[This Transcript is Unedited]



November 29, 2006

Hubert Humphrey Building
200 Independence Avenue
Washington, D.C.

Proceedings by:
CASET Associates
10201 Lee Highway, Suite 180
Fairfax, Virginia 22030
(703) 352-0091


P R O C E E D I N G S (8:42 a.m.)

Agenda Item: Call to Order

DR. COHN: I want to call this meeting to order.

This is the second day of meetings of the National Committee on Vital and
Health Statistics. The national committee is the main public advisory committee
to the U.S. Department of Health and Human Services on National Health
Information Policy.

I am Simon Cohn. I am Associate Executive Director for Health Information
Policy for Kaiser Permanente and Chair of the committee.

I want to welcome committee members, HHS staff and others here in person.

I also want to welcome those listening in on the internet, and I believe
that we are on the internet at this point. Okay. Good.

Obviously, as always, I want to remind everyone to speak clearly and into
the microphone, so the people on the internet can hear us.

Let’s have introductions around the table and then around the room.

For those on the national committee, I would ask if you have any conflicts
of interest relating to any of the issues coming before us today, would you so
please publicly indicate during your introduction.

I want to begin by observing that I have no conflicts of interest.


MS. GREENBERG: Good morning. I am Marjorie Greenberg from the National
Center for Health Statistics, CDC, and Executive Secretary to the committee.

MR. ROTHSTEIN: Mark Rothstein, University of Louisville, School of
Medicine, member of the committee. No conflicts.

DR. WARREN: Judy Warren, University of Kansas, School of Nursing. Member of
the committee. No conflicts.

MR. REYNOLDS: Harry Reynolds, Blue Cross Blue Shield of North Carolina.
Member of the committee and no conflicts.

DR. TANG: Paul Tang. Palo Alto Medical Foundation. Member of the committee.
No conflicts.

MR. HOUSTON: John Houston, University of Pittsburgh Medical Center, member
of the committee. I have no conflicts.

DR. CARR: Justine Carr, Beth Israel Deaconess Medical Center, Boston.
Member of the committee and no conflicts.

MR. LAND: Earl Lands(?), Executive Director of NASIS(?). Future member of
the committee. No conflicts.

MS. TRUDEL: Karen Trudel, Centers for Medicare and Medicaid Services.
Liaison to the Full Committee.

DR. SCANLON: Bill Scanlon, Health Policy R&D. Member of the Committee.
No conflicts.

DR. STEUERLE: I am Gene Steuerle from the Urban Institute. No known
conflicts. Member of the committee.

MS. MC CALL: Carol McCall with Humana. Member of the Committee. No known

MR. HUNGATE: Bob Hungate. Physician Patient Partnerships for Health. Member
of the Committee. No conflicts.

DR. FITZMAURICE: Michael Fitzmaurice. Agency for Healthcare Research and
Quality. Liaison to the Committee and staff to the Subcommittee on Standards
and Security.

DR. HUFF: Stan Huff with Intermountain Health Care and the University of
Utah in Salt Lake City. Member of the Committee. No conflicts.

DR. STEINWACHS: Don Steinwachs, Johns Hopkins School of Public Health.
Member of the Committee. No conflicts.

DR. STEINDEL: Steve Steindel, Centers for Disease Control and Prevention.
Liaison to the Committee.

MR. BLAIR: Jeff Blair, Lovelace Clinic Foundation. Member of the committee,
not aware of any conflicts.

MR. SCANLON: Good morning. Jim Scanlon, HHS Office of Planning and
Evaluation. Executive Staff Director for the full Committee.

(Introductions around the room.)

DR. COHN: Okay. Well, I want to welcome everyone and good morning.
Hopefully, everyone did well last night.

And a couple of items before we go into agenda review. I mean, first of
all, I want to, again, acknowledge our retiring members, Bob Hungate, who, as
we commented last night, may actually retire.

PARTICIPANT: I don’t believe it.

DR. COHN: Yes, I don’t – Yes –

PARTICIPANT: His wife was there –

DR. COHN: His wife seemed to indicate that he may – Yes.

And Stan Huff, who we’ll be calling back frequently as an expert
witness and advisor.

Then do we have Russell Localio on the phone, also?

MR. LOCALIO: Yes, I am.

DR. COHN: Okay. Welcome. Good morning.

And, obviously, our other retiring member, Russell Localio, and we are
obviously happy to have you on the phone this morning.

Now, the other item of business, I think with Bob Hungate retiring,
obviously, the position of Chair of the Workgroup on Quality is vacant, and I
am announcing the appointment of Justine Carr as the new workgroup chair.
Justine, thank you. We look very much forward to your leadership in this area.

Justine, this also means, for better or for – I mean, we didn’t talk
to you about this, but it also means you become –

PARTICIPANT: (Off mike).

DR. COHN: That’s right. No. It also means you become a member of the
Executive Subcommittee. So we obviously welcome you to that also. So thank you
and we’ll be working closely together.

DR. CARR: Thank you –

DR. COHN: Now, we obviously have a number of items for this morning.

The first item, and I actually see – just in time – we actually have the
letter before us. There is one action item from yesterday that is a letter on
National Provider Identifier, that I think maybe we’ll just – since we
actually have it, we will take up as the first order of business.

From there, if you’ll remember, we were going to talk yesterday about
sort of subcommittee and workgroup activities, issues, updates, cross-cutting
issues, new work items, all of that, and we’ll begin the conversation
about that right afterwards.

Now, I did notice this morning that we actually have no break. We will
create a break after that conversation, which will occur probably a little bit
right after 10, and then we will come back and have a conversation with Jodi
Daniel, who’ll be briefing us on the Health Information Security Privacy

Following that, and we’ll obviously have some time for that
conversation, we are looking forward to a presentation from Marjorie Greenberg
and Steve Steindel on sort of recent international activities.

Once again, as you know, part of our responsibility really is to monitor
international activities. Sometimes, we get so involved in just trying to help
with the things going on in the United States that we forget that, and I think
this will be sort of the beginning of more active conversations in this area.

Following that, we will have an update from the Board of Scientific
Counselors, Bill Scanlon and Dr. Elo –

PARTICIPANT: She is not going to be here.

DR. COHN: Oh, she’s not? Okay. So Bill will be doing that.

And then we’ll spend a little time talking about future agendas and
sort of learnings from the meeting and all of this as we wrap up by 12 noon.

Now, have I missed anything in this agenda list of items?

Okay. And, as I said, I am very comfortable that we will finish by 12 noon.
So I don’t think there is a problem with that.

Agenda Item: Subcommittee Standards and Security
– NPI, CHI and NDC, HIPAA Eighth Report

DR. COHN: Now, with that, let me turn it over and let’s welcome Harry
Reynolds in person, rather than on the phone from yesterday.

Harry do you want to lead off and discuss this letter?

MR. REYNOLDS: Yes. This wasn’t discussed at all yesterday –

DR. COHN: No, the general topic was discussed. The general letter was
discussed. I think there was a common view, at least I was hearing from the
committee that there needed to be more in the letter in terms of more
substantive recommendations and sort of stronger pieces, which I think the – at
least from my understanding, the Standards and Security Subcommittee took under
consideration –

MR. REYNOLDS: Yes, we did.

DR. COHN: – and added information to this.

MR. REYNOLDS: Yes, we did.

So I guess we would just – Probably the best thing to do is just read the
letter – right? – and with the new inclusions.

Let’s just start from the top:

The National Committee on Vital and Health Statistics is responsible for
monitoring the implementation of standard transactions, code sets and
identifiers adopted pursuant to the Health Insurance Portability and
Accountability Act of 1996 (HIPAA).

The committee has been tracking the implementation in the National Provider
ID, NPI, and wishes to convey to you our preliminary observations on the
industry’s progress toward meeting the compliance date, which is May 23,
2007, for most covered entities.

The committee has heard testimony on several occasions regarding the
readiness of providers, plans, clearinghouses and the software vendors to
support them to use the NPI in HIPAA transactions.

We have concluded that, while significant progress is being made toward
compliance, some key activities may not be completed by the compliance date.

Providers must obtain an NPI and use it on HIPAA transactions by the
compliance date.

To date, over 1.4 million NPIs have been issued, which the Centers for
Medicare and Medicaid Services, CMS, estimates represents approximately 60
percent of the total provider universe.

However, few of the providers who have obtained NPIs have communicated
there are NPIs to their health plans. Few providers have communicated their
NPIs to the facilities where they practice and few are sending in PRIs in HIPAA

Many health plans and clearinghouses report that they are now able to
accept transactions with either legacy identifiers or NPIs. However, most are
still developing crosswalk logic to enable them to associate a provider’s
NPI with a legacy identifier assigned to them in the plan’s processing
systems. This is critical to assure accurate adjudication and payment as well
as to connect the provider with his or her historical data.

The plan’s ability to complete their crosswalks is dependent on their
having NPIs of their provider populations. Plans need a period of time to
populate crosswalks with NPIs and to test the crosswalks prior to May 23, 2007,
in order to accurately process claims and other HIPAA transactions after that

Therefore, providers who wait until close to the compliance date to obtain
and use NPIs or whose software vendors wait until close to the compliance date
to make changes to support using NPIs run the risk of having their transaction
rejected and payment being delayed because their plans and clearinghouses will
not recognize their NPIs.

The next is a new paragraph we added, based on your comments yesterday.

The plan specifically identified a critical need for access to data from
CMS’s National Plan Provider Enumeration System, NPPES, database to
populate and validate their crosswalks.

Prior to making NPPES data available, HHS must publish a Data Dissemination
Notice in the Federal Register. The notice will communicate what data elements
will be made public and the mechanisms by which the data will be accessible.

The fact that the notice has not yet been published, and, thus, NPPES data
is not available is of vital concern with respect to plans’ ability to
complete their crosswalks by the compliance date.

We recommend that HHS publish the Data Dissemination Notice at the earliest
possible date and make NPPES data widely available as soon as possible

Industry implementation efforts over the next few months will significantly
impact compliance status as of May 23, 2007.

The NCVHS will hear additional testimony on this issue in January. We plan
to obtain input from a variety of provider organizations and health plans as
well as clearinghouses and software vendors and will provide more information
to you at that time.

In the meantime, we urge HHS to closely monitor compliance activities and
take action as needed to encourage compliance and early testing by all covered

Floor is open for comments or questions.

MR. HOUSTON: I think the letter reads much better. There is a specific
recommendation. It is something that is actionable. So I say that I think it
looks good, and I have only one question and it is just not understanding the

Is a crosswalk something that is widely understood? Because that term is
used throughout, and I wasn’t sure whether that is something that is
jargon or whether it is something that people will understand what you are
referring to when you use it in the letter.

MR. REYNOLDS: I would say that it is, but I’ll be happy to defer to
anyone else who would – I believe everybody involved should be familiar.

MR. HOUSTON: I am satisfied. I just was wondering –

MR. REYNOLDS: No. No, no. No, and, again, I don’t want to be the only
one that answers that.

DR. TANG: Well, just, I mean, I think it would be understood by those who
need to.

One possible suggestion is that instead of the earliest possible date,
maybe by the end of the year, something that would give – still give the plans
enough time to do the crosswalk, and that sort of came up yesterday in terms of
if it is as soon as possible or monitor. It is just not quite urgent enough.

MR. REYNOLDS: We had that discussion in the committee also. Anybody else on
the committee want to make a comment?

Karen, you want to – Why don’t you – Do you want to comment on that?

MS. TRUDEL: The reason that I think we worded it this way was that the data
cannot be made available until the Date of Dissemination Notice is published,
and so if you put a date certain on when the data is available, that makes an
assumption that the notice has been published prior to that.

MR. REYNOLDS: I think we pointed out that this is a definite issue and it
needs to be dealt with –

DR. FITZMAURICE: I think crosswalk is probably explained in a sentence
above that says, However, most are still developing crosswalk logic to enable
them to associate a provider’s NPI with the legacy identifier. So I think
crosswalk is explained there.

I would suggest that sentences below, The plans’ ability to complete
their crosswalks is dependent upon their having the – and I would insert –
accurate and validated NPIs of their provider populations.

The reason I put that in is that it ties in with the next paragraph where
they need access to the database to populate and validate their crosswalks.

MR. REYNOLDS: Where are you, Mike?

DR. FITZMAURICE: I’m in the sentence – one, two, three – about the
fourth sentence down in the – one, two, three – fourth paragraph.

It starts off, The plans’ ability to complete their crosswalks is
dependent upon their having the accurate and validated NPIs of their provider
populations. I would insert accurate and validated.

MS. MC CALL: I would like to echo John’s comment. I think that the
additional paragraph is fantastic. So on behalf of all health plans, we thank

I would also – for the second paragraph – suggest adding something at the
end of the sentence, which makes, essentially, the purpose of this note
complete. The sentence basically says, We have heard some things. We have made
some conclusions, and, basically, finish it up to say, What is the consequence
of not having these activities complete? So complete the thought to say
something to the effect that we have concluded that while significant progress
is being made toward compliance, some key activities may not be completed by
the compliance date, which has a potential for disrupting or delaying payments
to providers in certain circumstances. It completes the thought, and so it
says, Okay. I guess I better keep reading, because something bad is going to
happen. We don’t say what the –

MR. REYNOLDS: Okay. So you had which may disrupt?

MS. MC CALL: – which has a potential for – to disrupt or delay
payments to providers in certain circumstances.

DR. COHN: Harry, are we ready for the next comment?


DR. COHN: Okay. Jim and then Steve and then Bill.

MR. SCANLON: A friendly amendment. I think the letter states the issue very
clearly and suggests what can be done.

Just the third paragraph, last sentence there, can we indicate how – on
what basis we are concluding this, However, few of the providers who have
obtained – Can we say based on testimony or how do we know this is true? Based
on testimony?

So the third paragraph –

MR. REYNOLDS: Yes, I think the WEEDIE(?) testimony covered that definitely.

MR. SCANLON: Yes. Yes –

MR. REYNOLDS: Okay. And which line is that in again, Jim?

MR. SCANLON: Third paragraph, last sentence, However, few of the providers

PARTICIPANT: However, based on –

MR. SCANLON: Say based on testimony provided to the committee.

DR. STEINDEL: Carol, your modification – and you added the words, under
certain circumstances. That immediately brings me back to why you added that
sentence. What are the circumstances?

I would just end it before that clause.

MS. MC CALL: Yes. Okay –

(Several participants at once).

MR. REYNOLDS: So we are talking about a period after provider.

DR. STEINDEL: – it has the potential.

MS. MC CALL: Right.

DR. STEINDEL: – and that kind of covers –

MR. REYNOLDS: So it’ll read, after the – where the previous period
was, it’ll read, which has the potential to disrupt or delay payments to
providers, period.


MR. REYNOLDS: Any other comments?

DR. SCANLON: This is the concern I had yesterday. The last sentence, in
terms of whether or not it is strong enough to assure that we are going to have
compliance, and the subcommittee may have discussed this, but, again, the idea
of sort of a period of monitoring followed by a period of contemplating
actions, and then actions, all within a six-month time frame, seems
unrealistic, in terms of achieving compliance, and that question would be
whether a modification to say, HHS should take the actions to assure or
encourage compliance. I mean, should we take the actions as regards as
necessary to assure – encourage compliance? Take out the monitoring, because it
implies delay, and you really don’t have the opportunity – You don’t
have the luxury of delay at this point in time.

MR. BLAIR: That is a major change. I think we should determine whether we
all feel comfortable with that.

DR. SCANLON: I understand it is a major change, and that is why I am saying
that the subcommittee may discuss this and have good reasons for not –

MR. REYNOLDS: I’ll be happy to take that subject.

We heard testimony, and the testimony went as far as to recommend a
transition period, that after May – It wasn’t going to be ready in May,
and that there needed to be a transition period. Okay?

We felt that we were a little premature, at this point, going that far.
That is why we have a hearing in January, and that is why we have said we will
listen again, and, at that point, because I think the industry – If you were to
listen to the WEEDIE testimony, the industry feels that it is already in big
trouble, and it is already going to need some kind of an intervention, because
it is not going to happen on May 23rd.

However, it was early enough in the process, and people getting their NPIs
and people starting to come up to speed is progressing, and I think Karen would
concur. The number of people getting their NPIs in the last two or three months
is significantly different than the number of people that were getting their

So we don’t want to yell wolf too fast. We don’t want to say
stop, but we want to make it clear that HHS needs to look at this really hard
and make sure that they are prepared to understand the details of this
situation, so when we come back in February with input from CMS, with input
from the industry and input from others, that we may recommend something

DR. SCANLON(?): See, I guess I interpret the letter very differently,
particularly the last sentence. It is not sort of implying that we are going to
have a transition period, in some respects, which is a capitulation saying we
can’t do this.

I interpreted the last sentence as when you understand, in January or
February, that people are not moving quickly enough, you warn them that they do
need to move quickly enough to get – be in compliance by May.

And if – I mean, we talked about this yesterday. If you announce that you
are not going to hold to the date, people immediately relax, and the idea would
be not to say that we have any notion of not holding to the date, but to say,
We need to begin immediately reminding people we are going to hold to the date.
We need to tell the people that haven’t applied that they need to apply,
and that they need to share the information with their plans.

I mean, this is the kind of thing where HHS, if they need to reach out to
the provider community, they need to reach out now, if we think the May date is
going to serious. Because what you are saying now is we are almost conceding
that the May date is not serious.

