, whether we talk to David some more, whether we get further counsel with the Secretary or something as to what that vehicle is. But I think we really start screwing ourselves and everyone up if we don’t close the deal on these things that we know about, clearly understand and have something ready, whether it is a single section that goes to somebody or it is the whole document.

DR. HOUSTON: As an aside to that, something that Simon said related to the fact, you mentioned security in passing. We have deferred discussions of security in large measure in this document, recognizing that there are security considerations that we probably need to deal with.

The question is, if we start to slow this down and spread out the time to get this accomplished — and I understand there is the Standards and Security Subcommittee, but I think there needs to be some overlap on security discussions because they largely go together. I think we do need to address that topic.

So I guess my point is, I agree with Harry. I think we need to try to get this stuff done. I think there are some other things that are related, primarily security. But I think it is something that somebody needs to address, because I think it also needs to be addressed. If we wait too long, I think it might hurt us.

DR. COHN: These last two speakers, I agree. I think Harry is saying what you said, but I think I was trying to agree with what you were describing also.

John Paul, I consider you to be the security lead for the committee, so I absolutely look to you to help us lead and fashion areas that we need to deal with in terms of security investigations and otherwise.

I think we are all in agreement about what we need to do. I think the only thing that I am describing is, I am hoping that we will have — as you remember, Mark is impatient, which is unlike him, as an emergency physician to be impatient.

MR. ROTHSTEIN: You have been hanging around me too long, Simon.

DR. COHN: But from the government side, it has only been about ten days ago that they actually did the contracts for the NHIN. That was only publicly released. The SA did do the contracts for privacy and confidentiality and that work, and security, but there is no there there. They haven’t formed that group. They have a contractor, but they haven’t put that together. So if we were to talk to somebody, we might find ourselves looking in a mirror, effectively.

MS. GREENBERG: They are still trying to figure out what they are doing.

DR. COHN: They are still figuring out what they are doing. I think what we are going to need to do is, probably at the next meeting — obviously we have been doing a lot of talking among ourselves, and I think we obviously need to continue talking among ourselves, but I think we need to invite people from these groups, hopefully by January into early February there will be more there there, and I think we need to start having a conversation that includes the NHIN people. We need to find out who exactly there that can talk to us. But I think the issues that you are bringing up, aside from the fact that they didn’t discuss the contract, which they can’t by law prior to them being awarded, is clearly something we want to have a conversation with them about.

I don’t know what they are thinking about in terms of privacy and confidentiality, but we need to get engaged. We need to figure out how we can make sure that our messages get through in a way that makes a difference in the right time frame.

Similarly with privacy and confidentiality. In that work, as soon as there is a there there, we need to engage them in the conversation, to find out how we can help and influence them.

MR. REYNOLDS: Two of these are based in North Carolina. One is RTI, Research Triangle Institute. They have made the CHICA, which all of us are close to. IBM won one, which named the CHICA as part of their bid. So two of these — and I can tell you right now, they are scrambled. You can forget they think they know where everybody is going. They want a contract and now they are going, we got it.

So I agree with your point. I think that once they get themselves set, I think that they are all going to try to differentiate themselves. I know the infrastructure routes are. Anyone that could add something that would make theirs look even more credible and more complete, such as adding some of these other things, would probably be of benefit to them. Remember, there are four distinct, but philosophically there are four competing, because each one of them wants to show that they have got it covered.

DR. TANG: I think I am going to allow myself — what I heard you say, which is, as Harry said, we have an obligation. WE have gathered some information, and we do represent the public, and we have spent a lot of time trying to digest it and put it into context. I think we should charge ahead on figuring out what is the message and what are right things to do.

We can figure out how to deliver it in a way that is most acceptable and can be most constructive to whatever process happens to be at the end when we are ready to deliver a message. But I think we ought to go figure out what the right message is.

MR. ROTHSTEIN: Okay, I think we have got pretty much agreement on that. Now the question is, how should we proceed. The most difficult section of course is Section B. We had a full day committee meeting on Section B.

We have got some ideas of things that we need to include in our discussion, even though we don’t have agreement on virtually anything in Section B, but we do have agreement on most if not everything in the other sections. We did reach agreement on F and E and D and C. So I would suggest that we take another look at those four sections and then figure out what we need to do to clean them up and get them in shape that the subcommittee is comfortable with.

One thing that we didn’t decide though, and I want to ask Simon’s view of this, once we finish something from the subcommittee, is it your recommendation that we would take it to the full committee and then put it on hold after it came out of the full committee? Or are we going to hold and figure out our strategy of going forward at the subcommittee level? Do you know what I am saying?

DR. COHN: I really didn’t have enough sleep to answer that question.

MR. REYNOLDS: Just say yes.

DR. COHN: That would probably be the right answer, anyway. I don’t think that one holds things at full committee levels. You don’t produce a complete document, ask the full committee to discuss it and reach agreement on it, and then not do anything with it, unless what you are doing is bringing forward principles for discussion.

But I think we just need to see how — this is something I don’t know the answer to.

MR. ROTHSTEIN: I don’t know what form. It wouldn’t be a letter or a report just yet. It would be position statements on each of the areas.

DR. HOUSTON: The other way to think about it too is like the list of recommendations that we had for the PHRs. We can just come up with a list of recommendations or principles, maybe not even by section, because a lot of them do overlap when you get right down to it, and some of the recommendations. What happens if you — I don’t want to call them principles, but what happens if we tried to come up with ten or 12 principles related to privacy and NHIN, and we forego the different sections? Then take those to the committee saying, here are the principles that we believe are important for privacy purposes within NHIN, and then we can decide how we might — once we get buy-in from the committee as to the principles, then we would fashion it into maybe a more comprehensive document.

MR. ROTHSTEIN: The only thing that I would say to that is that if we get into the overarching principles, we are now operating at a level that is so general that I don’t know what we are going to be —

DR. HOUSTON: I think we have put enough detail into these. I’m not saying we have two or three principles. We can have a dozen, 15. That is where we are going now, except what we have done is break them up by regulatory versus — you break them up into those five or six categories that we presented yesterday. I’m just saying, forego that. Let’s get those principles out.

MS. HORLICK: I think some of those categories raise consciousness, like establishing and maintaining trust. Just by laying that category out, you are already making a statement that it is important to do that and then going into your principles.

I think some of them — maybe regulatory doesn’t quite do it the same way, but I see a reason for saying, look at the different areas that need to be considered. I think it gets at some emphasis, even if it is still in a list as opposed to a letter.

