[This Transcript is Unedited]

Department of Health and Human Services

National Committee on Vital and Health Statistics

September 16, 2013

National Center for Health Statistics
Auditorium A and B
3311 Toledo Road
Hyattsville, MD 20782


CONTENTS


P R O C E E D I N G S

Agenda Item: Call to Order, Welcome, Review Agenda

DR. GREEN: It is very nice to see everyone. Welcome back. We have another
interesting meeting in store. It is not often a guy like me from Colorado comes
to Washington to see sunshine. However bad you think it is, it is worse. It is
going to continue to get worse. The water has to go somewhere now. It is
spreading out over the Eastern Plains and those little towns, farming
communities out there are flooding. It is going to just continue for a while.
It was very unusual, but it was kind of nice to get off the airplane and see
just a little bit of sunshine. All of us out in Colorado are sun dependent. If
it gets cloudy in Colorado for a day, day and a half, the whole state gets
depressed. Thank you for letting me ventilate.

Let’s get going here. What we are going to do is spend the next hour and a
half here getting our updates, getting everybody up to speed again. We will
take a break. And then we are going to come back for our major piece of work,
which is coming to us courtesy of our Standards committee, which is a fairly
complicated letter. Then we are going to review that and clarify what needs
clarifying and make adjustments in that. And then we will take a break for
lunch. Then we are going to come back and hear from Population and Privacy
about their directions, and also forecast some future work, the next HIPAA
report. We have an outline that you have seen that we want to discuss. And then
we are fortunate that Charlie Rothwell is able to come and give us an update
about what is going on at the Center here.

There is a bonus side of today. We are going to hear from one of the unusual
suspects, not the typical folks, but to hear what the FCC is doing. Part of the
new world of information exchange. Many of us know Matt and in fact, the
privilege of working with him. He is going to be giving us that report.

Then it will be my pleasure to adjourn us for the afternoon. Then we will
have subcommittee meetings and we will start over again in the morning.

Anyone have questions about the agenda for today or any lack of clarity of
concerns about it?

I guess we need to introduce everyone. Let’s start with Bill and we will run
this way.

DR. STEAD: Bill Stead, Vanderbilt, member of the full committee, no
conflicts.

MR. BURKE: Jack Burke, Harvard Pilgrim Health Care in Boston, member of the
full committee and the privacy committee and the population health committee,
no conflicts.

MR. SOONTHORNSIMA: Ob Soonthornsima, Blue Cross Blue Shield of Louisiana,
member of the full committee, member of the subcommittee on standards, no
conflicts.

DR. SUAREZ: Good morning everyone. I am Walter Suarez with Kaiser
Permanente. I am a member of the full committee and co-chair of the standards
subcommittee and also member of populations and privacy and I do not have any
conflicts.

MS. GREENBERG: Good morning and welcome to NCHS. I am Marjorie Greenberg. I
am the executive secretary to the committee. I am here at NCHS CDC.

DR. GREEN: I am Larry Green from University of Colorado, chair of the
committee. No conflicts.

MR. SCANLON: Good morning. Jim Scanlon. I am executive staff director for
the full committee and I am the deputy for planning and evaluation at HHS.

DR. COHEN: Bruce Cohen, Massachusetts Department of Public Health, a member
of the full committee, co-chair of population health subcommittee, no
conflicts.

MS. MILAM: Good morning. Sallie Milam, West Virginia, member of the full
committee, member of privacy and co-chair of populations.

DR. FRANCIS: Leslie Francis, University of Utah, member of the full
committee, co-chair of privacy and member of populations and no conflicts.

MS. KLOSS: Linda Kloss, independent consultant, member of the full
committee, co-chair of privacy, member of the standards subcommittee and no
conflicts.

MS. GOSS: Alexandra Goss. I am the program director for the Pennsylvania
eHealth Partnership Authority and the Pennsylvania State Health IT Coordinator.
I am a member of the full committee, a member of the standards subcommittee and
I have no conflicts.

DR. CORNELIUS: Good morning. I am Llewellyn Cornelius, University of
Maryland School of Social Work, member of the full committee and the population
health subcommittee and I have no conflicts.

MS. BUENNING: Denise Buenning, deputy director, Office of E-Health Standards
and Services, CMS.

MS. ROSAS: Laura Rosas, chief privacy officer at ONC.

MS. FOERSTER: Rachel Foester, Boundary Information Group representing
CAQH/CORE.

DR. LAZARUS: Steve Lazarus, Boundary Information Group representing
CAQH/CORE.

MS. FARRAR: Good morning. Kamahanahokulani Farrar with CMS at OESS.

MS. TUREK: Kelley Turek, America’s Health Insurance Plans.

DR. QUEEN: Susan Queen, HHS, ASPE, staff to the committee.

MR. BIZZARO: Tom Bizzaro, First Databank.

MS. WILLIAMSON: Michelle Williamson, CDC’s National Center for Health
Statistics and staff to the standards subcommittee.

MS. KHAN: Hetty Khan, CDC’s National Center for Health Statistics, staff to
the Subcommittee on Privacy.

DR. PAUL: Tammara Jean Paul, NCHS, CDC, and staff to the Population Health
subcommittee.

MS. HOGAN: Katherine Hogan, VA.

MS. PHELPS: Ruth-Ann Phelps, Department of Veterans Affairs.

MS. DEUTSCH: Terry Deutsch,, CMS, OESS.

MR. ALFANO: Bill Alfano, Blue Cross Blue Shield Association.

MS. KANAAN: Susan Kanaan, writer for the committee.

MS. COOPER: Nicole Cooper, staff to the committee.

MS. JONES: Katherine Jones, NCHS.

MS. MUSTAF: Gwen Mustaf, NCHS.

PARTICIPANT: Jeannine Mtui, contractor.

MS. JACKSON: Debbie Jackson, NCHS staff.

MS. COOPER: Nicole Cooper, staff to the committee.

DR. GREEN: Thank you all.

MS. GREENBERG: If I could just say one thing. In your materials, you have a
confidential financial disclosure report update form. We attempted to send you
an email on Friday explaining why you have this in front of you, but our server
went down. It was Friday the 13, as you know. I suppose we shouldn’t be
surprised. This is a new requirement by CDC that special government employees
before each meeting or at each meeting confirm that they do not have anything
new to report on their 450. There is annual reporting. There has always been a
requirement to report in between those annual reportings if there was anything,
any new financial or engagements that might be relevant to your service. Now
this is taking a more proactive approach. If you have nothing new to report
since you last reported and most of you have just filed very recently. That is
probably the case. All you have to do is sign it, give it to us while you are
here and we will make sure that they get to CDC. They are due to CDC seven days
after the meeting.

If you do have anything new that you haven’t had an opportunity to report,
if you do not have the necessary documentation with you, this is why we
attempted to communicate with you on Friday. You can just send it back to us
after you get back to your office. If you have any questions, please just see
me at a break. Thank you very much. We appreciate your cooperation.

DR. GREEN: Thank you, Marjorie.

Agenda Item: Updates from the Department

MR. SCANLON: Thank you, Larry. Good morning everyone. If it is any
consolation, for federal employees, we have to confirm that we have not changed
anything monthly from our vast portfolio. Quarterly is not quite as bad.

Let me update everyone today on a couple of things. Obviously, within a
couple of weeks, October 1, the market place is open for the health insurance
plan. I am going to talk a little bit about the data aspects of that and how we
are going to monitor when it occurs in the market place. I am going to talk a
little bit in addition about our strategic plan, which we are in the process of
updating. And then a number of data policy projects, statistical projects and
so on that we are starting and probably ask for the committee’s help with some
of these.

Let me start first of all with health reform. As I said, the market place is
for health insurance open on October 1. Seventeen states or so have opted to
run their own market place. They have their own brands and their own names and
they are pretty much prepared to go. Most of them have a pretty good choice of
plans. We hope that that increases as well.

For the other states, 34 plus the District, HHS is running the federally
facilitated market place. When you go to the website for healthcare.gov, you
choose based on your state or your zip code, you will be taken to your state
and the offerings for your state will be available there. There is an
application form, which I think I talked about a little before. It is a
simplified standard application form. There is one version for simple, no
subsidy and then another for family with potentially eligible for subsidies as
well. That is a standard application.

And then it does not have to be done through the website alone. There are
call centers and mail and all sorts of ways of getting to the market place.
There are a number of sisters and navigators in the states who can help enroll
people. There are a number of other folks who can help with assisting folks in
getting them into the right channel as well. You can imagine that a lot of
attention in HHS is going towards preparing for that operation.

In addition, behind the market place when they come to the market place,
there is a way to check for income eligibility and for residents in the US.
That is called the Federal Data Hub. We do not store any data on the hub. It is
a transactional data hub, but the states and the federal government will use
that to hopefully a very seamless and quick almost real time turnaround to
provide feedback on whether the person or the family is eligible. That will be
from IRS based on their income for the subsidy advanced tax credit and then for
citizenship or illegal residents in the United States as well. A couple of
other checks as well. All of that has been tested. It looks like everything is
operational for October 1. We hope that everything goes well.

Call centers have already been operating in advance of the October 1
deadline. They will be getting a number of calls about general questions about
how does this all work. Many of you in your own states have been working on
these issues as well.

Let me talk a little bit about how do we monitor what happens. How do we see
what the impact is? How it is being implemented and so on. I think we have
talked previously. We have been thinking about this for more than two years now
particularly on the data side. We have taken a number of steps. We have added
questions to almost all of our major health surveys, any questions ranging from
insurance coverage to access to care changes and our provider surveys. We have
added questions relating to our doctors taking new patients. Are they taking
same day appointments? These are all access-related questions and access to
specialists and so on. The sorts of things you would want to look at to see
that there is no disruption in not only in getting insurance coverage. Having a
card is fine, but if no doctor will see you, it is kind of an empty premise.
The idea here is to monitor health provider behavior as well, hospitals,
doctors, offices.

We will also be looking at employer behavior. We have added a number of
questions to one of our employer surveys. A very large survey of employers. We
ask them about the offerings they are making to their employees. And then we
are building a longitudinal component so that we will be able to look at the
same employers a year from now as well.

DR. GREEN: Jim, just a minute. Excuse me, but someone that has called in on
the phone has a lot of background noise and it is making it difficult to
impossible for people on the phone to hear.

DR. CARR: Larry, this is Justine Carr. I also cannot hear because of the
background noise. I think it is someone who is coming into the meeting. Also I
did not know if you wanted me to declare myself.

DR. GREEN: Sure. We want Justine to declare herself. Who are you, Justine?

DR. CARR: I can barely hear. Justine Carr, Steward Health Care, chair of
workgroup on HHS’ access and use.

DR. GREEN: We have a new arrival over here.

DR. TANG: Paul Tang, Palo Alto Medical Foundation, no conflicts.

DR. GREEN: We are going to do more introductions here.

DR. FITZMAURICE: Michael Fitzmaurice, Agency for Healthcare Research and
Quality.

PARTICIPANT: And AHRQ liaison to the committee. We could hear Justine just
fine. The situation seems to be that there are others on the phone.

DR. GREEN: Is it better now?

DR. CARR: I do not know who has called in, but it sounds like there is
somebody who was coming into the meeting.

DR. GREEN: Is it better? We will have a special agenda item about 2:45 to
figure out what we want to extract from Michael Fitzmaurice.

DR. CARR: For my part, I will be there tomorrow morning.

DR. GREEN: Maybe we should see who else is on the phone? Anyone on the phone
that wants to introduce yourself? There you have it. We are back to Jim.

MR. SCANLON: I won’t repeat myself completely. As I said, the major focus
now is on the opening and launching of the health insurance market place on
October 1. Everything seems to be ready. On the data side, we have to help to
measure the implementation and the impact of health reform; we have been
planning really almost two years now.

We have added a number of questions and measures and modified a number of
the HHS surveys to be able to pick up changes in health insurance status, what
the distribution of health insurance coverage would be, access to care, the
affordability, setting aside or not using or getting your prescription or not
seeing a doctor because of economic problems of basically barriers to care and
a number of other questions. Really so that we would be able to look at the
impact of the Affordable Care Act on individual households and families, on
communities, on providers, on employers, and on state and local governments. I
will talk a little bit more about that as well.

Those enhancements are on the HHS website on the data council’s website. You
can see all of the enhancements we have made to each of the major surveys. We
will be going through another round. We are basically closing out the fiscal
year 2013 at the end of this month and October 1 also was the beginning of the
next fiscal year. We are hoping that we will actually not be shut down October
1. Hopefully, we will just have a seamless transition to fiscal year 2014. But
we will be looking at some additional questions.

For those of you who are interested in the health care safety net, we have
added a number of community health centers to the survey of physician
practices, NHMS that NCHS conducts. We hope to be able to look at what is
happening at those community health centers, which are in many ways, besides
Medicaid, they are the front line of the safety net. We will be looking at
those as well. We are probably making some changes to the reporting systems for
the community health centers as well to be able to monitor this also.

As I said, on the administrative data side, the market place contains an
application that is referred to as the simplified basically consolidated
application. It is one related application that everybody will use on the
federally facilitated market place. It is a model for the states to use as
well. That actually includes some of our section 4302 data and demographic data
collection standards for race, ethnicity. It was a different version of
disability and for primary language and so on. We will be getting information
on whom among the minority groups and the other vulnerable populations are
applying there as well.

And then for the Medicaid enhancement and expansion, again, some states have
chosen to do it. Others have not. But at any rate, we will be looking through
administrative data of how that is going as well.

And then we were asked to in order to help some of the grantees and
programmatic and administrative operations of HHS and grantees, we were asked
to propose some guidance for data standards in those areas as well. It is a
little harder to mandate something there. It almost makes no sense to mandate
because administrative data as all of you know is pretty well determined by its
statutes and regulations and what the grantees can do and not do. And of
course, our biggest administrative data systems are Medicare and Medicaid.
There are already standards in those areas. We are looking at which of the
race, ethnicity, and language and disability questions would apply there. If
agencies want to use them, what version should they use? We have some guidance
we are working on.

In addition, we were asked to help those grantees and others be able to look
at the populations they normally serve and to look at in terms of the
eligibility for Medicaid expansion or insurance subsidies for health reform. We
have some standard categories relating to federal poverty levels and for health
insured coverage categories. At any rate, for example, a community health
center would be able to when they use these items, they would be able to look
at the number of folks that they see on their rules and be able to look at how
does that portfolio look in relationship to what they might be eligible for
relating to health reform.

Again, this is largely a prediction kind of a model. No one really knows
what will happen. This could be a very slow kind of a process. We will just
have to be able to — no one really knows exactly what will happen. I think
there is a fair amount of particularly in the safety net providers, but in
other providers, I think there is a bit of angst about what exactly this will
bring even in the highest level providers and certainly in the social safety
net and in the public health providers. To some extent, we are just going to
have to monitor very carefully.

Again, we are hoping that whole safety net, the community health centers and
others will be in a position at least to have a sense of where their
populations if everything transpired in a certain direction how many of them
will be eligible. How many of them would be eligible for Medicaid and so on? We
are working through that as well.

We also met I might say with a number of the stakeholder communities. The
public health community both the safety net group that provides clinical
services. As you know, many public health departments actually provide clinical
services in addition to all of the traditional public health functions. They
were equally worried, for example, title 10 family planning clinics. What
exactly happened there? They offer services, which are included in the
essential benefit package. Certainly, their clients could be eligible for
Medicaid expansion and for the subsidies and insurance coverage as well. And
people will be actively trying to recruit them. Again, they are worried about
what the impact will be there. They are called essential community providers
along with Ryan White, which are the AIDS financing programs.

And we are on the CDC side. The breast and cervical cancer screening
program. I think some of the states. This is used to fund screening in a number
of the states. And then a couple of other programs that are more specialized in
public health. TB, STD, things like that. It is unlikely that commercial
insurers are going to start picking up the function associated with tracking of
sexually transmitted diseases. I think there is less of a worry on the pure
public health side than anybody out there. They are going to be covered. But
there is a worry about what exactly happens. What is the change on these
programs and so on? At a minimum, they need to be prepared obviously at the
grantee level to be able to participate.

We have met with the stakeholder community, public health. They have
expressed whatever their concerns were, but in many cases, they are well ahead
and they have been through their organizations. And in many states, they have
been working pretty well on these issues as well.

In addition, we were meeting with representatives, minority populations, and
vulnerable populations who are in essence offering on the one hand to help with
the outreach efforts obviously. They are asking what they can do. Many of them
have marshaled their forces already and are already helping with communication
and hoping to help with outreach to inform people about the eligibility and
bring them in and again what happens to their providers.

Data is a big issue actually. I think they all believe that if there is not
information on subpopulation groups, then in essence there assumed to be no
problems because it is masked. Whatever differences exist would be masked by
the larger category. Again, we are working with them. And I think the standards
that we adopted relating to race and ethnicity where we expanded the Asian
subpopulations as well as the Hispanic populations I think that has actually
helped a lot because now there is a lot more granularity in terms of what is
happening with each of those populations.

I can answer questions or brief you further on the surveys. Virtually, even
the CDC behavioral risk factor surveillance system, which is pretty much every
state, operate in every state, the telephone survey. We have added questions
there as well. We are working with the Census Bureau on the American Community
Survey and the current population survey on questions that could be asked on
health insurance and questions that could be related to the market place.

No one other than Massachusetts has had a market place. It was hard to test
any questions other than in Massachusetts. And even in Massachusetts, when you
interviewed people about where they got their insurance, they did not all know
that much about the market place or that is where they got it or that they had
one of the subsidized plans. Census found that. We are working on questions to
ask households about market place participation. It turned out to be a little
more complicated.

But we will all be using questions. We will be asking. This will come later
in October or November. Whether they are aware of the market place, whether
they have heard of the market place. Do they know what a premium is? Do they
know what a subsidy is? Are they aware of the market place? And then the next
step would be have they called some of their — or contacted and then have they
actually tried to get insurance that way and what was the disposition.
Obviously, we cannot test these until after October 1.

We are using a web panel that we have developed as part of the National
Health Interview Survey, which is a very nice development. We have been
collaborating on this for a while. We were trying to get a web panel survey as
part of the Health Interview Survey. Knocking on doors all over the country and
trying to get interviews is extremely expensive as you know in terms of survey
operations. Even telephone methods are having difficulties now with cell phones
and everything else. The web panel is just another way of getting this. We will
be testing some of these insurance and market place questions fairly soon right
after October 1 on the web part of the National Health Interview Survey.

That allows us to turn these things around quicker instead of the usual test
it in the spring implemented the following year. We really have to do this much
faster. The web panel gives us room to experiment with the questions and see if
people really understand.

We are asking about if people know what a premium is and what a subsidy is.
I think we actually give them — we will see. And a lot of folks even us around
the table, I guess we are not surprised by how little people understand about
this understandably. I do not think people go to bed at night and wake up in
the morning worrying about what exactly a premium is or that sort of thing. At
any rate, we hope to have that information. We will begin monitoring that right
after October 1 if we can.

Let me talk a little bit about some of the projects we have initiated, not
necessarily related to health reform. As you know, health reform as important
as it is, nothing else stops. All of the other programs in HHS, all the other
issues, government shut down and everything else continues with or without
health reform. We have not dropped a single initiative because of health
reform. The strategic plan, all the other initiatives that we have developed
and are monitoring including tobacco control, national prevention and so on,
all of those plans. Continue all of those activities. And now we are entering
hurricane season so we will probably enter some preparedness issues as well,
not to mention the forest fires and so on the preparedness side.

