[This Transcript is Unedited]

DEPARTMENT OF HEALTH AND HUMAN SERVICES

NATIONAL COMMITTEE ON VITAL AND HEALTH STATISTICS

November 28, 2007

Hilton Embassy Row Hotel
2015 Massachusetts Avenue, N.W.
Washington, D.C.

Proceedings by:
CASET Associates, Ltd.
10201 Lee Highway
Fairfax, Virginia 22030
(703)352-0091

Table of Contents


P R O C E E D I N G S (10:20 a.m.)

Agenda Item: Call to Order, Welcome and Introductions

DR COHN: I want to welcome everyone; I know most of you have all ready been
through two hours of meetings. I want to call this meeting to order. This is
the second day of meetings of the National Committee on Vital and Health
Statistics. The National Committee is a statutory public advisory committee for
the US Department of Health and Human Services on National Health Information
Policy.

I am Simon Cohn; I am Associate Executive Director for Health Information
Policy for Kaiser Permanente and chair of the committee. I want to welcome
committee members, HHS staff, and others here in person as well as those
listening in on the internet.

Let’s now have introductions around the table and then around the
room. For those on the National Committee I would ask if you had any conflicts
of interest related to any of the issues coming before us today, would you so
publicly indicate during your introduction. I want to begin by observing that I
have no conflicts of interest. Jim –

MR. J. SCANLON: Good morning, I am Jim Scanlon with the HHS Office of
Policy Planning and Evaluation and I am the Executive Staff Director for the
Full Committee.

DR. STEINDEL: Steve Steindel, Center for Disease Control and Prevention,
liaison to the Full Committee.

MR. BLAIR: Jeff Blair, Loveless Clinic Foundation, Member of the Full
Committee.

DR. FITZMAURICE: Michael Fitzmaurice, Agency for Health Care Research and
Quality, liaison to the Full Committee, Staff Standards and Security
Subcommittee and the Quality Workgroup. Did you want us to indicate whether we
had conflicts of interest or not Simon? I do not have any conflicts.

DR. STEUERLE: I am Gene Steuerle; sorry it is hard to follow Michael
because he has so many titles. I am from the Urban Institute, a member of the
Committee, no conflicts.

MS. McCALL: Carol McCall, a member of the Committee and a member of the
Quality Workgroup, no known conflicts.

MS. AMATAYAKUL: Margaret Amatayakul, contractor to the ad hoc workgroup.

DR. CARR: Justine Carr, member of the Committee and the Quality Workgroup
on Standards and Security, Beth Israel Deaconess Medical Center and no
conflicts.

DR. STEINWACHS: Don Steinwachs, Johns Hopkins University, a member of the
Committee, no conflicts.

DR. GREEN: Larry Green, member of the Committee, University of Colorado, no
conflicts.

DR. W. SCANLON: Bill Scanlon, Health Policy R&D, member of the
Committee, no conflicts.

MR. LAND: Garland Land, member of the Committee, with NAPHSIS, no
conflicts.

DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the Committee,
no conflicts.

MR. HOUSTON: John Houston, University of Pittsburgh Medical Center, member
of the Committee, I have no conflicts.

MR. REYNOLDS: Harry Reynolds, Blue Cross Blue Shield North Carolina, member
of the Committee, no conflicts.

DR. WARREN: Judy Warren, University of Kansas, School of Nursing, member of
the Committee, no conflicts.

MR. ROTHSTEIN: Mark Rothstein, University of Louisville School Of Medicine,
member of the Committee, no conflicts.

MS. GREENBERG: Marjorie Greenberg, National Center for Health Statistics,
CDC, and Executive Secretary to the Committee.

MS. FRANCIS: Leslie Francis, University of Utah, member of the Committee
and no conflicts.

(Introductions around room.)

DR. COHN: Okay, I want to welcome everyone today. Now let me just talk
about what we are going to be doing in terms of the next couple of hours of
work. We are going to start off by talking about the Enhanced Protections
Report. You all have copies of a redline version of all of the recommendations
and observations which we will go through and make sure that it comports with
our conversations yesterday and you are generally in agreement with it. We also
obviously have a redline version of the landscape and introductory material. We
didn’t make copies of that but we have it on screen to go over. We will
start off with the observations and recommendations going until we have John
Loonsk coming to present to us around 11:30. Now that is going to need to be
relatively brief and succinct just because we will need to get back into this
letter. The intent will to be for us to finish discussion with the letter
before we break for lunch.

PARTICIPANT: You are really putting the pressure on boss.

DR. COHN: I just want to make sure we have a chance to go through it and
properly consider it.

Now after lunch we will be spending some time talking about work for the
workgroups and subcommittees and sort of what has been happening over the past
couple of days as well as plans for the remainder of 2007 and 2008. We do have
a revised document on Subcommittee and Workgroup Operations which I think we
will be able to pass out but we will probably be discussing in February. This
is you remember was something that we had talked about in September, we were
going to make revisions to and we’ve done that but it would probably be
best if you have copies of and look at and then we can talk about it as a
February item. As I said we will be adjourning at about 3:00 this afternoon.

Any questions before we launch into the Enhanced Protections Report? Okay,
with that Margaret and Harry, I guess Harry since this is the observations and
recommendations and I’ll let you introduce the section here.

Agenda Item: Enhanced Protections for Uses of
Health Data, “Secondary Uses” ACTION

MR. REYNOLDS: Last night we tried to incorporate all of the things that we
heard yesterday so hopefully as we go through this you will see some of your
work incorporated and some of your questions and issues.

Margaret what I would like to do since you would be best at seeing what you
deleted and everything why don’t you walk us through, we are going to go a
section at a time. It is important to note the document that is visible does
not match your line so we are going to go section at a time so stay with us on
the written document. Look up there and then find it. I’ll make sure that
we stay in the same sections and go slowly so that everyone knows where we are.
Because of different printers and different formats it just didn’t come
out the same so excuse us for that but we do have your other comments in there
and we will take that under advisement to make the numbers right. So with that
Margaret please start through.

MS. AMATAYAKUL: So the Guiding Principles section we included some of the
language that you were looking for and do you want me to read this paragraph?

MR. REYNOLDS: Yes.

MS. AMATAYAKUL: As NCVHS considered the testimony and its task to develop
recommendations for enhanced protections for uses of health data in light of
new technologies and health information exchange. It recognizes that there are
significantly diverse viewpoints both in the public and within its own
membership. As a result it adopted the following guiding principles which help
it develop a centrist approach to recommendations recognizing that there is
much more to be learned about NHIN. Evaluating each recommendation against
these guiding principles helps assure that differences in perspectives are
considered and that the recommendations strike a balance between assuring
benefits from optimal uses of health data but not at the cost of reasonable
privacy protections. Protection should and then the list is there and number
five, build upon existing legislation and regulations whenever possible. We did
have a comment that I found late last night after we all left that suggested a
change to read, build upon existing legislation and regulations when that is
the most efficient approach. I didn’t know which to pick up.

MR. BLAIR: Why qualify it? Why don’t you just say build upon existing
laws and regulations period?

MR. FITZMAURICE: I agree because it is always a tradeoff between resources
available or benefits and costs.

MR. REYNOLDS: Anyone have a problem with build upon existing legislation
and regulations period? Leslie?

MS. FRANCIS: I like the where possible because it suggests that there may
be times where it just isn’t desirable to do that and I wouldn’t
qualify it just to efficiency because there might be other reasons why it is
reasonable to junk a current framework.

MS. MCCALL: I concur with Leslie completely. I am comfortable with whenever
possible.

MS. WARREN: I guess I am trying to figure out a time when we would build
something that did not comply with legislation and regulation.

MS. FRANCIS: Not complying is different from recommending a change and I
think there will be times when instead of building upon existing regulations
new frameworks will be in the offing but that at least needs to be out there as
a possibility.

MR. HOUSTON: I would propose rather than possible, I would say simply use
the word “appropriate.”

MR. REYNOLDS: Okay other comments? Thank you Margaret moving on.

MS. GREENBERG: I have some issues with this new language in this paragraph.
I’d have to think about whether it is substantive or wordsmithing but I
assume it is maybe the latter and we can deal with it offline.

MR. HOUSTON: Can I actually make a point? I think there is some
wordsmithing; I am going to assume that we are going to stay in large measure
away from wordsmithing and we should give comments back to Margaret.

DR. COHN: Exactly, I do want to remind everyone that we are looking at
substantive issues there will be time if you have wordsmithing pieces to get
that in and post all of this and then if anything sort of rises to a major
substantive issue we will have to adjudicate that. Okay Margaret?

MS. AMATAYAKUL: Under Observations and Recommendations other than putting
the first paragraph in a box and adding, to HHS has a variety of means to
promote the data storage of principles and achieve enhanced protections, there
was no change in the introduction.

MR. REYNOLDS: Okay so that takes us down to number one. Everybody in
concurrent, Margaret?

MS. AMATAYAKUL: Number One on Observations and Recommendations on
Principles of Data Stewardship for Accountability and Chain of Trust within
HIPAA there were a few wordsmithing changes. When we get to the middle here,
without assurances of proper de-identification methods being employed and
without –

MR. REYNOLDS: Hold on one second. So we are on our document, we are on page
19. So it would be everything prior to that Michael?

DR. FITZMAURICE: Two things, one is that under one Observations and
Recommendations on Principals of Data Stewardship for Accountability and Chain
of Trust. Chain of trust, most recent line one is 19 and 20. The chain of trust
is not in the attributes listed on the previous page that is, these principles
include responsibility for attention to and accountability, transparency. I
would either take it out of the observation or have the committee consider
having chain of trust as an attribute of data stewardship.

MS. AMATAYAKUL: I can fix that.

DR. FITZMAURICE: Yes, but which way does the committee want to go on it?
Does the committee want to include chain of trust on page 17, line 94 that it
is one of the attributes of data stewardship and it would go along with
accountability, transparency, individual participation? Or does the committee
want to take out chain of trust from the observation title that is on line 19.

DR. COHN: Okay well I think Margaret is suggesting we do just include
accountability, chain of trust up there I’d really think this wordsmithing
but are people okay with that?

DR. FITZMAURICE: Then secondly, we talk about data stewardship principles;
we don’t have a list of them anywhere in here. Are we saying our
recommendations are the principles, or that they should be developed by
somebody?

MR. REYNOLDS: If we say, these principles include?

DR. FITZMAURICE: We say that, which principles are we talking about? Do we
have a list of principles, Margaret?

MS. AMATAYAKUL: I think what we did yesterday was change this to, these
principles include responsibility for attention to accountability et cetera and
then –

DR. FITZMAURICE: I have no problem with that statement. It think it is good
as it stands but we talk about these principles, do we know what they are or
should somebody develop them? That is all I am saying.

DR. STEINDEL: Mike I think there is a look of, we don’t understand
what you are asking because we have a list of what these principles are.

DR. FITZMAURICE: You have a list of what the principles apply to; you
don’t have a list of what the principles are. Above you have principles
that apply to the recommendations, if you want to call those stewardship
principles it is fine with me.

MS. AMATAYAKUL: We talk earlier in the document about the HIPAA privacy and
security rules actually being sort of the foundation or founding or initial set
of data stewardship principles that we are building upon that. I don’t see
the HIPAA privacy and security rules as being sort of a list of principles that
you could just check off exactly.

DR. FITZMAURICE: True but we can check off on the list of the principles
right above the Observations and Recommendations. I don’t see a list of
data stewardship principles so if we are talking about it in the abstract we
should make sure that the reader would understand that we are talking in the
abstract about data stewardship principles not saying that we have them and
here they are. Or if we have them we should list them out.

DR. WARREN: Right and we had talked about that yesterday. About taking that
list we were talking calling “attributes” and really making a list
that would be much like the list on 17 that starts, protection should; we would
say data stewardship principles should and then we take each one of those
attributes and really turn them into a stem like this. That would be the list
of principles that Mike is talking about.

MR. HOUSTON: Can we just delete the words, “on principles,” or
“principles of?” So Observations and Recommendations on Data
Stewardship for Accountability and Chain of Trust-

MR. BLAIR: Could you talk to the microphone? Could you repeat that in the
microphone?

MR. REYNOLDS: I am assuming that we are on 19 and 20 still really getting
into the core, why don’t we simply say the Observations and
Recommendations on Data Stewardship for Accountability and Chain of Trust
within HIPAA.

DR. STEINDEL: He is talking about the title for one, the bold title and I
would object to removing the word “principle” but and making it a
noun.

MR. FITZMARUICE: I am past the title on to the second point I wanted to
raise and that is we talked about data stewardship principles throughout. We
don’t list them. We may not have principles for data stewardship.

DR. COHN: I guess I am going to jump in here. I don’t know if we need
to adjudicate this right now but I think this gets down to sort of fundamental
questions of what your definition and framework around what principles means. I
don’t know that everything needs to look quite like that to be a
principle. I think our view is that really the principles are all of our
recommendations is what I think is really intended here.

DR. FITZMAURICE: I would accept that that we think the data stewardship
principles are following our recommendations.

MR. REYNOLDS: Simon why don’t, we will work with Mike on this. In
other words is there anybody on the committee that has a problem with the fact
that we work this out? Because you are not changing the content, you are not
changing what we are saying, and in the way it is structured, or how we list
it. Margaret moving on –

MS. AMATAYAKUL: We were in the Observations part of One and the substantive
change is, here without assurances of proper de-identification methods employed
and without an awareness of the uses made of de-identified data covered
entities are unable to describe what uses may be made of individuals’ data
and are not able to confirm other proper and reliable methods of
de-identification are being used. The risk of information being re-identified
continues to increase as more public data bases become available and techniques
for re-identification become more sophisticated.

I think this was Paul’s suggestion yesterday that I just want to make
sure we got right.

MR. HOUSTON: That was one of the key subjects that came up the
re-identification. Okay? Margaret move on –

MS. AMATAYAKUL: There are some other wordsmithing until we get to 1.1 and
in 1.13 we added, covered entities should specify in their business associate
contracts that there must exist a contract with protections equivalent to the
business associate contract described above, et cetera.

1.14 following from the same stem that, any organization that supplies the
identified health data.

Then 1.2 we attempted to bullet all of those. I don’t think there is
any change in wording except for in 1.21 where, this recommendation may be
accomplished by HHS issuing guidance of all practical scenarios for a covered
entity fails to appropriately manage a contractual violation by a business
associate that could result in violations to the HIPAA privacy rule for a
covered entity.

MR. REYNOLDS: Just substitute the word “address” rather than
“manage.”

MS. AMATAYAKUL: Okay 1.3 stays the same.

Then under Two, Observations and Recommendations on Data Stewardship for
Transparency, I have some footnoting problems that I’ll fix later.

In the section on the bottom of page 22 and going to the top of 23 where we
discuss the difference between authorization and consent, we made some changes
to these two paragraphs so I’ll read them.

The first issue associated with the use of an authorization as intended by
the HIPAA privacy rule is that it does not require an authorization to use or
disclose to another covered entity protected health information for treatment,
payment, or health care operations so long as the entities have a relationship
with the individual who is the subject of the protected health information. An
authorization however is required for other uses and disclosures that are
enumerated and I specified the sections. However, the privacy rule permits a
covered entity to obtain a consent for uses and disclosures for treatment,
payment, and healthcare operations by covered entities. Consent in healthcare
more commonly refers to the permission given by an individual to a provider for
providing healthcare services and, in parentheses, which may include
interviewing, examinations, specimen collection, and treatment of the
individual as well as use of health information. In summary the use of the
terms authorization and consent and when such are required or permitted causes
confusion.

The section on consent in the original HIPAA privacy rule was modified in
2002 from requiring to permitting consent. This still allows covered entities
to obtain consent as desired and to follow more astringent state laws
containing consent requirements for uses and disclosures of protected health
information for treatment, payment, and healthcare operations. Some public
comment urged a return to the requirement of consent for all uses and
disclosures of protected health information. NCVHS did not believe that it was
realistic to recommend a reinstatement of this requirement at this time but to
build upon the HIPAA data stewardship principles to afford privacy protections
and to evaluate ways to manage individuals’ authorizations in a NHIM. See
Recommendation 812.

MR. REYNOLDS: This plays a lot off of one of Mark’s comments yesterday
about say what we say. Say why we did or didn’t do something.