MS. GREENBERG: I think you can think of this as sort of a white paper, rather than a letter of recommendation. I do see value in — I have said this before, but laying out the issues even where you don’t have agreement.

MR. ROTHSTEIN: We are never going to agree on the patient control issue, but it is very important to raise the issue.

MS. GREENBERG: Right, but explain it in a way — because I think you have thought about this as much as anybody. So I wouldn’t worry. I would say, do your work here, take it back to the committee, and get with them, and then let’s see where we are. I wouldn’t spend too much more time strategizing, frankly.

DR. COHN: I think our best short term strategy is to do the work, and we will figure it out as we go along here. As you described, there are a number of imponderables. Paul commented about it also. Let’s continue on and —

MS. HORLICK: We didn’t think we would have a letter ready to go, to be approved anyway, in February because we hadn’t had all the discussion on the issues. So frame the issues and say, no, we are not sure if this should go in a letter or a white paper, or maybe we will have some sense then if we want to have recommendations in addition to principles, or just principles or just principles, but at least we could work on the consensus part.

MR. REYNOLDS: You started talking about starting with the easy ones and leaving the big one for discussion later. I may want to reverse that from the standpoint that, as you think of certification, as you think of infrastructure, as you think of trust, as you think of everything, this idea of, people are in and out, what they can or can’t do with it, I think it is a base issue. I think if we play around with everything else, whatever we may have thought about something, this can trump it one way or the other. So I hope because it is controversial it doesn’t get pushed back.

Then I think once we get to it, we are going to need to figure what our committee process is, because if we don’t agree, then how do we go forward? What do we do, what does it mean, and so on?

DR. TANG: The interesting thing about that comment is, aside from the quote privacy contract, there is these NHIN prototypes, which as much as anything have to do with policy. Wouldn’t it be nice if they had the collective wisdom of all the testimony, and how we have tried to digest it and summarize it and analyzed it? That is perhaps more constructive than waiting for the end.

MR. ROTHSTEIN: Even though we have talked about that we have got a ways to go to finish up, I’m not sure that is true. I think we are in better shape than maybe we give ourselves credit for, because we don’t have agreement in the sense of how many vote to do A or B, but I think we do have agreement on what the issues are, and I think we do have agreements on what are the strengths of this argument and what are the strengths of this argument. I think we are in better shape than we might otherwise think.

If we were forced to and someone said, drop everything else and work on this nonstop, we could prepare basically a document or a series of documents for our final approval.


DR. HOUSTON: I agree. There are a few things that we don’t have consensus on.

MS. GREENBERG: We could just declare victory.

DR. HOUSTON: I think the options on those, though, even if we had to bring it to closure, are, we could either lay the options out, try to fight it out and come up with some consensus — not fight it out, but debate it out and come to some consensus in this group and try to push it forward.

MR. ROTHSTEIN: I think in the process of preparing for yesterday’s presentation, and in the course of the day that we spent here hashing out Section B, we got a lot of ideas and other things to add. So there are many principles and ideas and things that we need to work into some of the earlier drafts that we have. But I don’t think we are far off from being able to put it together.

Russ, did you want to comment?

MR. LOCALIO: I have to agree with Harry. I think you need to go with the most important issues, on which there may be substantial disagreement, and resolve those.

I guess one of the reasons I am here today is, the discussion yesterday prompted me to question some very fundamental — what I think are misconceptions about what NHIN is going to be. I seem to have a different idea of what the expectations are.

I think maybe if people had a better idea on the expectations of NHIN, then some of these privacy issues would perhaps take on a different context, different light, and there might be agreement.

Again, I have to say what I was talking about when we started out this morning. If a physician feels that what he or she sees on the computer screen is the whole truth and nothing but, that is absolutely something that is never going to happen, nor should it happen. And if those who feel they are going to NHIN for secondary data use feel that everything in there is complete and correct, that is just not going to happen. That would be bad science. That would be bad public health. It may be a start, but it is never going to be complete, ever

The perspective that I take, which is at the far end of these databases, they are never complete. They are never correct, ever. You have to always do two or three things to check on them, to say how uncertainty are we, how much missing data there is, how much is misclassified. If you understand that, then I think some of these opt-in/opt-out issues might take on a slightly different sense of urgency, or sense of disagreement.

I think there can be both opt in and opt out at the same time in different places, and still have a lot of the benefits that people are talking about. You can’t ask too much of this system. Maybe that is one of the problems that we have.

MR. ROTHSTEIN: I think you have actually put your finger on a key issue. That is, we are being asked to evaluate the privacy issues of something that doesn’t exist yet.

MR. LOCALIO: It is never going to exist.

MR. ROTHSTEIN: And could exist in various forms. Your point is, it is never going to exist in the utopian state in which some people use it. My point is that it doesn’t exist at any state, so it is hard to react to something that could take many different forms.

MR. LOCALIO: So whatever you do should be open to not just the prospect of not achieving the first best, not even coming close to the second best. So whatever you decide has to be open to the fact that you are going to have a system that cannot achieve utopia, cannot even achieve the second best. What are these issues of privacy going to look like then?

So maybe you are trying to solve a question that you don’t have to solve ever, because it is never going to have to apply to a system that is —

MR. REYNOLDS: I have a separate point. I have a different view. I think it already exists in the VA.

MR. LOCALIO: Oh, no. I work on VA studies, I’m telling you, not even close. Not even close. I work on a lot of VA studies. Not even close.

DR. TANG: No, we will never get to utopia, and I don’t think people are expecting utopia. But I have been practicing within the EHR for ten years, and there is a set of explicit expectations about what you can rely on or how complete your sense of the EHR is. We have a different expectation. We have a different sense of how complete the information is upon which we make decisions.

Another way that manifests itself is that we have peer pressure. So in other words, if people are not putting in all their meds or their problems, they hear about it in partnership meetings, because you know what? It is not only doing the patients a disservice, it is doing your colleagues a disservice.

So there is some set of expectations on what belongs and what should be when you touch the medical record in that thing. It doesn’t mean it is a hundred percent, no, but there is this high expectation. That is where the quality and the reduced medical errors comes from. It is not by having some information. Some is not a hundred percent. And NHIN is not going to be that helpful if it is half baked. That is part of where all of us feel that this is a good idea.

From experience in practicing even within an individual organization, there is some threshold, which is not a hundred percent, that you must meet in order for it to deliver on the goods that we are promising it. Similarly with the NHIN, I think.

DR. BERNSTEIN: Has that expectations changed over the last ten years, do you think? Or what you can do with the technology affecting what you and your partners expect out of that record?