But we did over the past year, develop in our research planning under the
data council and in our office in working with the agencies. We started a
couple of projects that I think the committee will be interested in and could
help us and we would be happy to brief. You could help us.

One of the more recent ones is we were asked to look at this question that
has come up in the committee previously. Everyone can take all the precautions
and the most solid, statistical techniques that we know to prevent disclosure
of identity in the data that we release. As you know, we are under rightfully
so, we are under a lot of pressure with new presidential initiatives and so on
to make the data we have in the federal government available to the outside
community to improve health and health care. We have taken a number of steps to
do that.

I think Medicare has always had a pretty enlightened approach to this. Every
time we announce a new initiative, what is next? This is going to be a
continuing force and rightfully so I think. That is how communities get their
data and how it is others get their data and everyone can participate more
democratically.

Our agencies are pretty good at protecting at disclosure prevention
techniques. And as you know, the issue comes up. What about when you release a
lot of this data? And there are public data sets as well, not necessarily ours.
Motor vehicle, voting registration where they do have the identity. And there
are folks who make a living showing how they could match — they are friends. I
think of Bruce’s — who literally make a living trying to unmask the masked
data or the mashed up data and so on.

This is a question of probabilities. I do not think anyone could ever say
there is a zero probability that you couldn’t re-identify someone. But on the
other hand, no one thinks that should stop us because it is not exactly zero.

We are looking at this that is referred to as the mosaic effect, which
really means that if we put data up from this source and this source and this
source and they are all de-identified in their own right, what is the potential
for a likelihood of disclosure because they are all of them there and because
you have these other data bases in some states and so on where they actually
show you the name? You have the demographic information and the drivers. I
think voting registration lists are one of those things and others like that.
It is a mosaic effect.

Everyone talks about it. It is kind of like big data. I guess you know it
when you see it. But most people had been doing it for a long time. So far, it
is kind of marketing and conceptual. But I think in the mosaic effect, we
really have to get beyond. We either have to know that it is a problem or that
it is not really a problem and that it is largely more or less a theoretical,
not impossible, but that the likelihood is small and that certain measures
could be taken. We have started a project at the request of HHS and others,
OMB, to kind of look at the current practices in terms of disclosure
prevention. And then I think we are going to bring in folks who think that
there is this other additional. Again, it is clear that it can occur.

I think one of the folks at Massachusetts that was able to identify the
governor’s mother, the discharge records of the governor’s mother, through
mashing of the public records with the hospital discharge data, which are
pretty much available. Hospital discharge data is available in virtually every
state and at the national level.

Again, we are going to have someone look at whatever literature is available
and then we are going to bring in some experts to advise us on this and see if
there is not a research agenda or something else that will help us along these
lines. Again, this is a first step. I do not think we know where it will lead,
but I think we do want to have a fair sense of what this is. That is a project
we just about to award a contract. I think we are very close now.

I told you about the web-based National Health Interview Survey. We are very
excited about that. We are trying to incorporate web techniques and telephone
survey techniques and other techniques into our surveys to number one, help
with the response rate, number two, reduce the cost, and number three,
turnaround the data more quickly. We just cannot operate on this two-year cycle
and we have moved up most of our surveys to produce the data really within six
months now on some of the surveys.

We also were looking at — remember, I mentioned that in terms of EHRs, we
have taken the view that it is time not to wait until everybody has an EHR
before we start thinking about this. We really are working now on pilot
applications of all of the things that EHRs can help with. Can we actually
start demonstrating them on a smaller level?

With NCHS, we have worked on projects that look at what is the ability of
the EHRs to help with our provider surveys. I think that is going very nicely.

We are also looking at what is the possibility of doing research on smaller
populations and vulnerable populations through EHR research networks. There are
several networks. We are in the process of finishing up that project, two nice
reports. I would like to brief the committee as soon as we get that wrapped up
in terms of where we go next with that.

On the public health side as well, we have just finished a nice project and
we are looking for a research agenda in terms of how could public health
agencies, state and local public health agencies participate more fully in the
health IT and EHR initiatives. We really have representatives from throughout
the public health community participating giving us ideas about where we could
go next.

In general, we are looking at how can we — let’s not wait for any further
demonstration on EHRs. Let’s start testing some of these concepts in terms of
research, in terms of public health, secondary uses and so on for using
electronic health records where we can get a partner or a research network or
so on to see how this could actually work. We are hoping to use some of our
patient-centered outcome research data to do this as well. The PCORI Institute
just issued an announcement for grants that looked at EHR research networks to
be able to carry out research. It tends to be the usual suspects often. Folks
actually have the capacity to do this. That is the way you develop this and
hopefully move it along even more.

We have invested with CMS in some enhancements to the MAX data, the Medicaid
data. I know they are talking about a new system. We will deal with that when
we have the data.

We are looking at public workforce issues as well. There is a lot of
interest, as you know, in clinical workforce as a result of health reform.
There was anyway. But we are now looking at the public health workforce and
what the impact of ACA and a lot of other things will be on public health.

And then finally we are planning a study on how can — this is, again, the
public health side of the world. How can we strengthen linkages between the
clinical community and the public health community as well? We are looking at a
lot of discussion of how you do these things. Some of this was envisioned in
health reform and we are looking at how do you actually operationalize some of
that.

DR. GREEN: That is good. I want to respect our presenter’s time, but we have
a triad of questions here. Can you be quick and with quick responses?

DR. COHEN: A couple of quick questions and observations. One, I had a
question. Can HHS mandate data collection for the safety net organizations and
for Medicaid because we have been having trouble frankly requiring Medicaid to
collect some of this information in Massachusetts? Two, has there been work
maybe at the next meeting? Update us about the essential benefit package. And
the third issue I just wanted to bring up briefly. In the vital statistics
community, there is a concern about the relationship between data available
through EHRs and the impact it will have on vital statistics data collection,
particularly, vital records become part of meaningful use stage three. I just
want to make sure that NAPHSIS and the vital folks are in these conversations
about what is in vital statistics and what is in EHRs and how they can mutually
help each other.

MR. SCANLON: We have discussed this a lot within the department about
mandating and aiding items. It sort of depends on each — remember, for the
surveys, when we mandated that all of the surveys contained these self-reported
items that the ACA specified, the ACA said we had to do it so we did not have
to worry about mandating. And what we did was we just gave the agencies a
little bit of flexibility in terms of when. But we really insisted. Nobody was
special. They all had to do this. If they wanted an extra year, that was fine,
but you had to do it.

On the administrative side, we do not have a mandate, number one.

DR. GREEN: But I thought the question was can you mandate it.

MR. SCANLON: Legally and I will leave that to the lawyers. Should we is a
good question. And I am not sure. Why would we mandate? Let me ask this way.
Why would we mandate something that our biggest administrative data system
could not comply with? I guess that is the issue. We are not going to turn
around Medicare data right away to ask these questions. Why would we mandate
something that we know many of our systems could not do anyway?

DR. GREEN: Let’s keep going. We are not going to have a big discussion to
these questions. We are going to keep going here.

MR. SCANLON: The vital records. That is an excellent issue. The ability to
use EHRs to interact at least with vital statistics. Mortality and so on and
births. I think that is a big issue. We have not really looked at that
sufficiently I think. I think we will have to look at that as well. Essential
benefits. Remember, these were recommended by a panel at the IOM. We pretty
much took them. We have them up on our website. We could brief the committee on
that as well.

MS. MILAM: January 25 HHS issued its HITECH regs for privacy and amended the
HIPAA privacy rule. One of the changes was to augment the business associate
definition with a new category, health information organization. I am wondering
if the exchanges that you were talking about and the market places are now a
HIPAA business associate and regulated by HIPAA or solely by their own
regulations.

MR. SCANLON: I am going to have a chance to OCR I think shortly.

MS. MILAM: So better for somebody else.

DR. FRANCIS: First of all the privacy at least I can speak for myself would
be delighted to follow up on the bit in our stewardship letter about the kinds
of questions like mosaic facts. We would like to work with you to figure out
what the appropriate rule for us would be.

A quick observation. Are you collecting any data about how people are
actually accessing care? I have in mind, for example, frequency of
hospitalizations for ambulatory care sensitive conditions, which might well be
a pretty good measure of whether people are getting care sooner and more
appropriately.

MR. SCANLON: The answer generally is yes. On the mosaic issue, I think we
will. As soon as we get the contract awarded, we have a whole process of
environmental scan and research review and then we will form a group to look at
it and talk to experts and so on.

On the other, we have from administrative data systems from the surveys as
well. And CMS is looking at this very closely in terms of readmissions and
ambulatory sensitive conditions about. They are looking at this more and more
in terms of quality and payment reform. There is a great interest now in doing
that. You are right. We will have to look at this in the context of our new
folks getting insurance coverage coming into the system who may have gotten
either deferred care or went to some other provider.

DR. GREEN: The trio became a quintet for those of who are in the room.

DR. SUAREZ: Two quick comments. One is on the other end of the spectrum of
identity and identity controls and restrictions. I think there is still a
question. I think it is important to begin to think about really advancing the
issue of the lack of a patient identified in this country. I think that is
something that we need to somehow in some way consider going back to. That is
just a comment because I know that will probably open up a lot of things.

But my other maybe suggestion is the standards subcommittee is beginning to
plan a hearing. In fact, it might actually be a couple of hearings on public
health data standards. I think you mentioned a number of interesting points
about standards and particularly standards of how they relate to the
interaction between public health and clinical systems. I think we will have an
opportunity to include that in our hearings coming up.

MR. SCANLON: That would be very helpful. I think the public health community
just feels that and it is not entirely true. They just feel that they have been
the second tier after the clinical side for all EHR initiatives.

DR. GREEN: My impression is we are afraid to be included and we are afraid
to be left out.

DR. TANG: One question and two comments. The question is in lieu of trying
to make sure the mosaic effect does not affect the re-disclosure as we open up
the database. Is there the opportunity to pass a law that says what you cannot
do with data that you combine? In other words, chase the bad behavior instead
of prevent the things that could enable both good and bad. That is the
question.

The two comments are one is I love the idea of course of using the EHRs to
supply data for public health. One of the things we will have to do is
reconcile the definitions. One of the things we talked about was smoking. There
is a difference between public health smoking and clinical smoking and that
will have to become evident and perhaps even change the new public health. We
may be able to get better data and stratify it. That can be kept current as a
matter of fact.

The second comment has to do with stewardship, a follow up of Leslie. In the
small research databases and communities, I think we need to look at good
stewardship in that category. One of the things is these research consortiums
themselves, but also some EHR vendors have contractual obligations even for the
provider, the customer to turn over data including ownership of that data to
these vendors. In somewhat of a core state, you are negotiating a contract for
a piece of software and you end up giving away ownership. The providers. I am
not sure. I do not fully understand that and certainly the patients are going
to understand it. There are a number of these kinds of situations where it
seemed like applying some of our stewardship principles and guidance would be
useful.

MR. SCANLON: I agree. I think the strategy, Paul, with preventing
disclosure. Part of this as you say it is on the prevention side. You make it
hard for people to link. And then the second would be you also and this is
often what researchers and others say. Instead of restricting you, why don’t
you just make it very painful if you did? And we do that. If you violated some
of our data use agreement at CMS or some of our other places, there could be
dire consequences. It is not just a fine. But you could be basically delisted
from contracting and grantees and things like that. But you are right. It is
almost easier. You need both.

DR. TANG: With the HITECH change in HIPAA in terms of the business
associate, is it possible then — a provider gets data and uses it in full
compliance with limited use, but has a business associate. And that business
associate has other contracts. Can the government go after the business
associate with the new HITECH change if they violate the spirit of —

MR. SCANLON: I think we can. I think the idea — the experts are the OCR
folks. The idea would be that the civil monetary penalties and the whole regime
of penalties and preventions would apply to that as well.

DR. GREEN: Now that it is clear nothing is going on in the department, let’s
find out what is not going on in CMS too. Denise, thank you for your patience.
Is Seth Pazinski on the phone?

MR. PAZINSKI: Yes, I am on the phone.

DR. GREEN: Seth, we will go to you next after Denise.

MS. BUENNING: Thank you everybody. I have fabulous slides. Unfortunately,
none of you can see them because in the interest of privacy at CMS, my
encrypted flash drive will not work on your system. And of course, I brought my
iPad thinking I can just take it from there and of course, I cannot hook up to
the system. Be that as it may, I will get the slides to you tomorrow and you
can follow along. But just a very quick update on things.

As Jim mentioned, the wheels do not stop turning because of health reform.
We are continuing on our work with the EHR incentive program and meaningful
use. In July, the last report available, we added another 4400 eligible
providers including physicians, dentists, nurse practitioners, hospitals and
others to the roles and we now have 410,000 providers with active registrations
in the incentive programs. Of those 410,000 eligible providers, 316,000 have
received payments, totaling $15.8 billion. Those have gone out through the
incentive programs.

With regards to hospitals, we estimated that we had 511 total hospitals. And
of that number, 90 percent are now registered to participate in the program.
And of those registered hospitals, 81 percent have received incentive payments
so far.

With regard to ICD-10, again, the wheels keep going. We continue to track
well in our internal milestones. We have various components that are
identifying test file requirements for us. We are working with state and
Medicaid agencies almost one on one to mitigate any identified risks. We are
continuing to get good feedback from large plans, large practices and
hospitals, some of which are already in various testing modes. We continue to
approach the small physician industry segment. We are going to be implementing
a doctor-to-doctor approach with those small providers. This will start shortly
basically using small physicians or small providers who are early adopters of
E-Health technology and using them to share their expertise and insights into
the ICD-10 transition with their colleagues. We feel that that will be
effective.

Believe it or not, if we had kept to the schedule, we would be looking at
ICD-10 on October 1. As we all know, it is 2014. As we approach the October 1,
2013 mark, of course we feel a sense of urgency at CMS, not that we didn’t
before, but maybe an intensified sense of urgency. I am sure you going to be
seeing a lot of marketing and messaging around countdown. Keep your eyes and
ears peeled for that.

One of the things I did want to talk about today and Jim, this was a perfect
set up. Thank you so much. The market places. While Jim talked a lot about the
surveys and the questions and the development in that area, one of the things
we did want to mention today is the privacy and security of that health care
data. Again, you will see this on the slide tomorrow. We published back in
February the system of records. And basically that is the official announcement
of what kind of data is being requested. First name, middle name, last name,
age, address, and so on. And the specific purposes for the use of this data. In
this case, market place enrollment and eligibility. That is something that we
have a safeguard. Just because we have data and you are requesting it does not
mean you can use it for marketing, for research, whatever. You have to gather
that information and use it for that specific use that is in the system of
records. In this case, it is market place eligibility and enrollment.

It is not just CMS that is contributing data to the market places. We have
computer matching agreements for data sharing, for administrative, physical,
and technical safeguards. They have been executed among parties such as Social
Security and the IRS, Homeland Security, Department of Defense, VHA. This
ensures that everyone’s systems are bound by the same safety and security
stipulations.

Similar computer matching agreements exist between CMS and the states
whether they are federally funded or state based. In addition to information
exchange agreements, what data is being sent between CMS and the states and
vice versa? There are also data use agreements between OPM, Office of Personal
Management, and the Peace Corps. It is amazing how much data is coming from all
these sources.

Each market place whether again federally facilitated or state based has
conducted a privacy impact assessment. Even before they signed on the dotted
line, we asked them to assess what would be the possibility of an information
breach. As Jim mentioned, there is no such thing as a zero chance of a breach
no matter what. As long as you are exchanging data, that risk always exists.
But we ask them to conduct a privacy impact assessment on their risk of privacy
breaches and obviously what are they going to do to try to correct them prior
to signing their respective agreements.

In addition to that, each market place must have an incident response plan
and use a standardized incident response reporting form for reporting any
privacy or data related incident. CMS is the hub for this. Anything that
happens either in a federally facilitated or a state-based exchange with regard
to data breaches is reported through CMS. We have an established process for
any kind of incidents currently with either state based or Mac or any kind of
contractor breach. We have someone who is dedicated to just working on that
alone. We are fortunate in that. It does not happen very often. But as Jim
mentioned, the more data you have out there, the more likelihood it could
happen.

As you can imagine, our agency’s resources are focused on the launch of the
market places. We are really keying in on that. We continue to keep the wheels
turning. I know that we have mentioned before a proposed rule for health plan
certification. I know I keep saying this. It is coming. It actually is in CMS
clearance right now. We hope to have it published sometime in November. Keeping
our fingers crossed on that one and looking forward to getting industry and
stakeholder comments on that.

One thing I did want to mention. I think a number of you who have been on
the committee for a while will recall Christine Stahlecker. Christine is our
group director for the administrative simplification group at OESS and has been
with the agency around ten years. She is a key person. If you recall the 5010
transition, Chris was the point person when she was in our Office of
Information Standards and now in our Office of E-Health Standards and Services.

Chris has announced her retirement at the end of September. I just wanted to
let folks know. If you know Chris and would like to drop her a note, her last
day is the 27th. We are having a massive party on the 26th. But she has been
really a fabulous addition to OESS and a real asset to the agency and to the
industry. She really helped get 5010 pushed out there. I just cannot say enough
about how much we are going to miss her. If you happen to know Chris and pass
along your good wishes. I just wanted to mention that. That is all I have.

DR. GREEN: Thank you, Denise.

DR. FRANCIS: This is just a quick question about the no repurposing of data.
Does that actually even mean that there would be no research with respect to
the demographics of who is accessing the exchanges?

MS. BUENNING: Under the system of record that was published in the federal
register in February, there is very specific use for that data. No, it would
not be allowable to repurpose it for research. Maybe if someone else applied
and asked for a specific use for that data, would have to go through a whole
other process. The only time that we would share data outside of that system of
record is if the department asked for it. There is a law that says basically
that we can share data with the department for certain purposes, but other than
that, no. It is not for a researcher or any other types of uses at this time.

DR. FRANCIS: I think making that public is a very good thing. The standard
news about the exchanges that I see is I do not know anything about it and I
hate it because somebody is telling me what to do and sometimes the subtext of
that is learning stuff about me.

DR. FITZMAURICE: On the other hand, research can provide a lot of useful
answers that you cannot get any other way. I am wondering if although the
system of records notice applies to this agglomeration of data, each individual
database might have its own systems of records notice that does permit
research. Is that possible?

MS. BUENNING: That is possible.

DR. TANG: I guess I am going to go back to the business associate because I
think it is one thing with the recipient of the data, the direct recipient of
the data. Then many of your recipients have business associate agreements. I
worry that both the agreement and the enforcement does not reach them as
robustly. Is that a concern?

MS. BUENNING: Again, I think we have to do some more investigation with our
colleagues over at OCR. And the reason I say that is because I know from our
perspective and we handle the transaction and code set aspects of HIPAA. For
our purposes, the market places are not HIPAA-covered entities. Now, if they
should become HIPAA-covered entities under the privacy aspects of HIPAA then we
would have to take another look at that. But right now, they are not
HIPAA-covered entities although they will be using HIPAA standards modified for
their use. Lorraine Doo of our group has been working tirelessly to get that to
work for them. It is a good question. I think we have to explore that a little
bit further.

DR. GREEN: Thank you.

DR. COHEN: I would like the committee to explore further actually developing
standards and guidelines if they do not exist around the reuse of data in the
marketplaces and in the exchanges for a variety of secondary uses. I think the
department really needs to come out very strongly so that everybody understands
the use of these data and the limits on the reuse of these data. I know in
Massachusetts that does not exist. We are pretty much ahead of the curve.