MR. REYNOLDS: No. No, no.

DR. SCANLON(?): Well, and if we don’t, then I think HHS should be
moving now to educate the provider community. We are serious about the May
date. You better get moving, in terms of compliance.

MR. BLAIR: If this would be the only letter that we would be sending HHS,
before May 23rd, I think I would probably agree with you.

We are in a process, and there is going to be another letter that’ll
come out of the full committee in February, and, hopefully, things will improve
between now and then, because if they don’t, that other letter would be a
real challenging letter.

So I guess what I am indicating on this is that because I am viewing it as
a process, I am really kind of weighing in with what Harry says, because CMS
has heard all of the discussion, the testimony. They have heard our
discussions. I think they fully understand how serious the situation is, and
the letter, in my opinion, we are striking an appropriate balance, at this
point in time, understanding that another letter will come forth at the end of

MS. GREENBERG: Well, I think I understand where you are all coming from,
but maybe a compromise would just be to take out this business about monitoring
and to say, In the meantime, we urge HHS take action, as needed, to strongly
encourage compliance and early testing by all covered entities, and leave out
the closely-monitored compliance activities, which I think I would agree with
Bill, is kind of wishy-washy.

DR. SCANLON: It implies a delay, that you don’t have to do anything
today to think about what –

MR. REYNOLDS: Bill, does that get closer to what you are talking about?

DR. SCANLON: That would be fine –

PARTICIPANT: A more active verb than –


DR. STEINDEL: Actually, I think we have heard that HHS is actually doing
what this sentence says. They are monitoring it. We have actually had an update
from Karen to show how accurately they are monitoring yesterday as to what is
going on in this area. So they already are monitoring, and we already have
evidence that they are taking and considering action by the paragraph that was
added in this.

So if we want to make any modification to this and make it a little bit
more strong, I would just say to continue closely monitoring, to indicate that
they are doing it already, and not take it out completely.

DR. SCANLON: I think if we take out the monitoring and leave it for them to
take necessary actions, they can include monitoring among the necessary actions
that they think that they need to take. Just gives them a little extra push.

MS. MC CALL: Two things. I would concur with removing the words around
monitoring, but I would also add something. We need them to take action, as
needed, not only to encourage compliance, but to enable compliance, and that
is, in effect, the paragraph that you added, that it is not just to go rah-rah.



MR. REYNOLDS: Any other comments?

DR. COHN: Well, not sure I understand. Would you read that sentence now?

MR. REYNOLDS: Yes, I sure –

DR. COHN: I am getting a little confused –

MR. REYNOLDS: I’ll read what I think –

DR. COHN: – about what that sentence looks like.

MR. REYNOLDS: I’ll read what I believe it is at the moment.

In the meantime, we urge HHS to take action, as needed, to enable
compliance and early testing by all covered entities.

MS. GREENBERG: I think enable and encourage, or did you want enable instead
of encourage?

MS. MC CALL: I had intended enable and encourage.

I do think that there is a certain amount of vocal encouragement of
providers to do what they need to do. So –

MR. REYNOLDS: Okay. Any other comments?

Bill, thanks for that.


DR. TANG: This may put a little bit more strength in it. So take the steps
necessary to enable and to ensure that providers meet the published deadline.

MR. REYNOLDS: But that is not – That won’t get everybody where they
need to be, because if a provider gets it on May 22nd, that
doesn’t mean everybody is going to be okay.

DR. TANG: In time to meet the published deadline?

MR. REYNOLDS: That’s the tough part of this. Everybody can finish at
the same time. Problem is, they are not all finished together. That’s the

Any other –

DR. COHN: Well, Harry, would you do me a favor, once again, read what we
have here –

MR. REYNOLDS: Yes, I will.

DR. COHN: – since I heard there was a further wordsmith after you read it
the first time. So –

MR. REYNOLDS: Okay. Here we go: In the meantime, we urge HHS to take
action, as needed, to enable and encourage compliance and early testing by all
covered entities.

MS. GREENBERG(?): Yes, I like that. I like the enable.

MR. REYNOLDS: Are there any other comments on the letter?

We will get this adjusted, get a new copy out to everyone, so you can see
it in finality, Simon. Is that what you want to do or you want to just approve
the changes as submitted?

DR. COHN: I’d like us to be able to vote on this. I’m just – I am
sort of trying to figure out whether the sentence makes total sense, at this
point. So read it again. I mean, I apologize. Just – I’m trying to figure
out what it means exactly. I mean, we have wordsmithed it to death now, and I
am sort of getting a little more confused about – You know, it starts out, In
the meantime – what exactly the words all mean. So read it again and then
explain to me what it means.

MR. REYNOLDS: Wait a minute. This wasn’t my change.

DR. COHN: Okay. Well, somebody explain to me what it means.

MR. REYNOLDS: No, I will do that. Yes. Okay.

In the meantime, we urge HHS to take action, as needed, to enable and
encourage compliance and early testing by all covered entities.

So what we are saying is we are saying we are going to hear testimony in
January, and that is why we used, in the meantime. So between now and January
or February, when you hear from us again, here is what we hope is going to
happen. That’s why I think we had that in there.

I could comfortably just say, we urge, period, and whether it is in the
meantime or not. I mean, that is a definitive statement, We urge that HHS do
this. Cleaner.

MR. REYNOLDS: So I can justify in the meantime, but I think taking it out
probably makes it more firm.

Yes, Marjorie.

MS. GREENBERG: I hate to do this, but it goes back to Paul’s a bit,
but I wonder if it would read a little better, be a little stronger, it says,
In the meantime, we urge HHS to take the necessary action to enable and
encourage compliance and early testing by all covered entities. So whatever
those actions are. As needed is a little wobbly also, I think.

MR. REYNOLDS: So take out, as needed.

MS. GREENBERG: But to say – You could just say, to take action or to take –

PARTICIPANT: The necessary action.

MS. GREENBERG: – the necessary action.

PARTICIPANT: The necessary action.

MS. GREENBERG: Maybe you could even just say to take action.

MR. REYNOLDS: All right. We are saying just take action – taking out as

I’ll read it again: In the meantime, we urge HHS to take action to
encourage – enable and encourage compliance and early testing by all covered


MS. GREENBERG: Yes. I like that.

You are not happy yet?

DR. COHN: Well, I –

MR. REYNOLDS: Would there be any – Simon, you still –

DR. COHN: Well, what actions are we referring to, I guess is what – I guess
the part that sort of is –

MR. REYNOLDS: Well, the first is the data dissemination. The second is the
outreach. I mean, there’s plenty of things that have been clearly – and
they were stated to the Secretary from WEEDIE’s(?) letter. WEEDIE sent
their letter directly to the Secretary as well as testifying to us. I think
there’s a body of work that is available on the steps that are issues and
concerns right now. So that –

MS. GREENBERG: That’s why if you said the necessary action, it would
refer up, I think, to this new paragraph, as well as – I don’t know if you
have anything about outreach.

DR. COHN: I have actually really an odd question to ask of everybody. I
mean, we are wordsmithing this sentence to death. I am sort of – once again –
getting a little confused about – I hate to use the term action as a vague sort
of thing, especially since we haven’t referenced – I mean, we are not
going to start adding new paragraphs at this point talking about education,
outreach, you know, on and on and on. I mean, it is a little late in the
history of this letter to do that.

I guess the question is is what happens if we remove that whole sentence?

MS. GREENBERG: But, no, we can’t do that.

DR. COHN: Okay. So we can’t do that.

MS. GREENBERG: I know, that’s – my solution at this point, but I
don’t think you can.

I think –

DR. COHN: Well, maybe it is okay.

MS. GREENBERG: We are very close.

DR. COHN: Yes, I mean –


DR. COHN: Okay.

MR. BLAIR: You know, there is a certain reality here, and CMS is very, very
highly motivated to make sure that this happens.

PARTICIPANT: And to get this letter out, I think.

MR. BLAIR: So I think that the message is here in the letter.

DR. COHN: Okay. Harry, one last read of this last sentence, and, then,
hopefully, we’ll vote on it.

MS. GREENBERG(?): One last time with feeling.

MR. REYNOLDS: Let’s don’t set unrealistic expectations. I will
read it again.

In the meantime, we encourage HHS –





MS. GREENBERG: Not encourage.

MR. BLAIR: Urge.

MR. REYNOLDS: Oh, I’m sorry.

MR. BLAIR: Would you like me to read it, Harry?

MR. REYNOLDS: I am reading it the way I want it now. So –

In the meantime, we urge HHS to take action to enable and encourage
compliance and early testing by all covered entities.

MR. BLAIR: That says it.

MS. GREENBERG: To take the necessary action –

MR. BLAIR: – put necessary in there.


PARTICIPANT: and you said something that – in time –

MS. GREENBERG: No. Or the necessary actions.

MR. REYNOLDS: All right. Take the necessary actions. Okay.

MS. GREENBERG: Take the necessary actions.

MR. REYNOLDS: In the meantime, we urge HHS to take the necessary actions to
enable and encourage compliance and early testing by all covered entities.

DR. COHN: Karen, does this make sense to you?


DR. STEUERLE: I am going to move that we adopt this resolution –

MR. HOUSTON: And I’ll second it.

DR. STEUERLE: – and move on. Okay.

PARTICIPANT: Forty-five seconds.

PARTICIPANT: We’ve got a motion on the floor.

DR. COHN: Motion. Second?



DR. COHN: Okay. Discussion?

PARTICIPANT: I hope not. We just did.

DR. COHN: We just did. Okay.

All in favor.

(A chorus of ayes).

DR. COHN: Opposed?


Okay. The letter is passed.

MR. REYNOLDS: It is much nicer to be on the phone with this group. You
don’t have to watch the body language when you are on the phone.

MS. GREENBERG: You can be rolling your eyes on the phone.

DR. COHN: Okay. That actually is the final Action item for this meeting.
So, Harry, thank you very much.

Boy, a little early in the morning for so much wordsmithing.

Agenda Item: Subcommittee and Workgroup – Any
Additional Updates?

DR. COHN: With that, why don’t we move into a discussion, now, of –
this is sort of a report out from the subcommittees and workgroups, discussion,
obviously, of both current as well as planned work, as well as any observations
you have about crosscutting issues that you sort of see coming forward.

I think, given the conversations we have been having with Populations and
Quality, maybe we will start with Don, Populations, and then we’ll move to
the Quality, at least to start with. Please.

Agenda Item: I. Subcommittee on

DR. STEINWACHS: The Populations Subcommittee held a workshop. It now seems
like ages ago. I am now trying to remember when it was. Gene?

MS. GREENBERG: September 18th and 19th.

DR. STEINWACHS: Oh, thank you, Marjorie.

Okay. And with the great help of Joan Turik, who is in Jim’s office in
ASPI, to hear from a range of agencies inside and outside of HHS about data
linkage, both what they are doing, what the opportunities, what the barriers
and what the concerns are.

And so what we are in the process now of getting – We have the transcript.
We are in the process of getting minutes, and we had a discussion at our
meeting yesterday afternoon about to what extent we saw actionable items at
this point in there, and so that discussion is really still ongoing, but let me
just list for you some of the things that came up, some of the themes that came
out of that.

One is the role of data centers, and NCHS has now developed an agreement
with the Census to actually share their data centers, to expand that
substantially, and I think should be congratulated for that.

At the same time, it was clearly pointed out that for most people to use a
data center, in order to get at data that is not part of public-release tapes,
such as if you want to do anything that was geographic in nature or you wanted
to look at some of the minority groups and so on, you have to go relocate,
generally, to some part of the country and stay in a hotel for a while, and if
it is a graduate student doing it, it is probably not practical, and so there
are some real barriers, and there may be some opportunities to try and overcome
some of those, and we talked about some of those options, both at the workshop
and at the meeting.

One of them is that there is some work underway to allow remote access to
the data centers, so that you send your request in, it is looked at and then
sent back out and you don’t have to physically be there.

Another issue – and Russell helped us think about this – is it is very
clear that the different major data agencies – Census, Social Security, NCHS –
have different rules and regulations, and I am not sure how much is legislation
and how much it is the interpretation of the legislation into regulation that
make it such that the standards that are being used for security differ and,
therefore, create barriers, and when you link data, then, somehow, you now have
two sets of standards there, and linked data sometimes just can’t be
shared with anyone, other than the purpose for which it was linked.

We heard a lot about issues around states and the fact that each state,
these days, takes independent action, and particularly with increased concern
about privacy and security, states are raising the bar on many things, and we
heard about this, too, and we had a joint meeting with the BSC, a real concern
about mortality data, and that is another area where we may want to focus some
attention about what are the opportunities to try and overcome these, and I am
not going to take you into the suggestions at this point.

There was also a concern that in data sharing, even within government,
where it is government agencies that are linking and sharing data, is that the
time it takes to negotiate a new agreement takes months, and it seemed, at
least within the government, maybe there is an opportunity to have more
standardized data-sharing agreements. I don’t know. I am looking at Jim
now, who knows all these things, I am sure.

MR. SCANLON: Well, we actually – we have a fair number of them –

DR. STEINWACHS: Okay. And so that did come up in some of these –

MR. SCANLON: Countervailing forces is what you heard at the meeting there.
There’s the pressure to get more access to data –


MR. SCANLON: – for more and more use. At the same time, there is increased
privacy and security concern. So there really is this continuing balance – So
you sort of have to kind of –

MR. LOCALIO(?): Could you talk into the microphone, please?

MR. SCANLON: Yes. Just saying there are counter – I think what the
committee heard at the hearing, and we certainly hear it everyday, and we have
heard it at the committee here, there are countervailing forces at work here.
There is tremendous pressure for more access and better access and prompter
access for policy and program utility of the data, and we clearly want to move
in that direction.

At the same time, both from the states, from other forces, there is clearly
pressure to – not pressure, but reasonable concern about privacy,
confidentiality and security.

So we heard from all the agencies, I think, Don, and the users of the data,
how do you reconcile these? And that is certainly – Anything you can do in that
area would be very helpful.

DR. STEINWACHS: And I think Gene particularly – and Gene and Nancy, along
with Joan, are the ones who really shaped this agenda. You know, Gene keeps us
thinking about where are the low-hanging fruit here, where there might be a
chance to do something that could make it incremental, just as you are talking

Gene, do you want to say anything?

DR. STEUERLE: Well, this is only to reinforce what you are saying. I think
one of the dilemmas for the subcommittee and the committee is what actions can
we take to move along this agenda. I mean, it is clear that the merging of data
would significantly enhance our ability to examine the various health outcomes
to see how they vary across different parts of the population, to encourage a
wider range of research, both within government and outside of government with
potentially significant benefits for the public as a whole.

The dilemma, which Don has well expressed, is, in part, that there is
really no one decision maker you can go to often for these things either. So we
can write letters to the Secretary encouraging him to support, say, the efforts
of Jim’s office and ASPI and other offices that might be attempting to do
something here, but the question is how do you – Are there ways that we can
actually see of breaking through a barrier? Can we actually identify a
particular need that is significant enough that our letter might give Jim and
others some ammunition when they go into the front to fight this stuff, but as
I say –

DR. STEINWACHS: Thank you for the other – like Census and Social Security
and IRS –

DR. STEUERLE: Yes. I think a big part of the dilemma is how to deal with
the multiple decision-making apparatus. At some point, you get a secretary or a
member of congress or somebody who is really interested. Sometimes that person,
being at a high enough level, breaks through these barriers. So he basically
says, I want something to happen. At that point, the lawyers say, Okay. We are
going to try to minimize privacy concerns and maximize the public use of this
data, but they are willing to sort of move towards a decision.

So that is – But this gets back to us. What do we recommend and how do we
put this forward? Having identified needs and opportunities, still doesn’t
quite tell us how to break through all the barriers.

DR. STEINWACHS: And I think, as Gene is saying, it might merit some
discussion here about – Since this is an issue that cuts across the government
and not just HHS, is what is the appropriate way to pursue some of those things
that go outside of HHS?

So we are looking forward to taking some next steps on these that I think –
at least my sense was – on the data centers. There may be some specific things
that we’ll be coming forward with a letter, so that you would have
something in the February meeting, and, then, we are also looking at next steps
on some of these other items, which may be getting more information, in some

The second area that we are pursuing is surge capacity, and –

DR. COHN: Don, can I just ask a question?

DR. STEINWACHS: Please. Yes.

DR. COHN: And this was actually just – and I – in these conversations, I
don’t know whether we break in or let you present –

DR. STEINWACHS: Oh, please, please. Break in.

DR. COHN: But I guess I was struck, and maybe just ask potentially a naive
question, which is I am sort of struck often how we have a Privacy Subcommittee
that is obviously very concerned about privacy, and then we’ve got the
Population Subcommittee that appears to be –

DR. STEINWACHS(?): In the public interest.

DR. COHN: Well, I don’t even know what words to use here.

MS. GREENBERG: Concerned about balance. They both want to balance.

DR. COHN: Well, I think, yes, and I guess I am – Maybe just to reframe the
question, which I guess you are bringing up, which is are there ways to make
the data more useable in the public interest while also ensuring privacy? And
it seems to be that the way you frame it appears to be sort of it is either one
or the other. So I am wondering – I mean, that may be jargon.

