[This Transcript is Unedited]

Department of Health and Human Services

National Committee on Vital and Health Statistics

Ad Hoc Workgroup for Secondary Uses of Health Data

October 5, 2007

Hubert H. Humphrey Building
200 Independence Ave
Room 425A
Washington, DC 20201

Proceedings By:
CASET Associates, Ltd.
10201 Lee Highway, Suite 180
Fairfax, Virginia 22030


Agenda Item: Call Meeting to Order

DR. COHN: Good morning everyone.

I want to call this meeting to order. This is a meeting of the ad hoc work group on secondary uses of health information of the National Committee on Vital and Health Statistics. The National Committee is the statutory public advisory committee to the U.S. Department of Health and Human Services on national health information policy. I am Simon Cohn. I am the Associate Executive Director for Kaiser Permanente, and chair of the committee. I want to welcome committee members, HHS staff, and others here in person. I want to remind you again that we are being recorded but not on the internet today. I do want to remind everyone to speak clearly and into the microphone since an abstract of this meeting will be prepared.

Let’s have introductions around the table and then around the room. As always if there are issues or conflicts that you have on any of the issues that we have coming before us today, would you so please publicly indicate during your introductions, starting that “I have no conflicts of interest.“


DR. CARR: Justine Carr, Beth Israel Deaconess Medical Center, member of the committee, no conflicts.

MS. JACKSON: Debbie Jackson, National Center for Health Statistics, committee staff.

DR. STEINDEL: Steve Steindel, Centers for Disease Control and Prevention, staff to the work group and liaison to the full committee.

MR. ROTHSTEIN: Mark Rothstein, University of Louisville Medical School member of the committee, no conflicts.

DR. GREEN: Larry Green, University of Colorado, member of the committee, no conflicts.

DR. DEERING: Mary Jo Deering, National Cancer Institutes, staff to the work group.

MS. AMATAYAKUL: Margaret Amatayakul, contractor to the work group.

MS. GREENBERG: Margorie Greenberg, National Center for Health Statistics, CDC, and Executive Secretary to the committee.

MS. ANDERSON: Kristine Martin Anderson, Booz Allen Hamilton, contract support.

MR. LANDAU: Morris Landau, with ONC.

MS. GRANT: Erin Grant, Booz Allen Hamilton, contract support.

MR. REYNOLDS: Harry Reynolds, Blue Cross and Blue Shield, North Carolina, member of the committee, no conflicts.

(Introductions around room.)

DR. COHN: Well good morning and happy Friday. Now the work group today will meet from now until 12:00 noon. Today the focus is on the report and the recommendations contained – Oh, I’m sorry who’s on the phone?

DR. TANG: Paul Tang

DR. COHN: Paul, good morning. Please introduce yourself and state whether you have any conflicts of interest.

Dr. TANG: Paul Tang, Palo Alto Medical Foundation, member of the committee, no conflicts.

DR. COHN: Welcome to a very early morning California time, I was just thinking of how this translates to the Pacific time zone. So thanks for joining us.

DR. TANG: Sure.

DR. COHN: Now today the focus is on the report and the recommendations contained. Yesterday we started with the observations and recommendations at a high level based on the input. I know that Margaret has been working on the document and I think has reformatted some of that and obviously that will be the first conversation of the day, is for her to go through that. As always the questions are: one do we agree, two whether we’re missing and obviously we’re asking people to – this is obviously a time to begin thinking about wordsmithing. Assuming that we have got the concepts right, but we would ask that we not take subcommittee and workgroup time to actually do the wordsmithing. We would like to see that to happen offline. Unless of course it impacts content, in which case this is really the time to be bringing it up. From there time permitting I think we will move into at least the conversation about the body of the report. I know that there has been some reorganization and some streamlining. Once again for us to take a look at it and see how it flows. And I see that Margaret is nodding her head.

Now I do want to take a moment and I think that I talked about this yesterday, we’ll talk about this a little more extensively towards the end of the morning – but in keeping with our open and inclusive process the intent is to develop a document that while a draft is of sufficient quality that we feel can be distributed more widely for public comment. And so hopefully at the end of the day or within the next several days after we continue to refine this document – what we are hoping is to have basically a public comment period. And we’ll be happy to distribute this document, will be notifying previous testifiers and other parties that we think may have interest in this one, to allow them access to the document and will take written comments. We will also have an open conference call on October 17th which will take public comments during that period, verbal comments on the document.

So the idea will be to basically extend the comments to sort of a wider audience and ask for input. Obviously assuming that goes well we will obviously take those comments into I guess what we describe as a pre-decisional draft, distribute that to the full committee with the intent to have a conference call where this would be the main item of discussion during the first week of November.

MS. GREENBERG: Did you say a date?

DR. COHN: I said the first week of November. And that is being scheduled. So as I said we will talk about those steps depending on where we get today and we don’t need to belabor that for the moment. What I will do is to turn it over to Margaret A. Would you like to help walk us through the recommendations?

DR: ROTHSTEIN: Before that I just have a general question Simon. Yesterday morning we went through an exercise in which we talked about general principles some of which had not previously been in the report. At what point are we going to sort of backtrack and take a look at those?

DR COHN: I’m just trying to think if I heard any principles that appear to be at really a great variance to what the work group – there was sort of the intent of the report so I guess the question in my mind would be and I guess we need to reflect on this is as we look through the recommendations and the other content are those thoughts being adequately represented in the report and then sort of what are we missing. Is that an answer to your question or do you feel – that you had and I flip back to my notes. Harry do you have a comment on this?

DR. REYNOLDS: In the stuff that we got from Margaret for example, there was a discussion about uses and other things I think she is taking some of those into consideration so I think some of those have been clearly taken into consideration. I mean all of us haven’t read the document yet but if it is anything other than those kinds of things then maybe you ought to list the ones that you are most concerned with now so that we make sure that we include them.

MR. ROTHSTEIN: Is there a list? I think there were like 8 or 10 things, I think that it was a very valuable discussion and it is sort of things as a kind of feedback loop and a double check to see if we had all those things incorporated and I would hate to just sort of lose that I am sure that Margaret did a fine job of incorporating some of those but there may be others that need be dealt with more explicitly.

DR. CARR: Is this revised from yesterday?

MS. GREENBERG: Is this revised from yesterday?

DR. COHN: Yes, this is revised from yesterday. And I’ll tell you that I have my notes which of course I can’t read. This is one of my characteristics unfortunately of my handwriting even though I have the greatest intent. Well it is actually why I developed electronic health records back in the 80’s because I couldn’t read what I wrote much less the nurses. So there is a reason why we get into these things and Margaret you may have other notes but looking at Harry’s notes which are actually eminently readable here, I think that the pieces that were brought up had to do with expected versus unexpected issues and uses, commercialization and marketing, business associate, quality improvement versus research as an issue, risk benefit of unintended consequences. I see you nodding your head here.

MR. ROTHSTEIN: I remember that in my quick scan of the new document I see the places for that here.

DR. COHN: Okay good. And then basically Paul actually brought up the issue about will the world be better with our recommendations and will the recommendations – I think it was a very good point that reflect on are these really going to be helpful in terms of moving I think, the concepts we have forward. And so I think that was yet another screen.

mR. ROTHSTEIN: Well and I asked to think back about some of the case studies that we heard presented to us and see how, if at all, those business operations and practices would be affected if we went to this new system and one of the other things I mentioned was that I thought it would be valuable to include in the document some discussion of the fact that the dichotomy between de-indentified and identified information may not be viable and sustainable in the future and even though we don’t specifically have recommendations directed to that.

DR. COHN: Mark, I was just looking at the notes and the de-identified versus identified data which I think once again now all of these you need to reflect to see if the observations and the recommendations make the point and move that forward. I don’t know that we think this is going to be the final word in this whole area just because I think as we see most things these are rapidly evolving dynamic areas Mark, our constant comment about NHIN is of course is still sort of evolving, it’s hard to put your arms around it, it is sort of here among us but it is also out there and so exactly how all of this plays out is I think it is likely to be a document which will be the first document in the area and one of the things we will need to talk about is sort of what are the next steps what things are we pledging to do in the future versus what really should be secretarial responsibilities and department responsibilities.

And certainly my hope is I haven’t looked at the current version but I would like to see obviously a research and piloting and demonstration agenda that sort of helps flesh out some of the things as well as helps answer some of the questions that we don’t feel we have the answers to at this point. So with that – Justine comments?

DR. CARR: One thing that I think that might be helpful in the spirit of sort of keeping us in the big picture would be to before we go line by line would be to talk about the organization, the headings, and where things are appearing and if we hear immediately that something is missing than I think that we want to pay attention to that but I would say that Margaret’s done a great job.

DR. COHN: Well, would you like to talk about that overall or Margaret do you want to talk about the changes? Who wants to?

DR. CARR: I’m happy to give my first read. I’ll just describe what I see so the new organization and its the introduction and the purpose and the scope and it goes right into the issue about secondary uses of health data and why we are not using that term. Which I think is good. Okay, then purpose and scope followed by information analysis and organization of the report focusing on report background, current landscape, observations and then glossary and taxonomy. And I think that’s very good. I think this is you know logical and will be helpful for folks.

Then on the background we have NCVHS coverage of the topic and the process. Next we move on to landscapes and here I had a little suggestion for Margaret, but it basically – the headers are enhanced benefits from the uses of health data, HIT and HIE raised concern about the potential for harm. So these are things I think look at a need for extending health data, stewardship principles, need for additional clarity in HIPAA privacy and security rules. Okay, and then under that need for clarity we have covered entities, business associates, and de-identification. Those are all HIPAA related things. Now back to the fifth topic is organizations not covered by HIPAA privacy and security.

DR. COHN: And that’s under current landscapes, right?

DR. CARR: Yes and the sixth thing is uses of health data. Now my suggestion here is that we just say the sixth topic is specific uses of health data and that we have subheadings: uses for quality and measurement, and uses for data and research, uses for public health – right now the current heading. But that’s that- and then on to the recommendations. Yes?

MS. AMATAYAKUL: We talked yesterday about adding uses regarding health care operations specifically excluding the quality because that’s already been covered. And I didn’t do too much with that, I have a little placeholder in the recommendations of one recommendation I guess that I didn’t feel like I heard a lot of testimony about that and I wondered if you guys could think about that and sort of decide.

DR. COHN: So your question is do we need to flesh out something in the pre-observation area describing all of the uses or whether or not we need to have recommendations?

MS. AMATAYAKUL: If we have a category called specific uses of health data, and one is for quality, and one is for research, and one is for public health, do you want one also for health care operations exclusive of quality?

DR. CARR: Well, I think you ask and I’ll call it I guess in my view I guess maybe begins to shows some cracks and some flaws in the entire concept because we don’t have one for patient care, we don’t have one for marketing, we don’t have one for law enforcement, what line are we drawing – what are we trying to do with this particular piece? Justine?

DR. CARR: It sounds like it came up under TPO, so you’re right we don’t have it about T or P. So it is operations, however we did hear testimony questioning the scope of operations so you know I think it is something that we need to come back to and think about. The one thing that struck me as I read this as you get into the recommendations and observations is that there are two things that we heard that affect all of our recommendations. One is transparency and the second is stewardship. And stewardship might take the form of specific tightening of contracts or language or it might take the form of accountability oversight and those two things I think we believe affect not just HIPAA organizations but in general if we were to speak to that, that all of the uses of health data should have transparency and stewardship and so I wondered if we might begin with a discussion of transparency and stewardship and then as we get to the recommendations we can refer back to that or apply it as sort of use cases.

MS. AMATAYAKUL: I think that section is kind of bumpy in the observations so that would be good. Are you suggesting it go immediately before the observations and recommendations?

DR. CARR: I would I would say if we have two overarching themes that we are going to keep coming back to it will take redundancy out. Because as it appears now it’s a big concern was commercialization and now a word about stewardship and I think it takes something – it’s confusing. I think we should say stewardship it is a good thing it should be everywhere and commercial, here is how it would appear in quality research or whatever.

MR. REYNOLDS: Alright, I have a comment on the original question of operations. There was description in there as to what the HIPAA law and everything said operations is and I think minimally we need to make sure that is still listed and I think it is not that we are putting anything in there because if we are going to base a lot of what we are doing starting from, even though I think you’ve now changed it to be a little more use focused. We’re still basing it on HIPAAs and the covered entities and so on and I think that minimally if we keep that definition in there so that we are using, so that people can see what that definition is regardless of how broad they think it is or isn’t there was a definition that was clear and I think that keeping that in there does allow us to have a continuous track.

DR. DEERING: Since one of the overarching concerns and we did discuss it yesterday, was about the murkiness of the concept of operations as we just now restated how we are going to treat operations this morning I sense that there is less focus on the problematic aspects of the definition of operations. Am I misinterpreting what I am hearing? Is that getting lost now? I mean at one point I think we didn’t just define what was in there but we made some – I guess I would say raise to the level of a major theme or observation now. Maybe I am misinterpreting.

MS. AMATAYAKUL: That’s actually what I was trying to get at was yes, we still have operations in here but it seems yesterday that they wanted to raise it up a notch in terms of the importance of the issues.