MR. SCANLON: Denise was referring to identifiable information. I think there
are statistics obviously, the analytics from the market places themselves.
These measures in terms of overall statistics. How many people applied? How
many people aggregated? They will at least be that part of it to see how the
market places are performing. There is just a lot of worry about who could get
that information.

DR. GREEN: Okay Seth, we are ready for you. We have your slides set up. It
says ONC updates, September 16, 2013.

MR. PAZINSKI: Great. Eight areas. I am going to provide an update on from
ONC’s activities. I am just going to jump right into the first one. ONC is
today hosting the third annual consumer IT summit. The purpose of that summit
is to learn about and be a part of the public and private sector led
advancements to enable patients to better manage their health.

Some of the features of the summit today are going to be examples of blue
button implementations, innovative apps addressing some consumer needs as well
as a new E-Health campaign announcement.

The next item. ONC released a progress report on the Federal Health IT
Strategic Plan 2011 to 2015. It highlights some of the investments as far as —
that the government has implemented to guide the adoption and the use of health
IT. There is a web-based report that links the different information sources on
programs, reports and data and other useful information on federal activities.
We do anticipate updating the report early in 2014.

ONC also has some activities in partnership with CMS on principles and
strategies to accelerate health information exchange and released the report on
this reflecting the input gathers through request for information earlier in
the year. There is a new page, which is listed there, on HealthIT.gov, which
highlights both the report as well as some other useful information on what CMS
and ONC are doing to accelerate health information exchange.

One of the principles and strategies included in the document is advancing
health information exchange across providers including long-term, post-acute
care, behavioral health. ONC at its recent HIT policy committee, the federal
advisory committee to ONC, charged the policy committee with providing
recommendations on a voluntary certification program with a specific
application to that process to long-term care and behavioral health.

The page also includes information on other areas like Accelerating Health
Information Exchange. It is a Medicaid program as well as the extension of the
Physician Self-Referral and any kickback rules governing the donation of EHR
software and services.

The next update I will keep short since you have already heard about this
this morning and that is the Patient Centered Outcomes Research future
opportunities activities. This is a partnership with ASPE and ONC leading HHS a
cross-departmental effort to identify strategic opportunities for Patient
Centered Outcomes Research. I will just highlight that the documents will be
made available for public comment later in September.

The next item. ONC also worked on a congressional report. It describes
adoption of health IT from January 1, 2012 through April 30, 2013. The report
is available on HealthIT.gov as well.

I will talk a little bit about the Health IT Patient Safety Action and
Surveillance Plan. This is a plan that ONC pulled together on behalf and in
collaboration with partners across HHS particularly CMS and AHRQ. It reflects
input from the 2011 Institute of Medicine report on health IT safety as well as
recommendations from our policy committee advisory committee and public
comments on a draft plan released at the end of 2012.

The purpose of the plan is to advance patient safety and increasingly health
IT enabled health care environment. And it identifies both the potential
benefits as well as potential risks introduced with the technology.

The specific objectives of the plan are to use health IT to make care safer
as well as to continuously improve the safety of health IT. The three
strategies associated with that. Learn, which is focusing on — in response to
one of the Institute of Medicine’s findings that there was not sufficient
information about the available about health IT safety, but to increase the
knowledge about health IT safety. Also, to take specific action to target
resources towards the improvement of health IT safety and patient safety and
then lead through promoting a culture of safety related to health IT.

In the learn section, a couple of activities here. Focus on encouraging and
making reporting easier. Leveraging the use of certified health IT as well as
supporting and strengthening the patient safety organization program to
incorporate health IT expertise. That is also to analyze existing data sources.
On this particular area, ONC has contracted with the Joint Commission to do a
review of their Sentinel Event database for the past three years. We hope to
gain information on the frequency and types of errors that are occurring
related to health IT or where health IT could be used to prevent a sentinel
event.

Under the improve strategy, focus on establishing advancing health IT,
patient safety priorities, developing and disseminating tools and
interventions, and investigating serious events and taking corrective action.

In addition to our work with the Joint Commission here, we are also
developing the SAFER Guides, which are a set of tools, a checklist for
providers to use in assessing their implementation and use of health IT in a
safe way. We are looking forward to releasing that later this year.

And then finally on the lead as far as promoting a culture of safety, a lot
of this is working in partnership and in collaboration with the private sector
to try to encourage leadership and insure responsibility for health IT safety.

Some additional updates as far as the implementation of the health IT safety
plan. ONC issued guidance on authorized certification bodies explaining the
responsibility for conducting live surveillance for certified EHRs in the
provider setting. ONC is strongly encouraging ONC-ACBs to make the results of
those surveillances publicly available.

I mentioned the contract with the Joint Commission. There are a couple of
aspects to that. One is that the ability to do research and analysis on the
sentinel event database. Also to provide the support for early detection of
mitigation and serious events and hazards. It has the ability to conduct
investigations with providers with reporting on the sentinel event that
naturally involves health IT.

And then lastly, ONC released a guide for key contract terms for users. This
is focused on assisting purchasers and uses of EHRs to understand and evaluate
key contract terms and things to consider around purchasing and EHR systems.

An update as far as the numbers associated with both the 2014 and 2011
edition certification of products. Currently, for 2014 edition certified
products are 193 unique 2014 certified EHRs. For 2011, there are 1818 unique
2011 certified EHR products. And also in July, ONC released a new mark for
certification of EHR technology. This will be a mark that appears on EHR
products that have been certified through the ONC ACBs and indicates the mark.
The product meets the 2014 edition standards and certification criteria. ONC
ACBs have begun to use this certification mark.

And then finally, just a snapshot on some of the SNI initiatives with ONC
and their current status of the SNI life cycle. That is it for updates.

DR. GREEN: Thank you, Seth. If it is okay, I am going to come back to
questions for ONC after we hear from Laura and we will do them together.

MS. ROSAS: Good morning everybody. It is a pleasure to be here and present
to you our policy and project updates for the quarter. First, the policy
update. We are planning an HITPC privacy and security tiger team meeting on the
counting of disclosures. I know this committee has been involved in
coordinating on that. I will talk a little bit about interagency coordination.
And then I will go over some of our projects.

The meeting, which many of you may know already, is September 30 of this
month. It is a virtual meeting, which means it will all be webcast and it is
from 11:45 to 5:00. Health plans participating include Kaiser Permanente and
AHIP. We also have vendors and business associates represented by fair warning
ethic and Athenahealth. We have patient advocacy groups, California State and
Consumer Services Agency, and American Federation for the Blind as well as
these provider groups. We may have more participants involved in this — we
actually get to the meeting, but this is whom we have confirmed at this point.
This is the agenda. It gives you a sense of how the day will go.

In terms of interagency coordination, many of you know that the European
Union is debating and continuing to refine at their data protection regulation
that is proposed and I believe up for a vote next month. ONC is coordinating
with other agencies on monitoring the proposal in the development of that
regulation.

In terms of our projects, we have been very busy working hard along with OCR
on a development on a number of projects and tools really to help providers
understand privacy and security. We especially have recognized that smaller
practices really struggle with this. We have been trying to create tools that
make it easier for them to both learn about privacy and security and the
implementation of HIT as well as training their staff. As I said, we have been
working with OCR in developing these materials. We are anticipating a release
of probably the first week of October for these.

We have two videos. One is on continuance planning, which includes disaster,
backup and recovery, and making sure that information is available during and
after a disaster. Contingency planning of course is the term used in HIPAA
security rule. It broadly addresses all of those issues. In the video, it
describes what are the elements of contingency planning, and it is really
focused again? It is on providers and their staff.

We have another video that is on the risk analysis under the HIPAA security
rule. It explains the elements of risk analysis and what providers can do to
prepare for one. What are the elements they need to review when performing a
risk analysis? These videos are about six minutes each. They will be available
on our YouTube channel. They will be linked from our website on HealthIT.gov.
Again, we are looking at a release data around the first of October.

Many of you may remember that last September we released our first security
video game. Again, this is on our website. This was general security and you
can see here the question is can I take my laptop home. I really want to catch
up on billing. That was our first video game. It was very popular. We still get
emails all the time asking for it. We recently had a commissioner at a prison
health system ask if they could have a model that they could download and use
for training. It is very exciting to people.

We are working on our second video game. It is about to come out at the end
of this month. We work with OCR very closely on this. The second video game is
on contingency planning. The series is called the cybersecurity or practice
series. This one really focuses on contingency planning, backup and recovery.
We have paired that with the video. And what we are finding is that providers
really do not understand back up or recovery disaster planning or contingency
planning. They just really are not that aware of it. We have really tried to
have a push on this issue to raise awareness and get people to start thinking
about it.

This is an example of what this game looks like. We are not located in a
flood plain or where there are lot of hurricanes. We do not have a lot to worry
about any other kinds of risk. Here are the options. This is from the beta
version so it is still tagged with the right answer. There is also vandalism
and power outages. It is really trying to get people away from thinking that
yes there are disasters. We live in a country because of its weather patterns
as Colorado unfortunately has experienced in the last week two that has a lot
of extreme weather, more so than many other places in the world.

But beyond disasters, contingency planning needs to address issues like
vandalism, like your server just breaks, like the lights go out is just because
someone hits a telephone pole and not just disasters. To have people think of
it being broader than that and therefore because it is broader, it is also not
something that is an act of God and so unusual, but is something that should
really be built into operations. You need to expect that these things will
happen. That is one of the focuses of the game. That is all I have.

DR. GREEN: Question for our ONC presenters. Leslie.

DR. FRANCIS: I would simply like to comment. This is not a question. But the
final tiger team conference call opened to the public to plan the accounting of
disclosures is today from 2 o’clock until 3:30 thereby conflicting with our
meeting and impossible for me to attend. I have called that to the attention of
people, but have not received a response.

MS. ROSAS: I will bring that back to my office.

DR. TANG: A question for Seth. It says you let out a contracted Joint
Commission to act to receive reports about patient safety concerns both in the
hospital and ambulatory sectors. Is that correct and are they planning to set
up a database and who is the investigatory arm? Can they go and get more
additional information and details and is that information protected? In other
words, how do they operationalize that? It sounds exciting. As you know, the
IOM report was more a model of the NTSB.

MR. PAZINSKI: — of building health IT expertise and capacity into their
existing system. They are going to do a couple of things in working with us.
One is the analysis part of the contract and that is taking a look back at
their sentinel events database looking back over the past three years to try to
go through that information to identify where health IT potentially played a
role in a sentinel event. What we hope to learn from that is to get a sense of
the relative frequency and the relative severity of health IT related events.

The other parts of that is they are also supporting the Joint Commission
where if a sentinel event is reported where health IT played some potential
role or could have played a role in preventing the sentinel event that they
just like they would in their sentinel event model be able to go and
investigate that event. Again, we would be getting information if in the fact
the Joint Commission did go out and do an investigation, they could provide us
with some de-identified information on what they have learned from that event.

Two other parts of this work is one, making available information so tools
and lessons learned that they can make available on their website as well as
the ability to publish any warnings, a series of issues is identified or a
particular area where based on the analysis done on the sentinel events
database. They identify a particular area of concern. They would be able to
like they would in other areas publish a public warning associated with the
health IT safety risk.

DR. TANG: Can I follow up? It sounds like it is built around the sentinel
events database. A question I have is is the intake form suitable to provide
enough information to determine the HIT sensitive nature of the safety issue.
Are the reporters, the providers trained to be able to know to submit those
kinds of potential safety concerns to that system?

MR. PAZINSKI: I am sorry, Paul. The audio cut out in the middle of your
question.

DR. TANG: It sounds like both the repository and the investigation is based
on the sentinel database. Two questions. One, do the users, the providers —
have they been trained to know that this a kind of safety concern you should
report? Two, are the reports, their format, their standards have the
information necessary to look at the HIT sensitivity of the patient safety
concern? And then the third one is you talked about them — they accredit
hospitals. I think they do some ambulatory. Is there enough penetration in the
ambulatory space to gather this much higher volume of use of EHRs?

MR. PAZINSKI: I think that the primary information available is going to be
on the hospital side. They do have some penetration into ambulatory practices.
Was there another part to your question?

DR. TANG: Do the providers even know to report this kind of concern and does
the sentinel event report include data that would be useful in either
recognizing a patient safety concern as being related to HIT or have the data
necessary to be able to analyze it in the back end?

MR. PAZINSKI: I am not sure that we know the answer to that question. CMS
has issued a letter encouraging the reporting of the events using our common
formats, which would give us some information associated with the health IT
role although obviously that is not going to be going back into the events
reported in the past.

I think that on the side of what to look for, I think that is part of what
we are hoping to learn from this. One, what are the primary areas that we
should be focusing on? I think that is one of the things that we really hope to
get out of this work, what are the primary areas where there are issues so that
we can focus our efforts.

DR. GREEN: Bill and then Linda and then we are going to keep going.

DR. STEAD: I just want to make a comment while as part of the department
updates because I think everybody is making a real effort to harmonize and yet
in the trenches, it still feels pretty fragmented. In particular, it is hard to
get answers that cut across pieces of the department.

Just one example that we are currently working through at Vanderbilt. For
the hospital Medicare, we finished stage one, year two attestation September
30, 2013, a full year process. Then we are eligible to report stage two year
one on a 90-day basis so we can actually do that when we complete the January
through March 2014 process. The hitch to that that we have not been able to
figure out is we are actually required to report to CMS, our quality
electronically to CMS, and yet our understanding is that CMS will not be ready
to receive that after September 30, 2014.

How do we handle that disconnect? We have not been able to get any kind of
answer to it. I do not know where those kinds of things are being knitted
together. I think it would help the community a lot if we could work through
those kinds of things. I am less interested in the answer to that than the
problem it is a symptom of.

DR. GREEN: Point well made. Linda.

MS. KLOSS: I just wanted to in response to Paul’s earlier comment about
vendor contracts and the reuse of data perhaps unknowingly on the part of the
purchaser of the service. One other valuable resource that ONC recently posted,
which I do not think has gotten much airing, is a set of contractual guidelines
and analysis for providers who are entering into contracts. This was done by
the same project that is issuing this safer work that is coming out in October.
I think for providers there is some good heads up on all the contractual
minefields that should probably get more wide distribution.

DR. GREEN: There is a phrase. Contractual minefield.

DR. TANG: Could that be the next video game?

MS. KLOSS: It could be. The work is really well done and the American Health
Lawyers Association did it well.

DR. GREEN: We are going to keep going and postpone our break until we get
through this segment. If I were in charge of Emmy awards, I would have given
Rachel an Emmy award nomination for last presentation. I am thrilled to welcome
her back.

MS. SEEGER: Thank you very much. I appreciate it. I am so happy to be here
to give you an update on everything that we have been doing. I wanted to start
by talking about two recent enforcement actions that you may or may not have
heard about because they are becoming passé at this point. Who would
have thought two years ago that OCR’s enforcement actions would have been
flying under the radar?

We took an action against Wellpoint that settled for $1.7 million that
affected 612,000 individuals concerning security weaknesses of their online
enrollment system. That was followed immediately by another action last month
with Affinity Health Plan out of New York. This was a highly publicized case
concerning photocopier hard drives on Canon copiers affecting 344,000
individuals and we settled for over $1.2 million. We are right now around 16
actions bringing in about $19 million in CMPs and monetary penalties since 2009
and more to come.

Each of these cases tells a story. We are really seeing a pattern about a
lack of risk assessment and a lack of ongoing risk policies and procedures in
place pertaining to the security rule. These findings are really echoed in our
recent audit program that wrapped up in December.

Moving into fiscal year 2014, our director, Leon Rodriguez, has in a pledge
that he is looking to stand up a permanent audit program. I believe that you
will see that from us sometime in the coming year.

That brings us to the September 23 compliance data with an Omnibus Rule,
which is fast approaching. We wrapped up a webinar series with the work group
for electronic data interchange last month. It ran through the summer with four
sessions, each bringing in about 1.5 to 3000 individuals. And then they are on
a permanent ability for people to listen in and take advantage of that program.

I also wanted to update you on the PSA campaign that is targeting black men
who have sex with men who are HIV positive. You might recall. I updated you on
the rollout of this campaign the last time I was here. This is really a pilot
for OCR to see how we do within the PSA space. We stood up a unique URL on
AIDS.gov/privacy. We had over 20,000 unique visitors through May 20 through
August 31. Most of our traffic or half of our traffic is coming in from digital
ads from a number of different sources. I really cannot underscore how
successful these have been. These are ads on a website where an individual can
click a widget and it will bring them back to the website. It has been highly
successful.

Forty percent of our traffic has been from mobile devices. Forty-three
percent have been individuals who are putting in the URL into their search
engine and looking for a website. I think this is probably a result from the
transit ads that we have had as well as other advertising.

The interesting thing about this is on average, 80 percent of our visitors
are only visiting our web page. This isn’t multiple web pages. It is one long
web page with some fact sheets and video embedded. The average view time is
over three minutes and that is higher than the view time on AIDS.gov in
general. We are trending very well.

Here are some screenshots of our outdoor and transit. If you recall, we are
in six cities. We are estimating out to impressions of 3.5 million individuals,
online impressions of 19 million individuals. Our transit ads at 8.5 million
and 4.3 million for our print. We have done a ton of community outreach at
black pride events throughout the summer in DC, Chicago, New York, Atlanta,
Oakland and we just came from the US conference on AIDS where we had a
tremendous presence. The campaign response has been very successful. You can
see our numbers here. We think that we have reached about 135,000 individuals
one on one during these community sessions.

I wanted to briefly mention where we are with the CME and CE credit that we
had mentioned the last time we were here. These are provider education
programs, free of charge at Medscape.org, which is a nonprofit site. We had
stood up this mobile resource center if you recall. I am just going to click
through here for the sake of time. But just in totaling the total learners for
the three programs that we have launched, we are looking at about 40,000
individuals reached.

And then we are launching today two new modules at the kick off of the
consumer Health IT summit. The first is on mobile device security featuring
Leon Rodriguez, our director, and Farzad Mostashari from ONC. And then the
second is on understanding the basics of risk analysis and risk management
featuring Leon. This is about a half hour session and again available for free
CME CE credit. I would love to have some feedback from you all especially on
this one. I think it is very well done.

We also are announcing today two new YouTube videos. One for consumers and
one for covered entities and business associates, the Omnibus Rule. Each is
very quick, about two minutes in length. We actually loaded these up on
September 4th, and we have already had 262,000 views of our consumer
video.

I would like to see if I could quickly play this one for you.

(Video Shown)

MS. SEEGER: This is the video for providers. Let me just start this one.

(Video Shown)

MS. SEEGER: You can get a sense of what these look like. We are planning on
doing more outreach around these between now and September 23 especially the
piece on the Omnibus Rule. I think that you have heard my colleagues echo the
struggle that we had and have and many of you have commented on the fact that
many providers are not aware of their obligations, are not aware of what we are
doing. We are really trying to work on changing that. We have some targeted
digital media around these videos, which really seem to work. As you can see
here, our first set of media buys targeted consumers. It really attracts people
to click the videos and learn more.

Lastly, I wanted to bring you up to date on another initiative that we are
launching today at the start of health IT week. This is a collaborative effort
between ONC and OCR. This is a series of model notices of privacy practices
that are geared towards health care providers and also geared towards health
plans.

There are four model notices for each group, so eight in total. There is the
notice in a booklet form for consumers, a layered notice that presents a
summary on the first page, followed by full content. A notice with design
elements that are found in the booklet, but formatted for a full-page
presentation.

And lastly, text only. Providers or health plans can add their own design
elements. They also include instructions for laying these out in both Adobe as
well as Microsoft Office products and frequently asked questions and other
instructions. These are all available on our website. We are hard at work at
additional guidance that will be released in time for the September 23
compliance date.