DR. STEINWACHS: That is my fault, because it is certainly not one or the
other, and it is trying to weigh, and I think Gene has been eloquent a number
of times reminding us that the error can be that you can infinitely increase
security and confidentiality, but you have to recognize what you are not able
to do, the information you are not able to get that can make a difference in
people’s health, and so you have to then figure out how does the
government weigh the value of the information, data linkages and so on, but, at
the same time, recognizing there is some threat there. Even if it is all done
by government employees, there is still conceivably some threat in this area.

MR. SCANLON: And I think, Simon, they’re – the witnesses at the
workshop –

DR. STEUERLE: They are the third part of this triangle perhaps we
haven’t emphasized enough, and that is resources. So, sometimes, there is
a way to get around the problem. So, for instance, if Jim has this great data
set that is linked and you can’t let outsiders use it, he could hire 100
people from outside, in theory –

PARTICIPANT: And deputize them.

DR. STEUERLE: But, for practical reasons, a lot of internal resources, and
often including the internal resources of the staff, often including literally
things like slots – You know, sometimes offices are limited more by slots than
they are by dollars. In fact, that happens quite often in government, because
of – So there are a lot of Catch 22s to this. So sometimes you find ways around
the problem.

It is not just the privacy issue – It is also linking up to the – Even if
you find a way around the issue that gets around the privacy concerns – or the
confidentiality concerns is probably a better way to say it – you still
sometimes have other constraints such as resource constraints that prevent you
from doing some – opportunities or you go to certain agencies, like Census,
whose mission often is largely defined by – Congress puts a huge push on them
to do counts of the population. So they’ll spend billions of extra dollars
to minutely improve some count of the population, while ignoring some data
merge that we might think might have infinitely greater value, but that is not
in their – If you want to, it is not in their set of things that they are
trying to maximize or IRS is often the same issue. The IRS doesn’t deal
with health. So the internal people in IRS say, Well, that is great, but you
spend these staff resources on tax compliance and not on what you could get out
of the health data.

DR. COHN: Sure.

Mark, did you want to comment?

MR. ROTHSTEIN: Yes, I wanted to comment on this one particular issue,
actually a slightly different take on this, and this comes under the heading of
joint projects.

We sometimes think of privacy concerns of the population in monolithic
terms. It turns out that different subpopulations within the population have
very different views about privacy and confidentiality based on religious,
cultural, all sorts of reasons, and we have never had the luxury of pursuing
that, and I think, as a joint project, at some point in time, I would like to
work with the Populations group and try to flesh out some of these issues,
particularly with regard to data usage.

One of the issues that you frequently hear about is concerns about
group-based harms, where even if you de-identify the information, in the sense
that you take off the personal identifiers, so long as you identify the gender,
the ethnicity, whatever of the group that you are studying – this comes up a
lot in genetic research – members of a group who aren’t even in the study
can be adversely effected, and think, looking to the future, this would be an
area where the two subcommittees could work together.

MR. LOCALIO: Could I just make one comment, based on what Mark said, and
that is that we had a series of hearings, I think it was three years ago –

PARTICIPANT: Can you speak up?

MR. LOCALIO: – in San Francisco, and I am not sure who was there, but one
of the issues that came up was related to this question of what you do about
small subgroups of people, and when we asked, the concern was that small groups
ought to be able to – were desperately in need of information about their own
health statuses because of the variability of health status across subgroups,
but they also felt that they ought to be able to participate in the decision as
to the degree of identifiability of their information for use in – this was
based on surveys – for use of surveys. So I think, Mark, your proposal is
consistent with what we heard previously.

MR. ROTHSTEIN: Thank you, Russ.

DR. STEINWACHS: Let me take you to the second area.

Yes, Jeff. I am sorry.

MR. BLAIR: Yes. Maybe you were planning on including this anyway, but just
to sort of build upon Mark’s suggestion that there be joint consideration
of where the public divides might be in terms of privacy issues, we know that
they are, a lot of them, and we have had a lot of difficulty in being able to
reconcile them, and, Mark, you mentioned ethnicity, which, obviously, is one
potential area, but the other one that is often mentioned is economic level,
income level. So I would hope that that would also be included in the joint
study area, too, and any other areas that might be generating differentiations
on privacy attitudes.

DR. STEINWACHS: Um-hum. Very good.

The second area is the committee’s interest in surge capacity.

Yes. I am sorry, Steve.

DR. STEINDEL: I would just like to ask both if the two subcommittees meet
together, I think – We have been focusing on where, you know, differences
between subgroups and everything, but I also think there is another aspect, and
that is when. What issues are we looking at that we actually need to start
applying these types of discriminators, because I think it does vary in terms
of the when as well as the where.

DR. STEINWACHS: Let me just make another side comment. I don’t have an
answer, but I think we need to discuss that.

The other is that the data-linkage area is an area in which there is a lot
of overlapping interest with the BSC, and so we see this as an area in which
there would be joint activity there, too.

Bill and I are supposed to do a presentation on the workshop at the January
meeting of the BSC, and I am sure it will engender discussion around this, and
so I think this is a great time to think about this question of joint

At least from my point of view, we were sort of expecting that the BSC
might have some members who were particularly interested in getting more
involved in data linkages and actually come to our meetings and participate, in
addition to being part of the BSC, and that we need to think through what that
collaboration is, but certainly get them to react to possibly letters and
recommendations we might be thinking about bringing back to the committee, but,
Simon, I think it would be good, at some point, sort of maybe to talk more
about how do we make a productive collaboration between the two areas – the two

Let me take you on to surge capacity. I can see this is a tough topic to
get to, I can tell here.

Bill did explain to me that we did wipe out the surge capacity in American
hospitals over the 1990s and into the 2000s. So we know we have taken care of
it, in the sense of creating the problem.

PARTICIPANT: Creating the problem.

DR. STEINWACHS: The issue here – and I’ll ask Bill to talk about it –
is much more focused on the measurement of how do you measure surge capacity,
and our understanding is, within the government and maybe also in the private
sector, there have been different kinds of approaches being used. There is not
a consistent approach.

And then the question is how do you get the data, and there have been some
efforts in some areas to try and begin to get some data. NCHS has done some of
this, but when you think of it from the point of view of preparedness, if there
is a pandemic flu, other things, we don’t have, currently, it seems, a way
to consistently talk about surge capacity and to say that we have the
information needed.

We are proposing to do a half day hearing on November – I am sorry – on
February 14th. So the second day.

DR. SCANLON(?): Valentine’s Day.

DR. STEINWACHS: Valentine’s Day.

There was some discussion of the symbolism that went with that, but I
don’t remember now what that discussion was, but –

Bill, would you like to say a few words?

DR. SCANLON: Well, I think this is an area where we haven’t paid much
attention as a society, in part, because we took it for granted that there was
enough access built into the healthcare system that we didn’t really need
to worry about surge, and even though, when you look at the total amount we are
spending on healthcare, it is hard to say we’ve got more efficient, we
probably have gotten more efficient. We have eliminated a lot of the capacity,
and it now becomes a much greater concern.

As we have explored this on an informal basis, we find that it is kind of
many people’s sort of views that they are widely divergent. I mean, so
what we want to do, in this first session, is to bring together people from a
variety of agencies that are looking at it from their perspective and see how
they have defined the problem and see if we can come to some kind of common
definition that maybe involves multiple aspects that different people have done
– have included, and, then, explore the issue of data, and how we can build an
adequate database for surge capacity.

We need to think about this, I think, differently than we do with a lot of
other data, because there is both an interest in knowing what surge capacity is
like, sort of at a point in time. Then, there is the issue of knowing what
surge capacity is in real time, that when a crisis occurs what do you know
about sort of resources that you have available, resources that can be
redeployed, so that you can actually deal with this, because this is not just a
question of every community is going to have all the capacity that they are
going to need to deal with any emergency that is possible. It’s gotta be
something where the department has got plans for deployment, and so that – we
want to sort of explore both of those aspects.

DR. STEINDEL: Bill, I’d like to ask you when you are going to explore
the issues that are involved around surge capacity?

Generally speaking, when people talk about surge capacity, they talk about
add more – add more beds, add more docs, whatever – but I wrote about this in
the ‘90s when I was doing laboratory quality and we were looking at
emergency department turnaround times, and there was a just very recent article
on this in one of the throw-aways.

One of the problems with the surge-capacity system is efficiency. Are you
going to explore that as well?

And to give you what was published recently, I forget where the hospital
was located, but they were having a tremendous problem with response times in
the emergency department and turning back ambulance runs, and so they decided,
Well, we’ll add 40 more beds to the emergency department, increase our
physician staff and this will all go away.

Within three months, they were actually turning away more ambulances, and
it had nothing to do with the amount of space they had. It was the way they
were handling patients in the emergency department, and they brought in a doc
from someplace else who was familiar with this, who revised the whole triage
system, and, now, they have a tremendous amount of capacity. So I was wondering
if you would explore that as well?

DR. SCANLON: We are definitely going to explore this issue, and part of it
is an issue of defining what the – sort of the service is that you were looking
at, and then determining efficiency, because there’s – really, there are
two components that we need to be concerned about.

The services that we measure on a daily basis, because we see so many
coming through in emergency room or so many being hospitalized and we count it
as a service.

Then the surge capacity is actually another service. It is the ability to
be able to deal with something that you don’t know is going to show up,
but when it shows up you can deal with it.

We want both of them to be delivered efficiently, and the problem we have
is – right now – is that we focus only on those tangible services that are
delivered at a point in time, and it is very easy for us to focus on them and
to say, How can I save sort of resources in terms of delivering them? We might
lose sort of this other sort of capacity.

And I agree with you completely. I mean, reengineering of the processes is
something that – I mean, we are now starting to pay more attention to, and sort
of more hospitals, and not just their emergency rooms, but in all aspects of
their service delivery, focusing on what you can do to reengineering, and
that’s gotta be part of this discussion as well.

MR. SCANLON: Well, I would just – This would be immensely – Some analysis
and a sophisticated look in this area would be immensely helpful to the
department and to the community generally, and there are – The IOM just – as
you know – just finished an expert-panel study. They focused on emergency
capacity, generally.

This is a little more focused, and there are a couple of places that have
tried to set – You are right, Bill. I think the first issue was what does
preparedness mean? Then you can look at data and do people agree on what it

And there is this issue of the relationship among being able to – It is a
distributional sort of an issue of capacity. It is not just having your
hospital extremely capable.

The diversion issue is less of an issue nowadays. So it is not completely
solved. These are other issues, and it should be an all-hazards approach, not
just pandemic or not just –

DR. SCANLON: It goes beyond the emergency room, in terms of the capacity to
deal with people when they become inpatients, because that is as much of a
concern, and, often, the driving force behind the diversions is the fact that
the emergency room is filled because –

MR. SCANLON: I already told GAO – They were looking at data, looking at
this as well, and I told them that the committee might be looking at least that
aspect, in the future as well. So it would be immensely helpful.

DR. STEINWACHS: I also wanted to thank Jim again. Within his office, Doug –
and I am forgetting Doug’s last name –

MR. SCANLON: Benny(?).



DR. STEINWACHS: Yes. Is working with us on this and is helping shape the
workshops, and it is much appreciated, very much appreciated.

DR. COHN: Mark, and then Jeff, and, then, we will, hopefully, wrap this
piece up.

MR. ROTHSTEIN: I just want to mention that the Biosurveillance Working
Group of AHIC has been working on this issue for most of the last year and has
just completed a report to AHIC setting forth the data-collection methods
specifically geared toward surge capacity and how are we going to measure
respirators’ use and availability and how are we going to measure, in real
time, bed availability and so forth. So I would recommend that you coordinate
with AHIC on this.

MR. BLAIR: There’s been some recent studies and articles that have
been pointing out the – at the same time, that more and more urban hospitals
are being closed. Matter of fact, I understand New York City, either yesterday
or today, announced additional municipal hospitals being closed.

At the same time that that is occurring, there is a counter trend that is
occurring where many private hospitals that are in metropolitan area have been
aggressively opening up new hospitals in suburbs, and so, as you take a look at
surge capacity, I don’t know if you can, but, certainly, it has to be
broader than just urban areas. It may have to be metropolitan areas, and, as
you do so, and you look at surge capacity, it is also going to probably mean
the transportation to where the hospitals might be, now that they are shifting.

DR. STEINWACHS: A very good point.

Let me just make one last comment, and, then – a very short one. Something
else that we had discussed as a possible agenda item for the Population
Subcommittee, and we talked about it a little bit the last time we met, but
haven’t talked about it more, and that was the thought of thinking about
an update on the vision for health statistics in the 21st Century,
and I think that still – at least to me – has appeal, and, at the time we
discussed it, committee members thought that it did.

So I see that as a possibility still sitting out there. There is less sense
of urgency. At the same time, it has been about five years now, and it is
probably a good point to try and look at to see are we making progress and are
there things in that framework as we have made progress on NHII and – that
ought to reflect maybe a little different view in terms of where we are and
where we are going, and so both of those – Thank you.

DR. COHN: Thank you. Very interesting, and, I think, useful conversation.

Justine, do you want to –

DR. CARR: I’d be happy to.

DR. COHN: – talk about quality?

DR. CARR: Right. Thank you.

Agenda Item: II. Workgroup on Quality

DR. CARR: I think it is fair to say the quality landscape has undergone a
very rapid evolution, and I think back to three years ago, my first Quality
Workgroup meeting, when we were talking about the IOM crossing the quality
chasm, highlighting the importance of safe, effective, efficient,
patient-centered timely and equitable care.

In 2004, the Quality Workgroup held hearings where we explored a broad
spectrum of issues ranging from the macro of what is quality to the micro of
which data element might be captured on a claims attachment.

At that time, we also addressed the fact that – whether we should be
focusing on administrative data sets or electronic health record.

And in 2005, we held further hearings, where – what we have summarized
before, but, again, linking to what you say, Don, we revisited the focus of the
vision of the 21st Century and found it very helpful, but a key
question that we concluded after the 2005 hearings was where are the gaps?

Now, interestingly, I have just been sort of compiling – having raised the
question of where are the gaps, in 2005, over the course of 2005, the following
initiatives came forward, Bridges to Excellence on community healthcare,
Ambulatory Quality Alliance, CMS Roadmap to Excellence, IOM Performance
Measurement Report, the appointment of AHIC, as well as the Quality Workgroup,
cochaired by Caroline Clancey(?), the Executive Order for Transparency, Quality
and Standards, the IOM Report on P4P and the Secretary defining as a priority
that consumers have sufficient awareness of cost and quality care to make
informed healthcare decisions. That is in one year that happened, since our
last hearing.

PARTICIPANT: Well, look what you made happen –

DR. CARR: Hey, we are good, you know?

So the fact of the matter – the reason I think one of the challenges of the
Quality Workgroup has been this eruption and explosion and tremendous progress
and synchronization of national thought about quality, and I think a key
question for us is to understand where we fit in with this.

I will say that, interestingly, the current approach, in terms of having
measurable quality, is still very much – I have to concede to Marjorie, the
administrative data set is here probably to stay for a while, and AHRQ has
spent the last year working, or actually even last summer, refining
administrative data set with composite measures for quality and safety that can
be used not just for internal performance improvement, but for transparency and
also for populations reporting in the national report.

We made the progress of the present-on-admission flag for inpatient ICD-9
codes, and that is underway as we speak.

We have also begun thinking about moving elements of the electronic health
record – lab values – pharmacy – to enhance the administrative data set.

So I think the question is what – where are the gaps? So you have to
revisit that question. They are not where we thought they were a year ago.

I think two things that have come up are sort of what are the clinical
questions, and, then, what are the infrastructure questions? I think Steve
raised the question yesterday, as we talk about decision support, how are we
thinking about it in terms of how we are building the electronic health record,
and, then –

So I think that we are in the process of trying to understand where we fit
in, the expertise of this committee and the value we can bring to this national
discussion and initiative.

AHIC has been very busy. I mean, they have generated a lot of information.
Carolyn is cochairing the AHIC Quality Committee. So one of the first orders of
business is to – Simon is going to coordinate with Carolyn to have an
understanding of what role we can play.

Mary Bath, our liaison from AHRQ, has asked specifically that we can help
with holding hearings on these composite measures to get feedback on how they
are playing out.

In addition, AHRQ has just completed – there is a RAND report commissioned
by AHRQ addressing the community market, I think, for these quality indicators,
assessing them on importance, usability, scientific soundness and feasibility.

So I think that what we will sort out in the next, hopefully, few weeks,
months, not too much longer, is the role we should play, and it may well be
that since the national agenda is well covered by premier experts in the field,
our role might be to keep going on the building blocks, whether it be the
building blocks in the infrastructure of NHIN or whether it is the building
blocks of how do you tell the story of quality? What data elements do you use?
How do you blend them with that, and not – and, again, quality for performance
improvement, for transparency and also for the individual, the consumer, the
community at large to be able to make – understand this information in
consumer-friendly language in order to achieve the Secretary’s goal of
being able to make informed decision making.

So I think with that – Oh, I’d just like to go back to our – as Carol
pointed out yesterday at the close – one of our concluding statements in our
February 2006 report said the following, which I think holds true right now,
the committee’s most important contribution may lie in providing the
context or container for the work now underway on quality in HIT.

Two key areas stand out as important dimensions of health information
policy in which needed activity is not taking place.

Number one, understanding what it would take to measure, assess and improve
quality at a population health level, and, number two, understanding what it
would mean to have a personcentric approach and how that links to population

So I think we have been on the right track, and I think we need to just
understand how we can add value and not redundancy to the dialogues underway.