DR. COHN: Looking around the room, I guess I am having – I mean conceptually that all sounds good, I guess my observation I think from the last several meetings has been that you know the issues of bright lines that are cleavages that sort of separate things and I think the conversation yesterday as I remember, is we really talked about what the issues were one had to do about research versus the operations and quality in it and I think that we are somehow addressing that as a cleavage that we can see that we can begin to do some work on. The other piece had to do with – and I think I am going to be inarticulate in terms of my exact description of this area, but it is sort of marketing/commercialization/ that zone there as another cleavage that we could see. But beyond that I didn’t hear that, and maybe I guess we can describe this as murkiness or one can describe operations as, “jeez, we’re dealing with something that represents 14 or 15 percent of the gross national product” and sort of by definition activities that occur in that area are complex and is there a value to begin to try to tease out every single aspect of operations beyond sort of what this basic definition is – and I guess that would be how guess I would begin to cleave off some of the areas.

DR. DEERING: I think it was the second cleavage. It is too bad that Hillary was in the news a few weeks with regard to that. Front page of the Style section. But I think it was specifically the secondary, in other words there was not a concern with just trying to get at the entire scope and mess of it, it was specifically the secondary again. Research is clear, we’ve covered it well. Wouldn’t you agree? And again we do have now we’ve validated the issue about commercial use even up front when you talked about uses. But I think your question, and it would have been my question, was that I too sense that there was that aspect of operations specifically, the one that you covered that when it gets into commercialization when it slides in over there that I thought sounded like it was percolating upwards somehow.

DR. CARR: I think this is good. If there any other issues that we want to make sure that we are looking for as we read it. I think that is a good one and Mark do you have any others that we want to make.

MS. AMATAYAKUL: Justine I don’t think you were finished going through the first part.

Dr. CARR: Well we got to the recommendations right, and we have them. Yes, that’s fine I think we get that and I think as we go through it there are a few things that we don’t have to do word by word.

MS. AMATAYAKUL: Just so you wonder at the very end of the document there is some miscellaneous paragraphs at the appendix C, I just didn’t want to totally want to throw them out so it is sort of a parking lot for me. We can always call them back if need be.

DR. COHN: We want to take a hard look at 569. Do you want to read that sort of the introduction to the observations and recommendations because I think that was an area we did spend some time talking about.

MS. AMATAYAKUL: So the following observations and recommendations are listed in sequence by most important uses that must be addressed. Relationships that would most benefit from enhanced data stewardship and ability to implement immediately. NCVHS observes that HHS has a variety of means to achieve enhanced protections for uses of health data. These include issuance of guidance such as the HIPAA security guidance distributed by CMS, requirements for federal agency adoption, inclusion of requirements and contractor rules through incentives, and conditions of participation rules and several other processes, in addition to recommending new legislation and issuing new regulations.

The recommendations that follow urge adoption by whatever means is most expeditious and will promote the broadest possible adoption. NCVHS commits to monitoring the usefulness and guidance and offering further recommendations as may be needed.

DR. CARR: I have a question about the opening statement. They’re listed in sequence by most important use that must be addressed, relationships that would benefit from enhanced data stewardship and the ability to implement immediately. I feel like you are anticipating the solution by saying things that would benefit by enhanced stewardship.

I mean if stewardship is a recommendation, I would say why did we prioritize – so the very first thing that we talk about are places where our financial benefit accrues so we believe that financial benefit is the most important use that must be addressed? I don’t feel that exactly states that. And you know ability to implement immediately; I’m not even sure that applies. I mean I agree it is the most controversial thing; it’s the thing that we want to hear but I don’t think this opening sentence describes why this would have been given priority status.

DR. STEINDEL: I was also wondering about the opening paragraph and I just think we don’t need it. It just begs discussion before you even get into the observations.

MR. REYNOLDS: What line are you starting on Steve?

DR. STEINDEL: 565 right after observations I just think that we should start with NCVHS observes —

MR. REYNOLDS: 565 though 567, you’re taking that?

DR. STEINDEL: I’m suggesting that I take that out.

DR. TANG: Can I get in line? I don’t think it adds anything.

MS. GREENBERG: I recognize that I wasn’t here yesterday and I’m sorry I wasn’t able to be so, I am kind of coming in and we all hate that when somebody comes in that wasn’t there the day before – starts asking all of the things that were already discussed, but there is no way to avoid it. I’ll try not to do it too much. But I am also put off by this sentence because first of all most important uses to me sounds like these uses are the most important ones, which of course, is not what you mean. And also, I mean, I would say the biggest problem more than uses of health data, where financial benefit accrued other than the subject of the data because that is a hard one to – I mean that is ambiguous to me or ambivalent – is where there’s the greatest risk for harm to the individual, either from exposure of information or – so I would even question whether the issue is a financial benefits one.

DR. COHN: So you’re agreeing with Steve?


DR. COHN: Okay, Paul?

DR. TANG: I like the overall structure of the letter now instead of – for the first sentence says “relationships that would most benefit from enhanced data stewardship.” I think the current situation is that there isn’t any data stewardship. It is sort of just the diffuse of every entity and organization for themselves and I think actually I would turn this around and make it the thrust of our document. In other words we are calling for a framework for data stewardship – and then start laying out the observations and recommendations on what does that mean – and it means a set up principles, accountabilities, and oversights. I’m just throwing that out as one way to structure the recommendation. And that basically – because I think yesterday what we did say is that sort of one of the major pieces that’s new – is to recognize that there is an organizing principal, an organizing framework that could be applied more broadly to this new world that we find ourselves in.

We talked about HIPAA as this organization tethered policy, now we have to think of it as part of something that has to govern the use of data across the NHIN. Well that’s a bigger, broader multi-organizational thing and what I think we are contributing is having the concept of data stewardship apply to data that flows throughout this whole system. And that just begs us for a framework, set of principles and oversights.

MR. REYNOLDS: I would agree. If you look at all the eight observations you could easily put them all under that stewardship philosophy without even stretching I think. In other words, every single thing we got in there pretty well plays off of that as a general theme.

DR. TANG: And then if you look at it from the other way if you strip out that concept in other words, have a bunch of eight recommendations, I think we didn’t get it there. We didn’t get to the finish line.

DR COHN: Justine and then Mark.

DR CARR: I agree with you Paul. I was saying was that our story is stewardship and also transparency. I think that we heard that a lot and then the uses – we talked yesterday about specific examples and uses that we heard testimony about and we used them to say in this setting this is what applies, this is what is needed and this is what may be relevant at a future state. To Marjorie’s question one of the things that came up yesterday was as we thought about how to prioritize things the biggest concern were the unexpected uses of data by the individual and that is how this rose to the top.

I agree that there’s further examining of whether that’s the very first thing that we want to jump in with. It is a very important thing but I don’t know if it preempts the knowledge or the information about some of the other settings so the order might be different.

DR. TANG: Well if you went to the framework as being the main organizing principal for our entire document then our early recommendations would be on the data stewardship accountability and the oversight and then laying out the principles. I mean it would sort of change how you would present this. Would you present this as how would you structure and what would this data stewardship – but who would be responsible for overseeing data stewardship across the NHIN? And that’s where see the transparency is a conflict that is out hanging if nobody enforces it or cares about it or describes it.

MR. ROTHSTEIN: I’m not opposed to the concept of stewardship but I think that what needs to happen in this area is more than just stewardship. We have defined stewardship in the document as the careful and responsible management of something entrusted to one’s care and some of the issues I think revolve around whether that in fact is the case. Whether individuals, by sharing information for the purpose of their care are thereby in effect, giving that information to the entity for use so long as it is responsibly managed. I mean I think it makes and assumption about the authority of the covered entities to use information so long as they do so in a responsible manner when our first principal might be when do they get the right to do that? And do they need some permission from the patient besides simply the notice of privacy practices?

So I support the idea of stewardship but I think it assumes away one of the basic questions that we need to deal with and that is under what circumstances does the data stewardship apply? And so that’s why I am a little bit hesitant to say everything is under the stewardship framework.

DR. COHN: Mark, I think I am reminded from your comments yesterday and previously, that data stewardship is one essential element. Transparency is probably another but there is also something more which is I think you were pointing out.

MR. REYNOLDS: And Mark, I agree but I think in transparency as a reality could be put under there but I thought we also agreed yesterday that we did not necessarily like that definition that was in Webster’s. I thought we were going to use – I haven’t read the document.

MS AMATAYAKUL: I’ve marked it to ask if you wanted to.

MR. REYNOLDS: Okay, because that was the discussion yesterday so – and for exactly the reason you said because that, if I remember yesterday’s document, there was a paragraph after that, that really got into what we thought it included and so that definition does exclude exactly what you are saying but the real definition of good stewardship – you could have transparency and you could have a number of other things under there so that if you are the steward of something and you are going to use it for – then there are certain times where transparency would be part of that base definition philosophically. I’m not trying to lead this but that’s why I was willing to say it earlier. I am thinking of a much broader stewardship than just – which would include yours. I like your words and I could support that either way.

DR. COHN: In some ways one reflects those are all elements of the HIPAA.

MR. ROTHSTEIN: Just a very quick response to Harry. If we came up with a more inclusive, better definition of what we mean by stewardship then I would be more comfortable, because we are asking that concept to do a lot if we are going to use it as the single organizing principal.

MS. AMATAYAKUL: Just to ask a question so beyond the Webster’s dictionary – and I am looking at page 8, the section starting 268 to 280, we have also referenced the AMIA definition. Do you believe that is a stronger, more encompassing definition?

DR. TANG: Although I am not allowed to comment on the AMIA definition, I don’t think being careful or responsible is quite enough for stewardship.

DR. COHN: And Paul, and for the record, I’ve already I think apologized to you offline for my comments yesterday.

MS. GREENBERG: Is Mark really saying that when you are dealing with stewardship you’re accepting that the steward has rights to the data? Now obviously they do have some rights already under HIPAA, unless we are going to turn that upside down – for treatment, payment and operations. But then the question is do they have rights beyond that I guess?

PARTICIPANT: Only when they have rights can they exercise stewardship.

DR. COHN: Justine, Mary Jo and then Mark did you have a comment?


DR. CARR: I think that stewardship is a high level thing and I think our goal is to say what the high level part is but then to take it down to the level of heightening accountability in relationships and so on. So that’s stewardship. I think transparency, I suppose you could say it is part of stewardship but I think it should be a separate thing. And I think what Mark is saying is what kind of options does the patient or individual have? I think there is where we understand today’s world, tomorrow’s world and the future world and we consider how we want to manage NHIN but I think in today’s world if you know what is going to happen with you data and you don’t like it, you can go somewhere else or to another physician or whatever. As we go along, that’s one of the things that we want to study, are there other mechanisms of consent particularly with relation to the NHIN. So I think that describing today’s world is transparency ensures that you know where your data’s going and stewardship with some very tangible actions reassures hopefully, and then that consent thing is still – then a patient can make a decision at least knowing what is going to happen.

DR. DEERING: A couple of related things, back to page 8 and the definitions of data stewardship, what I am hearing is that when we talk about data stewardship we would – following Mark, we would include that whatever they are principles, accountability, oversight can be achieved through laws and regulations as well as just principles. So I think that there is a reference to the fact that these can actually be codified you know, obligations as opposed to just ethical practices but that would strengthen it. If people would turn to page 17 and the check that’s there and they do – poor Margaret, and I appreciate you — that we’ve added the status of data on top at my request but I was also trying to suggest that there was something equally important that needed to go there and it would get at what Mark’s point is which is, what are the existing protections or permissions or requirements that accompany that data as it comes? And that gets to the point that it is both the patient’s individual consent – has the patient placed any restrictions on that data at the point that it comes to you that you have to honor or if you are going to change and you have to do something different? But would also get to the point that there other types of regulations, requirements that accompany that data. I don’t know where you have gotten it from, but again it comes with its own baggage so to speak, but it is protected baggage and I don’t think that data stewardship, any of these other analysis and approaches can kick in until you have taken into account both the nature of the data and that existing protective mechanism that may accompany it and the permissions that surround it.

DR COHN: Larry you have been very patient.

DR. GREEN: Well I have comment and then I would like to know what you think about a question. I really am sympathetic to virtually every comment I have heard so far today. I think it’s right on track and so much hangs on this stewardship thing. Again, I am just going to speak to setup here before we get into the recommendation itself. But at the observation level, at a very high level, I still think that we have sort of left it implied rather than explicit that we have come to the conclusion that we are in a transformity change and that our old ways of organizing these ideas are unlikely to prove sufficient as we move forward and to a new way of doing heath care that includes things like the National Health Information Network.

I don’t see up through page 8 where we just consolidate the fact that – and I know it doesn’t say this, let me just use this to sort of exaggerate it, to bring it into sharper focus. I believe we have reached consensus that more and more rules and regulations based on the old assumptions will not get us where we want to go. To be specific, further de-identification strategies we think are likely to wind up failing, and that’s probably not the right framework in which to use, instead we need to get much more serious about the goals and the uses of these data and we think that this large, still not fully defined idea of data stewardship is the way to go. So I am wondering if it is useful to – I really like the idea of getting rid of those first three lines that Steve was talking about, but somewhere in that spot can we make a overarching observation that sets the recommendations up where we cast our gaze towards the new world instead of the old world? And that is really what I am after.