DR. GREEN: Thank you. We are going to do questions until we take a break.

DR. TANG: It is just wonderful to see this information being out there. I
want to go back to — I want to mention what Linda mentioned is the vendor
contracts. It is one thing to tell patients and providers. It is another to
address the systematic ways that privacy may be affected and that is in these
contracts where the purchaser is somewhat as a disadvantage because they are
getting somebody else’s contract and that is where I think a lot of this is
baked in. Is there some way to literally address that head on? The topic might
be, what should you know about vendor contracts and what your rights are as a
purchaser.

What Linda mentioned. I had no idea there was this guidance. But if we can
give that much more front stage and particularly the people who are going to
negotiate these contracts because I think they need help in saying what can I
not sign and what shouldn’t I sign in fact to comply with both the privacy and
Omnibus Rule. That is an area where this is coming. The 260,000 patients or
consumers who might have seen this do not really know about this other side and
do not have the power to affect that and neither do the purchasers think they
have the power.

MS. SEEGER: I do want to mention that one of the first things we did when
the rule came out was issue model business associate agreement language, the
contractual language that goes hand in hand as a tool for providers and covered
entities with the model notices of privacy practices. It is a challenge. Trying
to reach covered entities with the message that these tools exist on our
website. We only have 90,000 individuals who are signed up for our list serve
and that is not even the tip of the iceberg.

But interestingly enough, we have a survey tool available now on our
website. By far, the largest group of individuals who are coming to OCR are
providers. We had always thought it was consumers or maybe consultants,
attorneys. But by far, these individuals are identifying themselves as
providers. How do we go about reaching more?

DR. TANG: One suggestion to that question. One is to the provider
associations whether it is the AMA or ACP, the large provider organizations.
And the other is I do not think these contractual terms are coming in through
BAAs. They are coming in through the contract for the software. You really have
to teach people where to look, what to look for, and the main thing is what
their rights are and what the rights are on behalf of their patients and reach
out through these professional associations because I think they have a vested
interest as well to make sure their members know what their rights are where
they should stand for their patients.

MR. SOONTHORNSIMA: Thank you very much for the presentation. I think it is
extremely helpful right around the corner now of 9/23. We are struggling as an
industry to understand what the requirements really are. But more importantly,
if you think about what Denise talked about earlier. You were talking about the
market places, state or FFM. I wonder in what way some of the framework that we
are laying out here with the Omnibus Rule and the provisions, how are they
different or how are they similar with the FFM and market places because that
is where I think where you talked about eligibility and enrollment data and
information and the processes surrounding these new processes. I was wondering
if there are two separate or in some way they are the same. Privacy and
security measures I mean.

MS. BUENNING: I think where we are intersecting is from our perspective,
from the CMS perspective with responsibility for transaction and code sets only
under HIPAA. We look at it from the strict definition of HIPAA, the exchange of
information for purposes of claims processing. From that perspective, the
market places do not qualify as HIPAA-covered entities. But now we have to take
a look at this from the OCR perspective because if they are saying that as a
business associate relationship, they might have some kind of implications.
That is something else we have to take a look at. We are going to be working I
have a funny feeling very closely here.

MR. SOONTHORNSIMA: Well, the FFM in the market places will be transacting
using 834s and 820s.

MS. BUENNING: Aren’t those modified? There is one transaction I believe that
is a standard that is modified for them.

MR. SOONTHORNSIMA: We will be getting 834s from FFM. We will be getting 820
from FFM or the market places I should say. Therefore, I have a feeling that
there is some intersection here with regards to privacy breaches and the
provisions. I think it behooves us to really understand where they intersect,
where they might be different just to have a lay of the land and what is
reality.

MS. BUENNING: The unique thing of course about the market place is this is
new territory for all of us. We are still taking baby steps and being very
careful to make sure that obviously the decisions we make up front are the
right ones. I am sure that we will be working closely with OCR and also the
department and Office of General Council to really take a closer look at all
this.

DR. COHEN: I echo Ob’s concerns about the market places and dealing with
those issues. Another target group I want to bring up and I think it is totally
appropriate that OCR focuses on the consumers and providers. The third group is
state and local governments who might be covered entities or mixed entities. I
feel guidance directed toward them, organizations like ASTHO, folks who really
do not understand the relationship of providing and protecting their data. They
collect enormous amounts of confidential data, some of which is part of covered
entities, some of which gets linked to covered entity data. I think speaking
from a state health department perspective, more guidance directed towards
practices for us would be incredibly helpful.

MS. MILAM: Rachel, I have a question for you. I already posed to Jim. It is
whether the expanded definition of business associate and the HITECH regs that
adds the health information organization whether those HIOs include the market
place and the insurance exchanges.

MS. SEEGER: That is an excellent question. That is exactly the ongoing
conversation that we need to have as a department with CMS, OCR, OGC, and
others.

MS. MILAM: Because I know that we are signing contracts right now and need
to know whether — the issue is on our table whether to include a business
agreement as it is for everybody.

DR. GREEN: I will be blunt. I will speak for Sallie and let her kill me
later. She is saying you do not need a conversation. You need an answer. And
you need it really soon.

MS. MILAM: Well, I am risk averse so I am going to include it, which is
going to have a ripple effect. Probably anybody who contracts with our state —
we will have to have conversations internally, but I am going to push for
business associates if it looks like that is going to be coming out because we
will have navigators and in-person assistors on the ground in October. Our
attorney general is most interested in this topic. He is one of the 12 who
signed the letter to HHS.

MS. GOSS: Taking this a slightly different angle and focusing more on health
information exchange and what is happening with the data flow around patient
care, we have been struggling with how to cut the complexities of the legal
frameworks out of the process so that we can get people focused more on how do
you use the technology, how do you run to the care, how do you get the goods
and services that you need to really achieve the triple aim.

One of the things that we have done in Pennsylvania is to focus our
collaborative efforts around health information exchange to produce
standardized agreements, participation agreements, DRSAs, BAAs, but also being
very mindful of not adding agreements where they are not really needed because
BAAs tend to have a chunk of philosophical objectives and those can be covered
in other tools and still have you contractually obligated.

I think one of the things I am not hearing in the discussion about the
software from Paul and Linda’s comments, which I very much agree with, was the
dynamic of handling the different business models that are emerging right now.
How do you get the right protections? How do you work in a federate environment
managed for the majority while giving some standardized approach to cut through
just the basic foundational legal agreements and then also have the aspects,
which touch upon the patient points within the care delivery, have those be
consistent and easily understandable. From a state’s perspective, we have
really tried to get our arms around this and create a framework for health
information exchanges and their member organizations to really use a standard
set of tools.

DR. GREEN: Michael, you get the last comment or question.

DR. FITZMAURICE: Larry, is there time to follow up with Seth Pazinski on a
question about his presentation or is he not on the line and the time has
passed? Seth, are you on the line?

DR. GREEN: I think your time has passed. On behalf of the committee, I want
to thank all of you, Denise, Seth, Laura, and Rachel for that complicated
report. We have our usual fire hydrant event here behind us now. If you missed
the memo about the US health care system being overly fragmented and overly
complex, maybe you got it today. And then trying to manipulate it under those
circumstances, you would expect it to look pretty much like this.

I want to ask Jim particularly, but all the staff here, we learned this
morning that NCVHS needs to be very careful to target its future work in a
focused way on something that really matters and needs attention from NCVHS
from its point of view and its charge. There is so much bait going by that
there are — we heard about 100 things that NCVHS might decide to address and
we cannot do that and we are not going to do that. We are not going to do
something we cannot do. We need help in avoiding being duplicative,
interfering, going someplace that is ill timed or out of sync. It is the third
time.

We need a little help here from where NCVHS can actually be helpful so help
us please on behalf of the whole committee. I have a feeling everyone will
agree with that request. We have some decisions to make later on in the meeting
about directions we had. Don’t hesitate to start providing guidance and
direction after the break.

We are going to reconvene at 11:15. We will plan on going no later than
12:15 on the presentation of the letter you already have and then we will have
a lunch break. Thank you very much.

(Break)

Agenda Item: Standards Letter – For Action, Status
of Implementation of HIPAA and ACA

DR. GREEN: We have some further people that were not introduced earlier.
Let’s cover that now. Let’s start with you, Raj.

DR. CHANDERRAJ: Raj Chanderraj, practicing cardiologist in Las Vegas, member
of the full committee, no conflicts.

DR. GREEN: The famous country boy from Arkansas.

DR. NICHOLS: Len Nichols from George Mason University. I am a member of the
full committee and the population subcommittee, no conflicts.

DR. SCANLON: Bill Scanlon, National Health Policy Forum, member of the
committee, no conflicts.

DR. KAPLAN: I am Bob Kaplan. I am an ad hoc member of the committee from the
National Institutes of Health and I do not believe I have any conflicts.

DR. GREEN: Are you an ad hoc member or are you a liaison?

DR. KAPLAN: Good question.

DR. GREEN: Anyone else who needs to be introduced? Thank you very much. We
will follow our usual protocol and we are at step 26 in the preparation of a
letter here. We are going to spend a day reviewing it together. You have had
this in advance. It has been posted for the last week publicly. Walter and Ob
will lead us through this emphasizing the recommendations in the letter. Then
we will hear your concerns and suggestions and something magical will happen
overnight and tomorrow morning. We will see a revised letter that we will vote
on tomorrow.

I want to thank you guys for an amazing amount of work that has happened in
the late summer here to prepare this for this morning.

DR. SUAREZ: Well, thank you very much, Larry. The committee has been quite
busy during the summer. We had a whole series after the noon hearing that we
held at the same time that we were having this full committee meeting in June.
We went into a series of conference calls to work on several of our agenda
items coming up and this is one of them. It is our letter of observations and
recommendations from the June hearing.

Just one comment. Every June basically the subcommittee calls a hearing to
listen to the industry and understand the state of affairs with respect to the
implementation of the standards, HIPAA standards, the Affordable Care Act
standards, operating rules, transactions, code sets, identifiers, all these
things. This is our regular standard June hearing that we hold.

This time we focused primarily on three or four major topics. The first one
was we heard about the activities from WEDI, Workgroup for Electronic Data
Interchange, which had started in light of the 20th anniversary of the 1993
WEDI report to Congress that set the stage really for HIPAA Administrative
Simplification. WEDI is organizing a 2013 report. We heard the status of that
work.

We also received a report from the Designated Standard Maintenance
Organization. DSMO is how we call them, which are the X12 and HL7 and NCPDP,
the National Council for Prescription Drug Programs and the National Uniform
Billing Committee. These are the national standard setting bodies that are used
in reference in the Affordable Care Act and in the HIPAA standards for
Administrative Simplification. Every year we hear the DSMO report. That was the
second major topic.

And then we have concentrated really on a couple of other areas, the status
of implementation of the new versions of the standards, 5010, which started for
the administrated transactions in January of 2012 as well as — the 5010, the
new version of all the administrative transactions as well as the D.0, the new
version of the NCPDP pharmacy transaction and the 3.0 is also pharmacy
transaction. That was one other topic.

We heard about the state of implementation of those standards. It has been a
year and a half of experience. We wanted to hear if there were any issues with
respect to the versions.

We also focus on operating rules and the state of implementation of the
operating rules that have been developed and in place the first set of
operating rules since January of 2013. This year we started to implement the
first set of operating rules that apply to two transactions, the health care
claim status request and response so claim status and the eligibility
transaction. Those two transactions. Operating rules were adopted by regulation
and in place and mandated to be used starting January of this year. We wanted
to hear about the experience of the industry in implementing those. And the
plans for the second set of operating rules that are due to be complied with
January of next year. Those apply to the electronic fund transfer transaction
and the electronic remittance advice transaction, the claim payment
transaction.

And then also the development of the third round of operating rules, which
apply to all the remaining HIPAA transactions, the health care claim, the claim
attachment, all those other ones. That was the fourth or so topic. And then the
last topic was about ICD-10 and the preparation and concepts around
transitioning to ICD-10 and what are the priorities for the remaining 12 months
of preparation for that.

Based on that, we prepared a letter with observations and recommendations. I
am going to go through the letter. Basically, the first page is background, the
regular paragraphs that we have that highlight the role of the committee in
developing this. Of course, we have a few typos still of the letter to fix.
This is introducing the topic to the secretary and the focus of hearing in June
and highlighting some of the important transitional and transformational
changes that the industry is going through including the adoption of these new
standards, but also health reform, payment reform, insurance exchanges, ICD-10,
meaningful use, all these other areas kind of pointing out to the complex
combination of factors that are coming together almost at the same time now.
Those were the introductory paragraphs.

Then on page two, we start with a high-level summary, if you will, of the
main recommendations. We thought it would be important to — we have about 12
or so recommendations, but we thought it would be important to start the letter
as a high level sort of leave the message. This is the main messages that we
heard and the main set of recommendations and then really getting to the
recommendations.

We emphasized education, outreach, and guidance activities. We mentioned a
few points about that. We point to the fact that there should be no further
delays on any of the upcoming deadlines particularly ICD-10 and kind of
emphasize that point that the industry needs to continue to march towards that
option of ICD-10. The message should be always that the deadline continues to
be and will be the deadline. And then defining a roadmap for standards sort of
emphasizing the concept that there is truly a need to have a roadmap that
conceptually presents where things are, where things are going, what are the
timelines, and then what are the interactions and interdependencies of the
various elements in this roadmap? Those were the high-level three main topics
or themes of the recommendations.

I will go through and you can stop me if you want to. We will certainly read
the recommendations. I just do not want to read the entire letter here.

MR. SOONTHORNSIMA: Walter, may I just make a brief comment? The second
bullet point where we are talking about no further delays on upcoming
deadlines, the idea there is because every time there is a delay on any
implementation or there are post-implementation issues, there is a long tail
associated with each and every one of these implementations. They do impact the
subsequent mandates, requirements. That is really that message. There are two
messages there. One is stick with 10.1.14 and the other is there are some
subsequent tails.

DR. SUAREZ: Good point. The second sentence that I think you are pointing
to, Ob.

DR. NICHOLS: Walter, I am always dazzled when you give your overviews of
these things. Maybe this is phenomenally naive. But when I look at bullet two
and bullet three and I take your point Ob. Every time we delay something, it
pushes other things back. But then I just read this. There should not be
further delays. Due to competing mandates, priorities, changes, it is
imperative for HHS to rationalize the pay scope, scale, and timing. But you
just took delay off the table. I am not sure these do not contradict.

And maybe what I need is a little bit better sense of what do you mean by
roadmap. Maybe what you mean is reveal all the potential deadlines that are
necessary. I do not know. But to take any delay off the table seems to me to
set up a potential roadblock.

MR. SOONTHORNSIMA: Good point. Maybe we need to clarify the second bullet
point is really around ICD-10 specifically. We really meant ICD-10
specifically. Thank you, Len.

DR. SUAREZ: It is a good point. And the other concept is the roadmap is
intended to show what is today the current landscape, but more importantly what
are the upcoming requirements and as a way to say any new requirements being
planned that we do not have yet. They now need to fit into a roadmap.

DR. NICHOLS: Let the record show I am for a roadmap. I am just pointing out
you might want to delay —

DR. GREEN: Walter, just manage these questions as they come up. I think Mike
has one.

DR. SUAREZ: The first section of the letter talks about the DSMO report. By
now, I hope you now the decoding of DSMO. And the status of the current version
of transaction standard of 5010. That was a major topic.

One of the most important messages that we heard during the DSMO report, in
fact, was the idea that — there has always been a question. We started with
4010 and transactions. Now we move to 5010. The next question immediately is,
when is the next version going to be. 60X or 70 whatever. There has been
consistently sort of that question. With the DSMO report this year, we heard
clearly that there is no expectation of coming back to the committee. Normally,
what happens is that DSMO comes to the committee and reports that the industry
is ready to move to the next version. That is what happened with 4010 moving to
5010. They came to a committee five years ago, three or four years ago and said
that the industry is ready to move from 4010 to 5010. The committee discussed
and reviewed the status of that. The reasons why it would be valuable and
important to move to 5010 and made a recommendation to the secretary to adopt
regulations to move to 5010. Then the secretary agreed with the committee and
moved on that and so adopted the 5010 transactions or version.

We asked the question to the DSMO. When is the next version ready or would
be ready? They basically reported to us that they do not intend to come back to
this committee with a recommendation for the next version, the next one from
5010 not probably until sometime in 2015. And working through the schedule in
terms of adopting or reviewing the committee the recommendation, making the
recommendation to the Secretary and then the secretary moving us to the next
version in terms of regulation. We are looking at probably not seeing the
implementation of the next version until sometime in 2017.

We thought it would be very important to send that message out to the
industry that we are going to be with 5010 until probably sometime in 2017 and
maybe even beyond that. Who knows? But it would be important to make that
message out and put that message out so that there are no ambiguities or
concerns about we will know when the next version is coming and it might come
next year. It might come in two years. That was the first recommendation. CMS
should work with the DSMO to inform the industry that the current version of
the transaction standards 5010, D.0 and 3.0 in effect since January 2012 is not
expected to change until sometime in 2017. Denise, you have some comments?

MS. BUENNING: Yes. And maybe this is just kind of technical nit picking
here. But I noticed on the recommendation you are saying CMS should work with
the DSMO. And actually, I think in reality it should be HHS. When it comes to
standards and transactions, authority is delegated to CMS from HHS. I think
that any recommendation that speaks to operating rules or to standards would
come under a recommendation to HHS. I noticed that the recommendations, I
think, 7 through 14 refer to specific CMS programs like Medicare and Medicaid.
I think that is appropriate. I think we might just want to make sure that when
we are talking the more general and broader platforms, it is HHS.

The other question I had was when it said it is not expected to change until
sometime in 2017. I just want to confirm that you are saying it will not be
adopted. It will be adopted in 2015 for compliance in 2017. Is that the
subcommittee’s intent?

DR. SUAREZ: We are working on some projected expectations here. If it comes
to the committee sometime in June of 2015 or the fall of 2015, the committee
makes a recommendation. Then really the rule making process starts and is
completed in 2016 with a compliance of at least six months if not a full year
after or maybe two years even after that. Then we are talking about 2017 or
even beyond 2017.

DR. GREEN: Denise, what do you think the wording should be?

MS. BUENNING: HHS should work with the DSMO to inform the industry that the
current version of the transaction standards in effect since January 2012 is
not expected to — I am trying to get across the fact that it will not be
implemented until 2017 to take effect.

DR. STEAD: This is trying to help people know it is not before this.

MS. BUENNING: I would support that language. Again, we do not know about the
timelines on this yet. If we could put it until sometime in 2017 or later, that
would give us a little bit of cushion.

DR. SAUREZ: Right. Thank you. Okay.

DR. FITZMAURICE: Just a friendly suggestion. You did a great job of
explaining what a DSMO is, but might we spell out DSMO where it first appears.
That is, the first sentence under DSMO report. I could not find what it stood
for. That is all.

DR. SUAREZ: Thank you. I think the next part at the end of page two we just
talk about some of the issues that we heard and a point that we heard about the
transition to 5010 and the implementation of those new versions. We highlighted
a few points.

The industry estimates show that approximately 80 percent of the providers
have to successfully move to 5010. While 20 percent, primarily small providers,
continue to use the previous version 4010. We do clarify that this is
completely acceptable. There is no requirement that says that the provider has
to do 4010 or 5010. The provider can do whatever if they achieve the exchange
electronically through the use of a vendor or a business partner like a
clearinghouse. They can send to the clearinghouse a non-standard transaction.
And the clearinghouse converts it into the standard into 5010.