DR. TANG: It is no longer — we do not find it excusable for any clinician or physician to opt out. If you think it is too hard, I’m sorry, we have an expectation for what kinds of information we make accessible to us when we make decisions.

I think the level of information that should be in there has not changed, but my expectation and everybody else now is uniform, that is, everybody must play.

DR. BERNSTEIN: It wasn’t early on. It took you awhile to get to that point.

DR. TANG: And you are saying we shouldn’t —

DR. BERNSTEIN: No, I’m not saying. I’m just asking what your experience is. We are in a place where the technology is going to change toward the next whatever, so I just want to know what the expectation is. Is it just waiting for everybody to come on board with the system?

DR. TANG: I think it is more the waiting for everybody to come on board, and then once you have gone through your growing pains and your learning pains, then I am expecting this certain level of information be there.


DR. COHN: I would just comment on Paul’s comment. I think you have to realize that neither he nor I probably represent the physicians of the country, since we are both in relatively large systems. I presume you had a unitary paper-based record at Palo Alto Medical Foundation before you went to electronic.

DR. TANG: Right.

DR. COHN: So it changes the discussion a little bit. I was going to jump in when Harry started mentioning the VA, only because my conceptualization has been, we have large systems that have information, or medium-sized systems where there are integrated records. But with the NHIN, we are talking about a leap into something slightly different.

MR. REYNOLDS: Russ has already figured out what he thinks NHIN is. I’m not saying that in any derogatory — let me finish. I think the important thing is, there is no definition. The important thing is, there is a philosophy of what it is, sharing information.

I think further that there is an awful lot of stuff on the street right now that these privacy discussions are going to be important for. We helped adjudicate significantly e-prescribing. E-prescribing right now, call it anything you want to call it, the main thing is, if the doctor gets all your drugs downloaded from a PBM, whether you want to call it NHIN, whether you want to call it e-prescribing, I don’t care what you want to call it, what you basically did was, you took all the data that in our other discussions somebody may have said, I don’t want that there, or I don’t want somebody to see that, and we just downloaded it as a standard process.

I’m not voting for or against anything. I am just saying, I think the important thing is, there is no definition of NHIN. There is a discussion. There is no definition of EHR. There is no definition of PHR. I’ve got a chart I can show you, where I can spend an hour and a half confusing the crap out of you.

MR. ROTHSTEIN: It wouldn’t take that long, Harry.

MR. REYNOLDS: I guess what I am saying is, the principle of this information flow is what we are here for, not the exact structure of the system. So whether you say to VA — and right now, the VA doesn’t go outside the VA, but if I showed up at a non-VA hospital when I was a veteran and I was in an emergency room, then maybe it does, maybe it can.

So all I’m saying is, it is there. Once it is there, it can be passed out, and once it can be passed out, that is what we are dealing with. So we have got to look at all the different ways that it is already going on. We have to think about what we are trying to get to, and we have got to come up with general overall privacy thoughts and security thoughts of what does it mean, because it is going out take 50 years to get to what utopia is. But in one year, big real parts of it are going to be on the street, and if we don’t have some overarching thought on privacy and security, it is out the door.

So you can say I am okay if I am on NHIN and I am not okay if I am this, I’m not okay if I’m on that. I don’t think that is what our charge is. Our charge is privacy and security as information gets passed around in the room. So that is what I would like to keep in mind.

MR. ROTHSTEIN: John was waiting, and then I have another proposal.

DR. HOUSTON: A couple of points that came up in the discussion yesterday. We were talking about, we think we have everything down that we need to have in this document. I think there are a couple of things that aren’t there that came up in the discussion yesterday, and I don’t think they would be difficult to address. I think some of them are assumed.

Obviously there is supposed to be a certification process overall for the NHIN and for vendors. One of the things that came up yesterday that I think is probably important to add to this letter is some concept in insuring that there is appropriate certification for privacy within the NHIN specifically. Even though it is probably already contemplated, I think we should probably get on the record that it is important.

I think the other thing is —

MR. ROTHSTEIN: Excuse me. We could easily add that to the section on enforcement, where we say if you don’t comply you can be yanked out of whatever.

DR. HOUSTON: But I think it really needs to be more expressly stated.

I think the other thing too is, and this maybe is implied also, I think we need to try to insure that there is consistency. Right now we are talking about these principles and the like that we think need to be embodied in the NHIN, but what we ultimately are going to have is a bunch of RIOs, and have a lot of different organizations that are going to be functioning with a lot of economy. They are going to be developing these environments.

I think there is potential for problems if some of the basic principles from a privacy perspective underlying these different RIOs if they are established, if there is variation, we are going to have problems.

DR. BERNSTEIN: You would have consistency across groups?

DR. HOUSTON: Yes, across the groups, across the initiatives. That old adage, if you line up 50 people in a row and you whisper something and each person has to whisper to the next person along, by the time you get to the end, it is something different. My fear is that you could end up having, based upon some principles that we establish, we could still have a lot of variation at the end of the day, and I think that could be dangerous. I think that could be problematic, may be a better way of saying it, in terms of ultimately getting into an environment where there is wide accessibility of patient information.

DR. BERNSTEIN: There are some people that would say that in the commercial market, having differences among practices gives consumers choice about whether they want stronger or less, this, that.

DR. HOUSTON: But I don’t think consumers actually have that level of choice, because you are not going to have multiple RIOs in a market.

DR. BERNSTEIN: If the RIO model is what happens.

DR. HOUSTON: Well, that’s true. I just think there is something to be said for maybe making some plea for consistency or adopting consistent standards that can be implemented.

MR. ROTHSTEIN: For privacy?

DR. HOUSTON: For privacy. Part of that is certification, too, trying to develop certification in a way that insures that we have a high level of consistency.

DR. MC ANDREW: That is what the contract is going to be looking at.

DR. HOUSTON: The way I read the contract for the privacy side was, it was mostly to evaluate the varying laws, and to evaluate —

DR. MC ANDREW: It is looking state by state in terms of variations not only in laws and regulation, but also in business practice.

DR. HOUSTON: Right, I understand that, right.

DR. TANG: But is it to come up with a recommendation for a reconciliation? I got the impression it was more an analysis.

DR. MC ANDREW: One of the difficulties is, you go in this continuum of consistency — harmonization, pre-emption. Where you wind up with is, how much do you weaken your standards in order to achieve consistency, or how much opposition do you get to your standards by raising consistency up to this level.

DR. HOUSTON: Let me just say it by example, though, which is opt-in versus opt-out. I think that alone could cause substantial problems if some of the RIOs decide that they are going to have an opt-in standard and the others ones will have an opt-out standard, or they are going to have something else, or additional privacy protections in certain areas.