That doesn’t take away the need to address what Mark is talking about, it leads to a sentence like, “so we are going to be transitional and during that transition we are going to have to continue to have workable approaches to doing personal health, data, you know commercial transactions and public health. But we also have to move forward.

DR COHN: I think I am very sensitive to your comments and I see Margaret writing feverishly as we are talking because I think that that’s – I feel like we are sort of back to the future back to whatever in terms of just recognizing that this fits in very well with I think our final call which is, you know there is really a need for a more comprehensive approaches. I mean obviously we are in transition where we are putting things together but there obviously is a call for comprehensive legislation which of course we actually called for in 1996, in 1998 and year 2000 and was actually intended in the original HIPAA legislation, if one will remember.

So I think that balancing – I think that you comments are actually very apropos in terms of that sort of framing. Now whether the first sentence of the observation or the last paragraph before we hit the observation I think we need to figure out but I do think we need to get that sort of concept in because everything sort of sets up the framing of the recommendations.

DR GREEN: Simon, if we were to do that then I wonder what you would think about the usefulness – I’ve heard four people say I haven’t read this yet but, I am wondering if we shouldn’t take a moment for all of us to read all of the observations and recommendations as to the way they are written now before we go through them sequentially to see if that might make us more efficient. On the other hand, you may say we tried that before, doesn’t work we just need to walk through this.

DR. COHN: I think that we are sort of probably doing multiple things here. I guess I would have to look at the group to see if that would be the best use of time. I guess the question is would be almost – and I’m looking at Margaret, would you rather go through at a high level what we have here and would that be a more efficient use of everyone’s time?

MS. AMATAYAKUL: I do think looking at the overall flow would be helpful and maybe just walking through them and you can kind of get the gist and then go back. I don’t think it would take more than five minutes or so to do that.

So the first observation relates to uses of health data or financial benefits occurred other than the subject of the data might be the unintended consequences, however you would prefer to word that. The recommendations on the next page are for guidance on data stewardship, principles, the adoption of those principles and to test them in the NHIN pilot demonstration. And then on the next page, further recommendation under this would be recommendations on transparency relating to enhancements to the notice of privacy practices and education and uses of health data.

On the next page, also still in this section, recommendations on consent management — and I put the recommendation on the FTC privacy policy there. Then the second section of observations is on uses of health data by HIPAA covered entities and chain of trust. And there on page 19, there’s recommendations on business associates, contract provisions, agents of business associates, uses of health data by business associates and agents of business associates, attestation of business associate contract compliance, using an attestation process and making the results available on the web and by individual request. And then chain of trust between covered entities and non-covered non-business associates entities using non-identifiable health data. And then still within this section on covered entities and chain of trust on page 20 is recommendation on entities providing data transmission functions, recommendation and technical data security management approaches, recommendation on identity protection methods, certifying compliance with HIPAA’s definition and describing data linkage processes. And then recommendation on release of data for data release agreements, ensuring that there is the ability by the individual who is a victim of medical identify theft to have errors corrected.

This one I highlighted because I sort of feel like it is out of scope would suggest maybe delete it but – may include all data necessary for satisfactory uses for quality measurement for recording and improvement. That was the issue of minimum necessary and it’s sort of in the eye of the beholder.

And then the next major category of observations is uses of health data for quality measurement, reporting and improvement and the recommendations start on page 23. Protecting data for quality measurement, recording and improvement that these uses are not outside the scope of health care operations, should have an oversight process and should be shepherded into research when appropriate and also, that there be a recommendation for wide dissemination of quality research guidance and that recommendation on data collection for quality measurement reporting and improvement. And this again was sort of highlighted because this is more the link to the other report that you all are doing. I don’t know whether you want to keep this or just reference it or exactly what.

And then on the fourth area of observation is uses of health data and health care operations – that’s what I was referring to earlier and I did develop a recommendation and marketing but I didn’t flesh out the observation yet. And then on the fifth observation area, uses of health data for research with recommendations on harmonizing research regulations and recommendation for quality/research guidance. Six was uses of health data for public health and again just sort of in keeping with the categories of uses that you sort of asked, I moved the data release agreement elsewhere because it didn’t seem to fit there so I didn’t know whether you really wanted this section six anymore.

Then transition to a NHIN was sort of a laundry of list of things that could be highlighted for evaluation. I know you said maybe you would want to delete this and fold them in. Most of them are folded in but I just wanted to keep that list until you were sure that you wanted it deleted.

Then the last one is the privacy legislation which really is unchanged. The comprehensive federal privacy legislation expanding definition of covered entity in the absence of such anti-discrimination legislation and state data restriction laws.

DR. COHN: Margaret, thank you for going over that. I am, having done that now, going to sort of acknowledge Larry’s comments about everybody needing to take a careful read of all of this. Recognizing that for many of us, I saw this coming out around 9:30 or 10:00 last night.

What I am going to suggest, we have been going for about an hour now. I am going to suggest that we use this as an opportunity to take about a ten minute break to do whatever you need to do personally, but also maybe it is an opportunity for people to take a read through this and come back sort of refreshed and informed so that we can talk about this from the concept of all of this together.

So, with that why don’t we take about a ten minute break. We will get together about twenty minutes to ten.


DR. COHN: Okay, let’s get going again. I suggest we read over the recommendations and observations —

DR. TANG: Can I ask one thing?

DR. COHEN: You can — I was going to suggest what we do for the next two hours — you weren’t asking about content I presume?

DR. TANG: No, I am only asking that somebody press star 1 or whatever is required to keep the conference line going.

DR. COHEN: Did you hear his request? Somebody needs to hit star 1 to keep the conference line going. I guess it has been handled, at least for the moment. Are you still getting something on your line?

DR. TANG: While you guys were gone it said unless you did whatever it was it was going to terminate.

DR. COHEN: Okay, please keep us informed on that one and hopefully we will be able to keep you on for the next two hours.

First I want to thank Margaret for taking us at our words yesterday and trying to put it all together, at least in terms of framing and observations and recommendations. I think many of us are looking at this one and sort of not — not necessarily feeling that we have quite gotten to the place we need to be in terms of how we are framing it and lead-ins and transitions and what the main subjects of things are. And I am sort of thinking about Larry’s comments earlier tat this is about transition, this is about data stewardship, this is about transparency, this is about enhancements to HIPAA to help further clarify and specify activities to sort of generally improve what is going on, and of course at the end of call four, which as I said we have been calling for the last ten years, the eventual solution, or the optimal solution is of course expanding things legislatively. But I think we have a much more immediate need, and obviously department heads are a much more immediate need in terms of having practically possible recommendations, and things that are of sufficient specificity that they can do as well as doable by the Department.

Let me think about how to describe what we need to be doing over the next two hours. I am obviously only stuck only in the sense that I started going over the recommendations and I think the first observation is probably not exactly what we want to lead of with, which is this issue of financial benefits and all of that. Yet having said that, clearly we sort of jump immediately into data stewardship, which is the important piece that we have all been talking about.

I guess I am going to ask everyone in terms of how we should go. My general sense is that maybe we suspend belief in the observations for the moment, and that maybe the best use of the next two hours would be making sure that we agree with the recommendations. Are people okay with that?

DR. LANDAU: May I just step back just a second because I am confused about something and I need some clarification. That is the issue of data stewardship. When I read the definition on 270 and 271, in dealing with AMIA, and I am just reading it — it says, stewardship is a careful and responsible management of something entrusted to one’s care. You can read on — when an individual provides private information to any one else in any manner.

So here is my question. One is, who is a data steward? Meaning, are we talking obviously beyond covered entities — are we talking banks, are we talking about — it’s the who question, which I am not sure of. The second question is, who is accountable? Are we talking about individual consumers — are they data stewards? As I look at the — Margaret did a nice job on page 17 — the diagram. I don’t know what the universe is. Is the data that we are talking about PHI, ISHI< de-identified, other? I don’t know what that means. De-identified information — how much accountability can you be for de-identified, assuming — and I am using under the current construct — and who is accountable?

I don’t want to get too granular, but to me we have got to be able, at least for me, to understand it. I would need to know what the universe is, and who is accountable? SO I just wanted to throw it out there because I am not clear just by reading the plain language of how you define data stewardships. If I am going over old stuff I am sorry. I just want a clarification on that.

DR. DEERING: One of our sidebar conversations down here during the break was the fact that the way it is laid out, it is not until the very end, under the comprehensive privacy legislation, that we make it clear that the universe is not just the current universe defined by HIPAA, and we get into more detail, and one of our conversations was that it needs to be clearer up front exactly that the who is beyond the current cast of characters defined by HIPAA. Perhaps spelling that out up front, that everything that follows, at least the underlying principles, are intended to —

DR. COHEN: I think you are making a very good point and in our other versions the privacy legislation was number one. I don’t know that we need to do that again. I think we need to have some introductory material that describes the sort of need for a wider net. I think what we are trying to do is through the concept of transparency, the strengthening of chain of trust, and all this, recognizing that we don’t have comprehensive privacy legislation that covers all users, everyone who touches the data, we are trying to basically create a broader coverage, using the concept of data stewardship, so that there is more responsibility. At the end I think, given our current construct, obviously it is covered entities that have to go a lot of the responsibility because that is all that we have in HIPAA. So we have to ask them as part of chain of trust and strengthening of business associate agreements to sort of take addition al responsibility for people they have contracts for.

DR. LANDAU: I think that makes a lot of sense —

DR. COHEN: It is just not said there.

DR. LANDAU: — it is just not said there. I don’t know what — it’s sort of a “what you mean by” test. If all these recommendations became operationalized tomorrow by some magic wand, and entity or a corporation or a person would say, well, am I accountable to this? What do you mean? So it is helpful to sort of flesh it out a little more.

DR.COHEN: And I guess I should ask, because I am making an implicit assumption that everybody around the table sort of agrees with the construct that I was just articulating. I see Harry nodding his head. At least I am able to articulate adequately what we are intending to do with this. So hopefully I am not far off in that conversation. Marjorie?

MS. GREENBERG: I recognize this is probably something that you agreed to yesterday, and I understand the pros and cons, but I really do have a problem with your making this comprehensive approach the last thing. I recognize it is the thing that would be the hardest to achieve and you want other approaches in the meantime, or even if you have comprehensive legislation you would still need some of these things. Legislation doesn’t play out superficially.

DR. COHEN: Marjorie, you are going into the organization of the report and I am going to defer that one for the moment. We tried it at the first and we decided it was off-putting, but I think that basically we can review it as we go along. We looked at it before when it was number one and felt that people were just going to stop there and defer the rest of the document.

However, I think the point is that we are trying to get to a more comprehensive approach, which is I think what we need to somehow get back in the early part(?).

DR. CARR: Following up on what Morris said, do we have the expectation that within the organization that received data that there would be an individual, a data steward or an individual who role would include data stewardship?

DR. LANDAU: Are you saying hypothetically you have like for example a hospital that has a CIO who would be in charge of data stewardship? Or are you talking about all employees in a facility? I don’t know exactly what you mean.

DR. CARR: Your points are excellent. We have a concept about stewardship, but to take it to the street, what does that mean? I think to say everybody is accountable is good, but would we be saying that there is a data steward in each organization who is ensuring that there is oversight and principled use of data?

DR. LANDAU: If we look under the privacy rule and security rule, obviously you have a privacy officer and a security officer who are the responsible parties for the entity. SO obviously under the HIPAA you have a certain amount of accountability. But again it stops at the CE door. If you draw a broader definition of data stewardship, I don’t know how, under the current conditions, a person would be — I mean person, corporation, entity, individual — would be accountable.

DR. CARR: I guess it is fuzzy. I also think that we are also talking about the data integrity, that there is somebody looking at the data sets, the use of them, the aggregation. So I guess your question made me realize we are in a kind of conceptual zone, which is a bit nebulous, and if you were to read this tomorrow, what could you do? Does it apply to you as a person in an organization or is there an accountable individual that, if there is a breach of stewardship someone can speak to it and address it?

DR. LANDAU: Simon sort of crystallized it for me, which is we take it under the current construct we have now, and the current construct is if, for example, someone hacks in or someone uses identity theft at the CE level, obviously they have a duty to correct, they have a duty to mitigate that harm. SO there is some accountability under the current laws. But what was unclear to me, at least reading the document, I did not know what you meant by, and who is responsible for, data stewardship. I don’t know if I have answered your question.

DR. CARR: No, I think in terms of quality, not just breaking into it, but the oversight of the use of the data is there and there is a person experienced to address that.

DR. COHEN: I made that comment only because it gets into that tension between is the data steward an entity, a person or a set of principles? I think at the moment, for the purposes of this document, it is really the latter. And I think entities will, covered entities obviously already have specific mechanisms in place where actually asking for more in relationship to quality, but non-covered entities obviously have, absent some other sort of legislation, a right to organize and execute as they will.