The concern of course is that with respect to that is that the ICD-10
transition when we get to that in October of next year will create a major
issue because 4010 does not support the submission of ICD-10 codes. The
providers that are still in 4010 sending data through the clearinghouse will
not be able to the send the data into ICD-10. And if they send the data in
ICD-9, someone has to convert it to ICD-10 to become compliant. We make the
argument clearly that that is not really a role. The clearinghouses are not in
the best position to make those decisions because this issue affects revenue
and affects reimbursement. If I change an ICD-9 code to an ICD-10 code and I
chose the wrong one then we are in trouble. We make that argument there.

The second recommendation is about specifically those organizations that are
still in 4010. HHS should work with the industry to identify current 4010 users
and develop a targeted outreach campaign explaining the implications for not
migrating to 5010 in advance of the adoption of ICD-10 code sets. This
recommendation points specifically to addressing this concern of the provider
that are not yet using 5010.

Let me stop there and see if there is any question about that
recommendation.

DR. CHANDERRAJ: Does it apply to only CMS transactions or all commercial?

DR. SAUREZ: All commercial transactions. This applies to every transaction.

Hearing no comments on this recommendation, we move to the next one. We
noted that several testifiers mentioned the value and the importance of
adopting a standard for another transaction called the Acknowledgement
transaction. Acknowledgement transaction is the electronic I did receive your
transaction kind of message back to the submitter. I send a claim. I get an
acknowledgement from the payer that received that claim saying I did receive it
and there are some details in the acknowledgement saying the thing worked. The
claim is okay. It looks fine. Go through the next stage of adjudication or it
says there are problems. You need to send these other things. A lot of benefits
about the Acknowledgement transaction.

The committee has made already two recommendations in previous letters to
the secretary to adopt standards for acknowledgment. We thought it would be
important to in this letter emphasize again the importance of adopting this
transaction standard. Recommendation 3 reads HHS should act upon the NCVHS
recommendations on standards for Acknowledgment transactions as communicated in
the NCVHS letters to the secretary dated September 22, 2011 and September 21,
2012 as soon as possible. We are emphasizing the recommendation we made before.

Any questions about that?

With operating rules — that is the next section. In the operating rules
side, we heard a lot of very important messages and we thought it would be
valuable to highlight a few observations before we made our recommendations.
The very first message I think overall is that there is of course
implementation of the first set of operating rules. Things are already in
place, are being implemented. A lot of the organizations, mostly the large
organizations and significantly payers are implementing these operating rules.

But there is still also as with other things organizations that are not
ready or have not yet implemented those. There are a few reasons for it. We
highlight first of all some background about operating rules because not a lot
of people necessarily understand the process for operating rules. There are
three sets of operating rules I explained earlier. The first set was claim
status and eligibility and those are already being implemented since January of
this year. Then the second set is starting next year, January 1, and they are
for electronic remittance advice and electronic fund transfer. And the third
set is for all the remaining transactions. We have not yet made recommendations
to the secretary. We have not received feedback from the industry about those
operating rules. We are still away from that third set.

The most significant findings and observations are listed in these bullets.
I mentioned again a few points there. CAQH, which is the authoring entity for
operating rules, has undertaken a significant number of activities over the
past few years related to the planning, developing, vetting, testing, and
finalizing operating rules, and will continue to build awareness and expand
industry involvement, support implementation, test adoption. We are
highlighting the important role of CAQH in this process.

Compliance status with the first round of operating rules is strong among
commercial health plans and some clearinghouses. Provider adoption is facing
challenges around available technical and business resources, coordination with
multiple trading partners, inconsistent use, and varying entry levels so how
ready they were at the beginning before starting to implement operating rules.

With respect to the second set of operating rules, which we are in the
planning stage for compliance by January of next year, entities completing that
have already implemented the first round currently permitting the first round
of operating rules are well underway in getting ready and is expected that they
will be successful in implementing the second round January of next year. Many
other organizations are at an early awareness stage or a planning stage. We are
about four months before the compliance stage. We had some challenges,
realities, and opportunities in these observations.

Let me get to the recommendations. We have two recommendations here.
Recommendation 4 is CMS should work with NCVHS, CAQH and industry stakeholders
to make a more comprehensive assessment of four things about operating rules.
Number one, the level of adoption and use of operating rules.

Number two, the value and benefits of adopting operating rules by
transaction type. Let me explain very quickly a point. Right now operating
rules are being adopted for each transaction. There are operating rules for
eligibility and operating rules for claims status. And there will be as we go
along operating rules for each of the transactions. There are questions about
is it really valuable to adopt operating rules by transaction. Aren’t there
operating rules that cut across all the transactions and should be really based
not on a transaction, but business centric, business process? That is the point
we wanted to make. Looking through the level of adoption or the value and
benefits of adopting those operating rules by transaction versus number three,
the opportunity to adopt cross-transaction operating rules using a
business-process centric approach.

And then number four, the relationship and opportunities that operating
rules offered to meet some of the electronic exchange requirements of health
reform. We heard earlier about the role of enrollment, the 834 transaction and
premium payment, the 820 transaction. We wanted to study and understand the
linkages between the operating rules and the use of these electronic
transactions in some of the health reform exchanges. That is recommendation
number 4.

And then recommendation number 5 is CMS should consider designing and
implementing targeted assistance and outreach programs directed at smaller
providers to improve their understanding of the importance of using electronic
transaction and operating rules. One reason we highlighted this number five is
because one of the reasons people are not doing necessarily operating rules is
because they are not doing the standard electronic transaction in the first
place.

Many organizations are not checking eligibility using the 270, 271
transaction or doing claims status using the 276, 277 electronic transaction.
They are doing it in other ways. By doing it in these other ways, they are not
doing the standard and they are not implementing operating rules for those
adopted operating rules for those transactions. There is that underlying issue
of not using the standard in the first place and so not implementing operating
rules that are attached to those transaction standards.

Those are the two recommendations. Let me stop there and see if there are
any questions.

DR. CHANDERRAJ: I think Susan’s point of changing CMS to HHS should be —

DR. SUAREZ: Denise, this is a recommendation where it is HHS instead of CMS.

MS. BUENNING: That is correct.

DR. CHANDERRAJ: But there is one earlier too on recommendation 1.

MS. BUENNING: Recommendation 1, recommendation 4, and recommendation 5
should be HHS.

PARTICIPANT: Also, we are missing an S at the end of transactions in
recommendation 5 at the very end.

DR. SUAREZ: Raj.

DR. CHANDERRAJ: On the operating rules, I did not see any timeliness of
payment if there is — I know there is a lot of discussion about claim
attachments if there is something going on. But if there is a clean claim and
that is acknowledged and the acknowledgement received, is there a timeliness of
payment by industry?

DR. SUAREZ: That would be good to have. There are no operating rules yet for
claims. That is in the third set of operating rules. That will be one of the
interesting points to comment on. Of course, there is for clean claims and for
prompt payment and things like that. There are state laws and program
operations that are followed to define how quickly a claim is paid when the
claim is clean. To what extent the operating rules will need to get into that,
I am assuming and I am expecting that the authoring entity we are looking to
that as they develop operating rules for the claim itself and for claim
attachment and for the other transaction. We do not have those yet and so I
think that is a point that I think will need to be addressed as we get the
third round of operating rules.

DR. GREEN: Walter, you explained what you meant by cross transaction
operating rules. But I do not understand what three actually means when it adds
using a business process centric approach. I suggest we either define those
terms or modify them.

DR. SUAREZ: Let me give you an example that might help clarify. As I said,
right now the operating rules are being adopted by transactions. There are,
again, operating rules for each. There are instances where some of the
operating rules are applicable to any transaction. For example, system
response.

DR. GREEN: What is a business process centric approach?

DR. SUAREZ: The term business process centric approach is the business
process itself is response time, for example. That is the expectation. It
should be an operating rule about response time across all transactions. That
is an idea. That is the concept. Rather than having a system response rule for
each transaction, have a system response rule that is applied to all
transactions. That is based on the business need of response of a system, a
computer system and an electronic system. That is an example of how instead of
looking at silos each of the transactions for operating purposes is to look at
operating rules that apply to all the transactions across. That is what cross
transaction means.

MS. GREENBERG: I was just going to suggest some language like the
opportunity to adopt operating rules about essential business processes that
cross all multiple transactions or something like that.

DR. SUAREZ: That is good. That is perfect.

DR. CORNELIUS: Walter, I actually liked how you were defining it in terms of
response time. It is kind of unpacking the language and making it inclusive. I
hear what you are saying, Marjorie, in expanding it. But I think the easier we
state it, the more people are coming along in terms of what you are actually
getting at.

MR. SOONTHORNSIMA: That is a very good point. Let’s see if we can wrap that
a little bit better. Here is a scenario. It is more like an end-to-end process.
It is really end-to-end. It is not about a claim or it is not about
eligibility. It is a whole process, processes that have to come together from
the provider side all the way through to the payer. That is really the point. I
think we need to do a better job maybe end-to-end process and give some
examples as opposed to looking at transaction centric. Does that make sense?
That is what we were trying to get at.

MS. KLOSS: As was pointed out in one of the bullets, what we heard from the
testimony was that those organizations that are really seeing value from the
operating rules are those that are integrating them into their business
processes. There are stepping back looking at how they do an end-to-end process
and building them on solid operating rules that optimize the technology and
marry it with work process. That is really what we are getting at here rather
than necessarily a criteria like response time, but looking at how do we get a
claim paid and looking at the multiple transactions that might be part of that
process. I think that is what we meant. I think Marjorie’s suggestion
reinforces that.

DR. SUAREZ: I think that is great. Alex.

MS. GOSS: Linda got it covered.

DR. SUAREZ: Now we will move to the next and last portion of the letter and
that is the status of ICD-10 code sets planning, testing, and implementation.
We start with our highlights and messages and observations that we heard from
the hearing. The first one, probably the most significant one, again, is the
October 2014 deadline should not be modified. I think a number of comments have
already been made about that point. The long tail, the impact, other elements,
the investment that organizations have made already. Again, the
interdependencies on this concept of a roadmap of how if we move anymore
anything, now people are going to have to make a lot of adjustments in the
midst of implementing all these other things is a major challenge.

Testing was the second major message. Again, considering the important point
that we are trying to make here is what is it that needs to be done over the
next 12 months to get us to ICD-10. Not moving the deadline is the first. The
second one is emphasizing testing, both end-to-end testing as well as
content-based testing.

The third is having access to some of the tools and resources, for example,
access to ICD-10 code sets-based version of the CMS Hierarchical Condition
Categories, which is something that it is used for capitated reimbursement. It
will be very helpful to have.

There are still concerns among providers about what is a correct code
selection in order to do the transaction using ICD-10, the payment, the claims,
submission and all that in a “budget” neutral or in a way that it
does not affect a way in which I was being reimbursed before when I was using
ICD-9, those kinds of things. We highlighted those.

And then we get into the recommendations. Here we have about five or so
recommendations. Let me start with recommendation 6, which is HHS should
continue to emphasize its intent not to change the current deadline for
compliance with ICD-10 code sets of October 1, 2014.

Recommendation 7. CMS should clarify and communicate that its Medicare
fee-for-service program has a testing strategy that will ensure a smooth
transition to ICD-10 code sets. I think this needs a point of clarification.
Right around the time of this hearing, CMS and its Medicare fee-for-service
program announced that weren’t going to do and there were all different
interpretations of the meaning of that, but they were not going to do
end-to-end testing. That had been an emphasis of a lot of the recommendations
we have done in the past as well as the industry recommendation that you really
want to do end-to-end testing to ensure that the systems work appropriately
from end-to-end.

We heard during the hearing that it would be very helpful to have the
Medicare fee-for-service program clarify and communicate that it does have of
course a testing strategy and that it will ensure a smooth transition to ICD-10
code set. That is a recommendation.

Recommendation 8. Let me go through the recommendations and then we will get
to the questions. Recommendation 8. CMS should establish and publicize a series
of realistic and actionable interim testing milestones to be achieved during
the remaining 12 months before the compliance. We really now want to map over
the next 12 months what are some of the key milestones particularly around the
testing processes.

Recommendation 9. CMS should support and actively participate in the
HIMSS-WEDI ICD-10 National Pilot Program, establish high-level criteria for
readiness, leveraging the pilot programs currently underway, and provide
readiness guidance and framework for smaller and medium size entities.

Recommendation 10. CMS should share its Medicare and Medicare ICD-10-related
payment policies with the industry and private payers should do the same.

Recommendation 11. CMS should share with the industry, as soon as possible,
the ICD-10-based Hierarchical Condition Categories or HCCs.

Recommendation 12. CMS should reassess Medicaid ICD-10 preparedness and help
address the disparity in readiness across Medicaid programs, since state
Medicaid programs drive local adoption of major changes such as ICD-10 code
sets.

Recommendation 13. CMS should work with HHS partners to explore the
possibility of leveraging department-funded education and training centers, for
example, Centers of Excellence or the ONC Regional Extension Center, to help
reach smaller practices and develop targeted education and outreach activities
related to the transition, testing, and adoption of ICD-10 code sets.

And then the last recommendation 14. CMS should encourage clearinghouses and
vendors to communicate their ICD-10 code sets transition plans more explicitly
and clearly to their trading partners and providers should be encouraged to
demand access to those plans.

Those were the ICD-10 related recommendations. Let’s see if there are any
questions. I think we have Bill and then we will go around.

DR. STEAD: I think this is an excellent set of recommendations. My
suggestion is really around packaging. When I read this, I could not see the
patterns and it was just daunting. I would think that you are really suggesting
three things. A, make it clear that the goal post is not going to move. B, take
an active role in leading end-to-end testing. And what I would suggest under
there is that the recommendation 8 would become A under that. Recommendation 7
would become B under that. Recommendation 14 would become C under that.
Recommendation 9 would become D. 12 would become E. 13 would become F if I am
understanding this. Those are actually the elements of end-to-end testing. And
then the third recommendation would be around getting the information out that
people need to implement other aspects of ICD, which are your recommendations
10 and 11.

The other thing I would think about. If this were in fact the most important
thing to happen in the next 12 months, then I would pull this whole thing to
the front of this letter and make it very clear that this is in fact the most
important thing. We have to get this right or we are going to crater.

Then we have these other key things, but I would actually put them
downstream and try to shunt blood in the brain to this part.

DR. SUAREZ: Excellent suggestion. Thanks so much, Bill. That is great. That
means Bill that you are going to join the subcommittee now.

DR. NICHOLS: I appreciate the clinical graphicness of that metaphor, I just
wanted to say that I put my card up because I wanted to second what I knew Bill
was going to say, which is collapse these things. But my question is number 10.
I just want a clarification on what you actually mean. Should share Medicare
and Medicaid ICD-10-related payment policies. That is kind of broad. Do you
mean how to make it budget neutral from nine to ten what assumptions you are
going to assume about breakdowns?

DR. SUAREZ: Good question. I think many health plans and payers have
established some parameters, let’s call it, and some reference elements about
the use of ICD-10 in their billing process. I think those are the policies, the
guidance that providers need to understand from the payers with respect to what
is it that they are going to do when they receive a claim that has ICD-10 in
terms of the payment. Are there any effects of choosing certain ICD-10 codes on
the payment process?

DR. NICHOLS: That is what I mean by there has to be a neutrality issue. I
would just make that clear.

MR. SOONTHORNSIMA: Reimbursement. Another thing is they are not going to pay
based on ICD-9 code. There will be no payment.

DR. GREEN: Denise, I would like to direct this question toward you. This
whole set from the way they are formatted right now, 7 through 14 all start out
with CMS. I just want to ask your opinion if that is correct and particularly I
want to direct your attention to 13. I am wondering if that really isn’t an HHS
recommendation.

MS. BUENNING: No, because it speaks to the fact on number 13 that CMS should
cooperate or should explore leveraging department-funded education. I think
that number 7 through 14 are appropriate for CMS in all instances.

DR. KAPLAN: Actually, that Bill said what I wanted to say. Let me just
reinforce it to show that there is — Bill and Len both mentioned this. It just
seems like 14 recommendations in a letter is a little bit overwhelming with not
much text in between them. I did find the summary of the points made in the
hearing much clearer than the recommendations themselves. Again, you are
thinking about how to have impact. I think that if you were able to combine
these or summarize the recommendations actually more like you summarize the
stuff from the hearing and then nest the recommendations about ICD-10, for
example, within a single recommendation, you are likely to have more impact.

DR. SUAREZ: We have done letters with, I think, 21 recommendations. That is
our longest number of recommendations in a letter.

DR. KAPLAN: How much did you get?

DR. SUAREZ: Amazing enough actually a lot of it. Your point is well taken.
In every letter, we modify a little bit the approach. We use bullets that
highlight the observations and highlights the discussion and then to make the
recommendation and then another set of bullets and make recommendations. In
this turn around, we compressed all the observations and then add all the
recommendations.

MR. SOONTHORNSIMA: I had exactly the same concern. We had internally debated
on this a little bit. I think the key point was — I was like you. Can we
combine some of these? But the counter to that was that way we can be more
selective. HHS can be more selective as to which recommendation they can really
act on and which one they can just — if they cannot based on capacity and what
not. That is why I like the idea of sub-bulletizing some of these things.

DR. GREEN: We have agreement about the packaging. We are reporting — back
to the letters. Consensus. You can feel it in the room about that. For the
moment, we have the Stead amendment as the way to do that.

DR. SUAREZ: We will work on that. Certainly, by tomorrow we will have the
revised letter with the revised packaging.

DR. COHEN: One very quick thing. In recommendation 9, make sure to spell out
HIMSS and WEDI before you use the acronyms.

DR. SUAREZ: The last portion of the letter is a few other items. The theme
about standards roadmap. We made some statements. These are not anymore
additional recommendations. We just made some points about — ongoing call
within the industry for an E-Health standards roadmap. We note a few of the
elements of this roadmap and the various factors that are used to define this
roadmap into the future and the objectives of a roadmap. We know that to this
effect the committee is convening a roundtable listening session September 18.
This is very timely. We include it in the letter. In two days, we will have
this roundtable.

The other section. The WEDI report. We highlight some of the value and
benefits of the work that WEDI is doing with respect to identifying what is the
next major area for obtaining some of the goals of administrative
simplification. We say the committee will continue to collaborate closely with
WEDI on this important effort.

Impact of the Health Insurance Exchange capabilities on standards. We
highlight the points that I think were made about the role of some of these
standards in the insurance market places and the implications that the market
places will have with respect to new needs for data exchange outside of or
complimentary to the current transaction standard that we have of claims and
claims payment. All of this is part of this concept of the roadmap as well.
What are the implications of the new data needs coming out of health reform
including quality reporting for purposes of documenting outcomes? We have and
we are working on national electronic standards for quality reporting, for
example, being adopted and of meaningful use and of other programs.

MR. SOONTHORNSIMA: This is just hot off the press because we just heard some
reports earlier this morning from Denise and Rachel. I wonder if we should not
include security, privacy, and reach notification in this comment as well. Just
a comment. I would love to get some reaction from everybody.

DR. COHEN: I think these are important topics, but my overall comment would
be there is too much in this letter. I think if we make ICD-10 the primary
issue and address the other two issues that is plenty. These other topics are
worth a separate letter. I would actually stop here and work on a separate
letter that focuses on all these issues.

MR. SOONTHORNSIMA: But leave this section as a teeing up for the future.

DR. COHEN: I would not even do that. Maybe just an ending paragraph. There
are other issues that will be presenting to you soon.

MR. SOONTHORNSIMA: This came up in our panel discussion or roundtable
discussion. We did not want to leave this topic off.