DR. BERNSTEIN: But imagine you had a model of trusts, where you put your information in trusts, like you would with a bank or something, and you have a choice among five trusts in your region, each of which has different policies, and you review them and decide which one has the policies you like best.

DR. HOUSTON: But the banking analogy is a bad analogy, and I’ll tell you why.

DR. BERNSTEIN: It is more like a consumer credit report.

DR. HOUSTON: But none of those are predicated on — if my information is not readily available in a lot of those frameworks, it is not going to kill me. I think the immediacy of needing good information is very important.

DR. MC ANDREW: I’m curious as to what your proposal is.

MR. ROTHSTEIN: Well, the proposal is to start with Section B, and I will tell you how we are going to do that, not here. I’ll tell you at the meeting. It might be moot because everybody else will shoot it down. We need to hear from Russ and Paul, and then I want to set out my proposal.

MR. LOCALIO: Mark, I just wanted to again bring up something that you mentioned, and put it in context. Let’s assume that the opt-in/opt-out issue is not soon resolved. Let’s assume that the spectrum of opinions here reflects the spectrum of opinions in a larger group of people.

I have to agree with you. The people who are interested in the architecture, who are worrying about the architecture, have to consider that both the opt-in and opt-out issues may have to be addressed in whatever architecture people adopt. So again, my feeling is that the technical solutions have to be sufficiently flexible to take into consideration that there are going to be different preferences and expectations for privacy.

I am a little — I wouldn’t say dismayed, disappointed, maybe shocked, that we don’t have some — no, I have to confess, I don’t know how skilled people here are in architecture, that we don’t have some architecture people right there talking with us right now about these issues.

Again and again, in the stuff I do, the biggest problem is, the database people go ahead and design databases and they don’t have us with them. So we end up with a database that doesn’t work, and at great expense has to be reconfigured or create many problems. So I think that is a big issue.

MR. ROTHSTEIN: I think you raise a good point. I can barely spell architecture, and wouldn’t know how to create one. But it seems to me that if I were doing that for an NHIN, I would design a system that could accommodate both opt-in and opt-out, and also have the ability to change. The national opinion may change. We may have for example — go with nothing, or go with an opt-out, and people decide it is not good enough, and we want to change. So we have to have the ability to flip the switch and change. I don’t know what that entails.

Harry, do you want to comment on that? Then Paul, then I will start my proposal.

MR. REYNOLDS: I have been in information systems for 30 years, and I am comfortable with architecture.

MR. ROTHSTEIN: Okay, good.

MR. REYNOLDS: We are not completely devoid here. I’m not saying I am a certified architect, but the point is — Mark, the difference is, both of you are correct, but if that theory is not put forward early, all of us in systems, when we do it we have requirements. I can comfortably tell you right now, a lot of these subjects that we are dealing with here at the ground level, ground zero right now, are not necessarily — have not necessarily been turned into requirements for what people are or aren’t doing.

So back to my point. I spent the other night three hours talking about the certification process. There are numbers of things that aren’t quite in the certification process, but if you heard yesterday, by January they will come up with what it might be. That was part of David’s discussion. In early January they have to come out with the first set of how we are going to look at this.

Then you’ve got the NHIN and we are just certified. So this is a subject that overarches a lot of what is going on.

DR. COHN: Well, but the CCHIP was just for ambulatory records.

MR. REYNOLDS: And they are still certifying systems. If you certify this system and that system has to deal with a network and that network has certain things that that system ever had as a basic premise, it don’t work, opt-in/opt-out is gone. If I certify a system, if that is what we agree to, if I certify a system or I design a system that doesn’t let people parse stuff out of their record, I don’t care what NHIN asks for, they can’t get it out of the base system when you are doing it. So that is part of the issue.

So if I certify a system, that says that everything is great. It can connect, and it is over.

DR. BERNSTEIN: In response to Ross, nothing we are talking about is technically infeasible. It is a question of communication between people who are doing privacy and people who are doing architecture work, and getting those principles in at the beginning, and getting somebody to be represented in the architecture design.

MR. ROTHSTEIN: Do you want to comment?

DR. HOUSTON: I hate to say this, but I have worked with a lot of people that do architect systems, and who failed to take privacy adequately into consideration. To try to shoehorn it in later is an absolute nightmare. Sometimes the system is actually hitting the street, and you are pulling it back and you are saying, you guys are crazy. I just see it too often. Or there is a naive understanding of what they need to do, and it really doesn’t take into consideration the practical aspects of privacy or frankly, doesn’t necessarily represent the organization’s view on privacy, but rather, an architect’s view on what they think they need to do. Boy, I’ll tell you right now, technical people can have an odd sense of the world. I hate to say it.

MR. REYNOLDS: No, they have their vision, and it doesn’t include all these other things.


MR. REYNOLDS: It’s not good or bad, it is just what it is.

MR. ROTHSTEIN: Paul was next, and then I still have a proposal.

DR. TANG: I too agree that privacy by design, which is what Jim called it, is essential in order to get the technical part, the architecture part, right.

In addition, as we design our privacy principles and utopia, we need to also understand the technical limitations. Yes, things change, capabilities change, but there are some things that are just not — you price everybody out of the market, including the big systems. So let’s take that into consideration as well.

DR. BERNSTEIN: That is not a technical limitation, that is a financial limitation, right? The financing means overtime.

DR. TANG: No, financing includes logistics, basically. You still have humans that — no audit trail polices itself. It requires humans, and humans have to be able to deal with it. So it has to work both ways.

The point I was going to make is, I am constantly striving for simplicity, because I think that brings clarity, and clarity brings something that can be acted upon. If I were to try to simplify what AHEC does and what we are doing, AHEC is by design, to present the business case, if you want to comment on who they are populated with, it is a political business case kind of argument. I think the balance measure for that is privacy.

So in some sense, I think this group and NCVHS have to provide the balance case for that, for the business case. That is part of the argument of going forward and going early. I think our contribution may be greater at providing input into the NHIN prototyping projects than waiting for the end to react to policy requests. So to charge ahead with the proposal you had, and Harry’s let get the hard things in front of the people so it can be privacy by design.

MR. ROTHSTEIN: Thank you. Jeff, welcome. I will use Paul’s segue to my proposal. That is, it seems to me that the major weakness of our written document so far is Section B. We have got a redraft form of C, D, E and F, and we even talked about A somewhat, and that is easy to fix. But B has to be completely redone to reflect the section that we had the other day. It also needs to reflect some of the comments that we heard yesterday.