With that, as I said, I am persuaded and Harry and I were talking, one of the things that would be very useful at this point is to move from the conceptual down, especially given the lateness of the day — and I don’t mean the lateness of Friday, but the lateness in this process — that we should walk through the recommendations and make sure that we are actually okay with the recommendations. We talked at all levels of the bullets, concepts, PowerPoints or whatever, but I think, sort of disregarding the observations, which are really text to lead up to the recommendations, the question is are these right generally? Maybe not quite organized right at this point, because we keep changing organizational structure around. And the other question is is there something missing here? Is everybody okay with that sort of walk through at this point. Because we don’t have the recommendations — the rest of the document doesn’t — I mean, everybody is going to look at the recommendations. SO Margaret, can you help us sort of move through, starting with 1.1?

MS. AMATAYAKUL: On line 647 of page 16, recommendation on guidance for data stewardship principles, HHS should issue guidance to covered entities for the adoption of data stewardship principles to include those for quality measurement, reporting and improvement, and testing NHIN pilot demonstrations the health data use risk benefit analysis framework described below for informing HHS in its guidance development — or wherever we may put this.

DR. TANG: Could I understand what that 1.1.1 means?

DR. COHEN: We have two questions immediately. Apparently people aren’t sure what 1.1.1 or 1.1.2 means exactly.

DR. TANG: It would be fine if we had laid out principles already, but I don’t know even how to find them.

DR. STEINDEL: It responds somewhat to Morris’ comments. I think we might want to think about a first recommendation is that people should name a data steward.

DR. COHEN: I don’t know if that was Morris’ comment.

DR. STEINDEL: That was what I heard as the gist of a lot of the comments. Who is going to be the steward of this data someplace?

DR. LANDAU: Can I sort of respond to that? I was under the impression of a couple of things. One, that what you meant by data steward was sort of a principles notions, a principle as opposed to the who, the what. SO that clarified the first part.

The second thing was that, under current law, theoretically — I don’t even want to call it data stewards — you do have a privacy official and a security official who is responsible for some type of security of the data under current law, just for CE. So I probably didn’t answer your question real well, Steve, but that was my impression, that what we mean by stewardship is more philosophical.

DR. STEINDEL: Simon, if I can elaborate?

DR. COHEN: Sure, and then we will let Mary Jo speak.

DR. STEINDEL: What I was resonating with when you were discussing things, Morris, was what went on in the federal government about five to eight years ago, when OMB introduced guidelines about data stewards within federal data collection systems. The first discussion revolved around these principles, and what is data stewardship and everything like that. Then the discussions started to revolve around who was responsible and the naming of data stewards. And this caused a tremendous problem within the government. We spent years discussing how to create these types of positions and now we have had some years of experience. I don’t know whether we solved the problem or not, but we do name them. That is what I was resonating with when you were talking about it — thinking about the government’s experience.

DR. COHEN: Mary Jo had a comment?

DR. DEERING: I was almost about the retract it, but maybe I will put it in the form of a question. It gets to the question of what do we mean by data stewardship principles. Are we saying here that basically everything that follows? Is this an illusion to everything that follows in the report? Or is this an allusion, as someone questioned, to some unnamed, unarticulated different principles over and above the specifics that we have in the recommendations? Or are we just saying that we recommend that they adopt this framework? So it is a question like Paul’s, as to what we meant by this.

DR. TANG: If I can get in line?

DR. COHEN: Okay, I think Larry is next, then Harry and then Paul.

DR. GREEN: One way forward could be, that would address these concerns, is if we just get something like this — the recommendation — why couldn’t we proceed by saying that 1.1.1 would be HHS should formalize data stewardship principles and issue guidance to cover dependencies(?) for their adoption sufficient for the multiple uses to which these data are intended — something like that. What the comment said to me was that we skipped a step, that it wasn’t our charge to elaborate data stewardship. We sort of discovered data stewardship as the way out and we should say this now needs to be formalized and then ONC’s concerns, et cetera, and whether we put in a data steward or not or name who they are — we don’t know the answer to that and I don’t think we should claim that we do.

DR. DEERING: Just to amplify, I really like that approach and as long as what we made clear is that it is initiating a process by which a consensus on data stewardship will emerge to be recognized as applicable to all stakeholders. It recommends that HHS convenes a comprehensive process to achieve consensus on a data stewardship framework to guide all activities.

MR. REYNOLDS: I would worry a lot about being overly prescriptive as to who a data steward is. Just to give you an example – it is in our code of conduct so every person we consider in the company is a data steward because they touch it every day and do things – and it goes all the way up the level to where we have data stewards about quality. We have vice president data stewards who signed attestations. We sign attestations on other things that make sure that the data – so it really a set of principles. It should be implemented by a company as a set of principles. I think we have all found in privacy officials is it equally is done in our company and others, where it is all the way down to codes of conduct. You don’t have one person responsible. You better have these principles throughout your data because a whole lot people pull that data up everyday, look at that data, and what they would or would not do with that individual data worries you far more. So I think it is a set of principles.

Second, I would like to see us include in 1.1 that we go back to whatever that definition was – and some of us have already given Margaret language to add to that definition – that was done earlier. So rather than just say “principles” go back to the AMIA one, plus adding a few other things that we thing ought to be in there to put in here. Then, rather than just saying “for covered entities” that would include covered entities and others that are known now, and be visited regularly as NHIN, et cetera, spawn other things.

Back to Larry’s and others comments – we have got to look ahead too. And if there is not a regular review – we talk about covered entities, business associates, all these other things, as we go to NHIN and we all still wonder what it is – there needs to be a regular review of these principles and there needs to be a regular review of how the world is playing in this game so that we come back and add to those principles. If you continue to add to the principles then the entities underneath become a little less significant because you have a set of principles. Then at some point, if we get this legislation we talked about, that everybody in fact is covered or this or that – pow – immediately you have got who ever that is, under that set of principles. Now I think we built a structure that the world could follow and things.

Again, as an implementer, whatever I read here – when it comes out, it is going to come to me anyhow. I could deal with this as a structure because you would understand what you were trying to do but appointing one person and trying to make them magic I think is a little too prescriptive for us as group to drill down on.

DR. COHN: I really do want to appreciate Margaret, who as we are talking here is beginning to move some of the concepts and the recommendations here in ways that may allow us to make these a little more understandable and maybe represent some of our views.

Paul, you are next. Justine is after that.

Paul, Margaret is going to read some of these modified versions here.

MS. AMATAYAKUL: So, 1.1.1 would be issue guidance to elaborate data stewardship principles which will define – will elaborate upon. To guide all covered entities and others who may create, maintain, transmit health data in adopting these principles.

And 1.1.2. test in NHIN pilot demonstrations the data stewardship principles an ability to elaborate upon these as the definition of a NHIN becomes clear.

DR. TANG: Now, are we going to have the principles in this document or is 1.1.1. saying that HHS should define data stewardship principles?

MR. REYNOLDS: I would recommend that we go back to that definition that we used earlier or at least pull some of those out as to what those principles might include.

DR. TANG: I go back to – is the world going to be different. If we are just going to say, HHS – we think you ought to consider this thing we are calling “data stewardship” and issues in principle and all — I think we have done a lot more in developing and elaborating principles that are important to dealing with health information as it travels across the NHIN.

I think it should be far more than incrementally adding another – in addition to the security officer and the privacy officer, adding a data stewardship officer – I think those have been very minor enhancements to the overall privacy and security protection so far. I think incrementing on that will not be a significant change. Nothing close to what has to be done to handle the passage of data throughout the NHIN.

If we want to ask for – I think we need to call for – if we don’t want to actually recommend a structure we may want to say something like, call for a method for establishing data stewardship framework and governance that would applies across the NHIN. I guess what that does is leave some latitude for is it a Federal entity because as you know, some clinical group like AFP and ACP are talking about some kind of data stewardship concept as well, that may actually even be an entity.

I think we are starting to back down into incrementalism and platitudes and I am nervous about because I think our work has been more far reaching and impactful then we are currently stating in words and that the main organizing principles is the fact that you have to have a pervasive data stewardship responsibility and accountability framework. I am afraid that it almost means that you have to have a “who”. It may be in the public, it may be in the private-public sector, whatever, but there has to be an entity that issues these policies and enforces them.

I am just putting that on the table as being a more concrete – a bolder recommendation than saying that we have got to get this principle trickling around the place because I just don’t think that is enough.

DR. COHN: I think I will leave your comments on the table for the moment without trying to resolve them all just because I think that others may have comments. Some of this gets to be the concept of are we talking about principles that are published by HHS and find there way into standards and others or are we talking about a separate governance framework which is something that we really have not – I don’t think we have heard testimony on nor have we come to an opinion about exactly how that would be governed other than through HHS guidance.

Let us hold that thought for the moment and see if others have additional thoughts on that. Kristine.

MS. ANDERSON: I just wanted to make two comments. The first on the stewardship. I know that the paper around the RFI is coming out next week. It is supposed to include some of these issues like principles – it is either the 13th or the 16thbut it is at the AQA meeting next week.

The other comment that I had was I wanted to – the early comments were focused on stewardship within an organization. I want to just bring us back to the “Use” case again – the “Quality Use Case” where we are really talking about organizations that are holding data – cross organizations. So when you think about defining stewardship – I mean for instance the data bases that currently exist to measure quality. The anticipated future databases that will measure quality. Just to think about the “Use” case and then the vision of the “Use” case originally was that each of the parties holding data are data stewards as they move down the chain. As you alluded to with the HIE.

DR. COHN: Kristine, thank you. That actually raises some eyebrows yet another level here.

Morris, I think you are next.

MR. LANDAU: I just want to get back to some comments that were made. In no way was I trying to define data steward. I just wanted to raise it for debate, for discussion, simply because when I am reading this document I’m looking at it through two eyes. One is through ONC’s eyes and the other is just a lay person trying to understand what you mean.

The other thing is just getting to what it says about issuing guidance. What type of guidance would you – and I am just raising the question – is there any specificity that you want to put in that guidance? What other thoughts? I just want to throw it out there.

DR. COHN: You mean like all the other recommendations we had. I think there data steward framework actually in the rest of the recommendations. I think. But we need to specify that as opposed to telling HHS to start fresh. Anyway, that is just a view.

Steve, you had a comment?

DR. STEINDEL: I have a very basic comment and this is what Margaret is posting on 1.1.1. I think there are really two ideas in there and we should separate it. It will be cleaner to work with.

One is, elaborate a data stewardship framework. I think we should say something like – we start off with “HHS should convene a process to elaborate a data steward framework. That should be the first one. The second is the guidance about instantiating those principles.

That cleans up a lot of what is going on in the language there. In response to what Kristine is asking, I don’t think we have ever really clearly – we should never have really stated that this just applies to – it applies to any entity that is a data steward regardless of whether it is holding it for one institution or a million institutions these principles apply.

DR. COHN: I am going to let Marjorie go next and then we should sort of wrap up this particular issue less we spend the next couple of hours on it.

MS. GREENBERG: I think, and sort of coming off of what Paul said, too, the more you can articulate what you think the data stewardship framework is and what the critical components of it are, et cetera, because I think you have been thinking about obviously building on that – the better, rather than sort of bumping it back to the Department to elaborate the stewardship framework.

At a minimum, I think you have got to indicate what you can build on what you are already recommending. I don’t know – I guess we will have before this is finalized we will have an opportunity to see what comes out of these comments from the RFI. That whole RFI process is of a little concern to me because it came – and it is going to be presented AQA – that is good, that is where it came from. But it potentially was much, much broader than quality. I don’t know where that is going to come out.

I think the more you can say these, from everything we have heard, et cetera, these are the principles and this is the framework the better. There may still be obviously some work that needs to be done and then you can issue the guidance. I think they did convene a process to elaborate the data stewardship framework in governance. I think it was this workgroup, to some degree, and I am not so sure we should be recommending convening another process.

I know you are typing it up there but I would not frankly, support that. Getting back to – I don’t want to get into the organization per se, this discussion has made it clear to me – at least what I think – you need an overarching observation that includes the observation that this needs to be transformational, et cetera. That probably we need more privacy legislation – better, more comprehensive legislation and anti-discrimination, et cetera, but that even with or without that we really need a focus on data stewardship. Don’t tie it to one use. That way it gets the privacy thing mentioned in the observation but it is not the first recommendation. Then go through with the data stewardship.

DR. COHN: Marjorie, I think that is where we are all trying to go. I do actually agree with you. The truth is a lot of the work that we have done and a lot of the recommendations are actually a framework. You talk about strengthening – obviously building it off of a HIPAA framework. This is what the whole point of all the recommendations are so to describe it – needs to develop it is sort of missing the obvious. Now we may want them to do further things, et cetera, et cetera.

Margaret, do you have a comment?

MS. AMATAYAKUL: A question. So, it sounds to me like this first observation and recommendations are going to more around a framework for data stewardship.

DR. COHN: Yes.

MS. AMATAYAKUL: Addressing this major concern above all others or do you want – Harry is saying, no. So the framework should kind of address data stewardship in general or focus on this prevailing concern – no focus there?

DR. COHN: I think it is a general framework within more specific recommendations going further. As we all ready it, I think that was our view that there was something discordant about immediately jumping into a particular use.