DR. SUAREZ: One thing we can discuss is whether we can actually have two
separate letters tomorrow. One is this first letter with the specific
recommendations and the other second letter is really more observational.

DR. GREEN: I vote no. It is not a good idea to start a new letter today to
approve tomorrow. Whatever we want in this letter should be in this letter. If
something that is in this letter that is troublesome, we do not want it in
there.

DR. SUAREZ: I think what we are saying is we will split this letter into two
is what we are saying without changing the content. We will work on that. We
will figure out if we can come back with two letters or just the first letter
with the main observations.

I think that is pretty much it.

MS. BUENNING: Just one more thing. No matter whether we split the letter or
we do not split letter. Under the standards roadmap section, the last
paragraph. To this effect, the committee convened a roundtable, not is
convening because to Larry’s point I do not think we are going to get this done
in 24 hours.

DR. SUAREZ: Good point. By the time this gets out —

MS. GOSS: And I would suggest building on Denise’s very astute comment that
we seek to finalize the roadmap recommendations in the coming months because I
do not want to put us on the hook. We do not know what is going to happen on
Wednesday and we do not know what we do after that.

DR. SUAREZ: Good point.

DR. GREEN: I would like to invite comments from the audience.

MS. LOHSE: Gwen Lohse, CAQH-CORE. One quick comment here. I do not want to
take a lot of time. You have a busy schedule. One of the things I think we
heard from the testimony across the board about the adoption was for the
non-HIPAA covered entities. They are critical for adoption. Impacts ICD-10, the
operating rules, the standards, you name it, in the letter, it impacts it.
There may be a good comment to put in something about non-HIPAA covered
entities and their impact on adoption. That would be just one of my quick
comments.

MS. BUENNING: I am sorry, Gwen. When you say non-HIPAA covered entities, are
you referring to the automobile insurers, that group?

MS. LOHSE: I think across the board there are non-HIPAA covered products and
then there are the non-HIPAA covered entities. It is a good distinction. I am
thinking more about as we think about the provider adoption especially, the
providers rely on the practice management systems, which are not HIPAA-covered
entities. As they are struggling with ICD-10 adoption or they are struggling
with operating rule adoption or standards adoption, they are relying on their
practice management systems. That is a real challenge because they are not
required to adopt.

MS. BUENNING: I guess it has always been my impression that when we refer to
an entity, we refer to a group like insurers or plans or whatever. Actually, if
it were a practice management system, it would probably be a non-HIPAA product.

MS. LOHSE: A non-HIPAA covered product, but would it be a non-HIPAA covered
vendor? You have the vendor. The clearinghouses are HIPAA-covered entities.

DR. SUAREZ: These are entities that are not subject to HIPAA is what you are
trying to say. They affect the way in which HIPAA —

MS. LOHSE: We are agreeing on the general concept. There is that gap. You
talked about the end-to-end testing. I think you made some great points there.
As you think about all the hops in the system, there is a missing hop. You
cannot actually have the whole process work if one of the entities is not
required to meet the process.

MS. BUENNING: Where do you see that being inserted into the letter? I am
trying to get some clarifications.

MS. LOHSE: Absolutely. Perhaps maybe one of the summary points at the
beginning. I just noticed it as a comment and I thought it was important to
bring it up.

DR. SUAREZ: Thank you.

DR. LAZARUS: Steve Lazarus, Boundary Information Group representing
CAQH-CORE on the same point. I think one of the other places to put this is on
page 7 under the health information standards roadmap in the second to last
paragraph that starts with the objectives of the roadmap. One of the most
important consumers of the roadmap will be these vendors who every year plan
their system upgrades based on where they are going. If they do not know, they
do not put it in the system. That is one of the places where this belongs. They
can plan out two or three years at a time. What am I supposed to be working on
of version 27 of my software ahead of time instead of after the fact?

DR. SUAREZ: Thank you. Any other comments?

DR. GREEN: Walter, what happens next? Your committee and you and Ob are
going to work your magic and tomorrow we are going to see a new version?

DR. SUAREZ: Yes. We are meeting tomorrow morning as a subcommittee and we
will finalize our letter or letters and we will bring back those to the full
committee.

DR. GREEN: Now that I have said we are only going to do one letter. We are
going to do two. We are going to do another letter right now.

DR. SUAREZ: We do have another letter, a different one. But I think Denise
had a comment before we go to it.

MS. BUENNING: Have we decided that we are going to separate out ICD-10 from
this?

DR. SUAREZ: No. I think what we are going to do — what I heard is we are
going to have the sections where there are recommendations in the letter
including ICD at the first big section and then 5010 and then the DSMO. And
then the other sections about insurance reform and the WEDI report will be part
of a different letter. I think that is what I heard that Bruce suggested. We
will explore that in terms of the flow.

MS. GREENBERG: A different letter that will not be approved at this meeting?

DR. SUAREZ: If we can work it out, we would just simply cut and paste. Cut
the sections that are in this letter today that are not recommendations and
make a separate letter of observations I guess.

MS. BUENNING: There is a time on the agenda tomorrow at 9:15 to discuss the
standards letter. What I would like to propose is that over night we produce
the changes in this letter and give it back to you.

DR. SUAREZ: That is what we will do.

DR. GREEN: But don’t come back with a brand new letter.

DR. SUAREZ: No, this is not brand new text, brand new letter. This is really
two letters. One, the letter with the recommendations and one is a letter with
observations of these other topics that we already have written. It is just
cutting those sections into a different letter.

DR. GREEN: Okay. Let’s do the new letter.

DR. SUAREZ: The other letter that we have right now is actually hopefully a
very non-controversial letter. In fact, I am sure you will appreciate this. As
many of you know, Lorraine Doo had been the staff lead for the standards
subcommittee for several years. She works for CMS, works for Rob and Denise.
Recently, of course because of her incredible expertise and commitment to other
areas, she was asked to lead some of the work around health reform in fact. She
has been working quite a bit in this area. Her ability to help us and continue
to be the lead in our subcommittee was not there. She was reassigned to really
focus on that. We were fortunate to have been assigned a new lead, which you
already have met, is Kamahanahokulani who is sitting here. We have already
started working with her and it has been just terrific to see her. I am sure
she is learning a lot of new stuff around HIPAA and all the standards, but she
came with a lot of very good experience around some of these issues too.

In light of Lorraine’s departure, we wanted to have a small recognition of
her incredible support. We put together this letter directed to the
administrator of the Centers for Medicare and Medicaid Services. I am going to
read it. It says the purpose of this letter is to acknowledge and express our
most sincere appreciation to Miss Lorraine Doo from the Centers for Medicare
and Medicaid Services who has served as a lead staff for the Standards
Subcommittee of the National Committee on Vital and Health Statistics. The
members and staff of the national committee have appreciated Lorraine’s
unwavering support for all activities associated with her role as lead to the
subcommittee.

Since she started in her lead staff role back three years ago, she has been
front and center in responding to the committee’s needs. From the very start,
Lorraine showed how much the committee could rely upon her to handle any and
all coordination of work, organization of hearings, drafting of recommendation
letters, and connecting with the industry on the many projects in the
subcommittee’s agenda.

During her tenure, the subcommittee helped over ten years, prepared and
delivered more than 12 letters to the Secretary with observations and
recommendations, held special industry roundtable meetings, and delivered two
HIPAA reports to Congress. She was particularly diligent in reaching out to
industry leaders and stakeholders when setting up panels and organizing
hearings often under tremendous time constraints to address special topics as
requested by the subcommittee.

NCVHS was specifically cited to provide input as part of the extensive
regulatory requirements stemming from the Patient Protection and Affordable
Care Act. And Lorraine never missed an opportunity to help the committee meet
its objectives. Her involvement and hard work can be seen in letters and
reports to the secretary containing recommendations that have subsequently been
cited and used as major department initiatives.

Overall, Lorraine made significant contributions to the success of the
subcommittee and the development of several key NCVHS recommendations. Her
unwavering dedication and service as lead staff to the subcommittee allowed us
to prepare the necessary materials, conducting hearings and response
expediently to industry needs, which has been crucial in the committee’s
effectiveness as recognized by stakeholders throughout the health care
standards community.

As Lorraine takes on new responsibilities at CMS that will move her away
from the day-to-day work of the community, we wish her the best and look
forward to maintaining the collegial working relationship that she helped to
forge between CMS and the National Committee on Vital and Health Statistics.
Sincerely Larry Green, Chair of National Committee of Vital and Health
Statistics.

DR. GREEN: With your consent, I will entertain a motion with my acclimation
that we send this letter.

(Motion passed.)

DR. GREEN: I disagree with one thing you said. You said it was a small
letter. This is a big letter of thanks. She was a difference maker. We want her
to know that. Thank you guys.

Here is what I think we will do. We will go to lunch and recommence at 1:15.
We will take 15 minutes out of the proposed outline for the next HIPAA report
and just make that a 15-minute item and start with population and privacy at
1:15.

(Lunch Break)

Agenda Item: Population/Privacy – Community as
a Learning System for Health, Status of Products from the Roundtable

DR. GREEN: Welcome back. Do we have any new attendees that need to be
introduced? I do not spot any. Are we okay? I think we are. We will pick up
with the next item of the agenda. The population/privacy community as a
learning system for health, status of products from the roundtable. There is a
title.

Before we start this, we need a final count for who is going to dinner
tonight at 6:30. Everybody who is attending the dinner, please raise your hand?
Thank you very much.

The co-chairs that are presenting this, I want to remind you that this is a
half hour proposition. It is time to start.

DR. COHEN: I will start for the Population Health Subcommittee. What we did
on our summer vacation. I am going to focus on what we have done since the June
roundtable. Just a quick reminder. The purpose of the roundtable was really to
advance our understanding of access and use of data, to refine the stewardship
framework, to better understand the role of government in providing data and
support and I will talk more about that later, and to understand the current
state and possible gaps around data content and the issue of standardization
came up during our discussions with the communities.

Underlying subtext of our conversations was really the convergence of
themes. Federal government wants to liberate its data. Communities are becoming
much more attuned to using data for policy development and NCVHS is integrating
our work in areas that all focus towards communities.

Here are the themes that emerged in our discussion. The promoting and
dissemination of roundtable summary. We will talk more in depth about that. And
one of the outputs is going to be drafting a letter to the secretary that
focuses on a high level of the issues that emerge.

The second area that emerged from the roundtable for population health is
exploring community readiness and the first piece of that is assessing the
technical assistance that the federal government provides.

The third area is converging with the Solve-A-Thon group working from the
data work group to align our understanding of integrative data uses at the
community level.

And, again, the fourth sort of unspoken theme that I think underlies all of
these activities and I think Larry brought it up earlier today is what can the
National Committee do to support and promote the evolving federal role in
community data. That is the fundamental question I think that we all would like
to address.

First, roundtable dissemination plans. Why don’t I turn it over to Sallie to
walk us through this?

MS. MILAM: Everyone should have in their place a copy of our summary from
the roundtable. It has a very nice cover on it. Debbie identified for us that
this cover is the same as the cover in terms of format as the community’s
learning health system. It is a different color. It keeps it within the same
family of reports so that when people see it, they realize that this is a
follow-on activity.

We had a work group called one of the immediate tasks we identified was to
develop a dissemination plan for the summary to get it out there. We started
with a list of participants as well as those folks who participated in our
feedback tool, the survey monkey tool that we sent out to our friends on list
serves and through other mechanisms to get feedback. Our goal is to push out
this report, the summary pretty quickly. Susan Kanaan has already helped us
with a nice synopsis of the summary and a nice message. I think that Debbie
will be pushing that out. Each of us will receive that link. We would like as
many of you as possible to send it to different organizations who you think
would be interested in it. We will then circle back around and see where the
report has gone. We will need a feedback loop and see if we are getting the
report to the right audiences and then see how we might need to be more
aggressive targeting those groups who did not get targeted initially.

I think that is pretty much everything in terms of the report. Is Debbie
here? Debbie, is there anything else on that that you want to include or add?

We also had some brief discussion on what the letter to the secretary might
look like. We want it to be visionary. We want it to sound a lot like some of
the testimony we heard at the roundtable and at the meeting that Susan Kanaan
and Vickie Mays attended in San Francisco really about the focus on supporting
data and infrastructure in a privacy protective way in terms of being good data
stewards. It is really more than just pushing data out. It is really about
aligning all of your organization’s goals and functions to make that happen. We
heard a lot of testimony to draw from at the roundtable. We heard from Denise
Chrysler and Sharona Hoffman, Andrew Bazemore, and Denise Love. Those folks
talk about the need for a refocused and well-supported data system and talked
about the need to perhaps look at stewardship and privacy and new and novel
ways to make that happen.

We want to also identify the other areas that Bruce mentioned that need
additional work, but really have the letter focus on a vision and a new role
for the federal government.

DR. COHEN: This new slide deck was handed out this morning and replaced the
one that was in your initial packet if you are trying to follow.

The second activity is thinking about community readiness. And essentially
this grew out of the seminal suggestions of Dr. Nichols here. Len came up with
this diagram at the end of the — was it at the last meeting or the end of the
roundtable? I forget.

PARTICIPANT: I think it was the roundtable.

DR. COHEN: Essentially, when we step back and think about how can the
federal government best target our resources to provide data and technical
support, the issue emerges. We need to understand where communities are at to
give them the appropriate and meaningful support.

In order to begin this journey, we have decided to do an overview of what
technical assistance already exists. I really have to thank Susan and Casey and
Tamara and others on the staff for their outstanding work in helping compile
the technical assistance overview that I am going to run through briefly that
we can discuss more in detail later. But essentially, they found seven areas
where the federal government is providing technical assistance to communities
in providing health information: research grants, workforce, conferences,
community-led, and federal initiatives. You can read them right here.

I will not go through all of the details. We can discuss these later, but
here is a brief overview and highlight of some of the initiatives that the
federal government is already doing to provide technical assistance. These are
research grants and funding opportunities. These are workforce funding, which
is a key to providing funding. Conferences such as Datapalooza to get the data
out. And strategies that shape data sharing policies. Of course, Blue Button is
an enormous initiative directed at individuals. Liberating the data directly
through open data resources. There are, again, providing guidance for technical
mandates.

Again, thinking about the impact of a new federal infrastructure and the
impact that it will have on providing community data. The bottom line is we
cannot improve what we do not measure and evaluate. Data are a means, not an
end to the process.

With respect to this work group’s activity, where does that lead us? Here,
as we develop our work plan, are the issues that we need to discuss. There are
some existing data resources, but they are not used for the extent they could
be. Why? There are some existing data resources, but very few of them actually
focus on local data. There are all kinds of technical assistance projects that
focus on higher-level data or specific targeted information streams, but there
is no consistent focus on the government supporting local data initiatives. How
can we fill that gap?

Our next steps are trying to understand essentially what these gaps are and
then translate our concept of technical assistance into better understanding
community readiness. On our last call, Jack had a great suggestion of thinking
about communities at different levels of readiness and how can the federal
government target its information strategy to communities where they are at.
That is our second activity.

The third activity is working and converging with the Solve-A-Thon. This is
certainly related to the objectives of the Population Subcommittee as well as
the Privacy and Stewardship Subcommittee and obviously the Standards
Subcommittee. We want to be involved in these discussions perhaps helping
select communities as well as providing technical resources. Many of us on
these committees are very familiar with a lot of the data sources and we can
provide expertise and really the align the mutual interests of using social
media data with the goals of communities as a learning system.

I would say we have no direct agenda around this area. But I think, again,
as I have been listening over the last several months, this is essentially the
space that this committee needs to be in. How can we help address the changing
role of the federal government for local community data support? Out of the
roundtable, here are some themes that we would like to not only work on as the
Population Health Subcommittee, but as a committee as a whole. Really
redefining public health and putting communities at the center of the message.

By redefining public health, it is not only focusing on stuff that we do
really well, measuring disease and clinical outcomes, but what role does the
federal government have on assessing community resources and assets. This is an
area that public health has not really focused on, but if we really want to
address public health at large, we need to go there.

Outcome of the roundtable was there are people in this space already who are
not government federal or local or state government. Community Commons. There
are federal folks as well, but Data Warehouse, the county health rankings.
There is a lot of information out there, but there is no coordination or basic
structure. Every week I get another report on the next best set of indicators.
If I were a community, I would have no idea where to go with this.

Third, we talked about these basic — this is what the federal government
does well. We need to harness this energy around local data. And here are some
specific ideas about recommendations that we might consider and flesh out with
respect to helping this evolving federal role. The concept of extension
centers, leveraging the community health needs assessments that are currently
mandated for the IRS, and continuing our work on stewardship and working around
small area indicators, local data around developing standards and indicators.

We are going, as Sallie said, finalize our dissemination strategy for
roundtable products. We are going to continue to better understand where
communities are in terms of the readiness to use our data. We are going to work
on the Solve-A-Thon and we are going to develop strategies for adding value to
the redefinition of the federal role for community data learning.

DR. GREEN: Thank you.

DR. FRANCIS: Can Linda and I add just a little bit to this. On the privacy
side, there is a real conundrum. On the one hand, people fully recognize the
importance of insuring trust in data use. On the other hand, people do not
really know a lot about how to do that. If you ask somebody about how to try to
get data out to communities, it is a lot easier to find answers about what
communities want than if you ask people about what are some of the best
practices of stewardship. Another piece of the conundrum is that the word
privacy is all too often met with oh you want to regulate us.

What we want to do in terms of commenting on where we are going, we want to
read a bit of a paragraph from the summary and then the framework from our
stewardship letter. Here is the paragraph from the summary.

This framing pointed to the need for techniques, models, and best practices
to guide communities in their data stewardship. In particular, participants
called for a new model of community consent, not based on the research model.
Communities also need technical assistance on questions such as
de-identification and the use of small area or small end data. The subject of
mental health provided a reference point. That is what is in our summary.

The more general parts of the stewardship framework. There were eight pieces
of it. Openness, transparency, and choice. Number two was purpose
specification. Number three, community engagement and participation. Number
four, data integrity and security. Five, accountability. Six, protecting
de-identified data. And relatedly seven, attending to the risks of enhanced
data sets and eight, stigma and discrimination.

What we are going to be doing is working on producing a set of what we might
regard as case studies about how to instantiate openness, transparency, and
choice with respect to purpose specification and/or data repurposing and when
is that appropriate.

We are particularly interested in working with HHS on the question of
enhanced data sets, mash ups, not at the technical level, but at the policy
level.

We are also going to be looking at the question of how data use agreements,
their constructions and their enforcement might be a particularly helpful
mechanism for communities to employ.

Linda might have something she wants to add on that, but that is our — we
are going to be working further on that plan today in our subgroup.

MS. KLOSS: I would just add that through the roundtable, we really made some
new friends that are very important new friends and contacts. We have had
follow-up calls with them about what in the stewardship framework would be most
advantageous to focus on in terms of identifying case studies.

We have also been in communication with them thanks to Sallie’s contacts. As
things happen, we just identified some people that are working in the same
space and seen new opportunities for convergence on public health and privacy
issues and have been engaged with them in helping to think through a 2014
conference where NCVHS might have a role in framing a session or a pre-work
session or something. I think there is some life to the relationships that were
built through that that will bear fruit also in addition to the direct work we
do.

DR. FRANCIS: We should also add that if this is to be a report of the
Privacy, Confidentiality and Security Subcommittee, we have been working
closely on the accounting of disclosures question and the upcoming virtual
hearing the 30th of September. We are also interested in some of the other
questions involved in some of the open stuff that is still leftover from the
HITECH Act that was not included in the Omnibus Rule.