MR. HOUSTON: Yes, one comment on the second paragraph, you used the word
“afford,” “principles to afford privacy protection,” that
phrase. There all ready are privacy protection so I don’t want the
implication that there aren’t any and I would propose that we use a word
rather something like the word “enhance” so that the phrase would
read, build upon the HIPAA data stewardship principles to enhance privacy
protections and evaluate ways to manage individuals’ authorizations NHIM.

DR. CARR: I think this reads better, my only question is it is appearing
under the transparency and the part about transparency is that the words
“consent” and “authorization” are not clear in the lines of
the public. The rest of this really I think is appropriate to the discussion
about uses of health data under TPO. It explains the history of the
consideration of consent and I think it would be I would make the
recommendation that we move it to where we talk about that quality remains
under TPO, whatever that section is.

MR. REYNOLDS: Okay let’s see what the other questions are on it and
then we will decide if everybody likes it once we get it like we like it then
we will decide if we are going to move. Okay so Jeff?

MR. BLAIR: Margaret I like what you wrote very much. There is one word that
it is our justification for the decision and we said, NCVHS doesn’t think
it is realistic. Maybe that is the right word or maybe it is not but it left me
in a feeling like, why? Why is it not realistic and I am perfectly satisfied
with us going down this path. Maybe I just need to understand why that was the
word that was chosen.

MS. AMATAYAKUL: We tried out a lot of words.

MR. REYNOLDS: The point is, the reason why we made this statement because
obviously going all of the way even though we heard some testimony that there
is technology available to do all this right now, we don’t feel that it is
pragmatic be it or realistic to be there yet. We don’t feel that going in
and going ahead and reinstating this consent at this time is realistic.
Obviously these things will be continually considered as we go along, Simon do
you want to make a comment?

DR. COHN: Yes, I am actually thinking we went through this a number of
times and I am actually wondering if rather than adding words like that maybe
we should say, NCVHS does not recommend reinstatement of this requirement at
this time but instead recommends that we build on rather than, I think that we
tried all sorts of ways and this was about 10:00 last night.

MR. REYNOLDS: I have got Marjorie and then Michael.

MS. GREENBERG: I would support that because if in fact that is what you
mean, because by saying that we don’t think it is realistic it implies
that you think it is a good idea but it is not realistic. I am not sure that is
what you mean.

Also I think to say reinstatement of this requirement actually, since at
the time the privacy rule went into effect this had been removed. I don’t
really think it would be a reinstatement, it never was a requirement. It was a
proposed requirement but the final rule that was implemented did not include
it. Am I correct on that? So it sounds like, well we had required it and now we
don’t and I think that is misleading.

DR. FITZMAURICE: NCVHS did not believe it was realistic to recommend
reinstatement of this requirement at this time but to build upon the HIPAA data
stewardship principles. I don’t know where they are. I know in HIPAA –

MR. REYNOLDS: Let me do this Mike, we got that. Okay? I promise you we have
it as a committee. We understand that those principles –

DR. FITZMAURICE: This is the HIPAA data stewardship and they don’t
exist. There are principles for selecting standards under HIPAA, about 12 of
them, they are listed as an example of what principles are but unless we can
footnote this I don’t think it is accurate.

MR. REYONLDS: All right, any other changes to this? John, I am sorry Paul
was on my list. Paul and then John –

DR. TANG: So as we look back at 1.1 and 1.2, I am just applying the concern
that consumers had about where the data is going and unless I have missed
something you are saying you must have a business associate contract. It must
follow the chain of trust and it should be transparent but nowhere did we
reinforce that. You shouldn’t do anymore than the HIPAA covered entity
should be allowed to do. To apply that example that we had on Monday if they
put in the fine print, we plan to sell your data and they are transparent about
it they could do that activity. I am just applying the test that caused the
concern to what we are recommending and I don’t find that we have actually
excluded that behavior in these two sentences.

DR. FITZPATRICK: I would think even a provider can’t do that. HIPAA
does not permit a provider to sell my data. Paul is right it is not
transparent.

DR. TANG: It is not clear. It seems like we would want to reinforce since
HIPAA does say that a business associate should be bound by what the covered
entity is allowed to do with their data it would be nice for us to reinforce
that here, because that is at the root of what we are trying to prevent.

DR. CARR: But isn’t it true that what happens with the identified data
is not covered by HIPAA?

DR. TANG: But they didn’t have to do anything according to the HIPAA
de-identified. They chose their own method of scrubbing pieces of the identity
out.

DR. CARR: So what are you saying?

MR. REYNOLDS: I am not, Paul help us out I am really struggling with what
you are trying to add that would not all ready be covered by the law and would
make us want to make –

DR. TANG: So today there are companies that will take your data for a HIPAA
authorized transaction and then continue to go on to do other things that it
would like to do. The things that we put in here don’t necessarily
preclude that or at least in a clear way. That seems to be the number one
motivation for this exercise.

MR. REYNOLDS: Margaret?

MS. AMATAYAKUL: Let me look at 1.12 for a moment. Covered entities should
specify in their business associate contracts terms that explicitly describe
what HIPAA de-identified data may be used and to whom HIPAA de-identified data
are supplied. It is up to you I mean it doesn’t say you can’t use
that data for anything. It is basically saying, I know upfront what you are
telling me you are going to use this de-identified data for. I could say no I
don’t want to sign this contract.

DR. FITZMAURICE: That is suggesting as a reminder to the writers that they
can’t do some things with the data and their business associates
can’t do those same things either, no matter whether they sign a contract
or not.

DR. TANG: So as John indicated, many of the contracts he is presented by
third parties include describing in a transparent way at least to the person
signing the contract that they plan to do things that are not permissible under
HIPAA. This would say as long as you put it in your –

MR. HOUSTON: De-identified data, as soon as it is de-identified
sufficiently it falls outside of HIPAA. That is simply an issue of the fact
that there is a lot of people taking de-identified data as, whether it be a
business associate or otherwise and this is sort of one of these qualitative
value judgments as whether that type of practice should be occurring.

DR. FITZPATRICK: I don’t think we are talking about de-identified data
here. Some vendors use identifiable data for their own purposes because the
providers signed a contract that permits them to do it but it is not
permissible under HIPAA.

MR. HOUSTON: Okay I see because I thought there was this issue of using
de-identified data which is typically what then occurs. They take it and
de-identify it and use it.

DR. CARR: I think there is two parts to the answer to Paul’s question.
In this document what we have done is we say that, any organization that
supplies de-identified data for a specific purpose will ensure that the
de-identification process follows HIPAA. That takes care of one that you
can’t just partially de-identify if you are supplying de-indentified data
it has to be HIPAA de-identified.

The second part what you do with it I think is where we got into the
decision to hold further hearings because although we understand the things
that we have talked about in that article on Monday, there are other uses of
de-identified data and we didn’t want to address them here without having
further hearings so as to avoid unanticipated consequences in the
recommendation.

MR. REYNOLDS: Michael you seem to be saying that we are not dealing with
the de-identified.

DR. FITZPATRICK: What I think that we are not dealing with strongly enough
and that the providers could use a reminder, is that they can’t agree that
somebody else can sell their clinical data that is identifiable. Even if they
sign a contract saying, yes you now own this data you can do with it what you
want, you can sell it. They don’t have the right to do that under HIPAA.
So you must see patient authorization for that.

MR. REYNOLDS: Why would we want to restate HIPAA?

DR. TANG: Because that is the primary problem that we are addressing so
many people who are the root cause of this discussion. Many people in their
contracts, third parties believe that they are protected and indeed probably
they are by just disclosing up front to Mr. Houston that I plan to go sell your
identifiable data and when that person signs it they feel like they have they
have free reign –

MR. HOUSTON: This wasn’t a question but actually a recommendation back
to I think it was Simon. If we are going to change the wording regarding
whatever we are going to call this reinstatement or this, however we want to
word it if we are going to make it a recommendation then we should just simply
make it Recommendation 2.1.5 that we recommend that not to be included within
HIPAA the reinstatement of the requirement or however we are going to word it –

MR. REYNOLDS: Well it probably ought to be 2.11 because everything else
would then build off of it. If we are saying that we are not going to do it. We
are saying here is what we are going to do instead.

DR. TANG: Right but I think the point is that we are saying that we should
make a recommendation of this, I think it was Simon’s point and if that is
the case we should simply add it as a recommendation.

DR. STEINDEL: I didn’t hear any comment to make this a recommendation.
The only comment I thought I heard was to move this.

MR. HOUSTON: No, Simon made the comment that rather than say, NCVHS did not
believe that it was realistic to recommend reinstatement of the requirement he
said NCVHS does not recommend the reinstatement of this requirement at this
time.

MR. STEINDEL: But I don’t think there was a recommendation to make a
recommendation of it, to make it a formal recommendation. Justine’s
comment was to take the paragraph itself and to move it to the section where we
talk about operations.

MR. REYNOLDS: We are not dealing with Justine’s yet.

MR. HOUSTON: I am reacting to what Simon had proposed in terms of revised
wording which was, in fact a rec – making a recommendation and if that is the
case then that part should be put out as a separate recommendation. That’s
all I am saying.

MR. REYNOLDS: You are saying that we use the word recommendation; recommend
is somewhat of a term of ours so, Simon?

DR. COHN: I guess I don’t have a strong feeling about this however it
just doesn’t feel much, and since we are not recommending that they do
anything it is sort of like I guess we could get in front of every section
saying we support HIPAA or something. I thought it is in the recommendation
section and it is part of the observation but as I said, I guess I don’t
really care is the truth.

DR. STEINDEL: I actually do Simon. I think if we make this a recommendation
with a number in front of it, it is going to be a lightening rod.

MR. BLAIR: What if we just use the word “support?” NCVHS does not
support changing. I think that is a good way that you move it out of the
discussion of whether it should be a recommendation. I think once we put it as
a recommendation we are going to have –

DR. STEINDEL: Okay, that is fine.

MR. REYNOLDS: Justine now let’s go back to where you wanted to move
now that we have got it like we want it. Where do you want to move it to?

DR. CARR: To seven.

MS. AMATAYAKUL: I would like to suggest that this be kept here and maybe
something added to seven. The reason I suggest that is that, I read this
document to Jeff and after every half a page he asked me what is the difference
between consent and authorization and I was like saying, Jeff wait a minute
I’ll get there, I’ll get there, I promise I’ll get there. So the
earlier we can put this in I think the better off we are. But we could add it
to seven as well.

DR. CARR: I think what I was saying was having the difference between
consent and authorization makes perfect sense to have it there but we go on to
say more that is, what line was it?

MR. REYNOLDS: We are not changing the content or the meaning, we are
deciding where to say it best, is that a fact?

MS. AMATAYAKUL: Yes, so the recommendations on transparency on 2.1 had some
wordsmithing changes. Let me run 2.14 by you. A transparency should be achieved
through making information available about the specific nature of protected
health information disclosed to other organizations such as public health. HHS
should issue guidance to covered entities to incorporate references in the MPP
about what types of protected health information is disclosed to other
organizations such as when legally required or permitted for public health
purposes and make this information available to individuals upon request.

2.2 is Recommendation for Education on Uses and Protections for Health
Data. Somebody suggested that change. HHS should develop and maintain a
multifaceted national education initiative that would enhance transparency
regarding uses of health data and emphasizing the benefits relating to quality
measurement reporting and improvement in an understandable and culturally
sensitive manner. I think somebody suggested we add that.

MR. REYNOLDS: Comments? Yes, Mark.

DR. ROTHSTEIN: I have some problem with the language in 2.2, specifically
the clause and emphasizing the benefits relating to. That reads to me like it
is sort of propaganda. I would be happier if it read simply, an enhanced
transparency regarding the uses of health data for quality measurement
recording and improvement and do so in an understandable and culturally
sensitive manner. I think that –

MR. BLAIR: What is being removed when Mark says that?

MR. REYNOLDS: All he is doing is he doesn’t want it emphasized; he is
making it more matter of a fact. Is that a fair statement Mark? It is just a
matter of fact statement that that should be included in the education period.
It is not selling it.

DR. FITZMAURICE: Could he read that again please?

MS. AMATAYAKUL: HHS should develop and maintain a multifaceted national
education initiative that would enhance transparency regarding uses of health
data for quality measurement, reporting, and improvement in an understandable
and culturally sensitive manner.

DR. COHN: Well I think the only problem was we thought that there needed to
be an educational thing that also included so would suggest for quality, you
say including –

MS. MCCALL: I would like to include research in the list if possible.
Research is a big component later on so –

MR. REYNOLDS: Moving to three.

MS. AMATAYAKUL: Section Three, we did flip the two recommendations, 3.1 and
3.2 and we added in 3.2, which is Recommendation on Obtaining Authorization for
Use of Personal Health Information Not Covered by HIPPA Protections. HHS should
take applicable means to ensure that uses of personal health information held
by any organization not covered by HIPAA i.e., HIPAA covered entities, business
associates and their agents must obtain an authorization from the individual
for collection of personal health information and for any uses or disclosures
other than the maintenance of the personal health information. See also
Recommendation 9.1.

DR. FITZMAURICE: My clarification, when we have the i.e. there, held by any
organization not covered by HIPAA and then, i.e. HIPAA covered entities,
business associates and their agents. It implies to me that we are saying that
those organizations are not covered by HIPAA, that they are an example of any
organization not covered by HIPAA.

MR. REYNOLDS: We put that in there so to make sure you found that one.

MS. MCCALL: Couldn’t it say i.e. other than?

MR. HOUSTON: The added, I am just not sure what in an added language what
you mean by, other than maintenance of personal health information.

MS. AMATAYAKUL: I think the question somebody posed was, what is the
authorization needed for? So I was trying to say what it was needed for.

MR. HOUSTON: Could we simply say authorization from the individual for the
collection, use, and disclosure of personal health information?

MS. AMATAYAKUL: Four? Four is Observations and Recommendations on
Principles of Data Stewardship for De-Identification. We did some wordsmithing
taking out the extra example words.

Recommendation 4.2 was some substantive change, Recommendation on Uses of
De-identified Data, NCVHS heard that there are significant concerns surrounding
uses de-identified data and that these warrant more thorough analysis. NCVHS
will conduct hearings to determine how to structure guidance for best data
stewardship practices. Topics which should be addressed may include but not be
limited to uses, statistical de-identification process to meet a certain
threshold for certain probability of re-identification, uses involving sale of
de-identified data, exposure from re-identification, and allowable uses of
de-identified data.

MR. REYNOLDS: That covered a lot of what we talked about yesterday as to
how we worded it and how, Christine I like some of what you brought up
yesterday. Mark –

DR. ROTHSTEIN: Do we want to add to that list of potential of group based
harms? Didn’t we discuss that yesterday?

DR. FRANCIS: I thought we discussed that earlier and that was something
that I was going to bring up because I don’t know where –

MS. AMATAYAKUL: It is in the background. I did do that in the background,
or I tried to anyway.

DR. ROTHSTEIN: Shouldn’t that be one of the risks in this list of
risks that we are setting up?

MR. REYNOLDS: The fact that it is missing would maybe generate more
questions than the fact that it is in there and what we do or don’t do.
Okay, five.

MS. AMATAYAKUL: Five is Observations and Recommendations on Principles of
Data Stewardship for Security Safeguards and Controls. Here we added in the
recommendation of the inclusion of the vendors. Recommendation 5.1,
recommendation of technical data security management approaches the last
sentence now reads, this guidance for security management should also be
directed to organizations that are not covered entities that maintain and or
transmit personal health information as well as to vendors of health
information technology.

MR. HOUSTON: I am looking at the sentence starting on line 66, and to
insure that their business associates and agents are fully compliant with the
HIPAA security role authorization access authentication audit control
requirements. Why do we need the language authorization access authentication
audit control requirements? Why don’t we simply say, ensure that their
business associates, agents are fully compliant with the HIPAA security role or
something of that sort?

MS. AMATAYAKUL: Are you referring to in the actual 5.1 there where I –

MR. HOUSTON: I would, where your cursor is at right now, I am just
recommending that we delete to the end of this sentence.

DR. WARREN: Well for me when I read that, I mean if I were really, really
familiar with the security rule it would be okay to put the period there but I
think it kind of reemphasizes that these are the four areas that we are talking
about.

MR. HOUSTON: My concern is that somebody might think that is an opportunity
to not have to comply with anything else that is in the HIPAA security rule.