Justine, you have a quick comment. Harry, and then let us try and — Mark. Then we will try and put this together and move one. This is a very valuable conversation. I am sorry that this is not the start of the two days as opposed to the end of the two days.

DR. CARR: I just wanted to clarify the RFI that went out with responses –. There is a growing demand for healthcare data for many sectors. Key drivers for this demand have been the surging interest in healthcare performance measurement and the information systems needed to aggregate process transmit healthcare data from which measures of healthcare quality may be derived and to which measure may be applied. This need has raised the question of the responsibility for safeguarding the data beyond the original care setting. This issue has led various stakeholders to propose of the formation of a public-private national healthcare stewardship organization with the various oversights of the various uses of healthcare data as described below.

It is about quality, Marjorie. I think you said it was broader –

MS. GREENBERG: Then there is a statement that says, but we also want your comments as to the extent which this should be extended to population health data, et cetera, et cetera. It is a very controversial sentence up front.

DR. COHN: Let me remind everyone, this is from John White’s earlier briefing on this one. This is an RFI, this is not a RFP, this is not federal regulation or legislation. The report out is going to be non-judgmental representing the input from the various stakeholders.

What we will get is information but not likely any conclusions.

MR. REYNOLDS: The wording that I could agree with is really these stewardship principles – data stewardship principles transcend entities but will be executed by entities both now and in the future.

That is what we are talking about. That is exactly what we are talking about and if we don’t keep it there then I think we are going to get stuck. That takes uses, that takes everything and puts it where it is. Okay?

MS. AMATAYAKUL: Could you say it again?

MR. REYNOLDS: Data stewardship principles transcend entities but will be executed by entities both now and in the future. We don’t know what those new entities will be – we don’t know what anything will be but if these principles stick –

MS. GREENBERG: Is it “executed” or “implemented”?

MR. REYNOLDS: Anybody can have that word.

(Simultaneous comments.)

MR. REYNOLDS: I kept it generic because that is what we are trying to get to. So the principles hold no matter what.

MR. ROTHSTEIN: The only think I was going to raise was whether you think it would be productive to in 1.1.1. include something – instead of saying, “and building upon subsequent recommendations”, say, “including principles such as but not limited to, transparency, consent management, chain of trust, accountability.” And just list five or six of the key things which gives sort of a flavor of what we are talking about.

MR. REYNOLDS: That is exactly what I was recommending earlier. I agree.

MS. AMATAYAKUL: And taking this “building subsequent” out? Building upon?

MR. ROTHSTEIN: That would be a replacement to it, I think.

MR. REYNOLDS: Margaret, where you have “be executed by organizations now and in the future.”

DR. COHN: I want to thank everybody. I was commenting that things don’t get real until you start looking at the recommendations.

Are we okay at this point? Anyway, this is just a reminder of how it is great looking at power points but when you get down to the real words you start to – the rubber meets the road.

If it is okay, are we at least generally feeling like we are at least establishing the right context here and then we can begin to look at some of these subsequent recommendations?

People smiling, nodding their heads.


MR. LANDAU: It was regarding 1.1.3. Instead of putting “pilot demonstrations” they should be “trial implementations”. That is what my boss told me to put “trial implementation”.

(Simultaneous comments.)

MR. LANDAU: The contracts have been signed and just for the record I don’t know what the contents are in the contract.

DR. COHN: Okay, pilot limitations and other pilots or other federally sponsored dah, dah, dah.

Okay, shall we move onto 1.2. I guess – let’s go to 1.2.

MS. AMATAYAKUL: 1.2 Recommendation on Transparency. HHS should issue guidance to cover entities to ensure that individuals have the opportunity to be informed about all uses of their health data whether identified or de-identified. Transparency should be achieved through enhancements to the notice of privacy practices. This refers to recommendation 2.6, which we will get to later but that is the one where we can enumerate the business associates and their agents upon request.

DR. TANG: Can I get in line?

DR. COHN: Do you want to go through this section and then you will be first in line.

MS. AMATAYAKUL: Enhancements to the notice of privacy practices and education on uses of health data.

MS. GREENBERG: How did you change the 1.2.2. Oh, you made it a 3. How is this health data use framework fitting in?

MS. AMATAYAKUL: We are going to move it to an earlier section.

DR. COHN: Paul, you are first in line.

DR. TANG: Okay, two points. One is if one of our major topics that was introduced – we were reminded by Mark at the beginning – we talked about the distinction or lack of distinction between identified and de-identified. We either do or don’t believe that information can be “de-identified”. If we don’t then it seems like we should be consistent throughout the letter and find a way of describing health information without referring to identified or de-identified.

DR. COHN: Paul, maybe it is whether identified or HIPAA de-identified.

DR. TANG: I think what we are trying to say is that your information – we want to say where does your information go and it goes anywhere that the identified or the HIPAA de-identified information goes. In order to be less confusing we just talk about where should the information go and that is everywhere.

DR. COHN: Margaret and then Mark. I’m sorry – you had other things – go ahead.

DR. TANG: Not being there I can’t see other people’s reaction but this is so wishy-washy it doesn’t either add to the current status quo or help the Secretary figure out what to do next in my mind.

DR. COHN: I sort of missed – I apologize –

DR. TANG: It is just saying that we should issue guidance about transparency and how you would enhance the NPP – we already have guidance on that and I don’t know how the recipient of this advice would act to make it more meaningful as it calls for here. We either ought to come out and say it or include transparencies in some broader scheme. I don’t know that any of these three bullets have done anything to change the status quo.

DR. COHN: Okay, so you question is whether or not this is enough in terms of transparency. Margaret, are you next?

MS. AMATAYAKUL: I think you we are going to see in several places through the recommendations that we are talking about whether identified or de-identified and while I work real hard to convey the notion that de-identification is sort of meaningless at this point or at least not maybe as strong as we think it might be, I am concerned that if we don’t explicitly state this people will read – anybody off the street could read it and say I am still able to use de-identified data. They have not said anything that precludes me from doing that.

DR. TANG: If we introduce early-on the notion that we don’t believe that what is considered to be de-identified by the safe harbor method in HIPAA is truly de-identified then we might come up with a phrase “all data” identified or de-identified according to “HIPAA” and then just use that phrase throughout that would address your concern Margaret, a person picking up a sentence would not understand what we mean but we will also be signaling because we define what it means to be what all health data means.

DR. COHN: Paul, I think we are all sort of agreeing – that HIPAA term. I should also comment as I am thinking through this one that I sort of agree with you – this is one of those things that the reorganization of this document there is I think, other transparency recommendations but they are not here.

MS. AMATAYAKUL: They are throughout.

DR. COHN: They are throughout so I think once again, speaks of and I agree with you – I looked at these and this is what we say about transparency and yet what we are talking about is posting uses of data. There all of these other things that we are talking about doing and I can’t pull them up – you have to page through here to look but maybe we have to page through here to look but maybe we need to suspend belief for a moment, recognizing that if we are talking about transparency that maybe this is a – we need to figure out a way to put these together in a way that is sufficient.

Mark, I think you are next.

MR. ROTHSTEIN: I think there is an important concept that I think we have left out. Maybe it is somewhere else but I don’t see it. That is that although transparency is important – transparency alone will not solve the problems that we have identified. People have enough difficulty as it is now understanding a detailed notice of privacy practices. If our idea of transparency is to add another page about disclosures under PPO I don’t see that as a plus. I am all in favor of disclosure but what is the practical impact of that.

I think I would like to see a recognition of the practical limitations of transparency as a principle and the need for other things to work with transparency to reach the goals that we have set out.

DR. COHN: Mark, I can’t tell you what line it is on or even whether it got lost in this version but I think that we have all subscribed to the philosophy that transparency is necessary but not sufficient and I think that is the point that you are making. I guess the question is is that something that should be in observation around this one or somewhere else? It is hard to stick in the recommendation line per se.

MR. ROTHSTEIN: I understand. I just wanted to be sure that we did not lose that and that it appeared prominently because whenever I see transparency I get a little nervous because that seems to say to me if you put it in writing somewhere you have satisfied all your obligations. I don’t really subscribe to that notion.

DR. COHN: Well said. Kevin.

DR. VIGILANTE: I just wanted to agree with Mark. I understand that we are going to try and deemphasize the absolute nature of de-identification but I do think that one’s concern about where one’s data may go – how would they feel about it – may differ depending on whether it is obscured in some way or not. I think that even though you may not be able to guarantee that something is 100 percent not re-identifiable – there is a process of obscuring for most people – more than most – venture to say to say much more than most – people most of the time – it would be extremely difficult to successfully re-identify them. To say that there is no difference in that is also misleading the other extreme.

The other thing that I wanted to say is that this might be an area where we might to say rather than sort of say, we don’t really need to add pages and pages here but one thing we do want to convey to consumer or a person yielding up their data that if there is a chance or if there is an intent to sell it – that should be included up front in this process of being transparent.

Lastly, maybe I should not comment – telling HHS that they should fund an experienced contractor seems to me getting into the weave. They should figure out how they want to do it themselves.

MR. REYNOLDS: You thought experience left you out?


DR. COHN: Okay, Kevin, we have other places about this issue about proposed – we just need to make sure that that connects here.

DR. DEERING: Presuming that this is going to be kept in some way – I’ve sort of heard about maybe reorganizing it yet again. Here is a smaller fix that I would like to see which is on the current line 672, which is in the opening sentence about 1.2. I would delete “have the opportunity to be” and just make it “they are informed” because if you want them to be informed you want them to be informed and not just give them the chance to be informed.

Another easy fix would be to add an introductory clause to that statement before “HHS should” it would say, “in addition to other specific recommendations regarding transparency included elsewhere in this document.” If indeed, it depends on what your ultimate organization is.

I also want to echo something that Kevin just said, here above all, indeed, is where the concern about commercialization comes in. So for us to only have said it somewhere else and then get to our transparency elsewhere I think loses the message significantly.

DR. COHN: Margaret.

MS. AMATAYAKUL: When we word “HHS should issue guidance to covered entities to ensure that individuals are informed about all uses”. I guess the question I would have is that could be interpreted that you must enumerate every last use in a notice of privacy practices. Where the intent here was to say “and you may request such a list” or you request the list current for that year of your business associates and agents.

The real concern – I can reword this differently so that the intent is that they are informed of all uses but they have to –

DR. COHN: Are you arguing about the opportunity to – is that what the conversation is about?


DR. CARR: I was just going to say, “have access to the list”.

DR. COHN: Of course this is physically separated from all of these recommendations so maybe if it came together it would be more conceptually palatable here.

DR. OVERHAGE: This commercialization question that I think that somewhere in here I think we have got to explicitly deal with. Somebody used the phrase yesterday – dealing specifically with what I think is a really tough issue which there is one thing that is clear that if I saw your name and identification as either a physician or a patient so that somebody can call and harass you and interrupt your dinner. There is another piece that gets really grey which is for example, pharmaceutical company that might purchase data to use in a development of a drug, either as part of a clinical trial that they are conducting or something else. Is that selling your data? I think there are some grey areas in there.

The other thing is research uses of the data which you could argue are selling the data. Then the less invasive thing are research uses of the data where maybe you did not sell the data but you would not have gotten the grant if you did not have access to the data and therefore you profited by.

DR. COHN: Let’s just about this one for a minute because I think what we are talking about here and let me just make sure that I have the enumeration of what we are trying to do. One has to do with that patients should have the opportunity to be notified, informed either on the web or elsewhere of all these uses. Is that a bad thing?

I mean do we have to make the distinction between around all of this one or do we just need to be more subtle or more understanding in terms of how we frame the whole issue of commercialization. I guess I am just trying to think about remedies and recommendations. Whether there is a need to make those distinctions we can do it.

DR. OVERHAGE: If we are gong to use the term commercialization I think we need to understand, at least among ourselves, where on this spectrum we think commercialization starts.

DR. TANG: That might be where financial accrues to parties other than the subject of the data.

DR. OVERHAGE: And Paul, that is what I meant by so when a research institute or university is awarded a grant by virtue of the fact that they have access to the data in their clinical data repository – they simply could not do the study without it – they have financial gain.

DR. TANG: Yes, but that would be covered under – if it is covered by other enumerated uses like quality improvement, clinical research public health, et cetera, then I don’t think that applies.

DR. COHN: My sense is this is an area where I have been concerned. I know you see a bright line and I know Kevin sees a bright line in all of this stuff. I have been very aware that the issue of commercialization is another one of those grey zones – it is like the quality research world – it is like an asteroid belt.

Right now I don’t know if we need to solve it in this recommendation – we just need to keep looking through – I think we are getting rid of the framing here but I would have you think about if we can describe this in some way – if there is a cleavage point – I have heard marketing is definitely a cleavage point. Some of the stuff gets to be a little tricky and I think actually the good news is I am saying all of this – Kevin is next.

DR. VIGILANTE: Larry is next.

MS. ANDERSON: just have one comment. The text where it says they should have the opportunity to be informed about all the uses of their – the use of the word “their” before health data suggests patient level tracking which is what I think not what you intend. So there uses of health data – a patient can’t tell if there data was used in a de-identified fashion by some agent. You could never track that down to the patient level so you could tell every person what data subset their data went into. I guess you could track it but it seems incredibly burdensome – it might shut down secondary uses.