MS. MILAM: Can we just add one thing to what Linda said, build on what Linda
was saying? One of the relationships that we are continuing is with the public
health law network. They are placing one of their RWJ attorney positions in my
office. Part of their responsibilities will be to come to this committee
meeting. Be prepared to see a new face, probably starting in February.

DR. GREEN: Does this person know this yet?

MS. MILAM: We are doing a national search looking for a JD/MPH combo. If
anybody has good ideas for us, let us know. We will be bringing them with us.

DR. GREEN: We are at the questions or comments. Walter and then Paul.

DR. SUAREZ: Just to follow up on the convergence message. From a standards
perspective, there is clearly also a strong opportunity to advance really the
stage and the status of standards around not just a collection and exchange of
data, but ultimately the disclosure of the data. I think from that perspective,
we are going to be looking for those kinds of connections and those kind of
opportunities to pursue the convergence and particularly as we again look at
the — within the standards world, the convergence of the public health data,
the administrative data, and the clinical data and ultimately how the data
flows across those different domains. It is collected and used and reused and
is expanded, et cetera.

DR. TANG: Just two comments. One, in this report is an executive summary at
the front. I am not sure there is any summary except for listing in the panel.
I am not sure.

MS. MILAM: The entire thing is a summary. We are calling it a summary.

DR. TANG: The title may be a little misleading.

Second is, I think it is buried in some of the words, but I am not sure. I
do not know that we are only providing data support so much as we are trying to
help communities understand the problems to solve and how you use data to solve
that problem. It is sort of there, but it focused a lot more on the data side
and the technical side rather than how would I recognize the problem if I saw
one. It is analogous to the EHR. It is not actually to install software. It is
how to understand your workflow. I think that is a difference between it
getting used and changing, making a change versus just something out there.

DR. GREEN: Other questions?

MR. SCANLON: When the committee is ready, I think we will have the committee
come and talk to the Data Council at HHS about the findings and the
conceptualization and what the framework is. I was thinking it was October even
if it is a preliminary. As long as it is committee approved, we are fine.

MS. KLOSS: It is on my calendar, but if it is better to wait so that other
members can go.

MR. SCANLON: We will schedule it for October 9 and then can at least get —
again, this fits in very well. To be honest, I do not think anyone knows the
way here. I think we are just trying to feel our way. It is one of those things
where you just try things to make the data available. Even our open data
initiatives. The concept is that if we make the data available to developers
and others, even though we do not know what the result will be that people will
start using it in ways we could not even imagine new products and new
arrangements and so on. To some extent, I think that is the issue here.

While public health might have been a focal point at the community level, as
we talk this morning, public health really feels overwhelmed. This is clearly a
public health function assessment, community assessment and so on. But I just
do not know. Maybe you had the county and health officers there represented.
Whenever we have them at a stakeholder meeting, they do seem to feel somewhat
overwhelmed in terms of all of the other health reform, EHRs, meaningful use
and so on.

Again, this has to be done in a way where the people want to do it and not
because people think they are being forced to do without probably a lot of new
resources. I just do not see all that many resources being freed up unless
there is some really innovative way to do this.

DR. FITZMAURICE: I like the report because it pulls together a lot of
resources and ways of thinking about how to obtain those resources. What I am
thirsting for is it kind of alludes to what Paul is saying. I am asking myself
what changes are needed in the community, how do you use data to bring about
those changes. I would like to have seen things like if we had the data, we
could look at immunization, how many kids do we have, how many kids are
immunized. Chronic illness. How many people do we have with a given chronic
illness? How many specialists do we have in that area? I would like geographic,
patient location, facility location. How can we reduce the travel cost for our
community?

With data, we could look at the industry effects on our population’s
illness. Do we have a lot of COPD because of a particular industry? Do we have
a lot of accidents because of a particular industry? I wonder what is the value
of the data for a community? What decisions does a community make based upon
its data and where is it lacking and then how does this fill the gap?

People who know public health know all these kinds of examples. I am only
half way versed in public health. Having some of these examples of communities
cannot make the decisions without this kind of data, or they do not make good
decisions without this kind of data, then it leads into what can we do to help
improve those decisions and help improve their data.

At least when you present it, I would start off presenting here is the
problem. Communities need to make these kinds of decisions. They do not have
the data to make those decisions.

DR. NICHOLS: I was just going to pick up on Jim’s point. I just think it is
important especially as you are organizing a data council conversation. I do
not think anyone is suggesting we put more on the public health professional’s
plate. I think more, Jim, at least in my mind what this is kind of about is
that what the health reform I will just movement beyond the law, far beyond the
law has done is made a whole lot more stakeholders than normal think about
population health.

It is really about bringing those different perspectives and leveraging
them. To me, a concrete example is when a group of employers figure out we have
a blood pressure problem here. We all share it. What can we do to fix it? They
have no clue. But there are people in the room who can help them. And getting
these data in a place where they can drive focus across sectors, that is the
game here.

DR. TANG: I think I will tie these comments together. Both from Jim — deja
vu with Meaningful Use — push back on how much there is to do. Yet there is
value actually, in synergy and actually doing what you need to do already, but
having a bigger impact.

Along the lines of what Mike was saying, what they asked us to do in
meaningful use was you say this is improving outcomes. A lot of the people who
sit around the table know how it would do that, but generally, people do not.
The same thing you just said about public health. A lot of people understand
it.

What we did was present the connect the dots presentation. It is going to be
very same underlying requirements, but you have to connect the dots of how does
it — in our case, how does it connect to outcomes? How does use of this
function connect to outcomes? That is I think what I heard being said in the
last three comments. It would help as a nice framing.

Community. Here is how this would help you get potentially more resources
whether it is from the public or the private sector to do something we all
understand. Elementary school education or childhood nutrition and obesity.
Those are the things communities already recognize, but they do not understand
how does that relate to data. It is the connect the dots thing.

MS. KLOSS: I think this is along the same line. I think of the 50 to 20
people at that meeting, every one of them came with a different perspective.
Probably not one of them would describe where they came from was public health
in the traditional sense. I think the emphasis needs to stay on community and
start with the vignettes of the real problems that they were trying to address
through their work like reduce the number of reps in the community and things
like that that were very practical.

We grab it back to overall improvement of public health. I do not think that
is where the people at that roundtable were coming from.

MR. SCANLON: I do not think for better or for worse, I do not think except
in a few instances. I do not think at the community level, folks turned to
their health department necessarily. Some do. The county I lived in as a
leader. I do not think most folks would necessarily associate that which does
not matter in a sense. We would like to see them well positioned, but this is
really community issues. I do not think there is one focal point necessarily.

DR. GREEN: We will go to Marjorie and then Bruce — make a quick comment and
then we will keep going.

MS. GREENBERG: I was going to say what you said, Jim, is that maybe it does
not matter, but actually it does matter. This is interesting. I see within my
name I see Garland.

(Laughter)

MS. GREENBERG: Garland was a real leader at the state level and on vital
records and everything. Maybe that is giving me a message here.

I think most countries do not talk so much about public health. They talk
about health. But as somebody mentioned, it might have been Lynn, yes, public
health departments and Bruce can tell us this better than I can, but certainly
are stretched and stressed. At the same time, they do exist in some form in
every state and in most communities or in some cases counties I guess. There
are a lot of them. For the most part, they have very few people. And some of
them have very little even technology. That is not where the funding has
necessarily gone. But there is expertise. I think this is where we really need
to as somebody said, I guess it was Paul, but my favorite thing is connecting
the dots.

I could understand if I were there. I would feel overwhelmed too. But this
is a tremendous opportunity to leverage these other stakeholders and parts of
the industry and parts of the health environment, health and health care that
are still probably in most cases have kind of weak relationships with.

We do have public health departments in this country and we do have a lot of
responsibilities that we have given to public health. I think that if we can
help as a committee to identify some of those areas of convergence among health
care providers, public health because the health care providers are being —
and the hospitals of course, but even individual providers are being asked more
and more to have a population health focus.

This is certainly not a niche or an area that I see anybody else going
really. The people focus on electronic health records and that whole agenda.
They have enough on their plate, the people implementing health reform. I do
think that there is a real opportunity here from the community work that the
committee has done so far. I am not sure we have quite figured out how.

I do think that we can turn this anxiety into a productive maybe pushing
people out of silos and getting more interaction among these different
stakeholders.

PARTICIPANT: Beautifully said. Bruce.

DR. COHEN: I do not have much to add and I agree with the tenure of this
conversation. Where can this committee make a difference? It is based on the
observation that when we did have our roundtable hearing, it amazed me how few
people who had been operating with their boots on the ground had no idea about
what data are available to them. The idea of us linking community organizations
to not only actually understanding how to get the data and where the data are,
but how to use it to help them make decisions. The data will not make the
decisions. Ultimately, the committees will.

We have done government and nonprofits have done a lot of work in helping
first of all identify these different data sources, but we have not linked it
to the people who need it and provide them with the tools to be able to
integrate it into how they want to make their decisions. This is wide-open
space. I think Len is right. There is just more and more awareness among the
public about because of ACA and other kinds of other activities the need to do
these things better.

And whether you call it public health, population health, the quality of
community life. It is all the same space and we can be active in it.

DR. GREEN: Thank you, Bruce. Listen to us. Listen to ourselves. If you can
hear echoes from our last two or three meetings. We still are not quite that.
That clear laser like focus on what we are going to be doing. We need to get
there. The surrounding chaos will disorganize us maybe if we are crystal clear
about our space and what we want to do. We are having a very important
discussion.

My own view goes like this. I realize that you do not have to agree with it.
But we are just about done talking about this. We are getting close. We are
over the target. We need to now do something. Standards are I think crystal
clear. There is an engine running in standards. It is partly defined by the
law, by regs, by what the expectations are, by the business model, that sort of
stuff, the industry. That train is running and it is running hard. The rest of
us are a little bit meandering around. We are getting close to a moment of
clarity. I doubt that we are going to get it at this meeting, but I am very
optimistic about the November meeting. At least let me have a couple of months
of optimism. I could use it about this.

I am fond of course and adages and that sort of stuff. Two or three popped
in my mind in the last 15 minutes. One was the old quote about after the atomic
bomb was made. Now everything has changed in the world except the way we think
about the world. We still have not gotten over that. We still have not figured
out how to think differently.

Another one is the Winston Churchill quote about America and the United
Kingdom being a people divided by a common language. Higher language is in our
way in my opinion. Our language has been translated into our subcommittee
structure. I think our subcommittee structure is in our way. I do not think we
are organized properly for the work.

There are two words that I hear coming out of almost — this actually
started a year ago August at that executive committee retreat. Thirteen months
later, there were two words that are standing and they are beginning to flash
like a neon sign in front of me. One of those words is stewardship. Put the
word data in front of it. Data stewardship. So much of what you just said, so
much of what was in this PowerPoint slide said is actually about the proper use
of data as if they are for your own good, your community’s good, the public
welfare, et cetera. Not wasting them. Not misusing them. Stewardship.

And the other one is this idea of convergence. It is a crazy world out
there. It does not seem to be a proper goal post for the proper use of data in
the coming world. We continue to be trapped in talking about public health and
medical care as if there is such a thing as a healthy person in a sick
community or a healthy community full of sick people. These are silly ideas. We
talk about privacy as if it exists. There is something wrong with this picture.
There is something wrong with the language, but we are getting close.

I want to ask all the committee members to just — don’t take this too
seriously and don’t get too worked up or excited about this. Let’s just test
the idea as we have our subcommittee meetings and head in the November meeting.
Aren’t we the nation’s data committee? I do not think we are the nation’s IT
committee. We are not the nation’s IT committee. I do not think we are the
nation’s conscience. I do not think we are the data’s public health committee.
We are also not in charge of health reform. Our perches are data that can be
turned into statistics that provides information. There are new ways of doing
this. There are new demands for it. There are new customers for it. New users.
Those people who want to use these data to improve individual and population
health are having a hell of a time figuring out what to do with them, how and
in what way and how to do it properly. That strikes me as our space.

I am going to unleash my personal imagination on redesigning the way this
committee functions. We can deal with quality. We can deal with security. We
can deal with confidentiality. We can deal with public health. We can deal with
health care. But we do not have to have a subcommittee for every one of those.
But we cannot lose those things. We have to retain those perspectives in some
way.

You heard me say this two meetings back. Our future is to increasingly work
as a committee of the whole. I think that is still correct. These different
perspectives that we have put into subcommittees need to converge into
something bigger and better than they can be if they are kept apart. For now, I
just want to plan in your thinking the words stewardship, convergence, and
don’t forget standards.

Walt’s comment is another of my favorite quotes now. I have used it in three
talks since our last meeting. Data make the world go around. Maybe you got that
from someone else. Standards plus this convergence theme around data
stewardship. There has to be a way for us to be more effective, more focused,
and get going, get on with this stuff that is begging for attention from the
country’s National Committee on Vital and Health Statistics. We are almost
there. We are not quite there. Stick with it.

Remember, I started off saying indulge me. Now I ask for forgiveness for
screwing up the agenda that now I am behind on. If it is okay, it looks like
Paul is ready. We can have the rebuttals and the discussion scheduled. Go right
ahead. Please, Paul. Tell me what you are thinking.

DR. TANG: Well, I think you are right in a number of things. I do not know
whether we can make a living out of being a data committee. I am going to make
a statement and then I am going to retract it. Data is useless without meaning.
I think just like the whole meaningful use for the outcomes, it is not about
the tool. Data is only our tool in the game. In some sense, I think one of the
things we are struggling with is the usefulness is a try it you will like it
kind of a thing. You actually do not know whether you are a person or a
community or an organization what the power of data is and what kind of data
you need.

In some sense, it goes a little bit back to what Mike is saying. We have to
figure out a way to be the first mover in terms of getting people to try the
taste of data and its use. That goes with my day job in a sense. I think the
resources and the data are there. It is just that they have not been connected
and they do not know how to implement it and make use of it. Maybe that is our
role is somehow to get that first one because then I do not think you will be
able to stop the spigot.

And that is I think, the catalyst that is missing and maybe there does have
to be a government or in our case my day job, some organization that goes and
does the first push and then we think it will be sustaining. In some sense, one
of the attractiveness — the seduction of data is it engages people into
action. We just have to give that first push. That is a different role.

Another way to say it is maybe we are too obsessed with framework. I agree
with framework, but it does not do anything. Just like data does not make
decisions. There might be something else we — different approach to the
problem. I am still speaking to we need to get out of our silos, but we also
get out of our silos about just setting up frameworks and get into the action.

DR. GREEN: Well said. Thank you. Charlie is not here yet and we are a little
bit behind so that is good. Let’s go back to the HIPAA outline.

DR. FRANCIS: I just wanted to say that I think you are absolutely right that
we need convergence in working together. But we also send public messages about
what aspects matter. Health of the population. That is what population is
about. Privacy, confidentiality, and security. That is something that is very
important in data use and standards to help make the data usable. I do not like
subcommittees as silos, but I like those themes as poles.

DR. GREEN: All right. Walter.

Agenda Item: HIPAA Report – Proposed Outline and
Plans

DR. SUAREZ: I do want to start also by just adding my two cents. I think
your description of what we are, who we are is getting back to what is the
purpose of the committee and what is the main focus. The two themes that you
highlight of data stewardship and convergence are themes. We could be a
committee about data stewardship. We could be a committee about convergence.
But all those are just threads of specific concrete activities that we as a
committee have to do.

I think what we are finding is that we have done and are doing different
things that all are connected more and more like public health and standards
and privacy. The question is, what title do you put around the threads. In
other committees, it is easy because it is health IT. Everybody says this is
the health IT. In our case, it is a little more difficult because ours is a
much larger scope and perspective that touches on a number of other areas. I
think it is a question of finding the right word or umbrella kind of word to
cover the interactivity between the various areas of focus that we have without
losing those areas of focus because I think those are important ones. I agree
with Leslie.

Just to talk about the HIPAA report, very simply. I think you have a copy of
the outline in your desk. In fact, it is three pages. The first page is the
only one that is about the outline. The other two pages are actually the
proposed agenda at this point of the joint hearing on public health data
standards. We have not even intended to cover all of this, but that is great
because you now have a copy. Leslie and Bruce have also a copy. We can mention
a few things later during the public health breakout. Some of the initial
thinking of the standards subcommittee around public health data standards.

I am focusing on the first page. The one that says proposed report outline
for the HIPAA report to Congress. Again, this is our report that we
periodically prepare. This will be the 11th report. We have not prepared
reports since roughly the later part of 2011. We are covering two years’ worth
of activities. We thought it would be important to update of course Congress on
what has happened over the last two years. The main purpose again of the report
will be to highlight some of these important high-level themes and specifically
the activities, the inactions that have taken place since 2011 through
September 2013 around HIPAA and Affordable Care Act. Of course, there is an
Affordable Care Act standard.

Important points in the first page. This report will not be as detailed or
extensive as the special tenth report that we put together in October of 2011.
This report will be similar in content and length as the ones that we have
prepared in the past about 15 to 20 pages long or more than that probably.

The outline of the timeline and the process is listed there. We expect to
have this discussion here with the committee and then more discussion with the
subcommittee and with the other subcommittees between now and November with the
idea of having a draft report completed by November. We have been fortunately
informed by CMS that we have been assigned a staff person from CMS to help us
prepare the report. She is here I believe. She is here with us and we are very
pleased to have her join us in helping us draft this report.

The only thing I wanted to say and this is only just to give you a sense of
the report. In the second page is the outline of the report. It has only
basically five sections. You can see the executive summary is a one-page
summary, an introduction, which will be a one-page description of the purpose
of the report, and then two sections that are key are section three. It should
say highlights of administrative simplification of the advancements in 2012 and
2013. We expect to have about ten pages of different actions and activities
that have happened in administrative simplification, adoption standards,
operating rules, identifiers, privacy and security. You will see all those
there.

And then section four is looking forward of what is the journey ahead. And
sort of bring a little bit of the vision of the future of information exchanges
to support administrative processes in health care, which will be building from
all the things that we have talked about as a committee in terms of visioning
of the future for administrative simplification as well as some of the things
that will be happening later this fall including our roundtable coming up in a
couple of days and other things related to road mapping and looking for what is
the future going to be. And then a final section on conclusions. Just one page.

That is the outline of the report right now. There is not any content yet
defined, but we just wanted to alert you and to give you a sense of what the
report would look like. We will be working with the subcommittee and with Terry
as well as with the co-chairs of the other subcommittees in preparing this.

DR. GREENBERG: We really want to thank CMS for their assistance with writing
the report. Thank you.

DR. GREEN: Charlie, welcome back. We are so glad you are here. Thank you for
coming.

Agenda Item: NCHS Update

MR. ROTHWELL: Thank you for inviting me. I apologize for my lateness, but I
have been — this is my last day for a couple of weeks and so people have been
after me for one reason or another. On a sad note, here we have another
violence that has taken place in our community. It will be interesting to see
what happens as a result of this from both an analytical and data analysis
point of view as far as looking at issues relative to homicide and the use of
guns and this type of thing. It is sobering when we continue to face this type
of issue in our society and at this time and in a very controlled area.

On a brighter note, the search for new NCHS director is well on its way. I
believe they are down to interviewing the finalists in this activity. Who knows
what will happen? My guess is that within a month we should know who is going
to be the new center director. I was telling you before that we still do not
know where we are going to be. I thought we were going to know at the end of
August, but GSA is doing their — what do they say now? Due diligence. If only
they had done that before.