I would propose that Maya and I make as our first agenda item working together to redraft Section B based on our internal discussion and also on the comments that were made yesterday at the full committee, and get a new draft version of Section B back to the subcommittee for discussion at the earliest opportunity.

So the question is — I hate to spring this on you — what do you think would be reasonable to expect a timetable for us to do it, and then what would be a reasonable time to set for the subcommittee to get together in some form, either by conference call or in person, to hash out Section B?

DR. HOUSTON: A simple proposal. If we are doing discrete sections of this report, send them out as discrete sections rather than the entire report. If there is a section two we want to do, work on section two. Excise it from the report and send it around.

MR. ROTHSTEIN: I think that is probably a good idea. It will be easier to work with. The other thing I would suggest is to take the recommendations out when we send them around, because those were from the draft version three versions ago that I put together without the consent of anyone, and they don’t fit together very well with the new structure. Then we can build on new recommendations later.

DR. HOUSTON: That’s fine.

DR. TANG: Paul?

DR. TANG: I had a number of comments. I would be willing to submit a marked-up version to you and Maya as input that you can, of course, reject.Great, and other committee members as well, subcommittee members, who want to submit comments.

Today is the 17th. What do you think?

DR. BERNSTEIN: Do you want to come back in February and figure out what we have to do?

MR. ROTHSTEIN: I am trying to figure out what the best vehicle would be, in terms of having the subcommittee — let’s say you and I stayed up all last night and finished it, and the other subcommittee has it, what do we want to do? Do we need to meet in person to go over it? Can we do it by e-mail, conference call?

DR. TANG: I don’t think we can do it by e-mail, because we have to get somewhere.


DR. TANG: It would be desirable to do it face to face, but impractical. Although we did say we were going to meet ahead of February 21, so it is conceivable —

DR. BERNSTEIN: Between now and that February meeting.

DR. TANG: But it is face to face. It is conceivable that we could with the conference call get to something we could actually present if you and Maya did stay up that night, to the committee meeting.

DR. COHN: I don’t think there is nearly as much consensus as Mark happens to be feeling at this moment.

MR. ROTHSTEIN: It is early in the day.

DR. COHN: Yes, it is early in the day. I would suggest that probably — I am just speaking for myself, but I find it almost idiotic to fly to Washington for a one-day meeting. I don’t know how Paul feels about it, but it has got to be a mighty important meeting to do that. Given that, I would rather have us all be peers in the conversation, which means you would do a conference call, rather than have half the people in the room, and Paul and I trying to figure out what is going on on the phone.

DR. BERNSTEIN: You all haven’t scheduled any meetings in the other subcommittees yet for January.

(Discussion off the record regarding future meeting arrangements.)

MR. REYNOLDS: Process wise on the draft, I would like to recommend that before it comes to the full subcommittee, that if you and Maya draft it, John looks at it. We look at this as a controversial subject, and there are lots of views of it. So to have it be a measured draft, that is nothing positive or negative, that is just listening to voices, let it at least be looked at so that we don’t get ourselves too far one way or the other. I’m talking strictly process now, I’m not talking personal.

MR. ROTHSTEIN: I have no problem with it, but do you want to check with the gentleman you just volunteered?

MR. REYNOLDS: No, I am putting it on there as a possibility.

DR. BERNSTEIN: The more people that read the document and have comments on it, the better off we are in my view.

DR. TANG: We did have decent by the round robin thing, actually. We didn’t do bad with the — or maybe that is a different group.

DR. COHN: As long as you don’t try to do eight-hour conference calls, but two, two and a half hour conference calls, you can get a lot of work done.

MR. REYNOLDS: I agree with that.

DR. BERNSTEIN: Also, I heard in the conversation just before that we don’t expect that we are going to get to consensus on this particular section.

MR. ROTHSTEIN: No, but I think Harry wants to make sure that the arguments, when we say there is a pro and con —

MR. REYNOLDS: That multiple views become part of the next draft.

DR. BERNSTEIN: The arguments in the draft, the supporting statements for position A, position B, position C are —

MR. REYNOLDS: We have all agreed there are two philosophically different views, not good or bad. There are two philosophically different views. So in other words, I just hate to see it — I would love to see full vetting to make sure that if there is mention of both, that both have somebody that has —

DR. BERNSTEIN: I think we will have trouble providing you with an adequate, well-balanced, strong argument for every possible case there is.

MR. REYNOLDS: You are missing my point. I am not talking about that. I’m just saying, it is just important that if we have two philosophically different views, maybe we won’t in the end, or maybe we really don’t, because discussion would seem to say that, I would just like somebody to look at it.

MR. ROTHSTEIN: Okay, that’s fine. We will need to get an agreement on the timetable.

DR. TANG: Mine is a little more comment on the process. If you are going to have privacy by design, you actually have to design it to something. In some sense, we criticize Congress about — well, actually they passed the privacy deadline. Why? Because they couldn’t come to a majority.

In some sense, I don’t want to leave the public hanging, either, or the architects. I think we should strive to come to a conclusion. It may not be a total consensus, and it is maybe not possible, but I would really like to —

DR. HOUSTON: I think we can. On the other sections, there were some other points that we conceded.

MR. ROTHSTEIN: We worked out a compromise, that is true.

DR. HOUSTON: When we presented that stuff to the committee, it did not result in the committee having raised any initial concerns. So I think we as a subcommittee can get through — DR. TANG: I would like to set that bar there, rather than just a discourse of all the positive reasons why such and such.

MR. BLAIR: Can I ask a question?

DR. TANG: Sure.

MR. BLAIR: Are we talking about the issue where we were debating whether it was opt-in or opt-out and all of that?


MR. BLAIR: My thinking is, and it is going to be an echo of what I said yesterday, but maybe I didn’t say it in a clear enough way, it is one thing if we are grounded in legal references. It is another thing if we are grounded in understanding public sentiment and concerns and anxiety.

We could reach a consensus in our group on an opinion, but if we don’t have any grounding, then it is only going to be consensus of us. I still feel as if we really need to have something as an anchor, and if we don’t with respect to public opinion, then we are just another opinion, even if we have consensus.

DR. BERNSTEIN: What sort of thing did you have in mind, Jeff?

MR. BLAIR: I’m thinking of a comprehensive survey.

DR. TANG: Those have been done.

PARTICIPANT: There is one by the California Health Care Foundation.

DR. TANG: And it said there is a great deal of concern about privacy — every survey says that — but that people are willing when educated, even given a single sentence, which was a survey question, whether they would trade some of that and trust their data for care.