DR. TANG: Thanks, Justine, for really an excellent summary of the quality
landscape, and, just as you point out, the amount that has been done and
published and recommended in the past year has been phenomenal. So, in a sense,
we almost have a different surge problem. We have a surge problem of quality
measures. So one possibility is that NCVHS can leapfrog to the next policy.

Now, it has already been pointed out by the IOM study, where it said we
need to standardize and consolidate our quality measures, and even recommended
the creation – I forgot the name of the entity within HHS, I think, to do that

And the other point I remember is Secretary Levitt, in one of the AHIC
meetings mentioned that one of his mistakes as governor was to have 116 quality


DR. TANG: Too many.

From a provider point of view, yes, be careful what you ask for. Yes, they
wanted the pay-for-performance, but, then, when you open the door and you have
1,000 measures, you almost need an FTE per quality measure – I mean, quality
set measures from each of your plans to be able to deal with it, because of the
lack of standardization.

So I wonder if we might act along the lines of what the IOM recommended in
harmonizing what you want to do as part of care; i.e., what measures do you
need to do to support clinical decision support, which influences the physician
behavior, then use those same measures and the same meaning in your quality
metric definitions, and –

PARTICIPANT: (Off mike) – always?

DR. TANG: It isn’t – Well, you try to make it – That is what the
harmonization process is about.

So many of these measures do not automatically fall out of coded
information in the EHR, unless you design and make it so. So that kind of
harmonization is sort of a next step, and maybe this committee can help sort of
at least discuss that and sort of raise that issue, and others may carry that

DR. CARR: May I respond?

I mean, as I look back at the work that has been done, I think we are more
harmonized than we were before, even the work of AHRQ, in taking an array of
safety indicators and putting it together to tell a safety story or even in
cardiac care, we are no longer just reporting on were lipids measured, but what
were the results, and that tells a story about cardiac care.

So I think that you are right, that we have just been inundated, and we see
it all the time with our board of trustees, where you report out each of the
individual measures. They are like what have I learned from this?

And so to really tell a story of cardiac care in this setting is good,
fair, excellent, and diabetes care, and I think if we learn well how to
integrate the myriad of data elements that we have to tell a story that is
understandable and that resonates with progress and outcomes, we will then move
on to other clinical scenarios with the lessons learned.

MR. LOCALIO: This is Russell. This may be the last time I can contribute to
the meeting, but about 12 years ago, I wrote an editorial called, A Report Card
on Report Cards, in which I raised a number of technical issues about

To the best of my knowledge, none of my – have been answered in the
intervening 12 years. A lot still depends on the kind of patients you take care
of, and if you take care of patients who are sick to begin with and who come
from a somewhat desperate home situation –

DR. COHN: Russ, would you do us –

MR. LOCALIO: – no one can really do too much about this.

So I know there’s been a lot of activity in this area, but, still, I
feel the fundamental problems have not been answered, and I would hope that the
committee could inject some wisdom into that at some time.

DR. COHN: Russ, having not read your document, could you do us a favor and
perhaps email us –

MR. LOCALIO: Oh, what I had to say has been said by others before, and I
just tried to summarize it there in a minute that there’s – certainly,
there has been an enormous amount of work on this on measures, but they are
still fraught with problems, because of the difficulty in standardizing the
populations that are served.

DR. COHN: Ah, it goes back to risk adjustment.


DR. COHN: I remember that conversation.

Well, said.

Bob, do you have a comment?

MR. HUNGATE: Yes, I want to follow up on Paul’s comments and emphasize
the consumer empowerment piece of the HHS equation of our own assignment,
because the focus currently in a lot of the indicator and discussion areas is
on place and not on the specific disease treatment, not the specific things
that are involved that the patient must make decisions on, and the
disease-management function is alive and well in a lot of places.

Now, it may be that the approaches are different from one another of those
companies and that their way of measuring differs. It seems to me that, then,
becomes a problem –

VOICE: Please pardon the interruption. Your conference contains less than
three participants at this time. If you would like to continue, press star 1
now or the conference will be terminated.

MR. HUNGATE: All right. We’ll continue.

The problem for the patient is sorting out the multiple sources of
information that come out, which lack authority, but are convincing by their
presentation, and so I think maybe picking some of these disease-management
kind of places and trying to assess whether there are commonalities of
measurement appearing which will help that or whether that means, as you
suggest – which I think it probably does, but, then, that is an area of
standards that hasn’t even been thought about, and it does get to the
risk-adjusting, assessing the individual as part of the population and vice

And I don’t know how that gets addressed within the spectrum of this
committee, but I think it is going to be something that is working down the
path, and it is around the consumer empowerment, because the consumer is having
a hard time grappling with this information overload and doesn’t know what
to trust.

DR. TANG: I want to raise two other policy things for –

DR. COHN: Okay. And, then, we are going to need to take a break relatively
soon. So – That’s fine. I mean, I think we are – I mean, obviously, these
conversations are open-ended conversations. We don’t come to an answer.
This is more input for the workgroup for the subcommittees.

DR. TANG: So one of the topics, really, is a bridge between Quality and

In the old days, the quality – you get these numbers, and the complaint as
well, My patients are sicker.

So, then, we –

PARTICIPANT: Aren’t they, Paul?

DR. TANG: So, then, we sort of work on those things, and, then, now, it is
the –

Well, those actually aren’t my patients.

PARTICIPANT: They are sicker until they come to Paul. Then, they are –

DR. TANG: Thank you, John.

So there is another policy issue of – and then there is the, Oh, well, this
score is for your capitated patients with that plan versus all your –

I wonder if there is another sort of leap frog, an that is to go to sort of
population quality measures, just to – you know, it is your panel.

So, for example, the way we internally measure our quality is if you have
been seen in primary care, then you are our patient. So we’ll figure out
how to allocate you to the right physician – and, by the way, we report
physician scores on our internet, available to everybody.

But the argument of, Oh, you know, oh, that was a December and we
didn’t have enough – Just if you have touched us within the past two
years, then, you are our responsibility, which invokes an outreach
responsibility as well, which plays into the whole quality measure of your
practice, which includes a population, and that is just another really big step
forward, but far more healthy than the – go back to the, you know, my patients
are sicker. Oh, that’s not my patient. Oh, I didn’t have enough time
with that – all of those things. It would be another major advance.

And, then, the final sort of policy thing, and we have talked about this
before, it is just the whole focus on administrative data versus clinical data,
because that is another big –


DR. COHN: Yes. Please remember you are breaking into your break at this
point. So – but –

DR. STEINWACHS: You mean John Paul is going to start shooting at me with
the –

PARTICIPANT: No, no. It is not your break. It is our break –

DR. STEINWACHS: I thought it was just my break, and the rest of you had to
stay here.

Just one thing that has intrigued me, and I don’t know whether Justine
and others agree, but it strikes me we talk about the challenges of the future
are chronic-disease care. Chronic disease is a long-term proposition, and
almost all the quality measures I think of are much more cross sectional, point
in time, and an interesting sort of issue is how do you grapple with talking
about my care over months, years, and how good is that quality, and even more
important, probably, in the long term, is the question of – if you could do
that – is what quality variations make a difference? Is it the maximum and
worse quality? Is it the average quality? But we don’t have a
conceptualization yet of that, and it just seemed to me might be something,
again, that the Quality committee might think about.

DR. COHN: Yes, Gene, final comment.

DR. STEUERLE: Very quick, and, Justine, you don’t need to react, but
you mentioned that so many organizations are already making recommendations. I
just wonder if there might be a role for your committee – since, again, the
National Committee on Vital and Health Statistics is so good at convening
people and holding hearings – is actually to track the recommendations and what
worked and what didn’t, as opposed to this – trying to come up with a new

DR. CARR: Right. Thanks.

DR. HOUSTON(?): I have one comment –

DR. COHN: Please.

DR. HOUSTON(?): I think there is a unique opportunity. I think there is
really a renewed interest in – by the insurers in looking at chronic – quality
in chronic care, and I think there might be some real opportunities just
because of where the insurers are going aggressively now in that regard to try
to look at how you partner with the insurance industry to get chronic-care
quality measures.

Might be helpful to have – bring them in to talk about that. It seems,
really, now, that that seems to be, thematically, something that is really –
you see in the industry that you didn’t see two, three, five years ago.

MS. MC CALL: Yes, I can confirm that, and so where a lot of payers are
going is, in fact, looking at chronic disease as essentially the public-health
issue for the 21st Century is the way that we think about it, and so
it takes – it is a fundamentally different shift in role and approach.

DR. COHN: Yes.

Okay. Well, once again, knowing that we are – we could keep going forever,
I’d actually like to give everybody a break at this point. Why don’t
we take about a 15-minute break? We’ll come back at 10:20 and have some
presentations and discussion on other topics, and, then, sort of finish up this
sort of – before noon.


Agenda Item: Health Information Security and Privacy
Collaboration (HISPC) Briefing

DR. COHN: We are very pleased to have Jodi Daniel joining us. Jodi is one
of the Directors from the Office of the National Coordinator.

We are, obviously, very pleased to have you here to give us a briefing on
the Health Information Security and Privacy Collaboration, which, hopefully, is
coming up with –

It is just called the Privacy and Security Collaboration, at this point,
isn’t it?


DR. COHN: So, anyway, obviously, we are looking forward to a briefing, and,
hopefully, we’ll have a couple of minutes to talk and ask questions and to
sort of discuss what is going on, and the next steps.


DR. COHN: Well, thank you.

MS. DANIEL: And given the conversation I know you all had with Rob Kolodner
yesterday, I know a couple of other questions came up about related activities.
So I am going to give an update on where things are on the HISPC Project, and,
then, I’ll just explain how some other activities that – related to
privacy and security – will relate to that work, and, hopefully, address some
of the questions that came up yesterday, but would be happy to take questions

Just by way of background – I’m sure everybody here already knows all
of this, but I’ll just give the 30-second update. This was a contract that
was awarded to RTI International in September of 2005. It is comanaged and
cofunded by ONC and AHRQ. It is actually an AHRQ contract, but we have been
comanaging and cofunding it with them.

The RTI has been subcontracting with experts, including the National
Governors Association, who, obviously, provides their expertise on working with
states, and, then, they have contracted – subcontracted with 34 states and
territories to actually do the detailed work in looking at privacy and security
policies, practices and underlying laws.

The purpose of this, initially, and still, is to identify those business
practices and policies related to privacy and security of health information
and any underlying state laws that may be the reason for those policies and
practices or not, and then to identify those that will effect electronic health
information exchange.

So what we are trying to do here is look at variations in practices,
policies and laws and look at where there might be some best practices and
where there might be some challenges to – for those practices and policies and
laws and how they might interfere with or interact with electronic health
information exchange.

Where there are challenges caused by those variations or caused by
particular policies or practices, we have asked the states to propose solutions
to those issues, as well as detailed implementation plans for how to address
those solutions. So we are trying to both identify what some of the problems
are, identify what the existing practices are, identifying some best practices,
as well as trying to come up with some concrete ways of addressing those

Another really important goal of this project was to engage some of the
states on health-information exchange efforts. There are many states that have
done a lot in electronic health information exchange, and there are some that
are just starting to think about it, and this was really an opportunity to
engage the states as well as the various stakeholders within the state on some
of these really fundamental issues that come up in every discussion about
electronic health information exchange and to try to really bring all the
stakeholders to the table, so there are requirements to include the government
folks, the public-health folks in the governor’s office and folks like
that as well as various different kinds of providers, insurers, consumers and
the like, so to really try to get a broad array of stakeholders to the table to
work on both identifying the issues and identifying solutions and
implementation plans.

The work is at a state level, but we also have regional and national
meetings in order to encourage discussions among the states and to help them to
learn from each other and identify where there really are cross-cutting issues
that they need to work through together, rather than just within their state.

As far as where we are today, all of the states that are participating had
submitted interim assessments of variation to RTI on November 6th.
Those are now being reviewed by their technical advisory panel, these experts
that they have been subcontracting with, as well as folks within RTI
themselves, to try to analyze those reports. They are interim reports. There
are still opportunities to identify some more practices to refine some of their
work based on the discussions at regional meetings and the like.

The state work groups were asked to look at 18 different scenarios in order
to try to identify the practices and policies that currently exist regarding
privacy and security covering various topic areas of treatment, payment, public
health, prescription drugs, law enforcement, employee health, research and the
like. So they were given sort of a broad array of scenarios to spark their
thinking and to drill down on what some of the practices and policies were.

Some of the states actually created some additional scenarios. They felt
that they didn’t quite represent the issues that they wanted to take on,
and they went further than they were asked to do and really targeted it to
their own needs as well, which is very encouraging. They have really taken
ownership of their own work and tried to make it as meaningful to their state
as possible in their own unique situations.

The summary from RTI about the interim assessments to HHS, to AHRQ and ONC,
is due to us on December 30th of 2006.

The most recent activity that has been going on is we had a series of
regional meetings across the country. We had 10 regional meetings in all
different parts of the country, and we invited not only the representatives
from the 34 HISPC states, we also invited representatives through their state
governor’s office for other states that were not either able to or did not
choose to participate in this project.

The thought was there were some states that really did have some companion
work going on or wanted to take this work on some time in the future or were
starting to think about these issues, and we wanted to make sure that they had
the opportunity to learn from the states that are part of this project as well
and make it as collaborative as possible.

There were nine additional states that did attend those meetings. So we had
a total of 43 states and territories that participated in the regional

Some of the key issues that have been raised during the assessment of
variation were in three areas, in practice issues, trust issues and legal

Some of the interesting practice issues, people kept saying over and over
again, in a paper world that they often rely on human judgment. They look at
things on a case-by-case basis. They know the person who is asking for the
data, based on – particularly in smaller communities or regional areas, and so
they know that they can trust who that person is who is asking for it and that
what they are asking for is reasonable, and that was something they found to be
a challenge in trying to convert to an electronic world. How do you deal with
the fact that you have – you don’t have that personal human judgment
necessarily imbedded into it and it just poses some challenges. That was one

A lot of – I would say every meeting that they had, issues came up about
patient consent or authorization. Obviously, states use those terms to mean
different things, both in procedures as well as in state laws on those topics,
because different organizations have different policies on consent – when
consent is needed, how you get consent, how often you get consent, for what
reasons, et cetera – for sharing of information and for use of information,
there were a lot of reconsenting going on. Every time somebody would ask for
something new, if it was going to a different organization, they’d have to
get a new consent, because that organization had a different consent procedure
and the like.

So the variation in consent procedures was an issue that came up over and
over again, and this is not necessarily in the HIPAA world of authorization,
but just a lot of providers who would want consent to disclose information,
either because their state law required it or because their organization
required it or they just felt it was the right thing to do, even if it
wasn’t required by federal law or state law.

There were also a lot of comments about problems related to or challenges
related to variations in how patients are identified. People have different
ways of doing this – and I would say pretty much across the board in all of the
regional meetings, folks were asking – were saying that this was a challenge,
how to identify individuals for purposes of sharing information.

And the last one on the practice issues was variations in security
measures. People had different approaches or organizations had different
approaches to authentication, authorization, role-based access and things like
that, and those were identified as some issues as well.

With respect to trust issues, there were – This kind of goes back to the
comment I said before about the different types of consents. Everybody had
their own data-sharing policies and practices and their own approach, their own
forms they wanted filled out and things like that, and they didn’t
necessarily – these were written oftentimes by their lawyers or their privacy
officers, and they didn’t necessarily – One organization wouldn’t
necessarily accept that the other organization had the right policies in place,
and they would want their own form signed and things like that, so some
concerns about the variations in the different data sharing protections and

There were some concerns raised about competitive use of medical data, that
if an organization had access to a list of cancer patients, for instance, they
might – and they’re setting up a new cancer wing, they might try to target
market to those folks. There were some concerns there about a particular
organization giving out the names of all their patients and their conditions,
even for purposes of just clinical treatment, for fear that it would be used
for other purposes, and just some general mistrust about how another
organization who they didn’t know might be using the information, and
whether or not they would be using it in a way that was acceptable to the
organization who was sharing that information with them. So just general – the
same kinds of big conceptual privacy and security issues we hear about all the
time and the different practices the different organizations have, which is
important that they get to have their own approaches and that they could
protect the information in a way they feel is best for the organization, but it
does pose these challenges when they are sharing information and everyone – all
the different entities have different ways of protecting the data and different
policies in place.

Some of the – and then the third area was legal issues, over and over
again, concerns about either misinterpretations or varying interpretations of
HIPAA. So there were some – lots of organizations that were taking very
conservative interpretations of HIPAA, which we have heard about over and over
again, but just got some more confirmation about that in, I would say, every
regional meeting, and then also because of the flexibility in HIPAA, there are
obviously different ways that people are implementing those requirements, and
that is posing challenges.

One of the areas that came up over and over again was minimum necessary,
because the organization, as folks know here, can make their own determinations
and are required to make their own determinations of what is minimally
necessary for a particular purpose, and because all the organizations make
their own determinations, it was posing challenges, because they didn’t
know what information – They had difficulty in sharing information,
particularly if they were sharing information through a network or otherwise,
and each organization had different minimum-necessary policies. They
didn’t know if they were going to get all the information they thought
they needed or if they were sending more information than was really required
and things like that. So that came up pretty frequently in the meetings that we

There was still the fears of liability for enforcement or for publicity
that they violated the privacy rules, you know, we hear that and that sort of
leads to some of the conservative interpretations.