DR. FITZMAURICE: We could put afterwards, including access authentication
because I agree with Judy, it is explanatory, it helps people understand this.

MR. HOUSTON: I just want to make sure people don’t think, oh I am
going to get out of free card; it is not one of those –

MS. AMATAYAKUL: Next is Observation Recommendation Six on Principles of
Data Stewardship for Date Integrity and Quality. And 6.1 the Recommendation, we
didn’t make any changes above. Recommendation on data quality and data
integrity HHS data stewardship guidance should address the precision, accuracy,
reliability, completeness, and meaning of data used for quality measurement for
quality improvement as well as other uses of health data.

MR. REYNOLDS: Comment, okay moving on.

MS. AMATAYAKUL: Observations and Recommendations Seven, on Oversight of
Specific Uses of Health Data. We have two sections here; uses of health data
for quality measurement, reporting, and improvement within healthcare
operations. NCVHS considered whether there were or should be boundaries around
what quality activities are included in HIPAA’s definition of healthcare
operations which may be outside of that definition and may call for greater
choice for individuals whose data are included. Although we may have been asked
for a little bit more specificity in certain areas at different times from ONC
it seemed like this was pretty much of interest to you to keep.

We also added to tell the story a little bit better maybe I should
summarize the first paragraph, in addition to that first paragraph, we talk
about the definition of quality assessment improvement being within healthcare
operations about the organized healthcare arrangement that is possible. Several
testifiers observed that they had instituted oversight processes. Then we added
that, testimony was also heard that suggested the desire for a wider role for
individuals in deciding whether to permit their health data to be used for
quality assessment activities. We cite a study, in a study on authorization
bias for data based research study reported by Harris 3.2 percent of
individuals actively declined participation while another 17.5 percent did not
respond and then some additional information.

Then at the last part just before the recommendations we added a little
paragraph, having heard the testimony concerning the benefits and potential
risks to individuals that may arise from uses of health data for quality
measurement, reporting, and improvement NCVHS believes that enhanced
protections for such uses of health data should build upon the protections
afforded by the HIPPA privacy rule while remaining as part of healthcare
operations.

MR. REYNOLDS: Yes, John?

MR. HOUSTON: I just want the opportunity just to read through it just one
more time. The question I have, if it is all ready in the privacy rule about
the protections that are to be applied to health data use for quality purposes.
Why does there need to be an enhancement of it and if it is all ready part of
healthcare operations why do we need to restate that? I guess I am confused.

MR. REYNOLDS: Justine.

DR. CARR: We spoke about this this morning in the quality workgroup that as
we look forward to longitudinal episodes of care, data will come from different
sources and map to an individual to be able to see longitudinal outcomes. The
issue had come up in the AHIC quality workgroup in particular about whether
that definition of quality covered all of those sources of data. I think that
we have the answer here in organized healthcare arrangement so that even if it
is not the same institution it is still a fair and organized healthcare
arrangement. It is still considered quality and still covered under operations
and if anybody from HIC wants to comment, yes?

MR. HOUSTON: If that is the explanation I think we need to look hard at
what an organized healthcare arrangement allows you to do from a data
collection and use perspective and where its bounds are because I don’t
think you can simply extend that to NHIN or some broader data collection
scheme. I don’t think HIPAA would then permit the use of identifiable data
absent of patient authorization and as such I don’t think you can even fit
it under healthcare operations. I mean I think the whole idea of an organized
healthcare arrangement is a fairly self-contained set of activities that a
group of covered entities are doing on a specific patient population where they
all have some relationship or potential relationship with that patient and once
you get out of the four walls of that organized healthcare arrangement you will
lose the right to do healthcare operations. I think HIPAA is pretty specific
that there has to be anybody involved in healthcare operations quality related
activities using patient data have to have a relationship with that patient
before they are allowed to do it on an identifiable basis.

MR. REYNOLDS: The reason that we put this in was back to the idea of
saying, we heard the testimony and we have decided kind of to do this. Looking
back at the recommendations in 7.1 and so on I think that says the same thing.

DR. CARR: Well I think that John’s raising an important point. This is
a very important point. This is the important point because of the issue
that de-identified data is not useful in trying to assess quality outcomes and
so identifiable data is needed and the question is under what umbrella or what
protection? Yes, Steve –

MR. REYNOLDS: On 7.12 we talk about cross organizations. I am struggling
with, I thought I understood John’s question I am struggling with where we
went after that.

DR. STEINDEL: I think John’s point is very correct but I think it is
covered in 7.12 where we say, that the organized healthcare arrangement as
defined by HIPAA which is clear. It has got to have a direct relationship with
the various members of the organization and then we go on in section eight and
we specifically start talking about, okay what happens when we deal in the
world of the NHIN that is different.

MR. REYNOLDS: Okay because I think there is, we have to be very careful
that we –

DR. STEINDEL: Wait, I think we are in total agreement that the world of the
NHIN is different and we have a separate section that deals with that
specifically.

MR. REYNOLDS: Okay so back to, we added that new paragraph trying to
address comments, questions, and issues that came up yesterday. Rereading it
again this morning in the light of day which there was no light last night when
we did this that is for sure, I am not sure that where it is with the
recommendations right after necessarily creates any kind of a crescendo or
anything. Anybody else feel that is necessary to remain?

DR. ROTHSTEIN: That goes to my concern from yesterday that we only had one
side of the issue and what was added about the Mayo study was sort of the other
side of the issue and this is the, okay we heard this, we heard this, now this
is what we have decided. If anything is to be dropped, I mean I think you need
something at the end saying that, we have heard both sides of this and this is
what we have decided. So I mean I don’t care how you change that around
but I think that is logically an important piece of this.

MR. REYNOLDS: What we could maybe change toward the end of that is to say,
we heard this testimony and so on and we believe it should stay in operations
and the following recommendations are –

MS. MCCALL: Well do we want to handle it like we did the prior one which is
it doesn’t stay a recommendation but before you get into recommendations
we support what we have done you know 15 minutes ago.

DR. COHN: I think that is what this is. I think this fine.

MR. REYNOLDS: Good, Paul.

DR. TANG: Maybe this is wordsmithing, that last sentence I sort of think
you mentioned builds a crescendo like the other shoe is going to drop and then
it says, and we are not doing anything when in fact I think what we meant was
after considering the testimony concerning the benefits, protections employed,
and potential risks to individuals. You see what –

MR. REYNOLDS: Okay. Good. Moving on, please.

MS. AMATAYAKUL: So the recommendations there didn’t have any changes.

The next section in this is uses of health data for research. We added that
this was the definition we have there was from the common rule was also the
same as the privacy rule. There is a section on, there is several important
issues however in uses of health data for research variations and
interpretation of research regulations, and in this section we added to that
ending paragraph there, other gaps in research definition were also identified
by NCVHS such as surrounding decedent research representatives from the OHRP
indicated to NCVHS that OHRP was working on clarifying the element. There is a
recommendation that relates to that later.

DR. FITZMAURICE: On the sentence right above where Margaret read the
sentence reads, the FWA which is the Federal Wide Assurance, the FWA is the
process in which the institution has voluntarily elected to apply the FWA to
all human subjects’ research conducted at the institution regardless of
the source of the support for the research. I would suggest we don’t mean
FWA there we mean the common role. Otherwise it is a circular. Institution has
voluntarily elected to apply the common rule to all human subjects’
research. If in fact that is what the FWA states.

MR. REYNOLDS: Margaret are you going to add –

MS. AMATAYAKUL: I would like to go back to Julie from OHRP, I think she
submitted this and reviewed it also for us. If I could –

MR. REYNOLDS: Michael if she verifies it then –

DR. FITZMAURICE: Yes, but even if she verifies it, it doesn’t say what
it means. It doesn’t say what applying the FWA means. It means you send it
to the institutional review board so it is not clear. If she says it then she
will give you words of clarity to say, here what it means.

MS. AMATAYAKUL: So there were no other changes in the observation section.
7.2 on Harmonizing Research Regulations, and 7.3 Quality Research Guidance, 7.4
Wide Dissemination, 7.5 on Transitioning Quality into Research remain the same.
Then we added 7.6, Recommendation on Further Investigation into Uses of Health
Data for Research. NCVHS identified certain areas that require further
investigation such as research based solely on data from electronic health
records and decedent research. It also heard the potential value for common
oversight of quality and research within an organization. NCVHS will further
study these areas and make recommendations as appropriate.

MR. HOUSTON: I think that goes a long way, the only question I would have
and it is one of mandate, I don’t know whether it is necessarily NCVHS
that needs to study these or whether there needs to be some involvement with is
it OHRP or whomever else that oversees research. The other issue is I
don’t believe it is, you know there is other types of research that
clinical trials and the like, they are not federally funded that may also be at
play here so there is a lot of islands here. I want to make sure we capture
them all and get the right people involved because it is a fairly complex
undertaking to do. I like the point, like the section, I just want to make sure
we are accurate as to –

MR. REYNOLDS: Carol did you have a question?

MS. MCCALL: It wasn’t with respect to 7.6; I guess it is on 7.3 and
7.4. It is more than wordsmithing but it is our use of quality/research as kind
of a hybrid term when prior we have taken pains to actually separate these
topics out. We have said they are in fact; they tend to be conflated anyway. We
are trying to separate them and then we have got this hybrid term in here so is
it that way for a reason in terms of this –

MS. AMATAYAKUL: Quality and research?

DR. CARR: Yes, we are using a recommendation for quality/research guidance
when in fact this section is dedicated to research and we have all ready gone
through quality. So there could be a specific reason for using that slashed
term but I wanted some clarification on that.

MS. AMATAYAKUL: I wonder if it might have been because this isn’t the
research section but the issue is when quality evolves into research so then
this is sort of quality/research question or overlap.

DR. CARR: Is the issue where there is overlap and whether it is quality or
research.

MR. REYNOLDS: So Carol would say quality and research overlap, rather than
quality/research?

DR. FRANCIS: How about quality and research overlap, or when quality shifts
to research?

MS. MCCALL: As long as we capture that that is what is happening otherwise
I think we are perpetuating what is something that we all know to be ambiguous.

DR. TANG: I am trying to salvage some kind of recommendation out of this
section instead of think harder. So the one that I am going to suggest that we
make into a recommendation is under 7.6 right now it says, potential value of
common oversight, could we recommend that there be common oversight over
quality and research added institutions?

DR. COHN: I guess I will speak for myself on this one just responding, I
thought it was a very interesting recommendation that came up yesterday for the
first time in all of our conversations.

PARTICIPANT: Interesting – good or bad?

MR. COHN: I don’t know I think it is something that is very
interesting but I sure wouldn’t want to start recommending things that
came up without hearing some public input on them. That was sort of my
suggestion was that we need to put it into something where we need to hold
further hearings on –

MR. REYNOLDS: That’s why we didn’t drop it off. One of the
reasons we recommend that we follow up on is we not either say, do it or say,
we don’t know what to do but somebody else figure it out. Leslie.

DR. FRANCIS: If we say NCVHS will take the lead in further study of these
and development of recommendations as appropriate and we have said we are doing
it but we are doing it with others.

DR. TANG: I thought we were asked to do that in the first place so I am a
little hesitant to have something better to say.

DR. FRANCIS: I think we can’t have something to say better to say
about the quality research interface right now without exploring it.

MR. REYNOLDS: Our feeling right now, we haven’t had any testimony or
anything else on this subject and what would be the pros and cons, pluses or
minuses. Then we would just be recommending that. We haven’t had any
review, we haven’t had an open process, we haven’t had public input,
we just say, hey do it.

DR. TANG: You don’t consider the Mayo input or Mario Canes(?) input to
be relevant to this?

DR. STEUERLE: Paul we haven’t examined by size of institution or the
nature of institution, just all sorts of –

DR. GREEN: I agree with the thrust that we don’t want to claim to know
more than we know here. In that spirit on page 31, in the cutoff lines, it is
line 35, differences between quality activities and research we have a sentence
here that declares that there are important differences between quality and
research. I go back and reread the material before and after, it doesn’t
suggest that we know what those are. It really cuts to the point about our new
recommendation 7.6. This is what requires attention. I am not sure but what
that sentence should be deleted or revised to say something more honest about
our position which is that we heard testimony that it is confusing but what the
important differences are between quality and research. But to just make a
blanket statement that we know for sure, and in this point in 2007 that there
are very important differences between quality and research I don’t think
comports with the rest of our letter. It actually reads fine if you just take
that sentence out and keep going.

MR. REYNOLDS: Margaret you got that? Go back one page under differences
between quality activities and research –

DR. GREEN: It actually reads fine if you just take that sentence out and
keep going.

MR. REYNOLDS: Yes, the sentence that said, there are also important
differences between quality and research and Larry said we don’t expound
on them.

DR. COHN: Are you suggesting that we just remove that sentence which is
probably an easy solution.

DR. GREEN: I think that is an easy way to stay out of trouble.

MR. REYNOLDS: Justin – with her hand way in the air..

DR. CARR: I’m short, Harry. So here we are taking things from the
Hastings Report and this MD Anderson is from the Hastings Report. Margaret
O’Cain is from the Hastings Report, and so we have selected those things
and to say, here are some things that people do and then we’ve made the
recommendation that we need to look at it more carefully particularly with
regard to institutional size and so on. I agree with what Larry said that this
is confusing so I don’t know that we have said that this is confusing.

Secondly, is it appropriate for us to take two examples out of the Hastings
Report to say, this is how they do it?

DR. GREEN: Well see one of our examples says that they have a way of
distinguishing research and quality. Our next example says, I don’t think
you can make the distinction.

DR CARR: Yes, again it goes back to what I was saying yesterday about if we
are going to hold a hearing on something I think we ought to not say what we
are thinking we are going to find before we hold a hearing.

MR. REYNOLDS: So what did you decide that we are going to change?

DR. CARR: Well I am wondering if we should take that out. If we should just
have something rather than talking about MD Anderson, just that the boundary
between quality and research is confusing. There are some models that
institutions have found and we need to have hearings about it.

MS. MCCALL: To amplify that that would be my recommendation that we
literally walk into it that way. We have language at the bottom of page 31
starting on nominal line 46; it could be rephrased to move up to the beginning.
This is another group that has grappled with. What we could actually say is a
number of entities grapple with this and here are some different examples of
how they approach it. There does not seem to be a linguafranka(?) you know
around this and we recommend therefore the following.

DR. CARR: I would just use them as citations rather than specifically
highlighting a particular organization.

MS. MCCALL: Just as examples perhaps taken to extremes, not meant to
necessarily to imply that we have sufficiently surveyed the landscape.

MR. REYNOLDS: I know there were some other hands, there needs to be a
substantive comment. We are coming back to all of this so we, Leslie, if you
need to say something right now.

MS. FRANCIS: What I was going to actually say was that it is weird there
because there are two bullets there and they are the same bullet,
distinguishing quality, differences between quality activities and research.
That’s weird. So if what you did was just take out differences, that
second bullet head I don’t understand this right now.

DR. COHN: Now we need to sort of take a break and take a deep breath what
we will do is to start sort of right here and I think Margaret will take us
offline for the next half an hour to 40 minutes and then we will sort of start
up again.

DR. COHN: We are very pleased to have John Loonsk join us and John thank
you for your forbearance in terms of us running significantly late here but we
did want to try to make it through as much of this as we could. I think
everyone knows John. John is one of the Directors for the Office of the
National Coordinator. John we are very pleased to have you joining us.

Agenda Item: John Loonsk, Director, Office of the
National Coordinator

DR. LOONSK: Good morning to the Committee. First I want to thank you for
all of your hard work on the secondary uses activity. Clearly secondary uses
are not secondary in importance as we all now know and so it is very
appreciated.

What I am here to talk about today is an update on two other activities
though specifically and that is work on the standards affront and work on the
nationwide health information network and the trial of limitations. I had hoped
to give just a brief update on both of them and then hopefully we will have a
little bit of time for question and answers.

So to begin with just as a very high level of overview of standards in the
National Agenda we have priorities being expressed in the form of use cases
leading to standards harmonization on the healthcare information technologies
standards panel and inoperability specifications which are then going forward
for use in several different contexts including certification criteria to be
used in the certification commission for healthcare information technology. The
leveraged and enforced in stark(?) and kickback regulations in terms of
ensuring interoperability for donated systems to be implemented in federal
systems, in federal contracts as per the executive order specified therein and
also to be used in the next step activities of the Nationwide Health
Information Network.