So I am certainly concerned about it, but if you designed protection so that I can share it, and confident that it is not going to be inappropriately disclosed, then I would give that up. I think that is all along what we have been trying to do, is to offer the right protections.

MR. BLAIR: Does that survey give us a useful framework to help us, to support our recommendations?

MR. ROTHSTEIN: Well, we don’t have any recommendations.

MS. HORLICK: It doesn’t really address a lot of the choice issues, like for the people that say no way is it all in or all out.

DR. BERNSTEIN: I think in principle, you try to survey the population, the population outside of this building doesn’t even know what an NHIN is or what an electronic record is, because most of their doctors aren’t using them. So it is hard to survey somebody about something that doesn’t exist yet, and they don’t have any experience.

MR. BLAIR: Let me rephrase it this way. Are there certain linchpin findings from that survey that we could reference as anchors to support our recommendations?

DR. HOUSTON: Can I say this, too? One other concern that I have is that even if you go and survey individuals, sometimes individuals don’t necessarily — I hate to say this, don’t necessarily know what they want or understand, even after a survey, understand. It depends on how you ask the question. These are very detailed, technical questions that I think are going to be very difficult to get good — I don’t know.

MR. ROTHSTEIN: Simon is next, but I just wanted to say, Jeff, that we are very cognizant of public opinion. We have several witnesses such as Alan Westin, who has discussed his survey, and other consumer representatives who discussed public opinion. I think it is probably —

MR. BLAIR: Let me realize, I didn’t know all the information sources you have.

DR. COHN: I was going to in some ways agree with Jeff, that we do need to go back and reflect on some of this information. I am reminded that how early this all is. People have not touched it, they have no experience with this.

Mark, you started out the conversation by observing that as we have got testimony, how uninformed and how unformed some of the opinions were. So this is going to be clearly an iterative piece.

I would remind everyone that the NHIN projects are — at least, the intention was not to come up with a final design, but to prototype a number of iterative designs, so that we learned at the end what it is we need. So while I think there is a sense that we need to move forward in all of this, we actually have a number of tools. One tool is coming to consensus, understanding the right answer and extolling it. Another thing is demonstrations or pilots or whatever to identify what works in this area.

I’m not saying what we should come to, but just remember, there are all various levels of recommendations, conclusions and whatever, and sometimes at the end of the day you don’t come to a final, yes, I know what it is. It is like when you are making a diagnosis. Sometimes you get down to this range of diagnoses, then you need to do these tests to come to a final diagnosis.

Once again, I don’t know what we are going to come to, but that is how we do it in medicine occasionally.

MR. ROTHSTEIN: We had talked to Jeanine about circulating calendars for December, January, February, March. Maybe we need to remind her to do that.

If we could get this done, that is, a new draft with John of Section 2 or B, depending on which version, would the members of the subcommittee be willing to have, or think it would be a good idea to have a conference call in mid-December to discuss that? Do you think we can make that deadline, or not?

DR. BERNSTEIN: Yes. My issue is I have another project that has a deadline on the 30th of November. There is AHEC all day the day before. So I have this other project. The first two weeks of December are more open. The question is, when we circulated the calendar last time, we circulated it all the way through December, and it wasn’t looking good for getting us together then.

MR. ROTHSTEIN: Did that include conference call times, too?


(Discussion off the record regarding future meeting arrangements.)

MR. ROTHSTEIN: So we will have with any luck by the February meeting, including the day before when the subcommittee meets, a decent version of Section 2 or B, or patient control of records.

Does anyone have, just thinking forward a little bit, I am persuaded for the architecture reasons and so forth, does anyone have a sense of what we ought to do next in terms of our priorities, based on the idea that we need to be ready to go, and have it something that is important early on for the planners and builders and designers of this. Something like enforcement we can always do last. It is the stuff that we need to build into the architecture. Enforcement doesn’t build into the architecture, not that that is unimportant.

So does anyone have any sense of — or maybe you want to think about that.

DR. TANG: You mean which sections?

MR. ROTHSTEIN: Yes, which sections.

DR. COHN: I think the key section is the first one, which is insuring the public trust. That is really the keystone, and all these other things are —

PARTICIPANT: But we don’t have any controversy there.

DR. COHN: That’s fine then. Maybe we ought to engage the people that are doing the work and ask them. I am hoping in that meeting that we get together face to face, either at the subcommittee or full committee meeting, that we will have a conversation with some of the people running the contracts, or something.

MR. ROTHSTEIN: I think the other section that we might want to consider next would be C. C contained the role-based criteria and the contextual access criteria. It seems to me that that is another architecture issue. If we wanted to recommend that, that would also have to be built in.

MR. REYNOLDS: And also the key for certification, back to the same thing again. Those are the kinds of things that are key for certification, whether a doctor would have role based.

MR. BLAIR: Role based. I haven’t heard class based or location based. Those are three different criteria that are often used for data security and authentication.

DR. COHN: I roll them up.

MR. BLAIR: You roll them up into on term?

MR. HOUSTON: I think I agree with you. For clarity we may want to define what role based is, or come up with some hybrid term that encompasses all the concepts that you described.

MR. ROTHSTEIN: Any way of restricting the scope of the available health information to people who have a legitimate need to use it, but maybe not everyone.

MR. BLAIR: Maybe in this context we don’t want to get too technical.

MR. ROTHSTEIN: Yes. So maybe if that term has a technical meaning, maybe we ought to pick another term that doesn’t have the same technical meaning.

DR. TANG: Role based is the common functional component of a system. It is usually by class, as Jeff was alluding to — physician, nurse, dietician.

MR. HOUSTON: But Jeff brought up location. Role based is typically not dealt with by location much, simply because those EHRs are single location. Like, we have a multi-location EHR.

DR. TANG: No, I think he meant like ward, right?

MR. BLAIR: I was just asking the question whether there was a reason that we were only mentioning role based, or had we just not —

MR. HOUSTON: My point is, I think a lot of people talk about role based access, they don’t think of the location component of it as much. Most of the role based access I dealt with, when there are multiple locations, you always take location into consideration in the role.

But it is a good point, because we need to make sure we are clear about that.

MR. BLAIR: It just depends on how we want the audience to react. If we want them to consider all those different aspects, then we have defend them all.

(Simultaneous discussion.)

Agenda Item: Summary of Key Issues

MR. ROTHSTEIN: So maybe we will do something like that. Let me recap. John has another issue he wants to bring up that is totally unrelated to this, and I said I would let him have 15 minutes.