I will give you an example. Let us take the quality improvement example. So you could know for instance that your data went to your vendor for performance measurement systems for ORIX(?). If you gave that vendor permission to use data in studies around health outcomes in a de-identified way they would first de-identify that data and they would then create their data mark. So you would not even know what data mark that data went into.

Not to suggest that it is patient level tracking – it just seems really burdensome. Rather than just saying we allow our agents to do the following types of things with our data without knowing where Christine Martin-Anderson’s data was.

DR. COHN: Margaret has to deal with this issue. Margaret you had a comment. Harry I think you were on this one and Steve you were on this one.

MS. AMATAYAKUL: So, one of the things that I know that people have done is to say this is where your data may have gone. For example, when listing a research your data may have been contributed because I think all uses of health data sounds a little scary, too.

Potential uses of their health data – would that be –

MS. ANDERSON: That is what I think is reasonable.

DR. COHN: Steve, you okay?

DR. STEINDEL: I was just going to mention that in the present HIPAA privacy rules a patient can ask for an audit of where their data has gone.

MS. ANDERSON: Until it is de-identified.

DR. STEINDEL: Right. So if it went to ORICK Identified then that would be listed. You are comfortable with that step?

MS. ANDERSON: In particular the identified part.

DR. STEINDEL: I think this is good with full potential.

MR. REYNOLDS: The only challenge I have with “potential” is that the entities make the potential list complete. I agree with your patient tracking – I am right there with you but if you say “potential” and they are not meaningful in their updating of potential then we have lost the transparency of subjects that we thought we were trying to get. That is why I would play with that word a little bit on what that means.

DR. COHN: Are there anything else on this particular point? I think we are okay. Larry.

DR. GREEN: I wrote in the margin of my copy of this when I read it “have the opportunity to be informed is artful, perfect language, don’t let it change.” I want to go back to Margaret’s first version of this on line 672. I think the conversation suggests that she had it right when we started and I did not hear any comments that were violated by that language. Each of the examples that were brought up made it worse rather than better in my opinion.

DR. COHN: So you vote for changing back to “have the opportunity to be informed”?

DR. GREEN: I think that is splendid language. It is about transparency. It makes the point that we are trying to make with this recommendation. An American citizen should have the opportunity to be informed about their health information as being used. That is the point that is relevant here. We don’t have to end this point solve all we the potential uses. That is what the conversation started doing. When we start messing with the language you can’t really improve on all uses of their health data or all potential uses of their health data. I want the language “have the opportunity to be informed”.

DR. COHN: I think you are pretty persuasive, personally. Anybody so worried about this one – go back to the original language?

MS. ANDERSON: I was trying to strengthen it – I thought it was weak.

DR. COHN: Do you mind putting “potential uses”?

PARTICPANT: I yield to the group.

DR. COHN: I think that was an improvement.

MR. ROTHSTEIN: Didn’t we lose the point also about the limits of transparency?

PARTICIPANT: I will put that back on.

DR. VIGILANTE: The bright line – I am more schizophrenic then bright line here. On the one hand – or at least a dual personality. On the one hand – one part of me is very concerned about unintended consequences of regulation that actually in the future will undermine the uses of secondary data for the benefit of patient and society at large. On the other hand, I do subscribe to the notion that one should not be surprised to find out how one’s data was used. I think that the commercialization issue is one of those areas where a particular sort of outrage might be expected if one were to find that out and were not told in some way.

However, I recognize that Marc’s observations are really quite on the money here. It is not everything you sell it for isn’t a bad thing. In fact to sustain business models for quality improvement you might have to have these kinds of relationships. So, I think – I started by journey here by saying, look, when you say all uses you can just overwhelm people with so much data that they don’t really understand what you intend to do. I guess I was trying to argue that where there are – that there should be particular attention paid where the data is intended to be sold and that specificity around that would be helpful. Maybe this is not the place to go into it but that is sort of more the spirit of what I was trying to get at.

MR. REYNOLDS: Why don’t we put it back up in 1.2?

DR. COHN: I guess I am trying to figure out what Margaret’s doing here. Tell us what you are doing and we will figure out where it should go. You are obviously trying to come up with the intent to sell?


DR. COHN: With greater specificity applied to describing any intent to commercialize the data? Whatever that means.

PARTICIPANT: It may or may not be a good idea to put it up there.

DR. COHN: I think it is fine and I don’t think it violates Marc’s – I think Marc is bringing up a very important point that every time we look at the commercialization issue we just need to – it is not straightforward but yet we don’t want to hide it. I think that anything that Marc described is something that needs to be hidden – that is a transparency piece.

What I think he is describing is that this is not sort of by definition necessarily a terrible thing it just needs to be communicated in the same way that it would need to be communicated for quality uses and all of that stuff.

I think there is a point that we heard that making the point about yes, it includes this, I think is a valuable piece. Whether it is 2.1 or 1.2, I think we can argue about that one.

MR. REYNOLDS: I would like to start the argument.

DR. COHNS: I’d rather you settle the argument.

MR. REYNOLDS: I will. That is what I am planning to do. The point to me is we are being too prescriptive to putting it in 1.2 or 2.1. It can be through NPP, it could be through education, it could be any number of ways. A patient comes in and you could educate them rather than telling people that every time you come up with a new way to use data you have got to go back and change all privacy notices – which nobody understands now. I like the education and we got a few other things down here. That is why I am putting it back up there.

When we talk about transparency we say you need to do it then figure out how you are going to do it and you need to hold yourself accountable to do it that way. That is why I was very much against putting it under the notice of privacy practices.

DR. COHN: I just want to make a comment about the commercialization piece. Marc Overhage, I want to thank you. I think there is something in – it is probably not in the recommendations but maybe it is in the body of the text that reflects on that and I think the fact that the committee heard lots of concern about commercialization issues but there is also the recognition that there is this sort of broad set of uses that may fall into commercialization. I think that is somehow needs to be reflected once again, not probably in the recommendations or the observations but sort more along earlier on and sort of balancing this one out.

Paul, hopefully I will have you review some of that to make sure you feel this fairly represents reality. Probably Marc also, for that matter. That once again, the body of the text as opposed to here.

Are we okay at this point? Margaret, what is wrong?

MS. AMATAYAKUL: I just want to ask a question. Do you prefer commercialize sell or monetize?

DR. COHN: As a form of art? Steve, did you have a comment?

DR. STEINDEL: I was looking at that and I would like to say something like “fiscally benefit” or “monetarily benefit” or “finally benefit” because commercialize, sell, monetize, all of that really doesn’t convey all the possible areas that we are considering. We don’t care how they got it we just want to make sure that if it is financial benefit we want it disposed.

DR. TANG: So what line would that be? I am not tracking where we are editing.

DR. STEINDEL: It is added into 1.2. Your text it is somewhere in the neighborhood of 673.

DR. TANG: You are adding an additional phrase to cover things for which there is some kind of financial renumeration?


MS. AMATAYAKUL: So this would read, “HHS should issue guidance to covered entities to ensure that individuals have the opportunity to be informed about all potential uses of their health data, whether identified or de-identified and with greater specificity applied to describing any intent to financially benefit from the data transparency should be achieved through.”

DR. GREEN: This is getting off track in my view. The idea that I heard from Kevin and from testimony and from prior discussion, is that we recognize from what we have learned that in the transparency issue people don’t want their data used by other people to get rich off them without them knowing about it somewhere. That is the basic idea.

The way this is reading now is if you had a pay-for-performance program and you are part of an entity and if you get your diabetics all controlled, then you are suppose to in your transparency in communicating with your patients you are now obligated in some way you are suppose to make sure that it is possible that the nurse is going to get a bonus at the end of the year off of this.

We are just going too far with this. We are specifying it too much. The idea is commercial use and the idea is that a human being should know if there data is going to be used – have the opportunity to know. They don’t have to know but if they want to know they ought to be able to know but we are getting too far.

DR. TANG: Here, here. That is the problem – we ought to just deal with it.


MR. ROTHSTEIN: I don’t know if it is in the text anywhere but this might be an appropriate place to note the importance that we attach to the reasonable consumer expectation text. That for purposes of transparency what we want to do it alert the consumer or allow them to be informed about the uses that they would not reasonably anticipate as flowing from their patient care encounter.

DR. COHN: Mark, thank you. Marc Overhage.

DR. OVERHAGE: I’m trying to imagine the notice of privacy practice this first recommendation generates. I am wondering whether it is meaningful? What I mean by that is if I were writing a NPP having seen this, I would say your data might be used for the entire list of possibilities because I frankly don’t know. For example, the data that I acquired from you and this would be my mindset and I am not an attorney and I don’t play one on TV but my mindset might be that I have got this observation about a patient and I might send it to Harry and Harry might de-identify it and that might get put into a dataset which then gets purchased by some pharmacy company and used for targeting physicians for marketing. Why wouldn’t I put it in my notice of privacy practice?

Now all notices of privacy practices look identical – list all possible uses of the data including commercial uses of de-identified data twice removed. How do – I guess the basic question I have is this says that people have the right to be informed or the opportunity to be informed about potential uses of their health data. That to me becomes a laundry list that looks the same everywhere and is non-discriminating for the user.

DR. TANG: Can I get in line?



DR. COHN: Paul, do you want to have Margaret read how it has evolved at this moment and then you comment?

DR. TANG: Don’t you need to address Marc’s concern?

DR. COHN: I don’t know. The question is whether you support this one regardless of Marc’s concern. Let her read it and then you can make your comment.

MS. AMATAYAKUL: “HHS should issue guidance to covered entities to ensure that individuals have the opportunity to be informed about all potential uses of their health data, that might not reasonably be anticipated to flow from their health care encounter, whether identified or de-identified and with specificity applied to describing any intent to use data for commercial purposes.”

DR. COHN: It is a long sent but Paul, comment?

DR. TANG: Marc’s concern is very real and as you know Simon, in California we had the law passed that says that any organization that uses potentially harmful chemicals must post that and so everywhere, including drug stores, you have a sign that says, “We may have potentially harmful chemicals within this building. Enter at your own risk.” It totally diffused what its intent was and that is the point that Marc is raising. I think however, with our other constraints, that is when you turn it over and he listed some twice removed things – we are trying to stop the once removed things. In other words, when you send it to an insurance company to pay a claim that should be the last thing they should be able to do with it and so on and so forth.

Do you think, Marc, with our other statements about what you can use the data for – do you think that would stop the twice removed problem?

DR. OVERHAGE: I think your point is well taken about the twice removed thing. I guess I am just wondering though that people would not just say, well, why not be on the safe side given this – I am just going to list everything. You could potentially see your data used somehow down the road and if the patient questioned it my response would be – I am saying that if the patient looked at it and said, boy, I am uncomfortable with this – let me add two comments. One is what is the alternative? The alternative is to get care elsewhere.

PARTICIPANT: Where they do the same thing.

DR. OVERHAGE: Potentially. The second comment that I would have for them is, well, of course we would never sell your data to some big pharmaceutical company. In fact that would be a true statement.

At that point in time that person who is answering the question – no, I am serious – the clerk or who ever, who is on the front line who is registering the patient. I have spent hours with these folks and they turn over rapidly, they are very hard to train, there explanation is going to be, well, there is some far off wild haired scenario where maybe that could happen some time in the future but we don’t do that. That is exactly what you are going to say. I just don’t know.

PARTICIPANT: The example we heard yesterday was your company has been acquired by an integrated healthcare like Kaiser that has no morals – I am being recorded so I should not say that – acquired by somebody who has a different view.

DR. COHN: I am glad, based on this conversation, that we don’t have it tagged to 1.2.1. At this point it is a more general concept related to transparency as opposed to necessarily require – we are not saying here that it necessarily becomes part of a 14 page now notice of privacy protection.

MR. ROTHSTEIN: Can I just add one thing to Marc that might – it may have been before you came Marc, but that thing in yellow at the top, Margaret is going to have an introduction about the limits of transparency that make go to some of your issues.

DR. DEERING: I had one specific issue and then one broad issue. I will do the specific issue first just because it is tidier. My issue is about flowing from the healthcare encounter. In my mind is what this brings back is the limits of the structure that we now have. Yesterday Microsoft announced “Health Vault”(?). As this reads, this does not apply to all those entities that we are actually more concerned about right now. I am going to leave that on the table because that is the way we have structured our whole report and I think it is a serious deficiency.

My broad statement to push back on Marc Overhage. In a way I am afraid this is almost the opposite of the perfect being the enemy of the good. By raising all of these horror stories that we can’t do anything so therefore we should not do it. I am afraid we would get away from the fundamental principle that in fact we – this work group has decided that it wants to promote greater awareness by the patient and the consumer of exactly where the data is going. I think that is a statement of principle that we are trying to struggle with.

I see 1.2 – the reason we have 1.2.1 is that there are lots of efforts that say you can in fact improve privacy notices. I know that there have been work by – even with regard to the package inserts. From time to time, FDA comes around and say, you know, they are no good the way they are now we are going to give you new guidance on what you have to say. They look at the nutrition label – we have got to do it better guys, this doesn’t work.