And then there were some interesting things where folks would blame HIPAA
for their policies and practices when there was no basis under HIPAA. So, for
instance, a lot of –

PARTICIPANT: We never heard this one.

MS. DANIEL: Never heard that before.

A lot of entities were saying that they had to get consent for treatment –
to disclose information for treatment purposes. I heard this over and over
again, and the rules couldn’t be clearer that consent is not required to
disclose information for treatment purposes. Yet, some folks did this because
of state law. Some folks did this because they thought it was – The doctor
thought, for instance, that it was the right policy, but some entities were
saying, No, no, no. That is required by HIPAA. We have to do that.

So I think some of the benefit here is there is some opportunity for
education and for – still for clearing up some misconceptions as to what is
required and where the practices are based on an organization’s policy and
not necessarily because there is a legal mandate to do so.

As well, not only would HIPAA come up in all these meetings, but state laws
come up in every single meeting that we had.

There are a patchwork of state laws on privacy and security, as everyone
knows, and they have been developed over time. So there are – Some state laws,
they might overlap with each other, and there was confusion about how certain
state laws would interact. The state laws were spread out through lots of
different titles within the code. So people didn’t necessarily know where
to look for the requirements for privacy protections, and some of the privacy
protections in state laws were antiquated and they were based – They were
passed decades ago and didn’t necessarily make sense in an electronic
world. So all of those issues were coming up at a state level.

Consistently, we heard about the consent laws in various states for
sensitive information, and almost every state has some state law providing
extra protection for sensitive information, and there was a lot of confusion of
if you need to get consent to disclose information about HIV status, well, does
that mean you basically can’t disclose anything about a patient with HIV,
who is HIV positive, because the clinical notes, the lab tests, the drugs that
they are taking, so many different things could give an indication that they
are HIV positive and where are the boundaries of that? So those were challenges
that folks identified, and then the variation were challenges folks identified.

There are actually some states that, even though they were focusing on
variations, some of them have already started to think about solutions, and
there are some states that were saying they really wanted to work together with
other states to think through are there ways that we can make these more
consistent across state lines, not necessarily get rid of the state laws, but,
if there are states that have similar types of laws, how can we make them more
consistent, so that there isn’t an issue of sharing information across
state lines. So that came up in a couple of places as well, as they started
thinking about, Well, what could we do about this?

And then we also heard about some other federal laws like CLEA(?) and
FURPA(?), the same ones that come up, and folks were saying that those were
posing some challenges. They didn’t necessarily know how to apply those.
Same kinds of things as HIPAA. There was confusion about them. There was
confusion about how they interacted with other laws and things like that. So we
heard the whole gamut of state and federal laws and challenges, nothing too new
here, but it was definitely interesting to have the folks at the grassroots
level, the ground level telling us that, Yes, we are hearing this consistently
over and over again, and then trying to figure out, Well, what do we do next
now? Is it about education? Is it trying to harmonize state laws? Is there some
way of working to come up with common practices in a region? If they are
sharing information through a network, what are the best ways of handling some
of these, and so those are the discussions they are just starting on now, as
they move into the solutions phase of their state projects.

Some other things that came up, there were comments over and over again
about we are doing this at a state level and we are bringing the right
stakeholders together, and it has been really helpful to identify who the right
people are and to start building those bridges and those collaborative
relationships, but there was a real desire and need to start crossing those
state lines, and we saw that in the regional meetings. It was really quite
wonderful. They were just chomping at the bit to find out what the other states
were doing and how do you deal with this issue, and in Wyoming they don’t
have tertiary-care hospitals, so all of their patients are going out of state,
and, Well, in Colorado, how do you deal with this, because once our patients
come back we need to get the information back to our doctors.

So there was a lot of exchange and it was a really nice opportunity for the
states to identify who their counterparts were in other states and start
building those bridges and those collaborative arrangements. They also asked –
We heard over and over again that they are asking for help in doing that as

And I am going to talk a little bit about the state alliance, because that
is actually one way that we think we can help bridge that interstate

Just to finish up, I wanted to give you some dates that we have as far as
some of the deliverables that we are anticipating, so you know what is coming
down the pike.

Like I said, we’ve gotten – RTI has gotten the interim assessment of
variation, which we should see at the end of December.

The interim reports of solutions are due by the states in a couple of
weeks, in mid-December.

The implementation plans, the interim implementation plans are due
mid-January, and, then, the – We do not intend – Those are just interim reports
and RTI will work with the states to try to help them figure out where there
might be holes and how to hone those and help them in doing their work.

The real meat is going to be in March, when we are getting the final
assessment and analysis of solutions and the final implementation plans.

There is a national meeting where we are going to bring all of the states
together. We’ll also be open to the public. Anybody who wants to attend
can attend those meetings and hear the discussion. That will be March
5th and 6th, and it will be in the D.C. area. I think it
is a hotel in Bethesda. I don’t have the details of it yet, but it will be
in the D.C. area, and RTI will then follow up and do a nationwide summary
looking across all of the state solutions and implementation plans and try and
analyze that information and come up with some information about where there
are similarities, differences, where different states can learn from each other
and where we might be able to glean some knowledge for nationwide policy as
well, based on the work that the states were doing.

The one thing I want to say about some of these dates is that we actually –
we have been talking to RTI. They have heard from some of the states that
because of some of the tight deadlines and the holidays, they want to really be
able to capitalize on the networks that they have set up, and there have been
some concerns about the dates, and they have asked us if there might be an
opportunity to give a little bit more time on some of those dates, so that the
states have an opportunity to really do the best job they can in coming up with
the solutions. So we are still in discussions there. Just wanted to let you
know. I am giving you the dates – they may slip a little bit – so that we can
make sure that we get good products back from all of the states and that they
have the opportunity to do the work as best they can, and RTI is the best
opportunity to analyze that work. So I may have updated dates for you next

That was sort of the HISPC summary on where we are and where we are going,
but I wanted to just sort of address some of this. What are we going to do with
some of this work and some of that interstate collaboration discussion?

We have recently signed a contract with the National Governors Association
Center for Best Practices to establish a state-level health ID decision body
that will address these interstate issues. So the goal here is to have
state-level decision makers who are on a steering committee, the State Alliance
for E Health, and that will really take on some of these challenging issues and
try to come up with recommendations for all of the states.

The State Alliance – the Steering Committee will meet quarterly. It’ll
be made up of sitting governors, legislators, attorneys general, I think state
CIOs. It is all state-elected officials that would be on this steering

Again, these meetings will be open to the public, and the first one is
going to be January 26th. I think that date is actually set, and
they’ll also have a Technical Advisory Committee that will be non-voting
members, but that will sit at the table with them and provide them some
guidance advice and give them some technical expertise as they are deliberating
on some of these issues. So we wanted to make sure that it was folks that had
the authority to actually make decisions for their states, as well as some
folks who have a little bit more technical expertise who can work with them as
they are making those decisions.

There will be three task forces, sort of like the AHIC and the workgroups
for NCVHS and your subcommittee, that will report up to the Steering Committee
of the State Alliance.

The three task forces are really based on a lot of the issues that we are
hearing that really require state-level activity and state-level collaboration.

The first is privacy and security, and the question I have had is, Well,
how does this relate to the HISPC Project? Isn’t that what the HISPC folks
are doing?

The HISPC projects are really state by state, and there are opportunities
for collaboration and discussion among the states, but they are really for the
states to look at – look within their own house and figure out what it is that
they’ve got going on and what it is that they really need to do. Do they
want to bring all of their state laws into one part of the code, which was a
recommendation one of them – one state was actually toying with? Are there
things within their own state that they want to do? Are there things within
their own organizations or regions that they think should be implemented at a
state level?

But, like I said, there are constantly questions and comments and issues
that are coming up where they say, We really need to work this out with other
states. We don’t want to develop this in isolation, but this would only
work if we can talk to the other three states that we commonly share
information with or with all the states across the country.

So the Privacy and Security Task Force of the State Alliance will really
take on those issues. As issues come up through the HISPC Project, we would
feed those to this task force, so that they can deliberate on how do we address
these across states, not just within states. So we are looking at that as sort
of a next phase as we look at interstate collaboration on privacy and security
issues, and that task force will meet monthly.

The second task force is focusing on what we are calling
practice-in-medicine issues.

So these issues are things that we have heard from discussions here, from
discussions at AHIC, from our own work at ONC, that are issues that are
state-level issues, but that people keep raising when we talk about electronic
health information exchange.

Just a couple of examples of some of the issues this group might take on.
The first is licensure issues. We have heard over and over again that the
varying state licensure practices and policies and the time it takes for
licensure really does pose challenges to telehealth, to secure messaging across
state lines, et cetera. So that is one of the issues that we have suggested
that they take on is looking at state licensure and whether or not there are
solutions either through reciprocity or some kind of streamlined licensure
approach or some way to address some of those challenges that we have been
hearing, and there are some folks who are already working on some of these
issues, medical boards and the – I can’t remember the name of the
organization that – the state collaborative organization for medical boards,
but there are some folks who have already been thinking about this, and we
would like them to collaborate with those organizations to address this issue.

CLEA, again, their state CLEA laws, not just the federal CLEA law that we
have heard are challenges to sharing of health information with various
providers and with patients, and then liability issues which come up over and
over again. So those are the kinds of things that group would take on.

The third group – and that group will also meet monthly. The third group is
look at the state role in health information exchange.

We have recently, at OMC, had a contract with AHEMA(?) and they have been
working with nine states that have fairly advanced electronic health
information exchange activities to identify some issues – best practices and
the like – for state health information exchange.

They also have identified some areas where the state really – they are
issues for the state to take on, like what is the role of Medicaid? Are there –
What is the role of public health in state health information exchange and the

So this group, because it is a state-level group, would take some of the
work again coming out of this AHEMA project and look at where can a state make
some progress in order to facilitate these activities in health information
exchange at a state and regional level.

That workgroup will only meet quarterly for the first year, although I
think the plan is that if we renewed the contract that they would also meet
monthly once they get up and running.

We have asked NGA, in setting this up, to work very closely and coordinate
with other organizations that work at a state level. For example, the National
Council for State Legislators – which is an incredibly important group of
folks, if legislative suggestions are made for state laws – the National
Association of Attorneys General, the National Association of Insurance
Commissioners, the National Association of State CIOs.

So they have already reached out to all of these organizations and
we’ll be working collaboratively with these organizations in both making
sure that the right information is being presented, the right people are at the
table, and in helping to disseminate some of the recommendations that come out
of the State Alliance.

The way this is structured, it is now – it is a one-year contract with an
option to renew for two years – two additional years and the expectation is
like the AHIC, that if this is successful, it would continue – they would come
up with a plan to continue operating after those three years lapse, if, in
fact, there are still issues that they need to work on or believe would be
valuable to continue the organization going.

And the last related activity I wanted to mention is the Confidentiality,
Privacy and Security Workgroup of the AHIC, of the American Health Information
Community. Again, another group that we have working on privacy and security

This was really formed in response to a recommendation from three of our
other workgroups at the AHIC, the Consumer Empowerment Workgroup, the Chronic
Care Workgroup and the Electronic Health Record Workgroup.

They kept – as they were trying to deliberate about the various issues
related to the breakthrough areas that they were working on, the privacy and
security issues kept coming up, and the same issues were coming up across these
workgroups. So they recommended that a separate workgroup be formed and that it
focus exclusively on these issues as they relate to the breakthroughs, and we
have an AHIC member – an NCVHS member who sits on that subgroup as well to make
sure that we are coordinating – John Houston – to make sure that we are
coordinating with the work that you are doing, and that we are not – I’m

PARTICIPANT: (Off mike).

MS. DANIEL: – to make sure that we are coordinating with the work that is
going on here and that we are not duplicating efforts that are going on in this
advisory committee.

The group was formed in late summer. The first issue that they have taken
on is patient identity proofing, and they are expected to have recommendations
at the January 23rd, AHIC meeting. So you can look forward to that.

The goal here is that this group will basically be recommending policies to
feed into current and future federal activities, particularly related to the
breakthroughs, so this could be in contracts that we are doing or some pilots
or demonstrations that we might be supporting, and we would ask that those –
through those different mechanisms that they follow the recommendations, if
they are accepted by the AHIC.

We are currently working on a prioritization process for the next set of
issues. Once we get past patient identity proofing – and we have been working
with the workgroup members to identify where we should go next as far as
priorities – we are trying to, within the issue areas, identify specific issues
that need to be addressed, so that we can prioritize within an issue area, not
to say we are going to take on authentication, but what about authentication
can we really tackle and succeed on? And our intent is to have a hearing on
whatever the workgroup decides to be the next issue early next year.

All of these activities are really linked and complimentary. The CPS
Workgroup is really looking at federal or nationwide issues. The HISPC Project
is looking at state-by-state issues, and, then, the State Alliance is looking
at sort of cross-state issues.

So while there’s a lot of similar types of discussions that are going
on, they are really operating at different levels, and what – I am involved in
all of them. So what our intention is is that, as an issue comes up, if an
issue comes up in, for instance, the AHIC Workgroup, that is a really a
state-level issue, well, we would bring that to the State Alliance and say,
Hey, is this something that you can work on and take on? It is something that
has been identified at the national level as an issue that states could look
at, or vice versa, and, as I had mentioned, with the HIPC Project, as cross
state issues are coming up, we would bring that to the State Alliance.

They may also raise issues that are federal issues or nationwide issues
that are really problems that are not things that effect their state work, but
aren’t things that they could deal with at a state level, and, again,
we’d bring that back to some of the federal projects and processes that we

So we are looking at these as very linked and very complimentary, and what
we intend is that some of the policies that are coming out of these different
processes could help to shape future activities that we are doing, the future
work at NHIN, future standards work, so that we are addressing some of the
policy issues and making sure that they are considered when technology issues,
when standards issues, when architecture issues are being discussed, because
those policy questions keep coming up in those discussions as well.

So that is basically the end of my prepared remarks. I hope that helped
clarify some of the questions that came up yesterday, as well as some of the –
where we are on the HISPC Project, and I’d be happy to answer any

MR. ROTHSTEIN: Just a little background for the committee members and for
the record.

In November of 2004, Dr. Brailer(?) appeared before our full committee
meeting and asked the NCVHS if we would undertake a comprehensive study of the
privacy and confidentiality issues surrounding the NHIN, and because of the
importance of this issue, we, of course, said yes and dropped all of our other
things and spent the next 18 months working on this.

After we had been working over a year – and this would be – we had hearings
in all of 2005 and were trying to sort of tie things together in early 2006 –
we met again with Dr. Brailer, as we had on a regular basis, and the suggestion
was that ONC needed our recommendations right away, and, therefore, that we had
to stop fooling around and reach consensus where we could and get our
recommendations to the Secretary, which we did in June of this year.

And the recommendations – there are about two dozen of them, and I just
want to focus on two categories of recommendations without going into any

Number one is what I would consider foundational privacy issues for the
NHIN. In other words, does an individual have any ability or right to be
outside of the system to deny their permission for the electronic interchange
of the record? So that is one group of privacy issues.

And the other group of key privacy issues were the issues that were
essential to build into the architecture of the NHIN before it started, because
if we didn’t have that capacity built in, as reflected in much of the
testimony that we heard, and, in fact, even consulting with the various
contractors, then, it would be either prohibitively expensive, or, indeed,
impossible to do it after the fact.

So it seems that these are – the two classes are among the most important
things that needed to be resolved right away, and it has been six months since
our recommendations were submitted. It has been two years since we were asked
for the recommendations, and not only do I know – I don’t really care that
there’s not been a response, but I have seen no indication that the issues
are being discussed or considered by any of the groups that you have mentioned,
and I have no confidence that they are going to be taken up in a timely manner
where they can be integrated into the NHIN.

MS. DANIEL: I’ll make a couple of comments about that.

One, we do have a copy of the letter that you all worked very hard on and –

MR. ROTHSTEIN: I can supply you with an additional one.

MS. DANIEL: And we appreciate all the hard work that NCVHS has done on that
issue, and it has been very helpful for us.

A couple of things I – It has been received by the Secretary’s Office.
I don’t have – as far as the response, I don’t know what the status
of that is.

A couple of things that I wanted to say, you mentioned both these
foundational issues and the architecture issues.

The CPS Workgroup actually has circulated a copy of that letter amongst the
members, the cochairs had asked to do that, so that the recommendations that
came from this group can be considered with respect to the work that the CPS
Workgroup is doing.

Some of the issues that have been raised – like consumer opt in and opt out
– are some of the issues that are being discussed right now for – as far as
what to prioritize in what we are doing. So it is in the workgroup – in the CPS
Workgroup members’ minds. It is something that we are thinking about with
respect to some of these issues that AHIC is looking at.

With respect to the architecture issues, we are – and I am not the expert
on the MHIN work, so I’ll just make that disclaimer, but I’ll tell
you my perspective of where things are, which is we have four contractors that
are working on prototypes right now, and those contracts were let in the fall
of last year. So they have been going on for a little bit over a year now.

Those are – they are prototypes. The goal was really to get a bunch of
people to start thinking about this and come up with ideas for how can we do
this and demonstrate that they are workable.