The standards that we are concentrating on are indeed data and technical
standards that we hope to demonstrate tangible interoperability. We are
particularly focused on standards for health information interchange between
organizations versus inside the firewall of a particular organization although
at times that line is blurry at best. Its standards for security and
confidentiality controls are being worked. Its standards to support
functionality are of electronic health records versus interoperability are
clearly also important but take a backseat in terms of advancing the
interoperabilities work in this regard. As such one of the important goals of
this activity of standards in the national agenda is to have testable
implementation specifications. We feel that whether it is being done in the
context of a developer using a system to test that they have implemented a
standard correctly as their developing software, whether it is in the context
as sort of certification of that software or system to insure that it is indeed
interoperable in the way it is specified.

The testing aspects of the standards are an important consideration; this
area that we are continuing to advance as we move along. We have identified
through this process inspection testing of the standards and specifications,
implementation testing to feedback to the standards harmonization process and
then indeed developing tools and capabilities for developers and certification
to have definable, testable implementations because that is the target in terms
of getting to interoperability between systems.

To describe these dependencies, testable interoperability is based on
having very specific standards and specifications that are agreed to by all.
That is based on having a valid process for identifying the standards, this is
the harmonization process and that is based on having an appropriate context
for the standards being used. All of this is by way of introducing where we are
on this relatively complicated diagram. There is a handout that is being passed
out as well so that you can take this and study in your free time at home.

Basically what this describes is the various aspects of the standards
process that we are now engaging as part of the national agenda. It lays out
three cycles or three turns of the crank as Secretary Levitz says and where we
are relative to each of those. At the top level we have the 2006 so called 2006
use cases feeding into the first turn of the crank. In the middle we have the
2007 use cases feeding into the second turn and then at the bottom we have the
2008 use cases leading into the third turn of the crank.

For each of those cycle timelines there is an identification of the high
level standards to be used. There is the development from HITSP of a specific
implementation guidance. How those standards need to be used with a kind of
detail that can express interoperability then there is a time for acceptance,
implementation testing, and consideration by the industry. A year has been
identified as the timeframe both in the context of this certification
commission and in the context of the executive order for having implementation
level guidance that is available that developers can target to implement in
their systems.

So identification of priorities, harmonization of standards, and then a
year’s worth of time between the acceptance of those standards and
implementation guidance and when there can be an expectation that they are
implemented in systems. That cycle time essentially between the harmonization
process, the prioritization process, the use case work has come out to be about
two years. Where we are right now in this first cycle is we are on the verge of
the December timeframe for Secretary Levitt to recognize the first round of
interoperability specifications. They were prioritized back in the first use
cases, the implementation guidance and the standards were made available for a
period of a year and then Secretary Levitt will move from having accepted these
by virtue of recommendation from the AHIC to recognizing them in December of
this year.

When they are recognized that is the term that kicks in the specifications
in the executive order that they need to be considered in all upgrades and new
federal systems that are related to those healthcare activities. That year
timeframe is also being used roughly for consideration by the certification
commission for the time between having detailed standards available and when
they can put into the criteria that require that those standards are to be used
and are to be certified in the systems that they are certified. So roughly a
two year process, where we are right now is at the tail end of that first cycle
relative to the two years as represented at the top.

We are also simultaneously engaged in activities for the next turn of the
cycle, next turn of the crank and are initiating activities for the third turn
of the crank relative to the next round of activities is just beginning. So the
status of these essentially is that I describe the status of the first round of
standards, the second round as represented by the 2007 use cases for emergency
responder DHR, medication management, quality, consumer access of clinical
information are being worked inside of the healthcare information technology
standards panel with an intended delivery date of their first round of
interoperability specifications in the first quarter of 2008. Then those will
be advanced to the AHIC, the American Health Information Community, and they
will then proceed through the same year’s worth of time before they are to
be considered for recognition.

Where we are with the third round is that we are in the process of the use
case development for the next six and if you will notice we are ramping up from
a throughput standpoint here as well. The first round had three, the second
round had four, this next round has six use cases that are being advanced and
these have gone through one round of public comment and then an early stage of
the prototype use cases. They will go through another round of public comment
probably in January with an intent of having them available when HITSP finishes
its work on round two.

Having gotten through most of a cycle for this apparatus we have also been
trying to work to refine it and a number of things have been considered. We
have commissioned a panel from the Institute of Medicine to look at the cycle.
We have been working with the AHIC to try to get the use cases available
earlier so that there is more time. There has been a time dependency which we
think we can work to eliminate. HITSP has been working to try to alleviate as
much as possible demands on volunteers, volunteer burnout being a
consideration. HITSP has also been trying to work to be a telecommunications,
teleconferencing, and other methods to try to decrease the demands on
volunteers while still having them be the decision makers on the standards
through the process that has been described to indeed have staff do more to
support them. We have increased the funding for HITSP this year so that they
have more staff to do several different things including these types of
activities to try to refine the work that they are doing.

HITSP and CCHIT have a joint working group that is working to coordinate
the timeframes and the considerations between HITSP and CCHIT relative to
standards, moving through this overall process. We have identified a need to
have at times CCHIT and the NHIN go back to HITSP and give them, and get a
preliminary read on directions for standards as they move forward. So in an
area that certification is considering or an area where the NHIN has particular
needs we are trying to implement a process that they can get input from the
HITSP panel even though an interoperability specification is not available in
that standards area to get a sense for the direction that HITSP in that area
and try to use that as those two activities move forward.

Finally in this regard we are having CCHIT and HITSP give input to the AHIC
process as well to make sure that the gaps and issues that they see in terms of
certification and standards harmonization are fed back into the prioritization
process as we move forward. This is the listing of priorities that relate to
the different use cases I have identified. I talked about the first three
rounds. The fourth round of more granular priorities has been taken back to the
HITSP, CCHIT, also to the AHIC working groups that produced it to revalidate
that these are the priorities and to also see if there are additional
priorities that need to be added to feed into still the next round of these
activities.

So a whirlwind tour through a fairly complicated series of activities and I
think that we have learned a lot from the first round. We are clearly
emphasizing in the context of both certification, there was an announcement
recently where the Certification Commission has begun a project to for example
develop testing software for the CCD, the summary record that has been
harmonized by HITSP but to be able to have some freely available testing
capabilities to ensure that that summary record is implementable, that it can
be proven that it is implemented correctly, and to eventually use also for the
actual certification process where a juror would review the indeed
implementation. All of this beat going to the point where we have to test to
show that these standards are implemented properly if we weren’t going to
demonstrate through tangible interoperability. So Simon I have some slides on
the NHIN I am not sure if you want to pause and take questions here.

DR. COHN: Actually why don’t I let you go through and then we are
going to be very constrained on questions at this point so why don’t we
let you do the whole presentation and then we will hopefully allow at least
allow a couple of questions.

DR. LOONSK: So the other activity that is moving at a rapid clip is the
Nationwide Health Information Network. The general context here as to refresh
people’s minds is this is about a network of networks to securely connect
consumers, providers, and others to have or use health related data. All of
those non secondary, secondary users that we are talking about in this context
and others, we are not building a national data store to support the NHIN as a
network. We are not having a centralized system, a network of networks and we
are getting to this through the shared architecture, shared standards,
standards that support particular services and obviously there will need to be
processes and procedures to ensure that this is advanced as well. In this
regard we are defining a NHIN health information exchange as a health
information exchange that actually implements this shared architecture. These
standards and these processes are when there is a compliant health information
exchange it will be one of those that actually implements those in very
specific ways that are attestable and demonstrable.

Health information exchanges that we are building this out of can take
several different forms. We are using the term HIE in a broad context that
could include classic jurisdictional, regional health information organizations
at the state or regional level. It could also include integrated delivery
systems that do health information exchange; it could include potentially
health plans or health data banks that are doing health information exchanges.
We thing they all have an important role in this process and that it is
important that the NHIN is a broad tent to advance use activities moving
forward.

In that context we view there to be some core services that need to be
considered for health information exchange as a platform for building this
network of networks. Some of those core services that I think people can
understand at a particular level is common approach to patient look up and
information retrieval, the ability to route information securely and deliver it
to where it is needed. We would put in there routing of several different types
of information. We have prioritized this summary record as a particularly
important type of information that needs to be routable in this context. We
think that will have great value and traction.

There is the need to support certain services around consumer access
controls so that needs to be done in a way that is common among the
participants in the NHIN, then the provision of electronic data for reporting
and other uses. Indeed having these core services enables a great number of
capabilities. I would mention that this is among other things I mentioned
before that this is an opportunity to test and implement the standards that we
were talking about in the context of HITSP. So that is certainly a priority
here.

More broadly the NHIN in this context is a network of networks that shares
these standards will provide as a capability consistent and standardized access
to provider organizations nationally. It will allow for regional and state
based information management, i.e. not centralized data store for these
purposes and for a number of reasons that you all are very aware of. That is an
attractive methodology for managing sensitive information. This is a secure and
reusable infrastructure that we anticipate building specific health initiatives
on. On the top here I point to the use cases because they are important to test
in terms of the standards but is also an example in which specific
functionality; quality is certainly one of them but many others are to be
supported on this common infrastructure moving forward.

Where we are with this, is the first step was prototype architectures. The
second step is to specify and test and that is where we are now. That is the
trial implementations phase. Then we are driving toward as the policies and
procedures come into place, production systems and in 2009-2010 timeframe for
initial production.

Meanwhile throughout this process we are taking information and needs and
issues out of the NHIN and feeding them into other aspects of the national
agenda and we are taking particular requirements that have been specified by
other aspects of the national agenda and feeding them into the NHIN process as
an example that work NCVHS did on functional requirements and others. The
privacy and confidentially work was written as part of this process as well.

We are pleased that we have awarded nine awards to regional or
jurisdictional health information exchanges. That doesn’t mean that that
is the only type of health information exchange we are interested in. We think
this is a good starting point because these regional jurisdictional HIEs are
interested in non-proprietary exchange of health information securely and to
meet a variety of different goals and many of them are doing this. They are
moving data now and part of the advantage of working with them is we think that
they can contribute strongly as an attractor to bring others into this
activity. The goal here is to make it attractive enough for others to want to
participate, to develop the specification and approaches for that to happen,
that groups and organizations really see the value of connecting to these
services and that it is appealing to them to want to connect and implement this
and share their data in an appropriate and secure way.

As an attractor to that these nine HIEs are one piece. We also announced at
the last AHIC meeting that there is a federal consortium for federal providers
and care and others who are going to be participating in the trials and
limitations and we hope to continue to advance the health information exchanges
in the broad context I alluded to before adding them to this process. There has
been interest expressed by others in joining this as well. We are very
enthusiastic about that and hope to in the future have additional announcements
for those who are joining.

This year their work is sort of broken up into two pieces. One is they need
to develop the specifications for the four capabilities that I alluded to
before, that not all of that has been detailed to the extent necessary to
develop a network of networks that is a substantial portion of their first part
of their work. The second part of the work is they are actually going to
implement and then demonstrate them. Then at the end we are going to have
actually demonstration in place of this health information exchange inside of
and between these different health information exchanges for the four functions
that I alluded to as the core services and also for the first seven use cases.

We offered out to these HIEs the opportunity to do two of the seven use
cases in the first round that were advanced. Interestingly enough of the seven
all of them were top priorities for one or more of the HIEs. There are clear
differences in these health information standards. What works in one
jurisdiction is not necessarily what works or is ready in another jurisdiction
but among them all those priorities actually each found root in one place or
another. Although they don’t all agree on which ones they are prioritizing
across the board the top priorities represent all seven use cases. That is a
useful thing going forward so we can test the standards and test the
implementations as they move forward as well. There will also be use cases
demonstrations at the end of this year also. To accomplish this we have created
what we are calling the NHIN Cooperative and it includes a series of different
working groups that are developing the specifications and working on some of
these issues. You will see testing again prominent there.

I also point to the so called, DURSA working group which is about data use
and reciprocal support agreement. There is a working group that is targeting
having the data use agreements in place for this first round of work, for the
trial implementations not point to point data use agreements because if you
think about the math in that it gets very complicated very fast. Not just
having ten or more health information exchanges that all would need point to
point data use agreements with each other but also to think about all of the
provider organizations and others that connect to those health information
exchanges and you can see that it basically advances exponentially. The concept
of the DURSA working group is to come to a one to many arrangement where there
is a common approach to implementing those and clearly some of this is about
substantiating trust models for how these health information exchanges and the
providers they connect will work with each other in this broader environment.

They are also working on reciprocal support in a network of networks that
is not just about data use, it is also about how do you establish that if there
is something that needs to be addressed in a different HIE that they will
support if you are still in another HIE in terms of tracking a problem,
responding to needs, and even just providing data in a timely fashion and
appropriate fashion. This work is now ongoing and we are going to have a forum.

In the last round we had three public fora for the NHIN. We are looking to
continue those public fora; the first one is going to be held December
11th and 12th in Long Beach, California. There was a
strong suggestion that not all activities actually occur inside the Washington
Beltway, shockingly enough and so we are taking this on the road starting in
Long Beach which is one of the sites of one of the awardees. We hope to have
some sessions in other places as we move through this year as well. Culminating
in some very public demonstrations of these capabilities that will be done in
the context of public fora also at the American Health Information Communities
and potentially elsewhere.

We are very excited about both of these activities moving forward. I think
they both represent very substantial progress toward a lot of the vision that
NCVHS and others has articulated in the past for moving forward with the
capabilities for health information technology.

DR. COHN: John, thank you very much. I really appreciate the overview. Now
I think as I have all ready explained to you we are under some very tight time
pressures trying to get this report out. What I am going to suggest is that we
may have time for about three questions with the idea being that it will take a
much longer period when we get together in February and hopefully really you
will have a little more time at our leisure to go through this.

I saw a couple of hands up, one was John Paul. Leslie I think you had your
hand up?

DR. FRANCIS: I actually was going to suggest that Mark maybe could ask the
question about how all of this interrelates with our privacy and sequestering.

MR. HOUSTON: A comment and a question. I think one thing is the one year
sort of process to get these standards adopted seems like a very short period
of time which concerns me but the one thing that I did want to comment on and I
question about is related to the what is it called the DURSA which I think is a
really important thing. One question is where is there more information about
that and are you going to use that model also to develop? I think there is sort
of a security framework and everything from how we provision providers into
this framework and deal with access logging and things of that sort of, is
there going to be sort of a similar model for that as well?

DR. LOONSK: First to your standards comment. I just want to make sure that
it was clear that the year that I am talking about is from the availability of
the fully detailed implementation guidance to when there could be an
expectation for it being implemented. That indeed in the federal sector for
example that year then leads to not that it is retrospectively implemented but
that it needs to be considered for all upgrades in new systems. If you take
that year and you consider that at the far end about upgrades and new systems
and then you realize that actually what we want is to have them engage from the
get go in this process it is really a much longer process. We are hoping that
people are paying attention at the start looking at those standards,
recognizing the high level name standards that are being considered,
participating where ever possible, and their representatives participate in the
specification of those and that all takes it much farther back.

We agree that DURSA projects are very important in terms of moving this
forward. We are doing two things with it and so let me be clear. That is a very
challenging timeframe for their work to accomplish this and so we have broken
it into efforts for the trial implementations where we can depressurize some of
the particularly problematic issues through them being trial implementations
and not production systems, but doing that in a way that sets the framework for
actual production so these two goals are both clearly on their timeframe. We do
think that that group is much broader than just data use. It is about
reciprocal support. It is about ways in which the various participants need to
advance security and security practices as well. We have a technical working
group on security as one of the working groups of the cooperative but we also
think that they are very much issues like you allude to in the context of the
actual implementation of reciprocal support.

MR. HOUSTON: Is there a place to go for detailed information on DURSA?

DR. LOONSK: In their initial stages they are moving very fast. It is co
chaired by two of the HIE leads and one of the things I should make sure is
pointed out is these working groups are being lead by these HIEs. So far that
has been going very well and it is important from the perspective of this is
not a top down development process but very much a bottom up.

There will be information available at the forum in December and after the
forum. The products of this will all be publicly available as they advance. We
will be looking to work out how to make those accessible to those that were
interested as things progress but they are all going to be publicly available.