Just the fact that NPP’s can currently be done poorly and probably in the near term will be done poorly, doesn’t mean that 1.2.1. can’t help address some of the concerns that your raising. So I would certainly urge us not to back away from that very strongly.

DR. COHN: Let me make the following comment because I actually – is everybody okay generally with this as described here? I think Mary Jo did bring up an important comment which is this general view that this is obviously focused on covered entities. I don’t know if it is a 1.2 – maybe it is a 1.3 or something like that. Whatever it is we are really applying to covered entities here. Maybe this is the introductory language we are really talking about. That HHS should try to do these things – try to influence non-covered entities through contracts, guidance, all the other mechanisms that they have. Recognize that they are limited by law – to have them also use these things. I think that is the other piece and obviously why we are calling later on for expansion to covered entities.

Steve, you have a comment?

DR. STEINDEL: I’m assuming that we are moving off the general discussion that we have had up to this point because in going back I object to “to use data for commercial purposes”. I think it needs to be broader than that. The example that I can give is you have in the HR vendor who cuts a deal with you to use their EHR in exchange for their data – access to your databases and then you sell that information – the EHR vendor sells the information. We have heard about those models. They are generally used in ASP models. I don’t know if you call that commercial purposes?

DR. TANG: I would say yes.

DR. STEINDEL: Then maybe I am looking at it — MS. GREENBERG: Are you questioning whether the provider has commercial purposes or whether —

DR. STEINDEL: The provider. That is the one we are talking about. He may think that he does not have to disclose that relationship that the vendor has. Because the relationship to him is not commercial, it is a fiscal benefit to him.

DR. COHEN: So, Steve, you are commenting that either we need to come up with a better phrase, or we need to define it, which I think Margaret is going to make sure —

DR. STEINDEL: Exactly, because I think it is that second removed step that is not covered strictly by the word commercial.

DR. COHEN: Okay. Harry?

MR. REYNOLDS: Similar words that I used previously on our earlier discussion, that this really again transcends entities, because as you listen to Marc and others make comments, at some point they lose control of the chain. At some point a company buys another company, but the data that was there is still there. That just continues to be the overarching thing, because as we try to tie it to entities, and even when we get into covered entities and others, every time we say an entity — and I will go back to some comments that John Houston made the other day — finally the covered entities say it is too complicated and then we list the whole list, and it starts going down the chain further. SO anybody who touches that data, and again short of our privacy letter, anybody touches the data again, but without legislate, so we have to stay away from entities — I just really struggle with that. Because then I think I am not sure, as an individual sitting here, we did anything for me if we just talk about the entities, because they throw their hands up 0– it’s too big.

DR. COHEN: I think I agree. I imagine wondering if this is some of the framing language of all of this, because it is going to be in every single —

MR. REYNOLDS: No, I know. That is where I’m coming from.

DR. TANG: I think it a federal concept that has execution, as Harry said, in every organization that touches data. But NHIN is nationwide and so there is responsibility in policy setting.

DR. COHEN: That’s fair, but we also have the sort of dual issue that we are dealing with, Paul, which is when we are obviously trying for guidance in a new framework, but we are also trying to deal with practically possible recommendations. SO this is that sort of tightrope that we are playing that, if all of the recommendations require new legislation, we really haven’t done anything. So we just need to be aware — it is once again one of those balances. I think we are calling for framework, we are calling for places where HHS really has regulatory authority through guidance or whatever to do things there, and we are hoping by influence and contracting and a host of other things, to influence the other entities. I think you are probably agreeing with that framework, I hope.

DR. TANG: Yes.

DR. COHEN: Okay, good. With that, let’s move on. Can we move on?

MS. AMATAYAKUL: Recommendation 1.3 is on consent management. HHS should, as it conduct NHIN demonstrations, conduct pilot testing of various forms of consent management for sharing health data in certain scenarios, other than HIPAA TPO as used between covered entities and business associates and their agents. WE heard from several models and a number of approaches.

DR. STEINDEL: This is getting to the comment that Morris made earlier. You probably want to track the language instead of NHIN demonstrations, trial implementations.

DR. COHEN: I think that is fine. I guess I just — it feels real odd to me as the third recommendations, that somehow has this prominence there, but I guess we can think about where to put it.

SPEAKER: You are talking about 1.3?

DR. COHEN: Yes, I am not really disagreeing with it, it just seems to me that the other things we have are very, very weighty recommendations and this one just seems to me to be a real odd one to be sticking before recommendations on FTC privacy policy support. It is a whole different league of recommendation. Not against it — just need to figure out where to move it and how to frame it. Any comments on 1.4?

DR. LANDAU: 1.4 or 1.3?

DR. COHEN: We were just finishing 1.3.

DR. LANDAU: Can I get a sense of clarification regarding this recommendation? Here is what I mean, and I may be off track, but I am just trying to understand this recommendation. Obviously, as we all know, there really isn’t consent under HIPAA. I am just trying to get a sense of what you mean by consent management for sharing health data, because obviously under the current construct if a covered entity wants to share information to a business associate, they have a contract and subcontractors have to agree to the same safeguards and restrictions, and usually that is done by contract. SO I guess I am trying to figure out, just for clarification, what you mean by consent management — whose consent?

The reason I am being a stickler on the consent word is because it has a lot of different connotations.

DR. COHEN: I think this should be in a demonstration. There are a bunch of things later on that we say should be an R&D agenda, and I think that should probably be there. To stick it right where we have it here is just — I don’t think you would disagree that HHS ought to test all of this stuff. I don’t know if others feel the same way I do.

DR. VIGILANTE: So your point is not where it goes, but you have a more fundamental question about what it means, right?


DR. CARR: Are you saying the implication is are we revisiting consent for quality under operations?

DR. LANDAU: No it is even just a very broad question. What does this paragraph mean?

DR. CARR: I agree with that, but I do think it sort of frames the rest of the document to say that all of that is on the table. I am not sure that is what we are saying.

MR. REYNOLDS: We have heard a lot of testimony that there are new technologies and other things. SO for example, if I wanted — yesterday in the Privacy Committee we were discussing opt in, opt out and all the other things — but as we move forward, and we heard testimony on it, as we move forward, this idea that I could go out there an list the doctors that I would be happy to have my data sent to across the NHIN and/or ones that I might not — we talked yesterday about parsing the data and I am just talking about period — so that if I am going to have a procedure done, I might be able to go out there through consent — and if you remember what just got announced yesterday by Microsoft, they clearly stated in there they have that. So all we are saying is, we heard testimony on it, we heard people concerns on it, and we feel that it ought to be considered as we go forward, because as these things become more like getting on a web site, not the way we are doing it now, then we think that ought to be reviewed as part of the NHIN.

DR. LANDAU: I am sorry. I just want to make sure I understand what the Committee is recommending. Are you talking about it from a patient’s point of view? If a patient, let’s say, ahs an EHR or PHR of some sort and it requests Dr. A or Dr. B, and that information is sent from the network to Dr. A in order to get that procedure — in other words it is a conduit, a flow of information and in that flow of information, if I was on that web site I would have hit maybe an opt in or a consent agreement that says that’s where I want my information to go. Is that sort of the notion?

MR. REYNOLDS: Again, we are not recommending it. We are saying it needs to be studied, because if you read the Microsoft discussion yesterday, it says you can go on there and decide where your PHR goes. Well, you might do the same thing if you are on the NHIN and you have an EHR.

DR. VIGILANTE: SO now I can understand Morris’ confusion because my eyes kind of glided over this and when it comes up to the transparency discussion, where you are talking about how you are going to inform people about their uses of data, and then we start talking about consent, it is a different problem space. And we haven’t set the stage that it is a different problem space and it is therefore confusing to the reader because what you were thinking — well, we don’t need consent — so I think we need to either set it up better and show what issue we are addressing so it is clear to the reader what it is, because it is not clear right now.

DR. COHEN: These conversations are very useful because literally the recommendations evolve as we talk. Margaret, do you want to read what we have there now to see if that –the more we work on it the more it turns out to be a recommendation for sort of next step piloting. Go ahead.

MS. AMATAYAKUL: HHS should, as it conducts it NHIN implementations, conduct pilot testing of new technologies available to manage consent given by individuals for specific uses of health data, for sharing health data in certain scenarios other than HIPAA TPO.

DR. LANDAU: I was going to say that an example would be helpful. I agree with you, Harry, I think it is a good concept. The consumer needs to know that when they consent that they want that information sent to certain providers. I am just asking the question. Is it necessary to say other than TPO? Because in the hypothetical you were talking about, should it not include, because you are talking about a patient who is seeking treatment and if they go onto the network and say, yes, I agree, I opt in, that would include treatment. SO it doesn’t necessarily need to have the carve-out of TPO, right?

DR. COHEN: Erin, did you have a comment?

MS. GRANT: Similar to that, that phrase other than treatment and payment operations, examples that have been given seem like they are operations or treatment. SO I guess maybe giving an example of what you mean by certain scenarios would be helpful.

MR. REYNOLDS: Again, everybody is assuming that we understand and I continually hear that everybody understand what the NHIN is, but that is not a fact. The point is here we heard clearly from people that when they enter the NHIN, no I went to one doctor and I got treatment or I went here and I got treatment — now my data is going to be moved around. That is what we are doing here. SO I totally agree with you from the standpoint of what you are saying, but that is what we heard and those are the scenarios that we put forward as where the concern was, that my data is going to start moving. You could go to another doctor than the one you are seeing and not have your data go with you. You could decide to do that.

DR. COHEN: I think we are getting off into another letter. I am getting concerned here. Somebody had a comment on this one?

MS. AMATAYAKUL: I have a section. So the implication of this is that we will go back to the original HIPAA privacy, where everybody will start requiring a consent for treatment? It is difficult for organizations to decide for themselves when something is appropriate or not.

DR. COHEN: Let me make the final comment, because I think we are digging ourselves a very deep hole here as well as having multiple different conversations on multiple different letters, which all seem to be merging in our brains.

I think first of all that this is the wrong place for it. I think there is some recommendation way down at the end which says areas of HHS need to explore — and my view is that this is pilot stuff. The last sentence here says, if you would give us back that last sentence, while there are a number of possible approaches, the key issues determine to what data sharing scenarios consent would provide optimal protection while enabling the benefits of health data uses to occur. So I think we should be completely silent on the HIPAA issues, because this is basically an R&D activity. Let’s not get ourselves into the rest of this stuff. Is everybody okay with that? And Morris, thank you. You did your asking well — this is something I am going to say to everybody. I know we are sort of taking a long time going through this one, but this is also a document that some of us have seen so often that we are having trouble seeing it any more. WE need to get this in shape so we can send it out to others. We need to be hearing a lot more of these sorts of conversations, which in clued like what did you mean by that? Because, as I say, after the tenth version of this document, and I think we are probably at version ten now —


DR. COHEN: Twelve, thank you. So there are not dumb questions on all of this stuff. Now I think we are okay on this one. Let’s talk about 1.4 and then we are going to have to wrap up and figure out the next steps, which is going to be an interesting conversation. So you think we can handle 1.4 in the next five or six minutes?

MS AMATAYAJUL: I didn’t know where to put this one either, given the new structure, but recommendation on FTC privacy policy support — HHS should work with the FTC to ensure that privacy policies on web sites collecting personal health information fully inform users of the uses with which their health data will be made, and that the companies do no engage in misleading advertisement, advertising or other deceptive trade practices.

DR. TANG: Can I be in line?

DR. COHEN: I think you are not only in line, you are the first.

DR. TANG: We don’t need to work directly with FTC to insure this. It seems like they have jurisdiction over Internet web sites and the compliance of certain things they say they are going to do on the web site. At least that is my understanding. What we might be suggesting is that they fully utilize their authority to enforce privacy standards and privacy policies that are posted on health web sites.

MR. REYNOLDS: Whatever language we use when we get down to — it keeps moving on me up on the screen — where we talk about fully informed users of the uses it needs to match whatever language we put above, whether it is all uses or just what it is. IN other words, we cannot be requiring them to be doing one thing on a notice for an NPP up n the base paragraph, and then tell them do something more specific on the web site.

MS. AMATAYAKUL: This is not directed to covered entities.

MR. REYNOLDS: Neither was the holdback on transparency — that doesn’t, as I said, transcend entities, and I don’t think the ones above were on covered entities either. That is what I am saying. You can’t ask them to be one thing above and then tell them to do something different on their web site. That is what I am saying.

MR. ROTHSTEIN: The language in the recommendation really doesn’t bother me, but I think we need to put come text in the observation section that would consider the possibility of misleading advertising to consumers to be a problem. Then this would be a way to avoid that. But I don’t see the connection to anything in the text.