We are going to do a redraft of Section B, try to schedule a conference call in mid-December, schedule a conference call in January sometime, and then by the February meeting have a clean version of that that at least we can look at, and in time for the executive summary discussion in advance of the meeting, we should have an idea of what we want to put on the agenda, if anything, dealing with that.

(Discussion off the record regarding future meeting dates.)

MR. ROTHSTEIN: Then I think we have agreement that the next section that we will do is C, which incudes — say that again, Harry? Limitations on — what did you say?

MR. REYNOLDS: Defined levels of access.

MR. ROTHSTEIN: Right, defined levels of access. So that would be that section. Then probably move on to public confidence or whatever, but we can revisit that issue.

MR. HOUSTON: I thought we pretty much nailed down the other sections.

MR. ROTHSTEIN: I think we are in good shape. But I think C needs some work and I think A needs some work. I think D, E and F are okay. They all need a little bit of tweaking.

MR. HOUSTON: There was no heated disagreement over any of those other sections.

MR. ROTHSTEIN: Among us?

MR. HOUSTON: Among us.

MR. ROTHSTEIN: Yes, I think so, but we need to clean it up a little bit to make sure that it reads better and is clear.

MR. HOUSTON: I didn’t hear anything yesterday that said we had some major —

MR. ROTHSTEIN: I agree with you. I hope you’re right. Is there anything else directly related to this project that we need to discuss? I think this was a very helpful discussion, and I think we are in agreement on where we need to go.

John, do you want to take over?

MR. HOUSTON: Sure. I wanted to just spend a few minutes as a followup to our discussion yesterday and my meeting with Susan and Linda two days ago, I guess it is now, regarding statistics. I thought it would be helpful for us as a subcommittee to maybe try to get on the table some of things that we wanted to do statistically with regards to the information that OCR has collected regarding complaints, with the hope that that might help us decide what topics and what priorities we need to make with regards to work on the privacy rule. It might mean that there is nothing we need to do, but it also might mean that the statistics bear out that there are areas we may want to spend some time if we have the cycles.

The information I heard yesterday was that there were — at the first level, there were two types of information that we could start to mine. First of all, they have statistics broken down — I don’t know if it is completely be section of the code, but by topical area of the rule, whether it be disclosures or training or notice. They have information broken down, so when they get a complaint, they categorize the complaint by what section of the rule is implicated. Tell me, Susan, if I get off base.

Then they have it broken down by entity types, what the complaint is related to. I think the one area that is a little short on information is that the two biggest entities is physician practice and hospitals. There isn’t any granularity there.

There might be some strategies for getting to better data in that regard, simply by looking at two things, the AHA guide, which should give us some bed count information, maybe be able to cross correlate to size of the institution, if possible. Also, we can look at — they have good zip code information that will also tell us whether some hospital is rural versus urban or suburban.

MR. REYNOLDS: Are those the only two categories?

MR. HOUSTON: No, there are about 100 categories, but —

MR. REYNOLDS: No, that’s fine.

MR. HOUSTON: Well, let me explain. I think what they did was, they used some pre-existing categories of entity types that were used.

DR. MC ANDREW: The system started off of an older case complaint tracking system that was developed in the civil rights area. So they had an established list of category types that were used in relation to the civil rights activities.

MR. HOUSTON: Right, she gave me the list. There are probably 15 types of clinics in that list by example. There are only two types of hospitals or three types of hospitals, but there is a variety of clinics.

The point being, initially it seems like we should be without much effort able to break down by entity classification and by section where the complaints are. There is also some information regarding disposition. The disposition information is fairly limited. There are categories of information, the disposition could be that there is no jurisdiction, which means it wasn’t timely filed or it wasn’t something within their jurisdiction to review.

Secondly, the disposition could be that it was investigated and there was no complaint. Thirdly, upon initial review there was nothing alleged. Disposition also could be with voluntary compliance. The last one you talked about was some other type of fallout, whether it was sent to the DOJ or somebody else for further evaluation. Generally, there weren’t any other — I think these were the main broad categories where you were able to do some type of —

DR. MC ANDREW: There was also a category where we had provided technical assistance.

DR. BERNSTEIN: Voluntary compliance is, you worked out some agreement with them about what they are going to do in the future, kind of thing?



DR. MC ANDREW: They propose some kind of corrective action that is satisfactory to resolve whatever the issue was.

DR. BERNSTEIN: Satisfactory to you, to your office, as opposed to the complainant.


MR. HOUSTON: The complainant is really only informed of the —

DR. BERNSTEIN: I understand. I was just wondering if there is any suggestion of whether they are involved in this, or whether you can ask for the entity that gets complained about to take some action in favor of the —

MR. HOUSTON: Let’s stick to the statistics so we can get through this, if we can get off the tangent of what they do. For statistical purposes, those are the main pockets in which things are collected.

My understanding is that there is no information — if there is voluntary compliance, there is no statistical information gathered today which would say whether voluntary compliance, let’s say, for instance, additional training, or that you disciplined a member of the workforce because of the violation. Voluntary compliance was that something was submitted to the OCR and it was accepted as being a plan for addressing the issue.

My thought is that we should avoid at least initially asking OCR to go back and say, can you go back and get additional information regarding voluntary compliance, and trying to get more statistics, because that would require somebody to have to sit down and go through the complaints and try to figure out what the different themes were. So we would like to try to stick to things where there is some data element that we can use that we can run reports from.

My thought is, at first blush, first level of reports I would like to see, is breakdown of complaints by entity types and by section, which almost makes a matrix.

MR. ROTHSTEIN: By section, —

MR. HOUSTON: Type of issue. So if it is failure to train or inappropriate disclosure, and then by entity.

MR. ROTHSTEIN: But in the category of inappropriate uses and disclosures, is that further broken down?


MR. ROTHSTEIN: That is a biggie.

DR. MC ANDREW: And I think one of the things we are finding is that it may not be that useful to try to break it down into our regulatory categories, but there are other types of issues involved in how the disclosure occurred that would be a more useful subdivision of that big category. That is something we are interested in working on, but the statistics aren’t there for that, either.

DR. TANG: But you already have a corpus of complaints.


DR. TANG: I think it would be useful to take that and then review some X amount of sample to come up with what kind of misuse was it, and the disposition. If all the disposition is training, that tells you something. If all the disposition is secure passwords — I think both the problem and the resolution would be very useful.

MR. HOUSTON: But recognize that right now as it stands, the disposition wouldn’t say it was impermissible disclosure. The issue wouldn’t have been disclosure, and the resolution wouldn’t have been training.

DR. TANG: So I am saying, go look at what we have, because that tells you the frequency, so that you can intelligently come up with these other more detailed classifications.