DR. ROTHSTEIN: John, NCVHS is working on recommendations for the Secretary
on the issue of sensitive health information and consumer controls and it would
be very valuable to us if you could go into a little more detail about your
consumer access controls and where you are with that.

DR. LOONSK: First of all let me reiterate that we did as part of this
contractual procurement actually reference the previous NCVHS recommendations
in this regard as needing to be considered in these implementations so let me
just say that.

Secondly we feel that consumer controls and consumer services are a very
important part of this next step of the trial implementations and there is a
variety of different activities that are referenced here in the core services
that include allowing the consumer to identify their location of choice or a
network personal health record. They can specify this is where I want my
personal health record to be stored. The implementation of access controls at
that intersection, the implementation of controls at the HIE level has also
been described in the core services and a variety of other consumer support. We
would be glad to come back to NCVHS to discuss those in greater detail. I
don’t have those specific services on the slides in front of me but I
would be happy to do that in greater detail when we have more time.

DR. FRANCIS: Could I just interject here? One of the things that concerns
us is the risk that as things get designed the only choices are going to be are
you in or are you out? Rather than an option to for example sequester mental
health records but otherwise have your information in the network. We are
deeply concerned about design moving before those things can be thought about
seriously. Of course we are utterly aware of the technical difficulties of
anything like that which is partly why our letter hasn’t gone anywhere yet
but it is a serious follow up to the June letter. So the question that I would
at least like to press is how can we be sure that we know what we need to know
now so that the horse isn’t out of the barn?

DR. LOONSK: Well as I think you know there is a full spectrum of opinions
on this particular area. We are with the NHIN think that in this trial and
limitation phase have implemented an intermediate step which would allow for
more granular control than in or out. Would consider the ability to say you are
in or out. Now we have shied away from opt out because there are the capability
that is suggested here is where a consumer could identify themselves as not
wanting their information to be electronically exchanged as a potential
technical tool versus having to opt out every time they experience care or
experience some ancillary organization that is potentially recording their
information and making it available electronically. Again we would be pleased
to talk to the subcommittee or to talk to the NCVHS more specifically about
what is going on in this regard around the trial implementations. It is clearly
an area that is still maturing and we recognize the sensitivities you expressed
about not having technology go forward that isn’t in line with more
sensitive controls but you know there is a reason we are doing trial
implementations right now versus production systems. Some of these policy
issues relative to how this moves forward is our prominent in that
consideration.

DR. COHN: Now Larry I think you have I hope it is going to be a short
question. You are the last one and then we will wrap up this section.

DR. GREEN: Sure, I want to express my admiration for your coming back and
your keeping going. I want to just convey a question that we heard yesterday in
a presentation. It is clear from your presentation how important use cases are
for driving the agenda, it is where things start. The question is when will
there be a use case for primary care?

DR. LOONSK: The use case process which I didn’t talk in great detail
about is generated from priorities that are expressed from the AHIC.
AHIC’s principle role here is to prioritize activities. If you think about
that I chart like graphic I had where there are all of these granular
priorities on the right. They tend to be more granular than that and there is a
reason for that then primary care as an example. Essentially what we are trying
to do is foster an integrated system where these different aspects are working
together. One of the risks in the use case process in general is to have
stovepipes, to think about a narrow area and to only address that particular
area. I am not saying that primary care is narrow but what we are doing from a
process standpoint is to try to coordinate across them. What we have done and
this is perhaps more involved than we can get into now is we have tried to
identify more granular priorities than that and to try to than make sure they
work in a couple of different contexts. Clearly primary care is a critical
consideration for the priorities moving forward. I don’t think that a
primary care use case will come from the AHIC but elements of primary care
activity have been considered in almost every use case to date. Those that have
not been considered should be advanced through this process. I would commend to
you your representatives to this because we are in the process right now of
doing this next round of priorities and the thing that would be most helpful in
that regard is to identify a little more specifically those priorities in
primary care that you don’t think have been addressed yet in the existing
use cases so that they can be put on the agenda and everyone understands the
importance of them moving forward.

DR. COHN: Well, John, thank you so much and as I said we will book you for
a much longer period in February so we can have a little more dialogue.
Margaret we need to get you back up going here. We do apologize for everyone. I
know I am being sort of like a slave driver here but we obviously do need to
try to get these recommendations and observations all together.

Agenda Item: Enhanced Protections for Uses of
Health Data, “Secondary Uses” ACTION (continued.)

MR. REYNOLDS: Okay we are starting on number eight is that correct? We made
a few changes. We were trying to figure out what to do with 7.6. I think we got
7.6 adjusted didn’t we Margaret? Margaret tell us where we should be here.

MS. AMATAYAKUL: Well I did two things. I worked on seven and I also tried
to work on 1.1.1 a little bit for Paul. Can we take that first would you mind
since it is here? For 1.1.1, covered entities should specify in their business
associate contracts, how about adding what I have got in green there, terms
that exclusively describe what identifiable health data may be used and for
what purposes by both the business associate and by any agents with whom the
business associate made contract. Specificity in the contract allows the
covered entity to describe such uses to individuals and determine any potential
changes over time. The addition is the contract must not permit the business
associate to use or disclose identifiable health data that the covered entity
is not permitted to use or disclose.

MR. REYNOLDS: Any comments? I am good with it once we put “ways”
in.

MS AMATAYAKUL: Then I wasn’t sure whether you wanted to add that to
1.1.2. So the contract must not permit the business associate to use or
disclose, I would repeat the same thing except instead of identifiable, put
HIPAA de-identified. I wasn’t sure if you needed it in both places.

PARTICIPANT: State that again?

MS. AMATAYAKUL: In the 1.1.2, it would read, the contract must not permit
the business associate to use or disclose HIPAA de-identified health data in
ways that the covered entity is not permitted. I just wanted to be doubly sure.

MR. REYNOLDS: Okay next.

MS. AMATAYAKUL: In Seven, under Uses of Health Data for Research, I kept
the bullet variations and interpretation of research regulations with the other
gaps there. Then I kept the bullet distinguishing quality activities from
research and in here it says, testimony to NCVHS described a full spectrum of
how organizations addressed the quality research conundrum and I should add the
term that we used before there. From requesting annual IRB review of quality
studies such as the New England using a decision tree framework to guide
internal activities in determining when an activity is not researched such as
from group health to considering any study with intent to publish research
which was from Mayo.

I left in the comment that John Lumpkin made about good quality improvement
activities, chairing important characteristics with research.

Then I took the other two examples out. The MD Anderson and the rest of
that and then left as sort of an introductory sentence to the recommendations,
as the nation seeks value driven healthcare clarifying research regulations and
distinctions between quality activities and research are critical to address.

DR. WARREN: Since we took those two examples out, I would like to have as a
reference to this section, I don’t know exactly where to reference it, but
reference the Hastings Report. I think everybody pretty well recognizes that so
it may be right up in there just put a footnote and then down in the –

MR. REYNOLDS: Okay any other comments? Did we do it, go ahead. Did we
change anything? Are we set with 7.6?

MS. MCCALL: Can you go back up to read the lead in and show the lead in now
to the actual recommendations? Because it seems like it falls off, it
doesn’t segue way well.

MS. AMATAYAKUL: As a nation seeks value drive healthcare clarifying
research regulations and distinctions between quality activities and research
are critical to address.

If you would like me to write a little bit more I can but –

DR. COHN: Yes, probably “to address” needs to be removed.

MR. REYNOLDS: Carol are you good with “to address?”

MS. MCCALL: Is critical, I mean clarifying is critical. It just left me
saying critical to address what? Just so these naturally follow –

MS. AMATAYAKUL: Then 7.6, I didn’t make any changes since we talked
last.

MR. REYNOLDS: Moving to eight.

MS. AMATAYAKUL: Eight, there were no changes in the observation part and no
changes in the recommendations themselves.

Then nine is Observations and Recommendations on Additional Privacy
Protections. Here in 9.1.2 on expanding the definition of covered entity under
HIPAA I added other examples may include HRA vendors and personal health
trainers. Such action should not inadvertently weaken existing privacy
protections such as allowing employers to gain more protected health
information than they currently have as one choice.

Then we had a second choice because we couldn’t decide last night, I
think it was too late. Care should be taken to ensure that organizations that
today primarily utilize aggregated health data such as employers not be
included in the definition of covered entity thus potentially enabling them to
have access to more personal health information than they currently have. You
need to decide which of those two you like.

DR. ROTHSTEIN: Actually I have a third suggestion. If we go back to the
sentence that says, other examples that sentence is okay. Then I would change
the wording. Instead of actions I would make it legislation because we are
talking about more narrow legislation. Such legislation should not
inadvertently weaken existing privacy protections. Then I would add for
example, some commenters expressed concern that organizations that today
primarily obtain aggregated health data such as employers’ sponsors of
health plans not be included in the blah, blah, blah. Because I think that is
what we were trying to do. Did I lose you?

Primarily obtain aggregated data such as employer sponsors of health plans
not be included – and the rest is the same.

PARTICIPANT: — not be included –

DR. ROTHSTEIN: It is the same as the last three lines in black.

MR. HOUSTON: I have got a couple of questions. Is aggregated defined?

MS. AMATAYAKUL: In the glossary. We are trying.

MR. HOUSTON: I ALso have a couple of points but I also HRA, what does HRA
stand for? Health Risk Assessment, thank you.

I would propose in this particular case we have two cases where you are
using the word “vendor” or

“vendors” in this paragraph and I would probably say like in the
first case the vendors of personal health records. I would say
“providers” because some people would say they are not selling
anything they are just providing it to you.

MS. MCCALL: Or providers of blank, blank, blank services.

MS. AMATAYAKUL: Suppliers of?

MR. HOUSTON: The vendor has a connotation of a commercial relationship and
that isn’t always the case and I want to think somebody if they are not
selling it to you feels they have some additional rights, same thing for HRA
vendors, suppliers something.

MR. REYNOLDS: Paul, you had a question?

DR. TANG: In that same sentence suppliers, personnel (?) systems that are
not covered entities. Because we want to convert people who claim to be
business associates to be covered entities and have the responsibilities and
accountabilities of disease.

MR. HOUSTON: He is right there is a gap. Because he is saying if it is a
business associate or they don’t have to become a covered entity and that
is what you really want them to do. It is a good catch.

DR. ROTHSTEIN: I don’t understand that. We are talking about closed
legislation.

DR. TANG: We want to include people who are not covered entities to be
covered entities and a business associate is not a covered entity.

MR. REYNOLDS: You are right, agreed. I agree now, I got it. I had to get
refocused on a section sort of a donut hole here. Okay anything else on that?
Margaret –

MS. AMATAYAKUL: There are no other changes.

DR. ROTHSTEIN: I have a, just a minor change on 9.2. In the second sentence
I would just add a few words, this includes drafting the laws, making it
illegal for employers to discriminate on the basis of disability in hiring,
promotion, discharge, relative terms, blah, blah, blah, because the ADA and
those type of laws are the ones that deal with health information and
employer’s use of it.

MS. AMATAYAKUL: Can I just ask is it on or in hiring?

DR. ROTHSTEIN: It is in hiring.

MR. HOUSTON: It is not discriminate based upon disability, it is
discriminate based upon access to this data because there may or may not be a
disability per se.

DR. ROTHSTEIN: The way it is currently worded, I mean I understand what you
are saying, but it says this includes strengthening the laws making it illegal
to discriminate. The way the current framework is that there are laws that
prohibit discrimination on the basis of disability. If you want to change
strengthening you would have to make it, to enact laws prohibiting
discrimination on the basis of healthcare –

MR. HOUSTON: My concern is what happens if something isn’t a
disability but an employer decides that they are going to discriminate based on
some data type.

DR. ROTHSTEIN: That’s why the current laws need to be strengthened
because they wouldn’t be protected now.

MR. HOUSTON: But that is why I would say don’t say based on disability
and say, based upon access to this data because that is how you want to
strengthen them is to expand beyond the disability –

MR. REYNOLDS: Mark does the fact that we reference the NCVHS letter that
only discusses disabilities –

DR. ROTHSTEIN: Actually the recommendation from June 2006 is more general
but when we use the term at the end of it, “with or without reasonable
accommodation” that is really sort of ADA language. My attempt was to try
to link the discrimination to the statute that uses that language.

MR. REYNOLDS: But does that, a lot of us still feel that linking it to
discrimination is one thing, making it seem that we are only talking about
disabilities is another thing. That is what we don’t want to have happen.
Margaret –

MS. AMATAYAKUL: Would it help to say, this includes strengthening
disability laws making it illegal?

MR. REYNOLDS: No.

MR. HOUSTON: I think it really does Mark actually limit the scope of this
recommendation by saying, when you discriminate based upon disability. I just
think you are getting much more, the recommendation has much more breadth to it
to make changes because you could argue that one form of again, if it is not a
defined disability even if they have access to the data and they decide not to
make a hiring decision based on data –

MS. MCCALL: That is precisely the fear. I would recommend removing the word
“disability” and the rest of it I think reads fine.

MR. REYNOLDS: Simon that would conclude the discussion.

DR. COHN: Let me just ask for a second, what I want to do is now go quickly
through the first part but are we all okay with what we have just seen?

DR. LAND: I just want to ask the question on that very last section there.
Are we saying that we are saying the employers cannot discriminate in hiring a
person that smokes?

DR. ROTHSTEIN: I think we say this includes strengthening laws but that
doesn’t say how much they are strengthened or what that would apply to.

MS. MCCALL: Well it says making it illegal for –

DR. COHN: Margaret do you have, nothing?

DR. ROTHSTEIN: So the short answer to your question is no, I don’t
think we are saying that. It is a great example.

DR. LAND: It appears to me that way but maybe I am reading it wrong. If
they have got data from a former employer that a person smokes and they are in
the process of hiring him and says, no I am not going to hire you –

MR. HOUSTON: That would not be discrimination I don’t think.

DR. ROTHSTEIN: In half of the states it would be.

MR. REYNOLDS: Okay, sticking with the program, what are we doing here?

DR. COHN: I guess the question that I bring up for everybody is do we need
that second sentence at all? Just take it out.

DR. REYNOLDS: Not a bad idea, just take it out. Everybody in? Okay, now
that completes our first part of that discussion. Is everybody okay at this
point?

DR. COHN: Now remember for the first part what we want to do is look at the
changes. We do once again this is that issue of the recommendations that we all
need, sort of need to finalize at this point. There will be minor wordsmithing
that occurs throughout the document and especially in the earlier parts so we
can talk about those next steps but let’s at least look through what we
have here. Margaret do you want to share any substantive, I don’t think we
need to see however –

MS. AMATAYAKUL: No, the one question that I had was we had protected health
information, personal health information, and HIPAA de-identified health
information, we took the flash health data out. It seemed to me that we were
using health data throughout the rest of the report just in general.

DR. COHN: Can I make a comment here because I think you initially had
personal health information/personal health data. Michael was looking at where
it said personal health information and personal health data. I actually think
if we put a slash mark and leave it personal information/personal health data
it sort of solves that duel usage issue. It probably won’t bother Michael
too much. So is that okay with everybody?

MR. HOUSTON: We just took it out before. Originally we took it out.

DR. COHN: Well I think we took it out there but Margaret is commenting that
we didn’t take it out everywhere in the document. I think she was going to
do a global search so I think this allows us to use both terms.

MR. HOUSTON: I just think it is more precise to find all of the terms and
just make it all the same. That was my original comment.

DR. FRANCIS: We use it interchangeably; I mean data makes more sense where
we are talking about a data set that contains personally identifiable health
information.

DR. ROTHSTEIN: Could we make it personal health information and personal
health data as used in this report or –

DR. COHN: Sure, okay that is even better. Margaret does that solve problem
one?

MS. AMATAYAKUL: Yes. We did add at the beginning of major themes from
testimony about uses of health data a sentence that says, NCVHS observes that
enhanced protections for uses of health data is a controversial topic with
diverse viewpoints. NCVHS heard a wide range of testimony on several major
themes concerning uses of health data. Major themes include assuring benefits
while reducing the potential for harm and then would go on.

DR. CARR: It just reminds me that we were going to put a couple of
sentences in the introduction about the goal. I don’t know if we have done
that yet. That the goal is balancing, take what we have in the principles and
put that as an introductory statement under purpose and scope at the very
beginning.

DR. COHN: Are you going to make a note there Margaret?