There will be follow-on work to this. These are – we are going to have a
wealth of different ideas. There are policy issues that are coming up that they
don’t want to touch, but they have to figure out what to do with to
develop the architecture that are coming up in those discussions, and they did
have a forum to discuss some of the security issues that were coming up and how
do we deal with those in an architecture context.

We anticipate that there will be next steps beyond the prototypes in
looking at architecture and design for an NHIN. So –

MR. ROTHSTEIN: There is no discussion among those contractors about the
privacy issues. They are considering security issues, but they are not
considering privacy issues that we specifically distinguished and that were a
part of our recommendations. So that is one of the troubling aspects of this.

MS. DANIEL: I honestly can’t talk to what the contractors are thinking
or talking about, because I am not directly involved in the NHIN projects, but,
like I said, there will – we will have – those contracts began almost a year
before the recommendation letter came out, and we do intend to have follow on
work and we are considering all of the different recommendations and policy
inputs in future work that we are doing. So that is what I can say on that.

MR. HOUSTON: Hi, Jodi.


MR. HOUSTON: Just to follow up on Mark’s comment, because I did have a
rather good dialogue with Paul Feldman, I guess last week or the week before
about – specifically about the letter, some of what I thought were real
important points for the CPS – to bring up, but I wanted to – that is just a
side comment, but I really do agree with Mark. It is really vital that we delve
into some of the issues that we identified, because I think they are timely,
and I think they have to be addressed in order for all of this to succeed, and
some of them are real weighty issues and still need a resolution, and so – and
towards that end, I guess, one of my thoughts is what is the role of NCVHS? Are
there issues that should be – I don’t want to say punted to the NCVHS
Privacy – but are there things that we should think about concentrating on that
tie in and that can be reasonably addressed through our workgroup, or our
subcommittee, I should say, and I’d be interested in that type of
feedback, because, obviously, we all want to work together and meet some common
goals and objectives, and if we can be doing things that are complimentary that
you want us to do, then I think we want to hear them.

But a couple of questions I had about some of the state-law-related
activities that are going on, when they are looking through state laws, are
they also looking at administrative rules and court opinions regarding
interpretation of state laws? Because this has been an issue, I know, in the
State of Pennsylvania that you go to different parts of the state and they
actually interpret laws differently, whether you are in the east or in the
west, and at the county level.

Has there been any attempt to try to assess some of those interpretations
in interstate – in trust state variations?

MS. DANIEL: Yes. The answer to that – really, it depends on the state. Each
of the states are required to have a legal working group that looks at where
are there laws and – which would include interpretations of laws, court
decisions that are dictating the practices and policies that people have or
their misinterpretations of those laws or varied interpretations of those laws
that are dictating policies and practices. So those could come up by the legal
working group as reasons for variation.

We have not specifically said, in looking at your laws you have to look not
only at legislation and regulations, but also at court decisions. We
haven’t been that explicit, so it would depend on the state and their
legal working group.

Where there are intra-state variation, I would assume that that would come
up through their legal working group if there are known differences in their
interpretations of those laws, but I don’t have specific answers to – I
haven’t heard specific states tell us that.

At the regional meetings, the conversations were fairly high level, so,
hopefully, we would get that kind of detail in the reports that we get back
from them.

MR. HOUSTON: Because I think it will be an issue that is going to – either
we have to identify them now or there are going to be issues later when we try
to operationalize some of these things. So –

MS. DANIEL: It is a good point, and, actually, on the State Alliance, we
specifically ask that they include state attorneys general for that reason,
because we wanted to make sure they weren’t just looking at the
regulations and legislation, but they are also looking at the court opinions
and interpretations of those laws.

So I am guessing that it’ll come up in some states and probably not
all through the HISPC project, but, hopefully, the AG’s will bring up
those issues at the State Alliance level.


Another question that I have, too, is knowing that a lot of states now are
also at the point of adopting their own identity-theft-related statutes, is
there any push back at the state level or any renewed hesitancy to try to align
state laws because of – Each state seems to be going at some of the
identity-theft issues a little differently, and I guess maybe it is more of a
comment than a question, but is that – are you seeing that this is causing
problems with trying to come up with consistency and review the state laws to
understand where their differences lie?

MS. DANIEL: I haven’t heard anything specifically related to the
identify-theft laws.

There were a couple of states, though, that have identified needs for
common laws or model laws on particular issues that are coming up. I
didn’t hear, necessarily, identify theft as – called out, but there are
some states – I know actually Florida has involved in KESEL(?) the National
Council for Commissioners for Uniform State Laws – I think I said that right –
in their workgroups to – I think in their legal working group, as they are
looking at laws, and saying, Is this an area that we might be able to work with
other states on model legislation?


MS. DANIEL: But I don’t know if identity theft is one of the issues
that they have brought up or not – identity-theft legislation.

MR. HOUSTON: And the last point is just a comment. You identified that a
lot of people seem to be misinterpreting HIPAA, and I would just like to
confirm. It seems to be that is – I spend probably more time trying to clarify
what HIPAA means and what you can and can’t do, whether it be within my
institution or when I work with other institutions.

I think that is a huge issue that is going to be ongoing, and I think one
of the things that maybe needs to occur out of this effort is also looking at
some model forms and consents that maybe can be used on an interstate basis,
where you say, Okay. This consent form can be widely applied or this
authorization form can be widely applied across states, or even if you had to
tailor certain ones to specific states because of specific state legislation
allowing institutions to feel comfortable that there is a model set of
documents that can be used to facilitate exchange of information and
participation in a variety of things, because, again, it is the dueling forms,
you know, the hospital says, I am unwilling to accept anything other than my
form with my stamp at the top.

MS. DANIEL: Right.

MR. HOUSTON: And that is, I think, because the vacuum is that there
isn’t anything out there that says, This is the model, and it is a – maybe
it is a model of Pennsylvania or Florida or wherever, but even at that level,
if people saw that and said, Yes, we agree that this is a form that is
consistent with state law and is reasonable and consistent with HIPAA, then
people might be more willing to play in the sandbox and then participate, and
it might remove some barriers. So –

MS. DANIEL: It is a good idea, and I don’t know if that will come up
in their suggestions for solutions or not, but there were – Like I said, lots
of states were raising issues of the dueling forms, and, No, no, no. My lawyer
told me I have to use this form. That is the only one that has been approved
for our organization, and that is something that has been identified as a huge

DR. TANG: I want to thank you, Jodi, for your very clear presentation. It
really helped separate the different perspectives of the group, so I appreciate

And I also understand how, at the regional meetings, all of the people in
the trenches dealing with issues that John raised really want to get the darn
thing solved, so they can exchange – and particularly across state barriers,
and particularly in the State Alliance, the one with the decision makers that
you talked about.

Many of the differences that states have, of course, are deliberate. So
what mechanisms do you have to create alignment of these interests across the
state barriers, since they arose, many, intentionally?

One of the original bills – the original 4157 – had granted the Secretary
some authority to be able to sort of harmonize this stuff or at least make it
uniform if the results of the study show that this was interfering with the
exchange of information. That – well, both that provision and then the bill has
sort of gone away. So that doesn’t leave the statutory ability to unify
these things or make them uniform. What other mechanisms do we have available
to try to get over these barriers?

MS. DANIEL: It is a very good question. You made some comment about how
many of these varying state laws are very deliberate, and we actually, over and
over again, heard – RTI had asked the states to identify where there are
barriers to electronic health information exchange, and some of the states
reacted very negatively to that. They said, This may interfere with electronic
health information exchange, but it is deliberate. It is to protect patients,
and we want it, and so we don’t consider that a barrier. We consider that
a positive, not a negative, and so it is an interesting question.

The National Governors Association, they have done this before on other
topics, where they have pulled together sort of this decision-making body,
which obviously isn’t going to have 50 states sitting on it, but the goal
is to have rotating membership, so that they’ll constantly change the
states that are involved, and, hopefully, with all the task forces, they will
get all the states – participating involved in some way, shape or form.

They obviously can’t tell every state you must adopt this policy, but
they have enough sort of respect and support by the state leaders that the
process is one that is – that their processes and their policy advice that
comes out of it is respected at least by the leaders in the states, and they
have had some success, not at getting all 50 states and all the territories to
adopt the same policies, but to get a significant number to adopt them.

It won’t solve all of the problems, but it’ll help a lot, and, at
some point, they say they’ll – they hit a tipping point, and, then, other
states may follow suit, but at least if you can – The thought is is that this
can at least alleviate some of the problems, even if it is not going to result
in one nationwide policy.

I think the only way you can do that is through federal legislation, which
I am not advocating for – or against – but the goal is we don’t have state
preemption – preemption of state laws in this area. So what can we do, given
the current environment?

And what we could do is try to get the states to work together to come up
with common policies and get as much commonality as possible while allowing the
states to still have the rights to make their own decisions as to what is best
for their state constituents.

DR. COHN: I’m sorry. Judy, you have – We are running significantly
late. So, Judy, you have last question and then we’ll wrap up on this one.

DR. WARREN: And mine should be relatively short.

I was the one yesterday that brought up the concern that we had all these
privacy and security issues out, and part of that, just as background, I do
serve on the Steering Committee for the HISPC Project for the State of Kansas.
So being down in the trenches, as Paul had mentioned, and, then, being up here,
one of the concerns I have is each one of these groups is doing significant
work in privacy and security, but unless they know to go and look at each
other’s work, there is no place that this work is being shared, and so I
have had some considerable, I guess, concern, even sort of heartache a little
bit that I know that Mark and his subcommittee have done a wonderful work on
this project, the letter. None of that information has come from RTI that this
letter is out there to help the states do their work, to come up with solutions
for them.

I have shared that in my state, because I knew it was out there, knew it
was posted, but I had to wait until it was posted before I could share that
that stuff was out there, and I understand the need for that but it would seem
that from your office – since you seem to be the touch point, that maybe your
office could take a look at what work is being done in all of these different
projects and make sure that that information is readily shared.

I mean, having not participated in the privacy letter, but having
participated in the review of it and the final approval of it, there is some
wonderful stuff that is in there that I think would be very helpful in the
HISPC Project, as the states are grappling with what are the solutions that I
have, and maybe even getting back to relooking at some of their variations and
identifying problems that they didn’t even know existed in the variations,
just because they weren’t aware of some of the ways of looking at privacy.

So I would recommend you tell RTI that they need to shoot that letter out
to all 34 states as a way for them to start looking at these issues.

MS. DANIEL: I appreciate the comment and we’ll talk about that. Thank

DR. COHN: Well, Jodi, thank you very much. We appreciate your participation
and briefing on this, and I think it has been certainly an interesting session
for all. So thank you very much.

Now, Carol, did you have any comment or question?

MS. BICKFORD: Carol Bickford, the American Nurses Association.

In relation to the suggestion from Judy Warren that these materials be
shared among the states, I would ask that it be even more transparent and that
there be a repository established at a dedicated location on the website, so
those of us who are working other issues –

For example, in the nursing environment, we are dealing with interstate
licensure issues. We weren’t enumerated under the medical practice sort of
environment, but the dialogue that has been going on will help inform us as we
are working with our state initiatives, and if there is a centralized location,
then we could point states to it. We could point professional organizations,
state boards of nursing, other state boards, chiropractics, whatever, to this

It is sort of like we have this knowledge in pockets, but we don’t
have it centrally located and retrievable for those who might be needing this
guidance and resource for future issues.

DR. COHN: Carol, thank you very much for that comment. Point well taken.

MS. DANIEL: The only thing I’ll say is we are actually looking at
working on our website, so we’ll take that comment seriously as we are
doing that. Thanks.

DR. COHN: Jodi, thank you very much.

MS. DANIEL: Thank you.

DR. COHN: Okay. Now, we are obviously running significantly behind time. We
did a lot 30 minutes to a presentation on sort of WHO updates. This will
obviously probably not afford a lot of time for questions, but we can think of
this as phase one or part one of these conversations with the idea being that,
hopefully, we’ll have time at the next meeting for further conversation.

At the end, we will very quickly – Unfortunately, we are not going to have
time for quite the same conversation about standards and security or NHII, but
we’ll at least quickly talk about upcoming hearings and meetings from
them, as well as privacy, and then we will wrap up.

So Marjorie and Steve, thank you very much for joining us and presenting as
opposed to being at the table with us here.

Agenda Item: International Classifications and
Related Activities

MS. GREENBERG: Honor for us to be on the other side of the table here, and
I have given you some visual –

DR. COHN: Yes, Marjorie, you need to use the mike.

MS. GREENBERG: Excuse me.

I have given you some visuals. One is – First of all, I apologize that the
document that was in your agenda books was, unfortunately, every other page,
which just was to see if you were paying attention, but we did, yesterday, give
you the even-numbered pages as well, the whole document, and so you do have a
copy of that, and I think it is a – It is a document written by my colleagues
from Australia who are responsible for the Family Development Committee, which
I’ll tell you about in a minute. So I refer you to that.

The Education Committee, which I chair, has come up with a brochure on the
WHO Family of International Classifications. I have given you a copy of the
draft of that that we have done.

We do everything, unfortunately, I guess, on a shoestring, so we are not
slick in our advertising or even education, perhaps, but we are working on it.

And, then, you have a copy of today’s slides, and, then, also, I did a
poster on the North American Collaborating Center for the recent meeting of the
Collaborating Centers that was held in Tunisia, and I have put it up there. So
if you want to walk by and look at it before you leave the meeting, you are
welcome to do so.

Okay. I actually was just looking to see what I had told you the last time
I presented on international classifications, and particularly when it was, and
it was actually exactly six years ago, November 2000. So I think perhaps we are
a little overdue here in reporting, and I would support Simon’s suggestion
that perhaps we’ll make this more frequent, because, actually, our
Collaborating Center does look to the National Committee on Vital and Health
Statistics, as so many groups in the department and in the country do, as
serving an advisory capacity, and, in fact, as I think if you have read the
history, you know that this was the initial impetus for forming the National
Committee on Vital and Health Statistics in 1949, came out of a recommendation
by WHO that countries should have such committees to advise on international
classifications and similar activities.

Okay. So what I am going to just briefly describe is what is the WHO Family
of International Classifications? How are the classifications maintained and
updated? What are the priorities of our WHO Family of International
Classifications, which we call WHOFIC Network, and how does this all relate to
terminological and other standards development activities?

And Steve Steindel will kindly do the last part, and I haven’t left
him a lot of time, but – because we have only 30 minutes altogether – but, as
Simon said, we will – I think this will be the initiation of a dialogue, and I
did realize that many of you were not on the committee when I presented in

Okay. So the WHO Family of International Classifications is a suite of
classifications for international use as meaningful information tools to
capture the core health dimensions, such as deaths, disease, disability and
health, as well as related health-system parameters, such as health

This is a schematic of the WHO Family. We have reference classifications in
the middle, which are, of course, your long-suffering international
classification of diseases of the ICD, which has been around for more than 100
years, and, as you know, in its tenth revision, at least in most countries, and
for mortality uses in the U.S.

We have the International Classification of Functioning Disability and
Health, also considered a reference classification, the ICF, and, just
yesterday, you approved a recommendation that would endorse that as a
CHI-recognized standard, and it is an international standard in the areas of
functioning and disability.

And then we have under discussion, really, an international classification
of health interventions. I’ll mention that in a minute.

And then we have two other types of classifications, derived
classifications, which really are directly derived from, in this case, either
the ICD or the ICF. So they are just essentially usually an extension, but not
– They don’t really change the mother classification, and the newest one
is the International Classification of Functioning Disability and Health, the
Children and Youth Version. That was just approved in Tunisia and I think is
really an exciting development extending the ICF to cover developmental
disabilities and other things, functioning and disability issues that are more
prevalent with children, whose development, obviously, changes. We, as adults
are supposed to already be developed, though we know that isn’t really the
case either. It is an ongoing process.

Okay. And then there are some related classifications that could build on
the reference classifications, at least must be compatible with the reference
classifications, such as the International Classification of Primary Care –
they sort of map to each other – or provides additional information, such as
the IC ISO 9999, which is a classification of technical aids. Within ICF, there
is an environmental factors section which includes technical aids, but at a
very high level, and then this ISO standard is very detailed on technical aids.
So that is kind of the family as it exists.

New members of the family can apply for related or derived status by
completing a protocol developed by the network, and we can talk about that in
detail some other time, but it is something to think about, because once you
are in this family, then, there is some recognition of the classifications, how
they work together and we try to make sure they get updated on similar times
and that they are compatible with each other, but we are not responsible for
most of the certainly related classifications, WHO and the collaborating

The ICD and ICF, on the other hand, are maintained and promoted by an
international network of these WHO WHOFIC Collaborating Centers, and these
centers were established by language and geography. There are 10 fully
designated centers, primarily in developed countries, in Australia, Brazil and
around, of course, these six official WHO languages, as well as some other
languages, such as Portuguese – that is a Brazilian center – China, France,
Germany, Japan, the Netherlands, the Nordic countries, North America, which is
the U.S. and Canada, the Russian Federation and Venezuela.

As I have said many times, the original center actually was the UK center,
the London Center for the English language. In the mid-70s, they realized that
we didn’t speak the same language as they do across the pond. So they
asked us to establish a North American center. Now, sadly, the UK center has
sort of fallen out of the family. It is really kind of a relative that we
intend to bring back when we get them to the next family reunion, but they have
reorganized so dramatically their information systems and approaches, et
cetera, in the UK that they – just kind of groups that were doing the center
have – just either are gone or reorganized, and so we just haven’t been
able to get them back in the fold, which we hope to do in the next year.