MR. HOUSTON: Actually, what we are doing, the next level we would have to go back to OCR and say we would like to understand better for this category whether you can have somebody go through and look at the information to see if it is training versus something else. We would have to formulate that question based on a first-level analysis.

By the way, before I forget, Jim Scanlon says he has somebody who might be able to help you out in that. So there are maybe some resources available to help us try to format some of these initial queries.

MR. ROTHSTEIN: Let me add an observation then. I applaud what you are doing, but I think we need to realize there are severe limitations of whatever we come up with. What we are trying to do is to try to take a system that was designed to track enforcement actions in a very narrow context and from that use that database as some sort of research database.

What we really need is a research enterprise wholly apart from OCR, which does not have research within its portfolio. It is a recommendation that we made many years ago, it seems, that there needs to be a research effort to study HIPAA, its effectiveness, and so forth.

I want to support your initiative, but I think this is a very limited sample, and we need to not have any illusions about what the data are going to show us.

MR. HOUSTON: There is no doubt about that. This is something we talked a little bit about. I agree with you. I understand there is a limited utility to some of this.

There are two things. One, I think we need to start somewhere to begin with, but I think we also need to in an informed fashion go back to OCR and say, if we started to categorize based on these — if we were able to gather this additional information in these data fields, that would help us on a prospective basis. The issue is, the horse is out of the barn, the existing data, it is what it is, and we should use it to the greatest extent possible, recognizing what some of our recommendations may be. If you can also capture these three data elements or these five data elements in the future, this will be of great use to us for research purposes. That is my only point.

MR. LOCALIO: Mark, I have to agree with you. Tracking systems, even when they are used for research enterprises, are usually terrible, because they don’t capture and categorize the information that is needed for further research.

I think you want to be a little bit broader. I think maybe the question is, what are the questions that one would ideally want to answer in designing a system that would allow people to determine the attributes of complaints and to do something about them other than on a case by case basis, and who should be responsible for that endeavor. I’m not sure that OCR with an on-loan statistician is the right entity for doing that. I just don’t know.

So John, I’m not disagreeing with you. I just think that —

MR. HOUSTON: I’m just trying to be practical. I understand the point. I think we have right now an entity that is collecting some data. We recognize it is not perfect, there are limitations in the data. What we are trying to do is get a little more insight into where we maybe need to focus sometime. Maybe it doesn’t give us good insight, maybe it does. Maybe it at least allows us to ask the next set of questions.

But I think we also have an opportunity hopefully with OCR to say at least on some limited basis, if we can start to collect these types of data elements, then we might get a little further along the way. My fear is that if we decide to try to develop a repository specifically for research, one of those unfunded projects which I’m not sure how we get it off the ground.

MR. ROTHSTEIN: We can’t do it.

MR. HOUSTON: Even so though, if we can get the people who are doing the intake to collect other types of data that allow us to get further along, then is that a good compromise? I don’t know.

DR. BERNSTEIN: It seems to me that instead of looking at what data is available and trying to figure out what questions we can ask of it, we should figure out what questions we want to ask and figure out where there is data. If there is not data, we should create the data that will answer the questions.

It so happens that there might actually be money for this, some small amount of money, not millions of dollars. But it is possible that there is money for doing program evaluation and for doing work that supports NCVHS.

MR. HOUSTON: I think what we should try to do in that context though is piggyback on what OCR is already doing as — they are already doing intake.

DR. BERNSTEIN: I understand, but if they are collecting the data that won’t answer the questions that we have, it doesn’t matter what the data is. If the data is bad, it is not going to answer our questions.

MR. HOUSTON: But first of all, there are a couple of different levels of this which are problematic. The first is that OCR has a real challenge, because some of the complaints — if you read some of the complaints, I’m sure they are extremely difficult to try to understand. Probably if you contact the individuals, it is difficult to get a sense of what they are really saying.

All I am trying to say is, on the front end, when they are doing all the analysis that they do to try to understand the complaint and to characterize it and put it into a database, if we can help them collect the data that we need and it adds very little effort to that process, I think it gets us further along.

DR. BERNSTEIN: That is an assumption, though, that it adds real effort to the process. The thing is, they are collecting data for their program purpose and to do enforcement. That helps them do their job. They are not necessarily collecting data that will answer the problems that we have, and it may not be an easy thing for them to change the existing structure of what they have or whatever. We don’t know.

But they are doing their job, and their job is enforcing and carrying out a particular program, and they need to use their resources to carry out their program.

MR. BLAIR: Is Mark still here?

MR. ROTHSTEIN: Mark is still here.

MR. BLAIR: Could I echo support for Maya’s comment? I really think that is the direction that would be the most productive for us. My observations blur a little bit as to whether the information source is OCR’s database or whether it is a private survey, or whether another survey has to be constructed. But I am resonating to Maya’s comments, because in my mind, in order to increase public trust, I am trying to think what are the greatest, most effective levers for us to do that.

Some of your questions sort of get at that almost intuitively, but we don’t really know which ones will make a difference. Paul, I glanced at that California Health Care Foundation survey, but I didn’t really study it.

So here are the types of things g I would think. I am piggybacking, Maya, on your comments, what we really want to know. I will give three examples. I don’t know the answer, but these are three examples.

If we have the public generally saying that they don’t want their health care information in electronic form, but they change their mind by 50 percent if they understand that access controls limit access to unauthorized persons, that becomes important. On the other hand, if it is the fact that — John, I want you to hear this as well — on the other hand, if the thing that really triggers a major shift in public opinion is the fact that there are audit trails, then that becomes where we go. Or a third thing might be, if they know the value of the data will improve patient safety, if that shifts their opinion dramatically, then that is where we go.

That is the kind of information I think where we could have very compelling powerful recommendations for public education and public relations.

MR. ROTHSTEIN: I am going to have to intervene here. The committee meeting starts in less than five minutes. We will set this aside for a minute. John is going to continue to have discussions with Sue and Linda and the rest of the OCR folks. We will put this agenda item back on another subcommittee meeting, and maybe we will see how it is going.

DR. BERNSTEIN: Can I just ask people to think about what the questions are that you would want to have answered about this, and if you have suggestions, to send them to me? It is possible that I could get something going in he next little while.

MR. HOUSTON: I want to talk to Susan about what can OCR practically do with the current structures that are in place. I am trying to be practical. Maybe I shouldn’t be, but I would really like to know what their current capabilities are and what they think they can potentially do to aid in this.

MR. ROTHSTEIN: Thank you all, and we are adjourned.

(Whereupon, the meeting was adjourned at 10 a.m.)