MS. AMATAYAKUL: I am not sure exactly where she is referring. Are you
referring to –

DR. CARR: We discussed yesterday we didn’t want to just begin by
saying, the Office of the National Coordinator asked for this but rather that
we wanted to take a line from the section on the principles that really is a
statement of our goal. To support benefits from uses of health data while
protecting privacy.

DR. COHN: But that is no new information that is moving some things from
earlier from later on. Okay good.

MS. AMATAYAKUL: So then beyond the major themes we receive some examples.
For example at the point of care, this is in the section describing benefits at
the point of care for instance, speedier access to health records for those
affected by Katrina hurricane disaster would have improved health outcomes and
likely saved lives.

Then under Clinical and Population Research Can Be Strengthened for
example, studying a population with autism might allow understanding of the
environment or biological of increased incidence of autism, and potentially
earlier detection.

Under Disease, Surveillance, Control, and Prevention, I added
“surveillance.” And then the example, for example public health could
potentially detect on a timely basis areas of the country where HIV is suddenly
spreading thus alerting health officials to take speedier action to save lives.

MR. HOUSTON: Question eight, rather than using HIV, could you use something
like an infectious disease? HIV is probably not a good example something that
is going to spread rapidly. Let’s just say an infectious disease.

MS. AMATAYAKUL: Then I added personal health management is aided by
individuals having access to personal health information that may be compiled
within a personal health record supported by HIE. Individuals who monitor their
own health may lead healthier lifestyles, may be in a better position to pay
attention to early warning signs of illness, and be better able to coordinate
their care among multiple providers.

I think we had risk of discrimination and personal embarrassment may be
amplified as electronic health data become more widely available through
enhanced ability to automate health data collection, compile longitudinal data,
re-identify data that had been de-identified, and share data through HIE. There
have long been concerns that personal health information has been used to make
decisions that adversely affect an individual such as an employment et cetera.

Then I took these paragraphs for potential for group based harm and
misinformation from the older version. I don’t know if you wanted both.
Potential for group based harm may arise when data are aggregated without
regard to appropriate sample size or do not adequately explain the findings.
For example there is a potential that classifying diseases is more prevalent in
certain ethnic or racial groups of people or in certain communities can put all
members of the group or community in a compromised position. As de-identified
data are aggregated across multiple data bases there is also the increase
possibility of re-identifying certain individuals within the group.

Then the misinformation was misinformation and therefore areas in care
delivery, and misguided quality comparisons, or inadequate data to ensure
public health for advanced research. Such unintended consequences of enhanced
use and exchange of health data can occur when sample sizes are limited by
virtue of privacy concerns. For example if a given group of individuals has a
propensity to distrust privacy protections that group may be underrepresented
in a clinical study that could benefit them. Even when an individual holds
information from a given provider such as information about taking a certain
drug, there is a risk that the information might be vital to a treatment
decision and the lack of such information result in a poor outcome.

DR. COHN: So this is basically choosing one or the other I think, I am not
sure if I see use for the second one but –

MR. HOUSTON: Yes, with regards to the first one rather than saying that,
the part that talks about “put a group in a compromising position.” I
think would be more accurate to say, could cause members of that group to be
discriminated against. I think that is the point that you are trying to make is
that there could be discrimination based upon prevalence of a disease in a
certain ethnic or racial group. I think it is more accurate to say that
discrimination might result.

MR. BLAIR: John would you accept a “might cause” instead of a
“could?”

MR. HOUSTON: Might is fine, the wording to me was just, didn’t
accurately describe the issues.

DR. W. SCANLON: As I remember I think the reason we dropped this before
because we are getting now into the area of research methods as opposed to the
data and this issue of what is the appropriate sample size. We had this
discussion yesterday when we were talking about measures that our report is
about data not measures, not research, et cetera. So we are again straying into
this new territory.

DR. FRANCIS: Well I am the one who brought it back up and I don’t
think we need to comment on particular research methods but what we are
commenting on here is a risk associated with secondary uses and a risk
associated with secondary uses is group stigmatization even if the data are
de-identified. That is the only point here and that point I think need to be
out on the table.

DR. W. SCANLON: But there is also, if a perfectly valid study comes to this
conclusion a group can potentially be harmed because the conclusion is right.

DR. FRANCIS: And that might be a reason I don’t want my data included
in that study, that I fear that. I might not want my group to be studied and
that is something that is about a possible question that people might have
about secondary uses. So I mean I don’t associate this problem just with
bad methodology I think it is a problem generally but I am happy to take
whatever compromised language people want as long as the possibility for group
harms gets signaled somewhere.

MR. BLAIR: Leslie what is the wording that you feel most comfortable with?

MS. AMATAYAKUL: I was just suggesting that perhaps taking out the wording I
highlighted leaving it, potential for group based harm may arise when data are
aggregated for example.

DR. COHN: Okay that takes it out of that. Justine did you have an issue on
this one?

DR. CARR: I don’t. Well I would separate, there is two parts. One I
would separate out, are we talking about “poor technique” which I
think we don’t want to talk about so I would take that off the table. Then
I still don’t understand this; that an accurate report about a condition
in a group is creating harm because you are saying because people wouldn’t
put their data –

DR. FRANCIS: Suppose there is an accurate report that HIV is more prominent
in Haitians, in Haitian immigrants. There are actually studies that showed
that. I mean at one point there were high prevalence levels of a particular
disease in a particular immigrant population. That of course doesn’t mean
that everybody gets it. It might have been a perfectly good study but it also
resulted in employers not wanting to hire Haitians. Now if I am somebody who is
a member of a group I might not want my data in, even if my data are
disaggregated, I mean de-identified in an aggregated data set. Now we may
perfectly well want to say look that preference shouldn’t go anywhere but
I think at least it needs to be identified as a possible harm so that it can
come up in discussions of transparency.

DR. CARR: But it also is a benefit. The identifying that a group, just as
we say there could be an infection in the Midwest we are going to, it goes both
ways I don’t deny that.

DR. LAND: I mean that is basic public health epidemiology, is looking for
high risk groups and publishing it so that you can take action. If we say it is
a harm than we are throwing out the whole basis of epidemiology in the United
States.

DR. FRANCIS: No, I am not saying that identifying a high risk group is
necessarily only a harm but I am saying that that there are harms, there are
benefits associated with identifying a high risk group but there can also be
harms to that group. One of the things that anybody needs to be careful about
when you do good public health is you have to worry about the possibility that
your data may be misused in discriminatory ways. It is discrimination not to
hire Haitians because there is high prevalence of HIV in Haitians.

MR. HOUSTON: What if in the first sentence where the italicized harm we
change that from harm to discrimination to make it clear that I mean
discrimination to me has a specific connotation to it which

DR. ROTHSTEIN: I would oppose that because it includes stigma as well.
There are intangible harms that may result and let me just say on this point,
this is an issue that is not unique to this document it was part of the
National Bioethics Advisory Commissions recommendations and reports. There is a
whole record of IRBs taking action on this basis. If you presented a proposal
to an IRB to do research on even de-identified information if it were in a
particular ethnic group or racial group and could result in group based stigma
the IRB would require you to get sent. What this is saying is it is really kind
of very traditional analysis of the risks to individuals. We are not breaking
new ground here.

DR. COHN: I think I would also mention that obviously just looking at the
recommendations this area is where we are saying that we are going to
investigate further. Remember this is not causing a major waterfall effect down
in the recommendation area. Now Jeff and I am going to let Margaret review what
we have there.

MR. BLAIR: There is a real concern here but I heard you wind up saying that
your concern is that the data might be misused and I think that we also
recognize that there is a lot of opportunity for benefit so we don’t want
to throw the baby out with the bathwater. If we could be more focused on the
concern about misuse rather than impair the completeness of the data for the
opportunities what it could benefit. If we could separate that out and target
it in on the concern about potential misuse instead of just wind up saying that
people should opt out because they are concerned that there might be misuse.

DR. COHN: I don’t think anybody is going to opt out here but Margaret
do you want to review. You have been typing as we go here.

MS. AMATAYAKUL: This isn’t a section of harms. Potential for group
based harm may arise when data are aggregated and maybe I could add something
about misuse and misused or misinterpreted or something. For example there is
the potential that classifying disease is more prevalent in certain ethnic or
racial groups of people or in certain communities might cause members of that
group or community to be discriminated against even as aiding high risk groups
by supporting further research. As de-identified data are aggregated across
multiple data bases there is also the increased possibility of re-identifying
certain individuals within the group.

MR. BLAIR: Those are different ideas.

DR. COHN: Let’s get rid of that last sentence. I think it has all
ready been somewhere else. I guess the point I would make also is it is
probably not supporting further research but maybe interventions? Supporting
beneficial interventions? I thought doing something rather than –

DR. MCCALL: It supports new health services and treatments.

DR. ROTHSTEIN: Can we just make a slight change to add at least subject to
stigma as well as discrimination? Because a lot of it would be –

DR. W. SCANLON: I wouldn’t, Margaret just added, “and
misused” in the italics and I wouldn’t do that because I think that
the misuse is not necessarily on the part of the analyst, the misuse is on the
part of the people –

MS. MCCALL: Isn’t it misuse of aggregated data and results?

DR. W. SCANLON: Well the data are not necessarily being misused it’s
the results, while potentially correct are then being misused by someone in the
public.

MS. AMATAYAKUL: Potential for group based harm may arise when data are
aggregated and results potentially misused?

DR. CARR: I had a very similar comment. I guess that is all.

DR. COHN: Are we okay? I mean I think that putting something in here
especially since there is at least some aspect of a recommendation makes sense.
Now I don’t know about that second whole area, I would recommend that we
remove it. The misinformation I mean I don’t know I think you were sort of
thinking one or the other I think is what you had –

MS. AMATAYAKUL: We had both of those and we didn’t address them so I
brought them both back.

DR. COHN: Are people okay with removing them? Okay so are we okay at this
point?

MS. AMATAYAKUL: You had asked for specific uses of health data for a little
introductory sentence setting that up. NCVHS sought and heard testimony
describing issues associated with those uses of health data that are most
relevant to the current debate concerning HIE and NHIN including uses for
treatment, payment, and healthcare operations, quality measurement reporting
and improvement, research, public health, and in monetary or other value
exchange. Those are the topics that we cover here.

Then I did the same thing for Uses of Health Data and Research. Testifiers
identified two important issues; I am just setting that up.

Then I called this section Uses of Health Data Involving Monetary or Other
Value Exchange. Many organizations obtain monetary or other value for uses of
health data and many of these uses maybe beneficial. For instance, researchers
may purchase de-identified data to enable a broad based study of disease. NCVHS
however heard many concerns that relate to the sale of health data where the
data may unduly influence individual or provider decision making. Where the
data may be able to be re-identified and cause potential harm to individuals
such as for insurability or even where identifiable data are sold to direct
marketers.

Then we talk about the requirement for authorization for marketing is the
same. Then I added, these privacy, I think this is what Paul had added before
and we fixed this example yesterday.

DR. TANG: I think one of our points now that we have used the word
“de-identified” without the HIPAA modifier, since I am not sure what
that means. The second point that we made was HIPAA de-identified data
generally are not very useful so it is pretty unlikely that researchers would
go purchase a HIPAA de-identified data set to make use of it when in fact with
IRB approval they can get identifiable information and treat it in a
confidential manner. That is what we wanted to emphasize.

Another example of –

MS. AMATAYAKUL: Could we just take one at a time? So what would you like
this to read instead?

DR. TANG: Unless other people correct me this isn’t an example where
we do find that there is evidence that things are being sold either outside of
HIPAA or out of concern to consumers. This actually is not a concern and it is
permitted and what we heard is it is being handled well.

MS. AMATAYAKUL: We are saying it is a benefit, except you are saying it is
not a benefit.

DR. TANG: Well I just think it is one of those things where you raise it in
the wrong place and we have introduced a concept that may be –

MS. AMATAYAKUL: Can we come up with a better example of a benefit?

DR. COHN: Yes Paul, are you objecting to having a benefit there?

DR. TANG: I don’t see that this would give me an example of where data
is sold to researchers.

MS. AMATAYAKUL: Paul we are going to take this out, give me a different
example.

DR. COHN: Well Paul, let’s stop for a second before we start adding
new, this is meant to say, there is monetary things going on, some of which are
good but we also heard concerns about X. So is there a problem with that
initial example? You seem to be upset that it is an okay example.

DR. TANG: That the use of de-identified was imprecise and that saying
people go around buying HIPAA de-identified data seems to be against another
thing that we learned which is it is not very useful in that form. It just
contradicts previous findings.

MS. AMATAYAKUL: Don’t they still buy it? They do buy it, we have heard

MS. MCCALL: Your example was right, you can go to an IRB, you can get a
waiver, you can buy the data, you can do the work, you can hold it
confidential, blah, blah, blah.

DR. TANG: It has nothing to do with de-identified –

MS. MCCALL: It has nothing to do with HIPAA de-identified as a defined
term. So that is a fact but I guess I am still, so then your conclusion would
be what with respect to this paragraph?

DR. TANG: I guess if you took out the HIPAA de-identified. That would fix
it.

DR. COHN: Well but I don’t know why would you, I mean do you want to
say, they purchase data under IRB approval or –

DR. TANG: Under an IRB approved –

MS. MCCALL: The point is I don’t think we should specify what another
entity finds useful. It could be HIPAA de-identified, it could be under IRB
approval, the point is it is all –

DR. TANG: I am not going to worry about it. So then another kind of example
is in addition to things like insurability or employability it is the use of
data, well the example we had on Monday was use of data to promote more
expensive drugs.

DR. COHN: Would the data maybe unduly influence individuals or provider
decision making? Well remember we are going to be doing additional hearings in
some of these areas. Okay is this wordsmithing Margaret?

DR. TANG: No, it is not pointing out the problem that drove us to this
exercise.

DR. CARR: What are we trying to accomplish here and then what is working
and what is not.

DR. TANG: What is not clear here, I thought what caused us to go through
this activity was because there are uses, we used to call them secondary uses
that consumers were not aware of, that also involved the exchange of money, and
could come back and lead to effects on their care or let’s say the cost of
their care. If we could state that clearly in this section that would give the
motivation for why we are trying to come up with these policies, to one to
understand them, two to oversee them or regulate them or make them transparent.

DR. GREEN: Maybe the issue is the sale of health data without patient
consent where the data may then unduly influence –

DR. CARR: The data can only be sold if it is de-identified? I mean without
consent or a waiver.

DR. TANG: It is not permitted to be under HIPAA but what we have found is
that it is being –

DR. CARR: So we have permissible and not permissible activities happening.
There are sanctions for the sale of identifiable data but one of the tricky
things is the definition of de-identified perhaps. So that is an issue,
what’s being called de-identified is not HIPAA de-identified.

DR. TANG: Then the ability for business associates, non covered entities to
further use and disclose data has not been clear at least in their minds. Then
the consequences because they are not covered entities there is no recourse by
the individuals involved.

DR. FITZMAURICE: The hammer would fall on the covered entity, not on the
business associates assuming the covered entity follows the right procedures.

DR. COHN: I would just remind everybody that as we are talking about all of
this stuff this is why we deferred it into an area requiring further
evaluation.

MS. MCCALL: What you just said right now is a much clearer explanation of
the core issue than what is there.

MS. AMATAYAKUL: Since this isn’t a recommendation why don’t we
take this back and rework this and send it around but I do recall yesterday we
heard that you want to describe some of the benefits as well. So we need some
examples.

DR. CARR: There is monetary exchange of data that is fully compliant and
acceptable and no one has an issue with and there is exchange of data that is
in a grey zone because the definition of de-identified is not correct. Then
there is the exchange of data that is not permissible but it is happening
anyway. I think you may want to consider looking at the title which implies
that it is somehow about the monetary exchange and that is really not the
issue. It is about permissible and impermissible and whether or not they are
captured in the value chain.

DR. TANG: In fact this may be all of the way up front because it is the
reason we got called into this.