There are also four to 10 centers in various stages of designation. The
ones farthest along are India, Italy, Mexico, South Africa, Thailand and there
are others under discussion, too, and, as you can imagine, we are trying to
expand into the developing countries and into countries where there is less
infrastructure development than there is in the countries that are longstanding

Our center, as I said, was established in 1976. I am the second head of it.
The original head retired in 1994. It is housed at the National Center for
Health Statistics. It covers the U.S. and Canada. We, as a result, partner with
Statistics Canada and the Canadian Institute for Health Information, and we are
designated by the Pan American Health Organization. All collaborating centers
are designated by WHO in conjunction with the relevant regional office.

The mission of these collaborating centers is to develop, disseminate,
implement and update the WHO Family of International Classifications, who
support national and international health information systems, statistics and
evidence, and, in so doing, to improve the international comparability of
health data and to assist in addressing the information paradox – quote/unquote
– which is the term that was sort of coined by WHO to represent that the
countries that have the worst health outcomes, the greatest mortality – highest
mortality rates, premature mortality rates and the highest burden of disease
generally have the least information to address those problems, even to know
where exactly the problems are. So they know they have these high death rates,
but what kind of diseases? What are the causes? What kind of injuries are
people sustaining, both in mortality and morbidity, and in disability as well?

In fact, it was pointed out, we just – our annual meeting was in Tunisia,
and the theme of that meeting was Challenging the Information Paradox, and we
met there in order to try to reach out to countries on the African Continent in
the Eastern Mediterranean region. We had some success with that. We had at
least 10 countries who have never participated in our work directly before, and
it was pointed out that the poorer the country, the less they can afford to
have no information, that good information – I mean, this may surprise you –
but is considered a luxury for a country like the U.S. I mean, they look at the
money we throw at health and they say we are obviously willing to waste quite a
lot of money. They haven’t got that money to waste, and, of course, we
don’t either, and we know that it really isn’t a luxury, but
everything is relative, and so, for these countries, it really is a problem to
have so little information.

The priorities of our network are to implement ICD-10 for both mortality
and morbidity data – and we have made some success there, but, obviously, not
as much as we would like – to update and revise ICD-10 – we do have an update
process, which I’ll mention – and then to implement ICF in a variety of
places – censuses and surveys – it currently is considered the international
sort of conceptual model for disability data, but that needs to be actually
operationalized to the extent that it can be – to use it for health outcomes,
research at the clinical and service level, to use it in administrative and
clinical records and to use it in the social policy field.

There is a great deal of interest in it in the education field, of course –
special education, et cetera – in housing, transportation. If you look at the
new Freedom Initiative, all of those areas that are trying to level the playing
field for people with disabilities, so that – bring up, really, the
participation of people with disabilities in all aspects of life, ICF can speak
to them, and I think the recommendation that you approved yesterday will help
support that in the U.S.

Okay. Just very briefly about the different committees, because it tells
about the priorities of these network.

As I said, I chair the Education Committee. We are currently – we have been
working on developing and are now piloting, with the American Health
Information Management Association and the International Federation of Health
Records Organizations, an international training and certification program for
ICD-10 mortality and morbidity coders. This includes core curricula and
processes for recognizing coders, trainers and training materials.

As I said, many countries really lack infrastructure and they lack trained
staff and they have no way to kind of make sure that those people who are doing
the coding, if there are such people, are kept up to date with updates to the
ICD-10 and the rules, interpreting the rules on their own. There is just not
much communication going on here, and there isn’t an established workforce
in the way that there is in the U.S. and some of the – Canada and a number of
other countries. So we are really working on trying to improve the quality of
coded data and to kind of raise the bar and improve the status of the people
who must – who code the data.

Of course, garbage in, garbage out. So in the area of cause-of-death data –
and we may eventually move into hospital data as well – we have also developed
core curriculum and best practices for certifiers of cause of death, because if
the information on the death certificate just says their heart – cardiac arrest
or something, you are not going to get very useful information – respiratory

So – and there are very detailed rules for how you are supposed to certify
cause of death, but, generally, they don’t get taught to the certifiers.
In any event, we don’t expect them to code, but they need to put the
information down, the textual information that will allow proper coding.

We are working on a web-based training tool, which will be posted on the
WHO website, on ICD-10, mortality, eventually morbidity, coding, certifying
cause of death and ICF as well, and we are – as I said – developing ICF
educational material. So all of this is going on with an international group of
volunteers, essentially. Very little resources actually available. I mean, we
get no resources. I mean, there’s some staff there who, of course, support
all this, but we don’t get any money – none of the collaborating centers
get any money from WHO, or, at this point, from – They are imbedded in various
organizations. In our case, NCHS and Statistics Canada and CIHI support our
work. Some are more supported by universities, et cetera. I think there’s
a difference in whether there is government support.

The Electronic Tools Committee has developed a preliminary version of a
maintenance and publication tool for WHO classifications and is facilitating
migration to KLAMEL(?), which is a markup language that is a standard in Europe
and is now the standard for the WHOFIC and that was obviously for discussion
for another day, if there are people particularly in standards and security who
are interested in that.

The Family Development Committee, as I said, has developed a protocol for
new members. It is approved, disapproved, the ICF-CY. It is liaising with
traditional-medicine experts. We had people in Tunisia. For the first time,
there is a lot of activity going on in the Western Pacific region on developing
classification. They already have a terminology for traditional medicine, and
Korea, Japan and China are working together on harmonizing classifications for
traditional medicine, and, now, we have initiated discussions about harmonizing
them in some ways, as appropriate with the Family of International

And we have a workgroup looking at health interventions and whether it
would be useful to have an international classification of health interventions
for countries that don’t have a modern system, which many do not, as well
as to help maybe that we could, then, as a backbone to map our own – those of
us who do have, in some cases, too many procedure or intervention
classifications – so that we could do international comparisons. Right now, it
is almost impossible to do those kind of comparisons.

Our Implementation Committee is taking stock of the level of implementation
of the classifications, developing tool kits, and, importantly, with this
meeting, establishing regional networks. So there is an Asia-Pacific Network
that was formed at this meeting, where the countries that already have
collaborating centers are more established, such as Japan and Australia, are
working with other countries in Southeast Asia and in the Pacific Region – we
had someone there from Fiji, et cetera – to try to help bring up their
information systems and their use of the classifications.

We, as I said, have an update process, an update and revision process for –
specifically for ICD, but we are also, now, going to be implementing an update
process for ICF, and we are putting some of those activities into place. That
was published in 2001, and we have not had any updating of it yet. So it is
timely to start that.

For example, at this meeting – and this is typical – there were
approximately 60 proposals approved for updating ICD-10, and 19 were what is
considered major. Those are implemented on a three-year cycle. The minor ones,
which might be changes to index or what have you, on an annual basis, and there
has been a second edition of ICD-10 published, and, actually, we are now
looking towards publishing a third edition, which will include all of these
updates in it.

Okay. The process for updating ICD-10 is basically that this committee
receives recommendations from the collaborating centers and from the reference
groups, which I’ll mention. They must, obviously, balance providing a
clinically current and credible classification with one that has stability over
time for comparative purposes.

The update cycle, as I said, is every three years for major changes and
annually for minor changes, and what we have been particularly working on now
is distinguishing updates from revision. Some things that have been brought
forward as possible updates are so extensive that they probably have to wait
until – would that I not say the words – but ICD-11.

Okay. As for the reference groups, these augment the committee structure by
providing forms for more technical discussions on the classifications.

The committees all are cross cutting. They deal with ICD and ICF. The
reference groups are more specific to a classification.

The Mortality Reference Group was actually our first group that was
established. This whole committee structure was actually only established in
1999. Up until then, the collaborating centers were meeting from the ‘50s,
or, in our case, the ‘70s, but there were no committees, other than ad-hoc
ones, maybe put together. This whole structure – just to show you how things
have really expanded and developed over the last 10 years or less.

But the Mortality Reference Group interprets the ICD-10 mortality coding
rules, recommends changes and updates to the codes and has done a lot of work
in that area trying to improve the comparability of the data, and one thing
making this particularly effective is that they put all these changes into the
decision mechanism, the decision rules for the automated coding software for
coding cause of death, which was developed here in the U.S. by NCHS and is now
being internationalized and is used by many countries, so that if they reach
agreement, they just put that into the software and the data are going to be
comparable, if you’ve got – presuming the input is good. So that has, I
think, has really improved – and will improve the comparability of mortality
data significantly.

All these groups are now just formed in 2006, a Morbidity Reference Group,
which is trying to do the same thing as Mortality, but it is much – will try
to. It is much more difficult, because, as you know, morbidity – There are a
number of clinical modifications, including, in our country, and one of the
goals of this group is – and Donna Pickett is our representative to it – is to
try to harmonize these clinical modifications, which we have done on an
informal basis, but we are now going to do more systematically, and they will
make recommendations for updates to ICD-10, along with the mortality, and then
they’ll fight it out in the Update and Revision Committee as they do.

There is a Terminology Reference Group, which Steve was named to by the
U.S. It promotes awareness of the need for congruence between terminologies and
classifications, which he’ll talk a little bit more about, and then there
is a Functioning and Disability Reference Group, which basically addresses ICF
coding guidelines, processes for updating ICF, recommendations for updates and
addressing appropriate and optimal uses of ICF in statistics and information
systems, and there is a lot more information on all of these, which I can
provide at another time.

So how might we challenge the information paradox? Well, one is
establishing collaborating centers in Southeast Asia, Africa and the Eastern
Mediterranean area, and we are trying to start doing that, as I said, to make
the case internationally for the importance of health information.

This may seem like a no-brainer, but it really – I think the previous – two
times ago Director General of WHO really started making the case that if you
are talking about development, you’ve got to be talking about health, and
if you are talking about information, development and health, you’ve got
to be talking about health information.

So, in poor countries, that is often seen as a low priority. It is not even
on their radar screens, but, as I said, it is highly important.

There is something called a Health Metrics Network, which you might want to
learn more about in the future, trying to partner with them. We had a
representative at our meeting.

Support for vital registration systems worldwide is very important and
continues to be needed. As Dr. Lee, the late Director General said, If you
don’t count people, people don’t count, and I think there is really a
lot of truth to that.

We need to develop more training tools and tool kits – my group is working
with that, and others – and we need to develop national committees. Believe it
or not, this is one of the recommendations that is out there. It goes back to
1949, and if you are trying to implement classifications in your country and
improve your information infrastructure, bringing together the stakeholders in
a national committee such as this is an effective thing to do, and be great to
see if there’s some way that this national committee could even put
together a little tool kit on national committees that can be supportive in
this way or in some other way, a brochure, who knows, a white paper. Think
about it. It is just something I am putting on your table.

PARTICIPANT: We are really the U.S. National –


PARTICIPANT: The U.S. National –

MS. GREENBERG: Okay. We are the U.S. National Committee, and that is why.

Okay. Just a few words about revision of ICD-10. Plans were announced to
establish a Revision Steering Committee for development of ICD-11 at this
meeting a month ago or a few weeks ago. The first meeting of the steering
committee will be in April 2007.

As chair of the Planning Committee, which I currently serve a two-year
term, I have been asked to be on this steering committee.

The initial comparison has been made of four national clinical
modifications of ICD-10, the U.S. one, the Canadian, the Australian and the
German, and these will serve as input for the revision process.

The alpha-numeric structure of ICD-10 will be maintained. No firm time line
for completing this has been established, but preliminary revision work is
addressing the mental health chapter, the oncology and alignment with ICDO.

Currently ICD-10 is aligned with ICDO-2. There is already ICDO-3, and, in
fact, development is underway for ICDO-4.

External causes and injuries and rare diseases are just some of the areas
where work is underway.

We may, in ICD-11, do separate views for mortality and morbidity. Alignment
with terminological standards is a goal. Possible, really, full alignment of
the terminology, to the extent possible, with SNOWMED CT is under discussion.

And this is the most important point I will leave you with: ICD-10 CM is a
pathway to ICD-11. ICD-9 CM is not. So, in some ways, I am looking at ICD-11 as
a major update of ICD-10, probably ICD-10 CM, because a lot of what is in
ICD-10 CM will get into ICD-11. So that is in case you are wondering how this
all fits together.

So that is my presentation, and I am now going to let Steve bring up his,
and talk a little bit about terminology and related work.

DR. STEINDEL: Thank you, Marjorie.

I am going to touch very briefly on basically what is going on in the
international standards organizations, and I’ll just take a few minutes to
do it, because I am going to work at a very, very high level.

The areas that I am going to touch on, the first one is very familiar, and
I am talking about, in a different context, HL 7, then SNOWMED, because some
major changes have occurred in SNOWMED that do have an impact on us.

I am going to mention a new formation of the WHO international terminology
network, and just for repeat reference to this group, the ISO TC215 Health
Informatics Group, which is an area that we have had some peripheral
information on in the past.

The reason why I mention HL 7 as an international standard organization is
those of us who are sitting here and have followed HL 7 for a number of years
think of it as a nice U.S. group. Well, these are the numbers of international
affiliates associated with HL 7, and it grows every year.

These international – There’s an international affiliates meeting of
HL 7 held outside of the United States now on a yearly basis. I think it is
about in its fourth year of occurrence, and this is the key standard for health
information exchange in many countries, the UK, Germany, Scandinavian
countries. So the HL 7 standard is heavily influenced now by international
participants, and it is probably our key area.

The area that I want to mention, again, is SNOWMED. We have also heard
SNOWMED mentioned many, many times in the context of the United States. Well,
there is a new SNOWMED SDO that was officially formed in October of this year.
This is after many years of negotiation and change of ownership and governance.
It formally starts the last day of this year. As of that day, the countries
that formed it – the key countries were Australia, Canada, Denmark, Lithuania,
New Zealand, Sweden, the United Kingdom and the United States. So these are the
initial members of the SNOWMED board that will form on the 31st.

The headquarters for this will be in Denmark. It is a non-profit
organization constituted in Denmark and being housed in Denmark.

One of the key provisions of this is that the intellectual property – that
is, the copyright of SNOWMED – will transfer from the College of American
Pathologists to the new SDO on the 31st of this year. So they
actually own something of value. However, the exact details of the new SDO were
not released. They were very sketchy.

However, there is a but to that. Of course, whenever you don’t release
details, there are lots of discussions on what those details are.

The first thing, and I think I can state this more or less as a fact,
because I was involved in a lot of the discussions, is that we anticipate no
impact on the current U.S. distribution license.

The current U.S. distribution license clearly states if SNOWMED should ever
change ownership, they must adhere to the terms of the old license, and I
understand the National Library of Medicine, who conducted these negotiations
on the part of the United States, held that line very hard, in terms of the new

We anticipate a massive terminology cleanup. A lot of people are very aware
that SNOWMED, in its present form, has some very – has some parts that need to
look at very, very hard, and one of the key drivers in this was both the U.S.
and the UK. So we do anticipate – though this hasn’t been set yet, we do
anticipate a massive terminology cleanup. They want this done in an
international, open-source basis. So one of the things that the SDO is going to
be working on is a development environment that can be used internationally,
and a distribution environment that can be used internationally.

The technical control of SNOWMED will remain at the College of American
Pathologists for now. This is a point of negotiation. We do not know when it
will change or if it will change, but, right now, it is being housed at the

WHO was involved in extensive negotiations of this. One of the models was
WHO might take over SNOWMED. The model that evolved was that it will be looked
at as a likely outside partner, and the touch point to WHO will be coordinated
through the WHOFIC Terminology Reference Group that Marjorie just mentioned.

So these are the key things that happened in SNOWMED, and what I am going
to be spending most of my time in this discussion. So I am going to move off of
that very quickly and just go through the next areas a little bit more rapidly.

The WHO International Terminology Network was also formed in October of
this year. Actually, it was formed about two weeks before the SNOWMED SDO was
announced. It is a terminology infrastructure constituted within WHO with, as
you heard from Marjorie, no funding. So this is trying to be put together on
the basis of the national groups, whatever funding they can use.

The key components of this is to provide underlying ontology and knowledge
representation methods for terminologies that are going to be used to create
tools for the development, and these will be multilingual tools on the basis of

Notice some of the similarities between what the SNOWMED SDO is going to be
doing. It is going to add linkages to classifications, administrative systems.
This is a key feature that is coming out in the new terminology systems, that
there is unique differences between classification systems and terminologies,
but the two of them have to communicate in a seamless fashion, so we can get
the best benefits of both.

We are also wanting to integrate these to the emergency health record
information models, because unless there is a key tie-in to the way information
is represented in electronic health records to the terminologies, we’ll
have difficulties running our various clinical decision-support systems, et
cetera, and exchanging information. So they are working on abilities to do

And, finally, a very key component that came out of this work with SNOWMED
is they want empirical QA and QC tests. These are actual tests of the use of
the system, not how the system is put together.

So these are the areas that this international terminology network is going
to be focusing on.

We heard in the Standards and Security Subcommittee yesterday that there
was a proposal to form what will be the U.S. component of this international
terminology network coming forward from a report by AHEMA and AMIA(?).

The link between the international terminology network and WHOFIC will
again be through the Terminology Reference Group.

MS. MC CALL: Steve, quick question here. Is the work here also going to be
open source?