DR. DEERING: Again, mindful that as written this speaks to the situation today. Mindful of the fact that we are looking at the transformation in the new world, I think what is needed here is to also call for working with FTC — I don’t know if harmonize is too strong or specific a word — but in the future a lot of these web sites are going to be exactly the kinds of organizations that HHS is trying to extend coverage over. So there is a need to ensure that all legislation and regulations that govern web sites that gather personal health information are consistent, et cetera, et cetera. That will be an issue, just as we have already identified the differences among the different research laws applying to research. It will be even more acute if HHS is fighting with FTC over who actually is the enforcer of these. SO some way to harmonize or clarify or identify —

DR. COHEN: I am not sure what to say because HHS has no authority over these people. Currently we actually have a proposal later on about extending covered entities, so I am sort of missing —

DR. DEERING: It is in that spirit of looking ahead. It is not saying that they can do this currently. It is exactly in that spirit, that in the future it will be — if there is comprehensive legislation that in any way says that these web sites need to be covered by health privacy legislation, then it needs to be consistent. I am not trying to say today.

DR. COHEN: Maybe what we need to do is reference that other recommendation here. Maybe that is the best way to handle this one, because you are getting into an area that I don’t even know how to handle. We run the risk of it’s dropping out because in the midst of coordination where nobody has any authority, everybody goes like this. SO I think that this recommendation, with the reference to expanding privacy coverage to covered entities — maybe that is a way to do it. Steve, you had a comment?

DR. STEINDEL: Margaret just made the change. I thought she was going to delete the phrase HHS should — it has been our style, when we are talking to other agencies that HHS should urge, because our recommendations go to HHS.

DR. COHEN: Let me just as and we will take a breath here. Knowing that with the reorganization we don’t have the observation and all this stuff, are we okay with the body of these recommendations so far? We haven’t talked about 2, 3, 4, 5, 6, 7, or 8. But I am hearing people just sort of nodding their heads as we go through these as we have modified them. The good news is that we have finished up a couple of the recommendations and actually gotten down to the part where this is getting very real. The bad part is that this is our last face-to-face meeting. We are intending to try to have this all together by early November. By the end of October we want to have some open meeting, I am sort of struck with having to sort of step backwards a little bit in the sense — which is my own fault for not having read the 10 p.m. version last night or I would have taken it more it heart, but the reality is that we are clearly in process.

Clearly for us to get from where we are now to a document that I think is good enough for us to send out for public input, is going to take a little bit of work. I see that the chairs and vice chairs have already committed to our usual Sunday activity, when we work through this a little more. What I want to ask for everyone else is what everyone sees as next steps, and I am also looking at Marjorie, too. We are not anywhere near good enough to send this document out to everybody. So what do people want to do? At this point we have one conference call which I was intending to have be an open conference call. That is a two-hour conference call, and that is literally all we have. SO what do people want to do? Is this a series of longer conference calls to sort of deal with literally going through, like we have now, by a conference call, the rest of the sections.

MS. GREENBERG: Have we announced that the 17th is an open one?

DR. COHEN: Only to the people here and we may have to schedule one for a week later or whatever. We have to do things between now and the 17th, but the question is do we need to have another call that is open the week after because we are not going to be ready.

MS. GREENBERG: We want to be able to post a draft. When we have the open call you want to be able to post the draft, right? On the web site, so that people have access to it.

DR. COHEN: Exactly and they need more than three days in advance.

MS> GREENBERG: Yes, they need an opportunity to read it before, but certainly have access to it as you are discussing it.

DR. COHEN: So I am asking for input — I see Larry, then Justine and Harry.

DR. GREEN: I haven’t answered your question. I have a preference. I think the following. I am convinced at this point in this process that there is ever so much more agreement among the members at the table than there is disagreement. I have considerable confidence in the executive committee of NCVHS. I believe that a way forward, to try to stay on the timeline, would for there ot be a firm deadline, possibly Monday, for the other participants in the process to send in writing any explicit key concerns they have about the recommendations. Then that the executive committee and Margaret work together to create something and keep going.

MS. GREENBERG: Which executive committee?

MS. AMATAYAKUL: You mean the chairs?

MS. GREENBERG: Not the executive subcommittee.

DR. COHEN: Justine, comments?

DR. CARR: The one observation I have is the richness of dialog. I think that when we have fewer people in the room we may finalize something, but we lose that opportunity to hear other perspectives. I think Morris’ input has been very helpful because it is true, we have been so close to this that it is very hard to get a perspective. SO I think, Larry, the idea of everybody going through this on the plane ride home and finding serious disconnects — but I actually think nothing can replace the dialog that has been exemplified yesterday and today.

MR. REYNOLDS: I don’t think we can finish it on calls. But another option other than dragging everybody in is obviously, even if a subset of the group, whether it be the chairs and co-chairs and Margaret and then staff could be available in a location and then anybody else who couldn’t come call in — the reason I am saying that is as Margaret was changing language and doing other things, you can’t do that over the phone. You can’t do that as simply as the way you do it — and so that is just another possibility, too. I am willing to execute it any way we want to. But there is some worth to a subset of people being together. You can get access to a little more Washington people. That is just another thought.

DR. CARR: Karen McCall mentioned at our last meeting that we should be leveraging some of the technology that is available.

DR. DEERING: I can offer that. I can offer a web technology that would allow us to see her text and her creations.

DR. CARR: I think we should do that.

MS. GREENBERG: You still think it would be helpful for some of you to be in the same room?

MR. REYNOLDS: I just threw that out because I have been on a number of those — it just seems like there is a little more work to this than that.

MS. GREENBERG: Should people be reading through this or wait for the next version, because we made a lot of changes today.

MS. AMATAYAKUL: We have four-fifths of the recommendations that we didn’t talk about, so I think we can go with this.

MR. ROTHSTEIN: I hate to bring this up, but is there any way we can get an extension? We have been working very hard on this and I think we would do a disservice to sort of shortchange the final step in the process. Having put all this work in this — I don’t mean this to be critical of any person — but just to slap together the recommendations I think would be a disservice to ONC as well as NCVHS, and I agree with Harry that there is no substitute for these kinds of face-to-face meetings. If we could move it back somewhat so that we could free up I our individual schedules an opportunity to schedule may one or an extra day on the November meeting, or something, to work on this, I think we would be better off.

DR. COHEN: I share your concept. However, having said that, I am well aware, despite your best intention — remember we were trying to schedule a privacy and confidentiality session and you literally had no time for a meeting between now and February, as I remember.

MR. ROTHSTEIN: Right. But you could have this meeting, but you couldn’t have the privacy meeting then.

DR. COHEN: That’s true. I actually have a couple of suggestions.

MS. GREENBERG: I know that — I think Simon is committed, Simon and the co-chairs, to a presentation at AMIA?


MS. GREENBERG: At AHIC, but isn’t that at the same time as the AMIA meeting, like November 13th. You could make that presentation without having the full final report, I guess. Without all the nice, with PowerPoint presentations. But you probably need to engage the full Committee before you would make that full report, I think.

DR. COHEN: Yes. Let me suggest the following. Unfortunately Marc’s view takes us out to February or June likely as a report completion data —

MS. AMATAYAKUL: Sounds good to me. I was wondering what I was going to do with my free time.

DR. COHEN: That’s not tenable. I think that what we need to do — I am a lot more sympathetic to a fly-in if we absolutely need it on short notice. But I do think that we actually could, given where we are with this document, and reflecting back on standards and security work and work that we did with NHIN, as painful as it is, that a couple of hour conference call — and I am thinking of where we are — I don’t know if it is a three-hour conference call or a four-hour conference call —

MS. GREENBERG: I can last about two hours in a conference call.

DR. COHEN: I think we are talking about the webinar capabilities and all of that. If we finish early I am fine about that one, but I am just sort of suggesting is we start to try to schedule multiple different dates for everybody — but to do that I think we should get people’s concurrence that we should try to go forward with that. I think we are probably talking about the end of this coming week realistically, to see if we can do it. And I am looking at Margaret — she’s nodding her head. Am I speaking of something that is along the lines of a pipe dream? Kevin?

DR. VIGILANTE: No, I think we have to do something like that. I think it is more practical than a meeting. I would actually prefer to have two shorter meetings that one really long one, but given everyone’s schedule that may be very difficult to do. On the other hand, getting everybody at one meeting is going to be impossible. You may have to have two anyway. A two-hour meeting, to maintain attention span, is better probably. I think the other thing we might do is specifically focus on one or two sets of recommendations at one meeting, and two sets at the other meeting, so we could read ahead and really think about it and just knock those out. And the evening would be better. For me to do this during the day it is going to be really hard.

MS. JACKSON: A note about the logistics. The same thing — October 17th you identified as a major meeting and that meeting is somewhat compromised even by people’s availability. SO unless there have been some changes, some of the voices you had here may not be able and we barely have a quorum for hat meeting. SO if you are looking at something next week, we need to start polling for that. And just hearing things from yesterday and today, the framework yesterday was an amazing set-up that you all did, just knocking down issues, and today just getting into these weeds. Getting into number two and on I would think you could handle n two separate calls, just identifying which ones you are going to handle. You really set up things so well as to where you are going as a group dynamic, it is almost a shame that you have to stop now. I see in another half an hour you could get through number two.

DR. VIGILANTE: Okay, group, let’s get real here for a second. What I have heard are a couple of things. I have heard — hey, I am fine with evenings on the east coast. You can imagine being a California boy —

MS. GREENBERG: That can be a problem for the designated federal official. You should have some staff on the call.

DR. COHEN: Kevin, by evening, what do you mean.

DR. VIGILANTE: Oh, after ten o’clock.


You know, anything after six.

MS. GREENBERG: I can’t support that.

DR. VIGILANTE: All right, whatever you can do.

MS. GREENBERG: Four to six I could see.

DR. COHEN: Is four to seven all right?

MS. GREENBERG: I am not talking about myself. I am not available.

DR. COHEN: Is Mary Jo designated?

DR. DEERING: It depends on the evening. I would have to double-check if there were any issues with Centra. I don” think there are. I think it is virtually 24 hours. I am setting up the web technology.

DR. CARR: I do think, given that we can’t even get a quorum during the day on the 17th, and the subgroup members are willing to take up their free time — we have to get this done. So if Mary Jo could be on or Steve.

MS. GREENBER: I am not comfortable with you having it nine to eleven or something.

DR. COHEN: Okay so five to seven or seven-thirty — something like that.

DR. VIGILANTE: Are we still on for the 17th?
DR. COHEN: I think we are still on for the 17th, but I think there is a question at this moment whether it will be open– it will be an open call obviously, but whether or not w will be getting public testimony. We may have to schedule something the week afterwards for public testimony. We can’t send out what we have today for a wider audience for comments. So we have to get to the point where we are all nodding our head.

I know as much as Debbie loves polling people by e-mail, and of course we can get responses back from you by Tuesday, I think we need to set up the time right now. I guess I am going to look at Margaret first in terms of five to seven. To make matters even worse, because Steve was saying Monday is a federal holiday, which of course isn’t a holiday to me so it all looks the same in my life — that is sort of double killing the federal people.

DR. DEERING: I would prefer Monday — I hate to tell you. Or Tuesday — actually Tuesday would be perfect for me.

MS. AMATAYAKUL: I can do Monday and Wednesday.

DR. COHEN: We need to do it at a time when you are available — so we are down to Monday, Wednesday and Friday.

MS. AMATAYAKUL: And Friday I’ll be on the road to Ithaca.

DR. COHEN: So we are down to Monday and Wednesday, which is actually good. We need to have it sooner rather than later. Do we want to see people available Monday and Wednesday, the 8th and 10th?

MS. AMATAYAKUL: Could we propose to have both days, and Monday we will do recommendations 2 and 3, Wednesday whatever and maybe we would be in better shape for the later meeting.

DR. COHEN: Are people willing to go through the pain? Okay.

DR. STEINDEL: I could probably make half the calls on both days.

DR. TANG: I lost track of the time you are talking about — you are saying 8th and 10th?

DR. COHEN: We are talking about five to seven Eastern Time on both the 8th and the 10th.

DR. TANG: Unfortunately Monday I am flying and the 10th I have a meeting I can’t get out of.

MS. GREENBER: WE can confirm this by e-mail.

DR. COHEN: Let’s just see a show of hands. Who can make Monday from five to seven?

[There was a show of hands]

That is actually a pretty good number. And Harry said yes. And Wednesday, who can make it from five to seven.

[There was a show of hands]

Well, why don’t we put both in, but it sounds like we should get everything possible done on Monday and maybe we won’t need the Wednesday meeting.

DR. DEERING: Do you want to try the Centra on both of those?

DR. COHEN: I think if you can get us the information and we can do it, that would be great.

DR. DEERING: Then we will give it a shot. There are often glitches and on Monday I won’t have any help desk available.

DR. OVERHAGE: Just as a simple alternative, if there is a technology challenge, Google.docs works awfully well and it is very easy. Anybody with access to the web, Margaret can upload a document and send an invitation and an e-mail address that we can respond to. Joint editing a document it works awfully well.

You go to google.com and you can create what are essentially Word documents or Excel spread sheets and hundreds of people can see them and edit them jointly.

DR. COHEN: Okay, we are a couple minutes late. I think it sounds like google.docs may be the easiest of them all. Margaret can you investigate the technology and send out a note so basically Monday and Wednesday from five to seven eastern time, send out a notice on the conference call number, and we will go forward. I guess the question is whether or not — you and I will confer on some revisions to the document.

(Whereupon, at 12:06 p.m., the meeting was adjourned.)