DR. COHN: No Paul, actually this is not the reason we were asked to do this
work. This is part of what we discovered as we went through all of this. I do
think it is something that we obviously need to have in here. Now so how do we
want to deal with this particular issue? It sounds like we have gotten
everything else resolved. So we do obviously have to vote on it. It sounds like
Margaret is going to try to work on something in this area. This is obviously
not a recommendation area but this is just more making sure that we are more
accurately describing the situation or the issue that we are concerned about
that we intend to further study. Part of the reason we are taking further study
is what you just heard over the last five minutes is that we lack some clarity
about this. I mean Paul has a very clear idea. I am not quite sure that I have
the either the sense of clarity or agree on all of the pieces of it but it is
something that we need to further evaluate. We need to be a little tentative
about this one because we are all ready sort of seeing that there is something
out there that we heard concerns about and we need to more sharply define it as
well as come up with issues and solutions.

DR. TANG: I am not sure I understand what part is not clear. For example
there are things that are going on that are impermissible under HIPAA that is
pretty clear. We heard about things that are impermissible that we need to help
clarify in some people’s mind or make it transparent that this is
happening so it can be addressed.

The second piece is we heard very clearly about what the lack of the term
de-identified how de-identified truly is not “de-identified” in the
common lay understanding of that term because over the past ten years more and
more public databases have become available and better algorithms are combining
the data have become available and they will continue to be so. We had very,
very clear testimony on that so neither in both of those cases of the three
things that we have talked about is there a lack of clarity.

DR. COHN: I guess what we would say is what we have done is decided that we
need to get additional clarity and figure out exactly what we may want to do as
well as the clear cleavage lines are around all of this. I am just reflecting
on the recommendations we have because I think much of this we have sort of
decided to hold additional hearings on which I think you have agreed to that
concept. But you do, we need to come up with something here that sort of makes
sense and truly reflects the idea. Jeff do you have a solution to our problem?

MR. BLAIR: My thought was that additional study is fine but I thought that
we were offering a solution to a complex situation at least an interim
solution. The interim solution that I thought was so important in this case, I
think it is one of the most important recommendations in this paper is that
because it is so hard to sort out what is right and what is wrong in terms of
other uses of data other than patient care here. Since we can sort it out and
since study make take years and years and years, at least if we had a very
strong recommendation for transparency upfront so that the patient
wouldn’t be surprised, so that the patient wouldn’t feel manipulated
or tricked or misrepresented that transparency was the interim solution until
all of these other things can be sorted out.

MS. MCCALL: I would add one more piece that I think is strong. It is the
linking all of the way through the business associates agreements. All of those
pieces actually would stop at least some of what you had outlined Paul. I
believe that to be the case.

DR. COHN: Obviously additional guidance from HHS, the de-identification
really needs to follow the de-identification.

MS. MCCALL: If in fact, if those need kind of punched up to say, remember
when you read that paragraph this recommendation actually helps resolve that,
if that needs punched up and made clear. When I went through that was clear to
me.

DR. COHN: Well in that case I guess are we okay at this point recognizing
that we need to work on this area? Now I guess my question at this point is
recognizing that we need to work on this which to my view could be sort of
wordsmithing, review by the committee, emails and all of that, are we
comfortable moving forward with the recommendations and the report knowing that
this area needs further refinement.

MR. REYNOLDS: We also have to fix the data stewardship principles question
that came up this morning.

DR. COHN: Whatever it is that we need to follow up and there will be
further wordsmithing throughout the document as we review and find out more
pieces and Harry thank you so that’s yet another piece of this. Obviously
any of these areas we will review and send out to the committee for final
review but I guess what I would say is the passage of this means that we are
not having further conversations about the recommendations or the substance of
them or the observation section except for wordsmithing at this point. Is
everybody okay with that, any further conversation about all of this, all in
favor of this report?

On motion duly made and seconded, the motion was unanimously approved.

MS. AMATAYAKUL: Can I just add one comment? Thank you for passing it. But
also thank you for the opportunity and your patience and working with me.

DR. COHN: Well unfortunately we are not done quite yet. I have all of these
sentences to work on. Number one obviously we will be working on things and
sending them around for further review and input in terms of those sections so
it won’t be finalized until we get everybody’s agreement on that.
What we will do is now take about a 40 minute break and come back for the final
session.

(Luncheon recess taken.)


A F T E R N O O N S E S S I O N (2:05 p.m.)

DR. COHN: I want to thank everyone for hanging in there and obviously thank
you for having finished actually the action item for this meeting. Thank you
for all of your hard work. Now in the remaining 45 minutes, 50 minutes of this
meeting what I think that we are going to be doing is A; talking about what has
been happening with the subcommittees and workgroups. I think as you can
appreciate the ad hoc workgroup on uses of health information. Hopefully it
will be a group that will be able to discharge in the next couple of weeks once
we make all of the final changes to the document and get it out to everybody
for review. Hopefully by mid-December those of you who have been part of that
activity, we will thank you when we relieve you of that duty which is obviously
the point of the ad hoc workgroups.

DR. STEINWACHS: Simon we also thank you for doing away with the word
“secondary” because it was secondary to the overall report. I thought
it should be “primary” you know primary uses of –

DR. COHN: So anyway what we are going to do is spend some time talking
about subcommittee and workgroup activities. I think what I am going to suggest
is, Justine do you want to lead off by talking about the quality workgroup?

DR. CARR: I would be delighted. Representatives from AHIC quality workgroup
joined our meeting today to review the AHIC quality vision roadmap draft.
Roadmap outlines necessary components for future state in the development of
HIT capabilities to achieve the quality workgroup vision. Components include
several areas where NCVHS has held hearings, generated reports and
recommendations. These include the following four: one is data stewardship,
second is matching patient’s to their records, a third is coding
improvements, and the fourth is something that we talked about yesterday,
quality data sets including ambulatory care although not specifically primary
care.

At the meeting we agreed upon the value of aligning NCVHS quality workgroup
with AHIC’s quality workgroup. There are two next steps, one is that we
will be generating a summary of the relevant work all ready done by actually
various quality workgroup but also some of the work done by standards and
security on matching patients and their records over the last four years. We
will put that together to share with AHIC. The second thing will be to discuss
and develop a plan for holding hearings on data stewardship.

DR. COHN: I am sorry develop what on data stewardship?

DR. CARR: Holding hearings on data stewardship develop a plan. As I said we
discussed it at the meetings but it needs to come back to the executive
committee. There is also some work the AHIC quality workgroup is discussing
stewardship in more detail with George Isham and other folks a week from
Friday. I am going to dial into that and between that and discussions with you
and the executive committee will come forward, will come to some plan.

MR. HOUSTON: Regarding data stewardship, I haven’t talked to Mark
about this but since it has come up in this context, stewardship is something
that I from a privacy component I think there is also an interest as well and I
don’t know if that isn’t a topic that maybe should be also dealt with
with the privacy subcommittee maybe jointly or otherwise. I forget what is on
our agenda but I would hate to miss the privacy component on data stewardship
because it is huge.

MS. GREENBERG: Is your hearings with quality on data stewardship would they
be primarily related to the quality agenda or more broadly?

DR. CARR: There is a specific interest from the AHIC quality workgroup to
have that but because of the work on the report we have just concluded it is a
broader topic so I don’t think it would be exclusive on that.

MS. GREENBERG: Data stewardship has become a committee wide I think issue
and I think in light of this recent report this is proof. The question I was
going to ask was if you had a timeframe for generating this summary. I am
assuming you might want contractual support to work –

DR. CARR: Yes, in fact Carol what our hope is as you know we have done, we
had a report due the full committee from the quality workgroup in February of
’06 that summarized things and although we didn’t bring that to a
formal light of day we would like to append that as some of the work as well as
the update on the 2004 candidate recommendations which we now have an update on
what happened with all of those. Mary Beth is going to help us also go back
through some of the documents that the full committee has that are relevant to
this work plan and Carol and myself and if Susan could help us that would be
terrific.

MS. GREENBERG: That is why I wanted to know what your timeframe was because
we should actually talk to her just to see –

DR. CARR: I think our timeframe would be pretty short because we want to
make the information available in a timely fashion for the AHIC quality
workgroup. I think that its, well I am not going to say I don’t think it
is going to be a lot of work because the last time I said that I was; hopefully
it can be done in a short amount of time.

MS. GREENBERG: By February or by June?

DR. CARR: Yes, by February for sure.

DR. COHN: Okay, Gene and then Jeff.

DR. STEUERLE: Justine I am not sure how to say integrate what our
subcommittees, well you’ve done our subcommittee too, our subcommittee on
populations and quality, but when I think of the term stewardship I am reminded
of there was this one parable in the bible about these three stewards, two of
them went out and doubled the money and the one who took the money and put it
in the ground and hoarded it was the one that ended up being condemned. I think
sometimes stewardship means making sure certain types of errors don’t
happen and the end result in government is often that the data is well at all
and that is with respect to quality too. I am wondering if you hold hearings on
data stewardship the extent to which one could integrate in the concern that we
often have in the population subcommittee which is not only are we developing
the data we should but even the data that are developed are not adequately
used, they are not accessible to people on the outside. I guess we have the
concern that the people on the outside might abuse them or might you know
violate some privacy concern but often the data could help us solve problems
and is not being adequately used. I don’t know whether there is some way
to integrate that side of the story with your hearings.

DR. CARR: In keeping with our sort of integrated sort of agenda of last
year, it sounds like privacy populations and quality and actually the whole
committee might be involved in this.

DR. STEUERLE: Like I said I would hope the word stewardship doesn’t
evolve to a narrow meaning of protection.

DR. COHN: Now Jeff Carol had her hand up on this issue. Were you also on
specifically this last comment?

MR. BLAIR: Not stewardship but on quality, especially quality.

MS. MCCALL: I was going to make a very similar comment about it being a
broader interest kind of cross subcommittee that perhaps we might take a
different approach, an integrated approach that says, there is in fact an
explicit link, you know raise your hand as a subcommittee if in fact this could
be a set of joint hearings. Each there to actually listen with a different kind
of ear right, and that the ear that we would be listening with would be with
respect to quality but there would be others with respect to standards and
security, or privacy, or whatever the issues are and that what emerged was in
fact what I think what Michael was asking for earlier which are among other
things perhaps a set of principles around data stewardship that we can actually
bring forth as a full committee. Just as a friendly suggestion.

DR. CARR: I don’t mean to imply that there hasn’t been tremendous
work done in many different arenas and I think that one of the things that we
talked about today is of pulling that together, maybe not because AQA George
Isham for example has done a great amount of work but I think your suggestion
is a very good one.

MR. BLAIR: Justine, I have a suggestion for a testifier. The AHIC quality
use case focuses on measuring improvements in quality of care outcomes and it
does so and it is sort of the end points of course it is the healthcare
providers that wind up measuring their quality and then making that information
available to all different forms of payers and to consumers. Now when you first
think about that, at least when I first think about that I think about what a
struggle it must be to be able to get this adopted and implemented because
there are sensitivities. There is a health information exchange network called
Care Sparks. Lisa Jenkins is the CEO. She has helped craft community wide not
only a business model for their health information exchange based on quality
data and that use case but it is so lucrative that that’s what is causing
her some problems in terms of being classified as a nonprofit. So this is a
very unique situation where a community has actually pulled together on this
quality use case in a manner that is extremely positive so her name is Lisa
Jenkins and if we could just have her testify I think you will learn a
tremendous amount.

DR. CARR: Thank you, I think we heard about Care Sparks at the last AHIC
meeting, the big meeting in Chicago.

MR. BLAIR: She testified in Chicago along with, you were there? Okay.
That’s right you were there. Of course you were there.

DR. TANG: Let me ask you a question on how you see NCVHS working with the
quality workgroup of AHIC working with AQA a little bit on the relationship so
there is, or do you think it is all ready fully orchestrated?

DR. CARR: No, we spent time talking about that today. The request was
initiated by AHIC quality workgroup so I appreciate their reaching out and I
think it is a great alignment but we are the meeting on the 14th
will be an opportunity to hear about these different things and to carefully
carve out who does what so that there wouldn’t be duplication. Again I
think we add value sort of at a higher level not all at the detail level but
more as a kind of pulling together level. We talked about that today.

DR. COHN: Of course just to remind everyone that obviously this is just
being sort of brought up it will also be discussed at the executive
subcommittee and other places. I didn’t make this in my comments yesterday
or this morning but as we get involved in big projects we just need to be very
thoughtful about it because there is only so much bandwidth for the full
committee. It usually is an opportunity issue. Opportunity costs you do one
thing but don’t do another. We just need to make sure on an ongoing basis
that we are doing the most important things you know picking our spots where we
can really make a difference on this.

DR. CARR: So exploring that. What we are going to do though is that summary
report to kind of pull together and let folks know what is available. We are
exploring the stewardship issue.

DR. COHN: Okay Justine thank you, Don do you want to talk about
populations?

DR. STEINWACHS: Population subcommittee, our session today assessing where
we are on the current activities, plans for future activities and let me just
walk through quickly on those.

Under the leadership of Bill Scanlon, Kevin Vigilante and Doug Benning, we
have been looking at measuring preparedness. We started out calling it surge
capacity, we have broadened that some. We slowed down a little bit because it
seemed that, Simon, you recruited Bill and Kevin to another activity so there
seemed to be a hiatus there. Bill kept saying, I am busy. I said, I don’t
understand this concept of non-secondary uses so we are picking that up again
and there are a set of interviews that are going on. The idea of trying to
combine that with the hearings that we had to produce a report, a letter report
at least, to the Secretary and then decide where to go. We are hoping that
those interviews can get done by the February meeting and then a letter after
that.

Part of it is also we are looking for information on what was learned from
Katrina on measuring preparedness and Jim Scanlon has been looking for a
compilation that hopefully did not disappear in the disaster that was put
together trying to assess what was it possible to measure.

The second is has been we have produced a letter and got a response from
the Secretary on data linkages which includes the issue of trying to increase
access link data recognizing link data almost always increases the risk of loss
of privacy and because once you link then things become more identifiable than
they were before.

The discussion lead to I think a very good point that data linkages
actually probably cuts across other substantive areas the committee is
currently dealing with or will deal with. It certainly cuts across preparedness
how you put together a information relevant to that. We thought maybe the
strategy would be whether it is every year maybe every other year maybe to have
a half day session and sort of invite people back both from the department but
from other agencies so before we’d included education, we included IRS, we
included the census, we had social security, CMS, and others. Trying to assess
what progress is being made on increasing access while still protecting the
privacy concerns and try and use that maybe as a kind of way to maintain
momentum on maximizing the value from the data sets that are all ready in the
possession of the government to address health issues and improve the health of
the public. The plan would be either 2008 or 2009 to have another half day
session and to have this on some periodic basis whether it is every year or
every other year.

Then we have three potentially new topics to consider. One was brought to
us by the Board of Scientific Advisors of NCHS which I call, Harmonization of
Vital Statistic Across the States, and Garland very appropriately really
focused very heavily on mortality data and the concern of mortality data. The
transformation process that is going on trying to bring people into a new
generation of data collection but over the next decade the data are not the
same across the states so you can’t Garland you can probably say it better
than I can but you can’t pool together mortality data across the country
anymore and birth data both. It was also pointed out, which I hadn’t
realized I am going to have to hang around with Garland more is that I had
forgotten that we no longer collect marriage information, divorce, and
termination of pregnancy. It reminds us of some of the very basic functions
that need to be addressed.

We had on the telephone Jennifer Madden from the NCHS and we were talking
about how to proceed and I think what became very clear is that we have got two
committees with agendas and how that is going to really work I don’t know
but we decided to do the following: National Academy of Sciences is going to
have a workshop in April on vital statistics. Garland is going to be there as
we have been having input into the agenda try and see where they come out with
other specific, very specific questions we might peruse because I think there
is a grave concern among NCVHS staff that there are a huge number of issue out
there and if you don’t pick something wisely you are going to sink a lot
of resources and maybe not get a lot wiser at the end of this process.

Then after that I think we are going to have a small group get together,
Garland, myself, a few others on our side and a few from the BSC NCHS and talk
about is there something here that we can do together that is valuable at this
time or is that a future activity? There is a lot of interest in doing this I
think mainly because it was the first idea of doing something jointly with the
BSC and so it is a learning experience for both groups is the way I would view
it. Over what is a very important set of areas or issues we face on national
health statistics.

DR. COHN: Maybe I should just ask a question here and you may be done but
explain to me, I guess I sort of missed the, you have now joined with the BSC
on activities?