MS. GREENBERG: But the intent is not to develop a separate terminology.

MS. MC CALL: No, I am talking about the mind set and the –

DR. STEINDEL: The mind set is all – all the tools that would be used, all
the environment will all be open source, the same as SNOWMED, very synergistic
for various reasons.

The next I’d like to touch on again is just to repeat the ISO TC215
Workgroup. This is the international health informatics group that we have many
U.S. representatives on, but no really coordinated U.S. contact with, and this
is one thing that NCVHS has talked about talking about for a number of years is
if we should formalize U.S. contact with this group and how we should work with

I just wanted to point out there are various workgroups. It covers the span
of health informatics. The areas that we are mostly involved with is semantic
content, the business requirements for the electronic health record and data

The others, we might be peripherally involved with. We do have a presence
with devices, but that doesn’t really have a big presence in the United
States, the institution of the standards in that area, and I just wanted to
touch on this to remind you that it is still out there.

The TC215 countries cover the whole world. The actual Secretariat is
located in the United States. It is housed in ANCI(?). So we – from that point
of view, we do have a formal presence, but this is the group that really
encompasses the world in terms of the health informatics standards.

And I am going to close on that, and if we have any time for questions and
discussions, which Simon is shaking his head no.

DR. COHN: No. Yes.

MS. GREENBERG: (Off mike).

DR. COHN: Right. I think we’ll – What?

MS. GREENBERG: – bring it back –

DR. COHN: Yes. I think – there are some areas here that I think we are
going to want to dig deeper into in our next meeting.

Now, I do apologize –

PARTICIPANT: One or two questions?

DR. COHN: There’s absolutely no time for questions on this one. So I
do apologize. We’ll reflect on that in our final minutes.

Now, there are a couple of things that we need to do. One is I would like
Standards and Security to briefly talk about their plans for hearings and
activities, knowing that we are going to get together in February, we’ll
have that longer conversation.

I’d like the same thing from Privacy, and then we will begin to wrap
up, since we are almost at 12.

Agenda Item: Subcommittee and Workgroup – Any
Additional Updates? Subcommittee on Standards and Security

MR. REYNOLDS: Jeff, you want to make any quick comments before I do?

MR. BLAIR: No, go right ahead, Harry.

MR. REYNOLDS: Our next scheduled hearing is January the 24th and

Based on the rewrite of our letter a number of times this morning, we will
still look at NPI. That will be the time that we will take a very serious look
at and have further presenters, WEDI, CMS and industry representatives, just to
exactly where we are.

We will also have an agenda item called Streamlining Standards. We have
heard testimony on that in the past. It was in the health bill that was on – in
Congress, and there still. So we are going hear from other people about whether
or not that is a – both their position on it and what kind of problems or not
that that would create.

We’ll also continue to work on our – We kind of have a roadmap of what
we were working on, the problem, that roadmap got sidestepped a little bit with
HIPAA e-prescribing NPI and NHIN this year, so that kind of took us over. So we
are going to – We spent yesterday looking at some of the more future items that
we need to look at. We need to take part of our agenda and get out in front
again, and we tend to get pulled back into the mainstream. So we will be
working on that further.

And, then, just like everyone else, we’ll be looking at the HIPAA
Report between now and then, but we will also make any further comments at that
hearing, as we look at it further. So that would be – and, then, out of that
hearing, Simon, will be the rest of our year, and maybe even into ‘08 with
some of the future items that we want to deal with. So that would be a brief
summary that you wanted.

DR. COHN: Okay. Harry, thank you. Appreciate the briefness of the summary.


DR. COHN: And it was comprehensive, also.


Agenda Item: IV. Subcommittee on Privacy and

MR. ROTHSTEIN: I’ll try to follow Harry’s model of brevity.

I just want to discuss the hearing that we are having this afternoon and
tomorrow morning.

In our June 22nd NHIN recommendation letter, we recommended that
the Secretary look into extending privacy and confidentiality protection beyond
the three covered entities now covered by the HIPAA statute, and so we have
been having hearings on the implications for the prospective covered entities
of the future, and also the overlaps and gaps with existing regulation.

In our September hearings, we focused on employers, life insurers and
schools, and, this afternoon, at two o’clock, we are going to focus on the
financial industry and then decide on whether it is appropriate to come up with
sort of a supplemental recommendation to the Secretary regarding these issues,
and we are going to talk about the laws just like we talked about FURPA in
September, to some degree, we are going to talk this afternoon about the fact
act(?) and Gramm-Leach-Bliley and so forth.

Tomorrow morning, we have a hearing on approaches to studying the HIPAA
privacy rule, and where this comes from is, in 2003, in June, we had a letter
to the Secretary in which we recommended that a research program be initiated
to study the effect of the HIPAA privacy rule. Is it working? Is it not
working? What areas are problems, and so forth.

And we came up with a similar recommendation in our June 22nd
letter with regard to the NHIN, and what we are trying to do now is kind of –
at our hearing tomorrow – is sort of advance the ball a little bit. Rather than
just sort of saying in the abstract we ought to do this, we are trying to hear
from experts in study design and – who are going to address the question of,
Well, if you wanted to do it, how would you actually go about doing it? And
maybe we are going to get some suggestions as to that, and if any of those look
promising, then, maybe even discuss the possibility of hiring a contractor to
prepare sort of a framework for doing those sort of things.

Our next hearing after the one today and tomorrow is scheduled for January
23rd, and, as part of what we are going to do today and tomorrow is
try to figure out what, of the many possible options that we have, we are going
to decide on doing for January 23rd.

Agenda Item: V. Subcommittee on

DR. COHN: Bill.

DR. SCANLON: Just to give you a 30 seconds update on the –

DR. COHN: Oh, thank you. Okay – please.

DR. SCANLON: I covered a part of it.

We think that the meeting was a success, in terms of identifying that we
really do share many common interests and there is some synergy here between
the two groups to work together.

We are trying to work through the Populations Subcommittee to identify
topics that we can work on jointly and probably bring to this bigger group, as
opposed to all of the subcommittees working with the BSC.

We have had one conference call before this meeting with Irma, and we are
planning to have another conference call with the whole Populations
Subcommittee on December 11th, and we’ll open that up, I think,
to the whole BSC, if any of them want to participate. So we’ll see if we
can identify additional areas.

One that is of primary interest, particularly with Garland(?) joining us,
would be the area of the vital statistics system and some of the problems or
concerns that we identified sort of in the joint meeting sort back in

DR. COHN: Well, thank you very much, and, obviously, the – I think some of
that also opens up the door to the revisiting of the 21st Century
statistics vision also.

Agenda Item: VI. NHII Workgroup

DR. COHN: Now, I am really not going to say anything about the NHII
workgroup, only because we haven’t met. I think there are some ideas that
we have about possible options for next steps, but we’ll have a conference
call over the next couple of weeks when Mary Jo Deering, our key staff, is
actually around for us to talk.

We will also be having a conference call to the Executive Subcommittee in –
I think it is like three weeks or something on that –

MS. GREENBERG: December 15th

DR. COHN: December 15th to begin to work on agendas and
discussions as sort of a next step in the February meeting, as well as
finalizing a whole bunch of letters that are going to be, obviously, rewritten,
revised, finally edited or whatever between now and then.

Now, I just wanted to – As always, at the end of the meetings, I do
apologize for running about four minutes late, which, actually, is not bad,
given the way the morning has gone.

PARTICIPANT: It is 1:15.

DR. COHN: Do want to reflect on just sort of what works – Yes, it is 1:15
all the time in this room – about just sort of what is working and what is not
and suggestions for improvement.

I mean, I sort of was reminded, as I looked through the agenda today, that
there are a couple of rules that I think we already know that somehow we
aren’t following, one of which is that we need about an hour-and-fifteen
minutes for the department updates on the first morning, and whenever we go
less than that, we wind up having to cut people off like mad in terms of any
questions or discussions, and so we just need to remind ourselves to always
provide that much time as opposed to thinking that somehow we can shorten this
to 45 minutes.

I am also reminded that we have sort of this – It is impossible for us to
have a conversation as an agenda item that is only supposed to last 30 minutes.

We know that. So I don’t think that we can – We just need to remind
ourselves and keep putting that back into practice, and I am really not even
referring to the ICD-10. It is also the HISPC stuff beforehand. I mean, it was
just – and there is nothing that we can handle in 30 minutes, nor would we want
to, and so we’ll just make sure that we do that.

Now, I would just like at this moment just to open it up just to ask if –
thoughts, views on, as we move into February, what worked at this meeting, what
didn’t, what should we do in February? Thoughts, suggestions,
recommendations for the Executive Committee as we begin to put this altogether.


MR. REYNOLDS: Yes, I still don’t think we have had enough discussion
on the overlap of some of these subjects. I mean, I gave a quick thing. As I
look back at the standards and security stuff, everything touches privacy,
everything touches security, everything touches – I mean, it touches

So, as we look at these future items and we look at trying to pull some of
these subjects together, we are going to have more and more subjects that
overlap on a continuous basis. So I don’t think we had enough discussion
on that, and I think that might be a good thing to spend a little more time on
to actually turn into some kind of actuality, not just to chat. Say, Okay. So
if you are looking at these subjects, how do the other people play? And a
little bit – We have done a little bit with Justine being a part of our
Standards and Security and other things.

So I think we need to talk about that a little more, so that we don’t
– Because we can fragment ourselves even further going forward with some of
these subjects that are on the table right now.

DR. COHN: Any other members, before we give Marjorie a chance?

John Paul.

MR. HOUSTON: Towards the discussion we had yesterday about just the letters
and trying to come up with a way to streamline some of the way we – the way the
letters are written and reviewed, because I think that we probably spend – and
I am probably primarily guilty for that – spending more time than we need to, I
think, at times, on these letters.

And I also think that, with regards to letters with the protocols, and when
we decide to write a letter versus when we stand silent and what rises to the
threshold of requiring us to write a letter. It might be helpful to understand
that better. So –

DR. COHN: Okay. Justine and then Paul.

DR. CARR: I would second what John was saying. As we discussed yesterday,
especially with four new members coming on, to kind of have an overview, a
lexicon or whatever words we used yesterday to say when do we write a letter,
and what are the expectations, first, of the background work done before the
letter, and, then, a bit of a standard format of how we present it, and also
what constitutes a recommendation, an encouragement, whatever words we have
been using, let’s get a data definition for each of them.



PARTICIPANT: Set some standards for –

DR. COHN: Style guide –

PARTICIPANT: – some acronyms, too.

DR. CARR(?): Oh, yes, and a glossary on every letter. Yes –

DR. COHN: Paul and then Carol.

DR. TANG: Well, actually, I wanted to second Justine’s suggestion
yesterday about the structured letter, because I think that will improve the
impact, because these things are findable, and if we cannot find the
recommendations within our own letter, I think they are unfindable, but I think
a structured letter, and they have different kinds of letters that Justine
suggested would be really helpful.

MS. MC CALL: One thing that did work for me, as we talked through the
letters yesterday, it was very helpful for somebody on the committee to
summarize what are you trying to accomplish with the letter, and so making that
explicit as a part of our discussion, I think, helped us move fairly quickly
through – I know they were short letters, but, Okay. So let’s punch this
up. Let’s push this down. Let’s – you know – something is missing.

So I think that was very valuable for me. I would echo that having some
sort of framework – I don’t want it to be rigid, but I think having a
framework for when do we pull out a big gun, when do we need just a little pea
shooter, that type of thing, and how it looks and feels to make them
decision-ready, easy to consume is what my goal would be.

And, then, the other thing that I would love to have adding onto
Harry’s comment about more discussion around kind of areas that – topics
that are in more than one area across teams, I would love for us to come up
with a short list, and maybe it is not unlike the nine that were really 10
initiatives that are priorities. What is our 10 for next year? And I don’t
care what committee or subcommittee or workgroup is working on it, but what are
our 10 themes? And if we can summarize that, I think we have gone a long way to
figuring out some of these other things.

DR. STEUERLE: Just two quick comments.

One, I think it would be useful when we have these general discussions on
topics that come up, I think it would be useful to begin any discussion with
why this is relevant for the committee, and, then, b), what are the
implications for the committee’s use of this? I mean, if it is really
general information, I often sit there wondering, Okay. What – Especially if it
is an area that I am not that familiar with – What is the implication for the
committee and why am I listening to this or why am I listening to this part of
the conversation? Is it going to be useful for some other purpose?

Another thing I think we can do sometimes, there are some conversations
that repeat where I think we could try to figure out ways to get around them.
One of them, unfortunately, is the constant questions we have about can we
break down these complaints over violations of HIPAA.

For instance, one way to do that might just be to have before us a list of
the classifers by which these data are inputted into whatever computer system
HHS has, so then we’d know whether we can – Somebody asked whether we
could break this up by month or year. Wasn’t that you, Justine?

DR. CARR: It was Mark.


So if we have the classifiers, we’d know whether we could do it, and,
then, at some point, we could have some discussion about is there some way or
not to expand this list of classifiers, but that conversation is repeated, and
I have heard seven or eight times, and I think there are ways of perhaps of
presenting the information, so that we don’t have to repeat the

DR. COHN: Well, maybe the answer to that one also is to ask the
Subcommittee on Privacy and Confidentiality to work with OCR, which I know they
have done from time to time, but maybe, rather than it being a full committee
conversation each time, and I think the hearings tomorrow may help that a
little bit, because I know that there is some intent to really look at how that
is all to be done.

But, anyway, I am sort of reacting to your comment and sort of half
laughing, because some of these things have been ongoing issues.

Now, any other members before I let Marjorie comment?


MS. GREENBERG: Just kind of a procedural matter that kind of, I think,
reflects on all of the comments that have been made that I think are all very
good, and that is that some of the things that have been suggested, they do
require some time, particularly talking about cross-cutting issues, et cetera,
and not short-shrifting, if you are going to put something on the agenda,
giving it enough time, giving more time to this, more time to that, et cetera.
They require time in the full committee, because if everyone’s off in
their subcommittees, then, we are not doing the cross-cutting discussions.

We used to meet two full days. Then, we started sort of cutting the second
day down to maybe – you know – we’d end at mid-afternoon.

I know that certainly I have encouraged adding subcommittee meetings to the
full committee week, because of the costs involved, the travel cost, and I
think that is still going to be an issue this year, for sure, but if we have –
typically, we have a subcommittee meeting on the second morning. So we often
don’t even start ‘til 10, and, today, we started at 8:30. If we have
to end by noon, I mean, then, we are down to where you are really cutting into
almost having one and maybe a third day for the full committee.

So I think this is something the Executive Subcommittee has to look at. We
are shrinking the time that the full committee is meeting, and that has
implications for some of the things that have been suggested. So I just – I
don’t have a solution, but needs to be addressed.

DR. COHN: Yes. Well, and this will be something I think the Executive
Subcommittee will need to talk about, and thanks for bringing this issue up.

As I was sitting here listening to a lot of this stuff – I do apologize, I
know we are once again going way over 12 noon – a lot of the conversations
about cross-cutting work are actually typically have been things that have been
done during Executive Subcommittee meetings, and that is typically what we get
together to talk about, and I guess I would ask you all to reflect on how much
time at full committee meetings you want for those conversations versus to
offload it to the Executive Subcommittee?

I think I am happy to continue the conversation, just because I think we
are all sort of getting familiar with whatever – everyone’s work, but
there is going to be a point at which we actually need to do work, as opposed
to just talk about each other’s work.

I know that for February, we obviously already have a hearing right after
the meeting. So we are down to a day-and-a-half, but this will become,
certainly, an issue for the June meeting.

So we can all talk about that individually, but I do think you bring up a
very important question about just how we use our time as well as how much time
we need as a full committee meeting.

Now, obviously, I am always very appreciative of, I think, comments and

I was sort of reminded as we talked about the letters that one of the
things we talked about sort of lightly yesterday was making sure the editor
reviews things beforehand, so it isn’t just us editing it, but it is also
somebody checking for things, so we get things, at least, that have been
reviewed by an editor, and we will try to put that into practice as well as we
can, obviously knowing things come up two days before are not likely to be

Now, I will tell you that, unfortunately, some of the desire you have to
know what is a letter and what isn’t a letter may remain a little
miraculous for many years to come.

I think we have seen, actually, a good example with the NPI letter today,
though – yesterday and today – where we all sort of said, Geez, there
isn’t enough here for a letter. Why did you bring this forward? And then
suddenly, miraculously, it became a letter, and that just, I think, we should
all just sort of reflect on that that sort of may be the definition – Once
again, I can’t put that into five rules, but it does sort of give you all
a feel for what is enough for a letter versus what is not.

DR. CARR: Well, if we had the expectation before we wrote the letter,
though, maybe we would have anticipated that and kind of kicked the tires a bit
before we came to the committee.

PARTICIPANT: (Off mike).

MR. REYNOLDS: I’d like to comment. We took the tires off that car. We
did everything we could with the tires, but the other thing to remember is
those of you who have committees that aren’t writing a lot of letters,
there are also many issues that surround this and many ways we have to approach
things that also decide the tenor of a letter.

So what we may believe individually, as members of the committee, still has
to be packaged into the appropriate approach to deal with our environment. So I
ask you to make sure you temper that as you – as committees bring things
forward to you also.

DR. COHN: Okay. Well, I want to thank everyone, and this meeting is

(Whereupon, the meeting adjourned at 12:18 p.m.)