DR. STEINWACHS: We haven’t quite joined. This came to us I think as
you know Simon that since the creation of the BSC we have been talking about
ways to work together and we certainly opened the door that on things that we
are doing we would certainly welcome their involvement or input. I think sort
of the flip of that has also been true Bill has been attending the BSC meetings
and been representing us there as a liaison and we have had a liaison at times
at our meetings. This was really brought by them to us as an idea for something
to work on together and I think what happened was initially we sort of said,
yes and then the complexities and maybe potential challenges of actually doing
something useful became clear. We haven’t given up on it but I think it is
just going to be a much longer process to see is there something here to work
on.

DR. STEINWACHS: If I can just add the BSC is in some respects in a
transition. They have a new chair, Erma Elo who was our liaison, is now the new
chair of the BSC and they have had I think at least five of their members who
are new as of their last meeting. Part of the discussion at the last meeting
was their work plan. They had committed I guess about two years ago to
reviewing each of NCVHS’s programs one by one and they have been through
two or maybe three at this point. There was actually a fatigue factor setting
in because they were moving very fast through these. It was impressive but it
was tiring to watch. They were asking themselves, can we keep up this pace so
there is an issue with what they do with respect to the reviews of the NCVHS
programs and then other things. Since we had the joint meeting a year ago in
September and vital statistics was the topic that we discussed at that joint
meeting. There is recognition that there is interest in both committees this
became a point of discussion but it still at discussion level at this point.

DR. STEUERLE: Another topic which we have talked about with the whole
committee a few times, the general area was to go back to the division for
health statistics for 21st century and look at updating it maybe in
a couple of ways. One is trying to put more specifics in it appropriate areas
and the other is to integrate into it what has been going on both in the
population subcommittees as well as committee as a whole, as we talk about
electronic health records and other strategies that might be the building
blocks of health statistics in the 21st century.

What we discussed was really a need to put some more specificity to what it
is we might do and this is also something that Ed Sondik has been very
supportive of he would like to see us do it too. In part I think it keeps alive
and reinvigorating sort of a framework that I think NCVHS finds useful and we
have found useful many times. Marjorie and I, NCVHS staff of the committee and
so on, a small group of us are going to have a conversation to try and draft a
page or two as sort of a proposal about what we might do and to discuss that
and to try to make a decision at the February meeting on how we might proceed.
We see it also as an opportunity to draw in the work we have done on data
linkages possibly draw in areas on preparedness because that is not something
that is particularly been highlighted that I remember in the vision for the
21st century. It may be a way in a sense to continue to sort of draw
in what we are doing in and integrate it into a large division.

The third new area and one around which there is a lot of enthusiasm, and
I’ll let Larry say a few words he has been tackling the question of how do
you measure whether or not someone has a medical home and how do you measure
the performance of a medical home. Do you want to say a few words? I said it
all. Larry has trained me well he said, Don say this and you are all right. So
we are actually enthusiastic about the possibility of moving ahead with that
fairly rapidly, it seems to be in traction on lots of quarters and it raises
very interesting questions particularly for NCVHS data collection and others
when you do the National Ambulatory Medical Care Survey if you tap into this.
The emergency department survey I guess is now in the field but in a sense
there. Are there different places health interviews say, how would you begin to
tap into the measuring extent to which people are getting a strong primary care
model or not. Another way to view this is to try to measure the extent to which
people are getting what we would think now as a high quality primary care
experience.

The next steps include trying to identify staff who might support this and
Mary Beth and others were making suggestions because within HRSA there is the
primary care bureau and there may be staff support from there if possible.
Someone was identified NIMH who has an interest in this area so the medical
home is actually supposed to integrate mental health as well as medicine. That
is one of the next steps, to look for potential staff support. We hope would be
if this moves ahead early in 2008 it would be possible to have a first set of
hearings among those people. CMS is doing medical home demonstrations about
what the ways in which they are trying to approach measurement of both the
presence of a medical home and its performance what are some of the issues and
gaps that they see and at least pull together an initial document which
addresses the extent to which there seems to be common approaches or gaps or
other things. Then think about where we go from there. That is our current
slate at this point and we are trying to wrap up some things at the same time
move ahead.

DR. WARREN: I would just suggest as you are working with medical home to
contact NAHIT, the National Alliance for Health IT. They have got a
demonstration project out in New Orleans looking at establishing medical homes
down in that area. If you are looking at testimony or just contacts they would
be really good.

MR. BLAIR: Actually I think it is part of the American Hospital Association
isn’t NAHIT a sub, or grew out of that?

DR. COHN: I think they are sponsored by a variety of entities I believe.
They are one of the sponsors though. I think they are chair member is Scott
Wallace.

DR. WARREN: I know I was part of a team that went down there to look at
some of the medical home issues and to talk about health IT and their use. They
are really trying to put together some demonstration projects and stuff that
works so they would be a good resource for you.

DR. STEINWACHS: I expressed interest in medical home because I anticipate
as I age I may need one more and more and more at some point. Enlightened self
interest is that okay?

DR. COHN: No, comment but it is probably general agreement from all of us.
Well great, privacy –

MR. ROTHSTEIN: Thank you, the subcommittee met this morning, our plan is as
follows: to move ahead with our sensitive health information letter. At the
moment we have decided to have a series of conference calls and where we are
now as we have no longer a two draft system we have a single draft that we are
working from and our main task now is to try to be responsive to all the
comments that we heard yesterday. We are going to be going through the draft
sort of line by line and addressing issues that were raised at the full
committee discussion yesterday as well as other issues that have been brought
forward by members of the subcommittee. It is our intent to have a letter for
consideration by the full committee at the February meeting.

Beyond February there are no shortage of topics that we could consider and
let me just go through a few of those that are possibilities and these have
gotten approved by the subcommittee.

We heard from Ed Sondik in September about the possibility of the
subcommittee and the full committee assisting NCVHS with a difficult issue that
is being considered internally now and that is the rules for disclosure of DNA
in clinical data to researchers in particular from the NHANES files. Many
groups are considering their repository practices now. The Corelle(?) Institute
is another one that is reviewing it’s confidentially issues.

The other issues that seem logical for us to follow up on, our privacy
letter dealing with sensitive information as you will recall is limited to
disclosures for treatment purposes. We left in a band the issue of disclosures
of sensitive information for other purposes and that would be something that we
might want to consider as well as other issues from the June 2006 letter that
where we said, here is an issue we are not taking a position on it at the
moment. It requires further study and so forth and that’s where our last
two letters basically came from. Follow ups to the 2006 letter and there were
at least a half dozen topics that we left hanging out there in 2006 with the
intent that we would study them in more detail and bring forward additional
recommendations to the Secretary. That is basically where we are. Maya did you
want to?

MS. BERNSTEIN: I was only thinking about in terms of getting the letter
that we are working on now to the committee in February. We have a document on
committee procedures but it was useful to us and I think to the committee last
time to have advanced drafts before we were prepared with them to the committee
so that they could have a good look at them before we got to the sitting down
around the table together so that is not the first time that people see them.
We act at time with the I guess it was the 2006 letter actually had people
invited to participate in the calls for the end of the process.

DR. ROTHSTEIN: It may be appropriate when we get to that point to have an
open call for the full committee and allow people to review the draft and make
suggestions before it is finalized and then sent to the executive subcommittee.

MS. BERNSTEIN: The only other thing is that when the executive committee
considers the schedule for the February meeting keep in mind that it might be a
contentious letter again and that we need some time to go through that letter
and to have a discussion with the committee at that time.

MR. BLAIR: I would hope that the next time that we review the letter we
keep in mind the tremendous value of how well organized and structured it was.
I read that letter cold without being familiar with it before hand and every
time I began to identify a concern or an issue that next sentence or the next
paragraph addressed a concern on all I did today is talk about the one sentence
where that was not true but it was so well done that it is compelling for
education for a lot of folks that might otherwise either not appreciate what it
takes to do this or be reluctant to take it and Mark and Maya I really would
really leave it to you, I don’t want to let the nits, the details, the
critiques rip apart the coherency, coherent it was understandable and I think
that has great value because sometimes our letters are so detailed, so precise
that it is like wading through mud. Everything is technically correct and
precise and the committee has pulled it together but this letter was compelling
and coherent and I hope we don’t lose that.

DR. ROTHSTEIN: Thank you Jeff, we will have lots of opportunity to talk
about the letter but I think an important thing as we go forward certainly at
the subcommittee level and I hope at the full committee is the recognition that
even though there may be parts that people disagree with it is so important to
get this issue out there, to get people talking about it and thinking about it
creatively and to do it sooner rather than later.

MR. BLAIR: Believe me I agree. Marjorie would tell you that I agree with
you.

DR. COHN: Mark, thank you and we will obviously look forward to the next
version. I guess I would even though we only have draft workgroup and
subcommittee activity pieces the only pieces I would just advise everyone on is
before things start going out to everybody they need to have fundamental
support from the subcommittee or the workgroup in advance of that. I think that
we have gotten ourselves into trouble where we thought we have had agreement
and then they get distributed and somehow we are all talking about three
versions ago of the document itself. That would be the only advice and
obviously I will be there with you so we will be making sure that all happens.
Leslie?

DR. FRANCIS: Yes, just to link the red in the committee operating
procedures –

DR. COHN: That is for your review today, to be discussed in February.

DR. FRANCIS: Okay it is a little too strong on that point because I think
we didn’t have full agreement on the content of the letter when it went
around but we had agreement that it was really important to get input at the
stage where we were.

DR. ROTHSTEIN: I don’t think Simon is referring to yesterday’s
letter so the point is well taken I think.

DR. COHN: As I said we will continue to wordsmith that operational
document.

Okay thank you, Harry and Jeff. Do you want to talk about standards and
security?

MR. REYNOLDS: We have a hearing in the end of January; we are going to be
talking about ICD-10 we are going to be talking about e-prescribing we always
have to keep an eye on MPI obviously to be a good subcommittee we are going to
now have to add stewardship like the rest of you but we haven’t figured
out quite how to put that in there yet. So that is the main thing that we are
focusing on to keep it brief.

There are plenty of standards coming out, there are plenty of things that
we are having to keep an eye on and this will be a big event for us starting to
look at ICD-10 and getting further updates on that and we will have a
conference call in the next week or so to finalize that agenda and exactly what
we want and make sure we get covered, any questions?

DR. COHN: Questions or comments? Well, what do we say we sort of rundown
the last couple minutes here? Now we obviously have a Full Committee meeting
coming up in February on the 20th and the 21st. As I said
this is once again right after a long weekend so we will make sure that the
books and everything get out to everyone in advance. I think what I am hearing
so far is that we will have it sounds like two action items. One will be the
privacy letter on sensitive information and then the other is the documents you
are putting together for quality workgroup representing the work that has
occurred over the last several years.

I guess we will also potentially depending what comes out of this hearing
in January maybe have a standards and security letter, maybe not.

MR. REYNOLDS: At this time I would say no.

DR. COHN: Now I think as I have comment before I am struggling to make sure
we have enough time in the meetings for conversation and working on things and
we certainly are reminded by this meeting that we need to have adequate time
for the privacy letter. I guess that I am also hoping that we can start getting
in some external perspectives and external speakers. I think I mentioned
yesterday that I thought especially given our medical home conversations and
all of this that, and our previous conversations around ICD-10 and ICD-11 that
inviting someone like Chris Shute(?) to talk about the ICD-11 plans and all of
this. It might be a very useful conversation for us to have as a Full
Committee.

I am also sort of blanking on other presentations that we may want to
schedule. We obviously have a list of additional things and we will work with
the Executive Subcommittee to sort of finalize that.

MS. GREENBERG: Do you want to hear what some of them are? There is a ASPE
project on personal health records that you want to hear more about. We had to
put all of these aside for this meeting because you know why. CDC contracts,
the public health situation awareness, I am not quite sure what is happening
with that but that was on the list. Then there is a National Academy Study
which was just finished on advancing standards and to help IT. I think that has
been released. ONC commissioned it.

DR. COHN: You mean this is the mini report you are talking about? We should
ask ONC just to update us on that at the next meeting.

MR. BLAIR: Marjorie on the accelerating public health situation with the
CDC contract we are told that is supposed to be announced in mid-December, by
December 17th.

MS. GREENBERG: OHRP guidance and research I am not quite sure what that
was.

DR. ROTHSTEIN: That’s the I think the department wide taskforce or
working group –

MS. GREENBERG: It is referencing the ad hoc report so I don’t know
what the appropriate time is to hear about that.

DR. ROTHSTEIN: I spoke to Sue McAndrew earlier about that and it is
proceeding at a measured pace.

MS. GREENBERG: We also got an autonomous list but we also received a letter
from AHIMA and AMIA October 3rd actually asking to be on the
November agenda but that wasn’t feasible but they have done a report on
healthcare terminology and classifications a central piece interoperability and
they have asked to brief the committee on this report. It would actually
probably be appropriate with the ICB-10, ICB-11 all of that so we could try to
schedule them for those two items for February, anything that I have missed?

DR. COHN: So the good news is that there are things that we can talk about
that aren’t necessarily only reports we are working, I see Leslie has a
worried look on her face.

DR. FRANCIS: Didn’t I hear earlier that John Loonsk was coming back
for a longer discussion.

DR. COHN: Yes, they are sort of standing items.

DR. FRANCIS: Well it might be useful to have him for a genuinely longer
discussion.

MR. BLAIR: One think that I might say because it seems like there is some
synergy here with did you say AMIA and who else is going to be talking?

MS. GREENBERG: AMIA and AHIMA.

MR. BLAIR: Those two well if that is going to be a topic and ICD-11 is
going to be a topic then some of the pieces that John Loonsk did not have time
to present was a very interesting process to move from the HITSP standards to
implementations, specifications. I have learned a lot that I just didn’t
know before. I think it is going to be very important for those of us
especially in standards and security but all of us to understand how it gets,
the difference between the standards and getting to multiple standards for
interoperability. It is a very interesting process.

DR. COHN: So that is something that we should be asking John Loonsk to talk
about. So that will be part of our and that is a very good point. We will make
sure he covers that.

MS. GREENBERG: Leslie did you have some particular things you wanted –

DR. FRANCIS: How the privacy letter is actually being taken into account in
their deliberations. Part of that is going to be well, timing wise we are going
to have the sensitive information letter so it would be useful I think to have
an –

DR. COHN: Let’s take that offline I think that we can sometimes the
expectation of people having answers like that on their sleeves especially when
they don’t even know what the questions are and sometimes they could but
they may not be able to answer them because they don’t necessarily know
what we are recommending.

MS. GREENBERG: The other thing is the 60th anniversary symposium
and I propose that we kick off that discussion of the executive subcommittee
conference call which you would like to have one in December. We can talk about
the February hearing and other related issues. If we are going to really try to
do something for this and Larry and I spent our lunch hour talking about it
actually but I think like June 2009 is what we should be shooting for so I
think it is not too early at all to be talking about it.

DR. COHN: So the executive subcommittee will talk about it. Okay now
recognizing the people that I am beginning to see people walking out the door
here. I actually just wanted to transition now to what we traditionally do at
the end of the meeting which is an opportunity for a little bit of reflection.
I realize that it has been sort of an exhausting meeting at least I thought it
was sort of an exhausting meeting but obviously what we are always trying to do
is make these meetings better. I am going to open up the floor for any comments
people have about ways that we should be organizing the agenda better, other
things that we should be doing to make it a more valuable experience for the
attendees or to make us more productive, so comments? Carol?

MS. MCCALL: I guess I like the conversation that I have heard in the last
twenty to thirty minutes in the following sense. This has been very kind of
heads down, very focused and intentionally so. So I think it is good to then
tack in a different direction which is to open it up and explore and hear more.
So I am glad that that will in fact be one of the broader themes so that is a
good thing in terms of how to alternate.

The other is I think as you go into the executive subcommittee is to think
about where the best synergies are because as you said before we have to pick
very carefully where we spend our time. I just see lots of opportunities where
there is more overlap all of the time and I think that would if we pick with
that being even more than a tiebreaker that that could add a lot of momentum to
what we do and a lot of value to what we do. So you may find as you deliberate
as a subcommittee that there are things that you want to say, you know this is
a common theme running through. The example being maybe data stewardship just
as one but there may be others that you will find and so I’ll be excited
to see what comes out of that conversation.

DR. COHN: Do the people wandering out the door have any comments? No? With
that we will adjourn the meeting. Thank you all, happy holidays.

(Whereupon, the meeting adjourned at 2:55 p.m.)