We do know that we will be in Prince Georges County. We do know that we will
be close to some metro stop in Prince Georges County. At that point, we do not
know anything. What we do know is we are going to have 40 percent to 50 percent
less space than we have right now. Where you are sitting may not be available
in any building that we might be located in. We might not be able to have space
or a workout facility. We might not have space for a nursing station. Or we
might not have space for our staff even with extremely small cubicles, eight by
eight or less.

Why am I telling you this? It was an interesting discussion this morning.
There is a new Census director and he is on board. He and his senior staff came
here to talk with us about our surveys. As you probably know, the Census Bureau
supports us in doing work for our health care surveys, data collection there as
well as with our Health Interview Survey.

What they were asking us for was permission for their staff to have access
for data clean up purposes to the data that they collect for us and provide to
us. Right now, we do not allow our own staff to have access to non-public use
files in a telework situation. There are a variety of things and requirements
on a federal statistical agency that precludes us from doing that unless you
have some very stringent requirements. For example, whatever piece of equipment
you have in a telework situation not only does it have to encrypt. It cannot
print anything out. It cannot copy anything. In other words, you can operate on
the system, but you cannot get anything tangible back. You cannot use a flash
drive, et cetera.

The Census would like to have access to our data in a telework situation.
Obviously, they are a federal system agency. If there is an agency that is
probably more conservative than us, it is the Census. This was an interesting
conversation in that they were coming to convince us that their system meets
federal system agency requirements and thus would meet our requirements.

At the moment, it looks like at first blush that it might actually be the
case. If that were the case, then we would allow access for their staff. But it
also means that there is a possibility that we could do something similar for
our staff if we could afford it and if the CDC, which provides us our IT
infrastructure would support it as well.

Why I bring this up is first of all it has to do with data access and
confidentiality and security. But it also shows I think the strength in our
federal statistical community and that we do business with one another. We do
communicate with one another across departments. Few agencies do that. But we
have a long track record of doing it. I thought that was a fairly interesting
discussion.

An earlier discussion with the Census and I think we brought that up before
here I think is that the Census is considering changing how it collects race
and ethnicity information. That is going to be a challenge for us to work with
them on that, but it could have long-term cost implications for us as far as
how we collect it and also on issues of trend work.

From a budget perspective, we still look good. By that, it looks like we are
not going to lose funds, which is real good. Or if we do lose funds, it is
going to be from a position of semi-strength compared to other agencies. NCHS
has been very fortunate. Right now, we are having our fingers crossed because
the Census, for example. That was one of the questions they had for us today.
Since they are doing some of our data collection, are we going to continue to
do your data collection or are you going to be walking out of the field? We are
not planning on walking out of the field in any of our surveys.

And as I reported to you last time, our health care surveys are greatly
expanded. We can give estimates on some estimates for up to 30 some state. Our
health interview survey has never been as large as it has been. More than 40
states for many estimates can be done through that. That is encouraging.

The other thing I thought was interesting today that might be of interest to
you is CDC is taking on something that they have tried to for the last I think
25 years and that is to streamline and focus its data surveillance systems.
Chesley Richards, who is the new associate director that is responsible for
surveillance of laboratory and statistical activities in CDC, has this daunting
challenge ahead of him. I think there is going to be some opportunities for
NCHS to be involved in this activity in a positive way so that we can
participate where appropriate in public health surveillance, which is something
that we are just beginning to look at from a vitals perspective.

Budget. We are okay at the moment. Personnel. We made some good hires.
Unfortunately, we are at a point right now where nothing is happening because
of the new fiscal year. We have a lot of positions that are still vacant. We
are hoping that we can fill them very soon once the fiscal year begins.
Marjorie has some vacancies. Marjorie will be leaving soon. That will be an
example position and other positions that we have in the center that are
critical to us that are yet to be filled and in fact yet to be advertised
because of this.

Any questions of me? What were you hoping to hear that I did not say?

DR. NICHOLS: What are you told quietly about when we can expect the federal
fiscal conversation to come to an end?

MR. ROTHWELL: In my lifetime. I do not have any more information than you
do. As a matter of fact, I will not use his name, but Dr. Frieden and senior
staff were briefed on this. It would seem that Congress is making public
statements and making public positions and not really working to put those
positions or meld those positions together. Right now, there does not seem to
be at least no one seems to know that there is anything going on at the staff
level. My guess is there has to be something. It does not look good. Yes, it is
very possible that we could have a shut down.

DR. FITZMAURICE: I liked your report. It was good and to the point. Marjorie
is retiring. Are you hit with a lot of retirements or are people waiting around
to see what happens with health exchanges and with getting their 1 percent
after three or four years of no percent? Do you have a sense of what is
happening with retirements?

MR. ROTHWELL: We had our awards ceremony last week. This was probably the
best job, the best thing that I have had. There are many good things about the
job that I have right now. But this was by far the best. What I was amazed at
is the youth that we have in this organization. We have some really competent
young people who came here for good reasons. It is where the data are. It is
quality data. They have an opportunity to advance their career. There are
people of Marjorie’s and my vintage and others who are making decisions. I want
to think that Marjorie is making a decision because there are other things in
her life that we all make those types of decisions. I do not think the problems
we are having as federal employees are having an impact on us right now I do
not think. But I am biased because I love NCHS. I think we do a great job and I
think most of our staff do. They are willing to put up with some of this stuff.

The issue like conferences is absolutely ridiculous. There are some things
that we are doing now that I have never seen in 40 years in the state and
federal government. But that is the way it is. We will find a way to work
through it. In the end, we have work to do here. We have surveys to do. At
least we have products and we are getting them out faster and better than ever.

DR. GREEN: Marjorie, gets the last word for the record.

MS. GREENBERG: Thanks. Thank you, Charlie. For the record, I also love NCHS
and I love NCVHS. They say to love is to have time for. There are other things
that I also love that I have not had much time for. I do not want anyone to
think that I am leaving or I am retiring despite my advanced age makes it
legitimate, but because I do not love it. It is challenging right now to be in
the federal workforce. I felt the same energy you did at the awards ceremony. I
think that what we manage to do is all just kind of laugh. Until of course we
get furloughed then we will not be laughing if that were to happen. I think
there still is a lot of commitment to our work, but it is challenging. You
mentioned about the space. This is not a reason to retire, but it is
challenging.

MR. ROTHWELL: Our job is to try to keep people’s mind on the ball and why
they came here in the first place. Why they came here in the first place is
just as valid as it was before. It is just a little harder to do that now in
some ways.

DR. GREEN: Thank you, Charlie. Thank you for your stewardship and for your
leadership and transitions. I appreciate it very much.

MS. GREENBERG: Have a good vacation. You have earned it.

MR. ROTHWELL: Actually, as I have said before, we have a great staff. They
have supported me and they are very nice to correct me when I say things that
are wrong or inappropriate, which many times I do.

DR. GREEN: Now wrong might be easy. That judgment about what is
inappropriate. That might be later. Thank you.

Matt, in forecasting the agenda for the day, I introduced you as someone we
have enjoyed working with and as someone who was going to give us a perspective
from one of the unusual suspects. That was relevant to our work. You are on.

Agenda Item: Briefing from Healthcare Initiatives,
FCC

MR. QUINN: I hope to become a usual suspect or at least in your thoughts
around this. I started about four and a half months ago at FCC as the director
of healthcare initiatives. One of the things that just struck me as I learn
about what FCC was doing is how well aligned and how coordinated it is with the
idea of community as a learning health system or a learning system for health.
I am really happy and excited to share some of this with you.

I wanted to share a little bit about the FCC and its role in health care,
some obvious and not so obvious ways, a little bit about what I am supposed to
be doing. And then to talk about some of our initiatives in health care. The
Rural Healthcare Program, another part of the Universal Service Fund, which is
Lifeline, some of what we are doing in mHealth and then really — what I ask of
you today is both wearing your NCVHS hat and your job hats. Think about how
this could fit in, how FCC could play a role in helping be a catalyst for
digitization of health care movement to new care models and patient-centered
care as well as for some of the community economic development is the heart of
health in the world.

With that, I will jump in. Please feel free to stop me. I am going to try to
get through the slides so we have some time for discussion. Everybody knows
that the FCC was established by the Communications Act of 1934. Our core role
is regulating non-federal spectrum. A thousand virtual goal points to anybody
other than Paul, who can say what is the agency that regulates federal
spectrum. NTIA. There are about 1700 people at FCC, attorneys, engineers,
economists and et al. I am et al, the one and only director of health care
initiatives. My job is really to take some of these programs. I see it as
communicate and coordinate and collaborate with folks in and outside of
government.

I put fcc.gov here. We are ruled by five commissioners including a chairman.
We have an Acting Chairwoman Clyburn right now and we are down to two
commissioners. Soon we will have a new chairman and another Republican on the
committee. There is three in the ruling part and two in the other. It is a
little bit of a different structure. It is a regulatory agency. We are downtown
here.

This is really the heart of it. And I think it goes to some of what we have
discussed today is that it is not data or broadband or technology as an end to
itself, but it is really a catalyst or a piece of this larger pie of the three
aims or the triple aim as a catalyst of improving health or health care or even
producing data. This is really something that I hope to bring to the table is
that we cannot do it alone and that the more that other folks in the government
and outside of the government understand how FCC can be a part of this, the
more that our effects and the money that the taxpayers and telecom purchasers
contribute to our programs can have a real impact.

Some areas of responsibility generally. We have a rural health care program,
which actually is more than just rural health care. I will get into that in a
little bit. We support and regulate both wireline and wireless communications
services and technologies. This of course can support medical and
medical-associated applications. As I said, we regulate non-federal spectrum. I
will show you a picture of the spectrum map a little bit later. And that is
really important as we move from wired to wireless applications both in terms
of delivery of health care but also capturing and delivering data in ways that
are revolutionary really.

A couple of years ago — I will tell you that it does not sound like
something that would be exciting to read, but this National Broadband Plan that
was developed a couple of years ago is a really good read. It has a chapter on
health care, but also on all sorts of other aspects of life. It really talks
about where we are, where we forecast for the future, and what some of the
impacts of these are. It was a really well done document. There were a couple
of folks, Dr. Mo Kaushal, who is on the Data Work Group here, was instrumental,
and Kerry McDermott, and a few other people. Really well done. I go to it
frequently.

This is a slide actually that they produced that talks about broadband and
what the FCC does sort in the context of broader initiatives. Creating
incentives for broader health IZT adoption and innovation, modernizing
regulations to increase access to care and enable health IT adoption, drive
innovative applications and advanced analytics, and then ensure all providers
have access to affordable broadband. FCC does not do all those. Maybe part of
four. The point of this slide is that we need to be part of a broader strategy
to have an impact. If we aren’t then it is not necessarily optimal.

What am I supposed to be doing? This is a new position. I think the bottom
line is collaboration, coordination, and communication. That is what I have
been doing the first four and a half months as well as hanging out with Paul at
FDASIA meetings. That is another set of things.

I spend a lot of time with CMS and ONC and HRSA and Department of
Agriculture and ASPE, and all sorts of folks. I am more than happy to meet with
other folks that you think that I should to help them understand these
programs. Something that seems obvious is that repetition is key. It is not
just about doing a briefing and then disappearing. It is working through some
of these issues and answering questions and go back and forth about how does
this really work. How does it fit in? What are aspects of it either today or
moving forward that are important?

Most of my work to date has been helping folks understand the current
programs that we have, but another piece of my role is looking forward and
understanding what our strategy should be in the near and medium term as it
relates to health care and health IT. There is health. There is health care in
the four walls. There is health and then there is life and exactly where I am
supposed to be playing is the new chairman I think is going to help prioritize
some of that. But I have a lot of input towards it.

Let me start with the Healthcare Connect Fund. Probably folks have heard
about our rural healthcare program where we subsidize broadband. This is a
program that historically has been under utilized. There are other parts of our
universal service program, the lifeline program for low-income adults, phone
service for low-income people. There are schools and library called the
E-connect program. And then there is another program in the Universal Service
Fund for high cost areas. This is the only one that has been under utilized.

Based on some of the feedback, there was a pilot program in the last couple
of years that sought to address some of these issues. A couple of the top
issues that we identified were that it was burdensome and confusing for
individual providers to apply for this. And second, that it was complicated and
confusing to figure out how much the subsidy was going to be if it is not a
flat amount. We have addressed those two and some others as well.

Some key features of this fund are that like the past funds, it supports
broadband connectivity and broadband networks for eligible health care
providers. But it really focuses on the use of consortia. I would love to claim
credit for this, but it was done by wise people prior to me. There are lots of
efforts today in health care of course that are about helping people work
together. Something that is exciting that we have seen is that consortia that
have come together for the purpose of this are also collaborating with
consortia that have come together for health information exchange, for ACOs,
for all sorts of other health care initiatives. In some cases, they are
actually going together as business entities. It is a flat 35 percent required
contribution. We subsidize 65 percent as opposed to a complicated formula.

The pilot project that was very similar to this allowed movement to the
Healthcare Connect Fund starting in July of this year and funding for the new
entities begins next year in January. We have seen a lot of participation, but
I do not think we are going to get anywhere near the 400 million dollar cap.

Something also different here is that this allows for the — the pilot
program actually allowed for the first time for healthcare owned
infrastructures. In the case of providing new infrastructure in an area or that
final mile, if the entities that want to come together on this cannot get good
bids from telecom providers, they can build it themselves with this and
maintain it themselves and get funding for that. And actually, 2 of the 50
pilot sites did that. This is just one more way that it is fiscally prudent in
keeping everybody honest in terms of getting good value for the money.

This is a fine point. One other thing. It is called the rural health care
program, but consortia after the third year just need to be majority-rural. If
there are 100 entities in the consortia and several of our consortias are
several hundred participants, more than half need to be rural after the third
year so 51, 49. What that does is it allows an entity like A, academic medical
center expanding its telehealth network or a health information exchange or
somebody to really be robust and cross pollinate rural and non-rural and to
connect those. There are some really good business cases that would motivate
entities to become that consortia leader and to take that on.

One of the downsides is that this does not cover administrative costs. It
covers the broadband, but it does not cover the cost of a person to organize
the consortium, which has been an issue.

The fine point that I wanted to go to is that there are entities to be
eligible for this and I will go to this next. The entities that are eligible
for subsidy needs to be not for profit and they could be everything from a
hospital rural health clinic, community health center, health center, public
health agency, secondary education, or a consortium. But entities that are not
eligible can still participate in consortia and receive huge benefits.

One of the big benefits of a consortium is group purchasing power. When I
talked to ONC, they said what about doctors’ offices. Can they participate?
They can participate in consortia, but they cannot get the subsidy. What does
that mean? California Telehealth Network has about 700 entities in its
consortium. They have been able to negotiate rates with the telecom providers
there for a T1 line down from several hundred dollars to under a hundred
dollars through group purchasing. 100 percent of $70 is a heck of a lot better
than two-thirds of $700. That is the benefit of doctors’ offices and small
providers participating in the benefit of group purchasing.

DR. CHANDERRAJ: Can you define consortium?

MR. QUINN: A consortium is at least two eligible providers. We have
consortium that are small and we have consortium that are really big. In the
case of California, they have grouped together multiple consortiums. There are,
I want to say, two in Colorado that are probably going to merge. The Oregon
Health Information Exchange, OCHIN, which is also the RAC has actually merged
with Oregon Health Network as one business entity. They are coming together.
You can see some really exciting sustainability model opportunities for this as
well as we are working together on lots of things. Why don’t we just become a
business entity and you can see some of those benefits?

DR. GREEN: Let me give you a heads up. We have about ten more minutes. We
have to protect the subcommittee time.

MR. QUINN: I am with you. What is covered? Broadband, reasonable and
customary installation charges, network, et cetera. Another powerful thing here
is that connections to research and education networks, off-site admin networks
and data centers are supported here. If you go back to what is the
infrastructure needed for community learning health system, community data
sharing, it is covered here and it is not obvious if you just say this is the
FCC rural health care program.

I wanted to also share some data and tools that FCC has. We have an amazing
guy named Mike Byrne, who is the chief GIS guy for the State of California who
is our chief GIS officer. For Health Datapalooza, we released a map and the
data behind all the sites in our pilot programs. Each of these are sites that
are part of a consortium that is receiving funding from us. Rural in green.
Non-rural in red, which I guess is not very usable for people with colored
blindness. We have tons of other data that is available there. Much of it is
available at GitHub. Easy to download.

This is really useful because we release this data set hoping that entities
in HHS that have efforts for other consortia would look at them or that say an
RAC or a health information exchange wanting to see where there are providers
that are either in their network or in their group that have access to EHRs,
but maybe not broadband or the other way around could expand. That is probably
the most obvious thing that FCC does.

Another one and I wanted to just share this. This is a pretty controversial
program, the Lifeline. Last week was National Lifeline Awareness Week, probably
not very many people knew that. This is also funded by the Universal Service
Fund. But it is a program to subsidize phone service, not phones, but phone
service for people with low income. To qualify, you need to be enrolled in
Medicaid or SNAP or SSI or TANF or just have below 135 percent of poverty. This
really provides some exciting opportunities for aligning Lifeline with Medicaid
and Medicare initiatives. Quickly I will go to this.

I got an email from a colleague at CMS saying great job on this, Matt. You
guys are doing some exciting things. I read the press release that he linked
here. This is just happening. This isn’t us doing it. This is us catalyzing.
This benefit or this program is actually being taken up by folks, the wireless
phone carriers, who are Lifeline carriers. Medicaid manage care organizations
and health app vendors like Voxiva, the text for health folks. Medicaid plans
in 20 red and blue states have rolled out Voxiva SMS health services where the
Medicaid health plan is paying little or nothing for it.

Beneficiaries are paying little or nothing for it. Health app vendors is
getting lots of customers and the Lifeline ETC is taking the Universal Service
Fund money and them providing on top of it a free feature phone to the people
who are eligible who sign up. It is doing all the checking to make sure that
they are not already signed up as well as providing free text and free minutes
on top of the Lifeline minutes to eligible beneficiaries for the use of the
health plans, the nurse call line and call center.

What does this do? For the first time ever, these 20 Medicaid plans can
communicate with people to manage their health. Get them enrolled in text for
baby. Get them enrolled in other health management services. This is pretty
powerful stuff. This happened on its own because there is a market opportunity
there. The big question for me and next year is National Lifeline Awareness
Week to be about the outcome studies and some of the feedback that we get from
these evaluations. Good stuff.

One take away from this is it does not need to be a Smartphone app. It does
not need to be the coolest, newest app to deliver results. It can just be
text-based with non-Smartphones, et cetera even funded with a program like
this.

I am going to close with a little bit about why spectrum and broadband is
important here. Spectrum is the oxygen that wireless broadband needs to thrive.
There are all of these consumer apps. There are lots of national purposes,
everything from telemedicine to smart grid to public safety to civic
engagement. More and more people have these Smartphones. There is a coming
crunch of wireless spectrum. There is a whole diversity of these devices.

Availability of both broadband service to people, broadband availability in
health care organizations and the devices easily making their way to market is
required for this really to blossom to say nothing of the financial incentives
in the health care models that are required here.

A couple of years ago FCC put together what was called the mHealth Task
Force. It was not an official federal advisory committee or anything. But just
to kind of give some advice on where FCC should play in this world. They came
up with a series of recommendations. The top one is that FCC should be deeply
involved in this and work with others to ensure that mHealth becomes a routine
medical best practice within the next five years.

One of the things that I work really closely with our Office of Engineering
and Technology in FDA on is both allocating spectrum for specific health care
uses. We are the first country in the world to have a medical body area network
spectrum. Putting out technical guidance for industry to facilitate going to
market with devices that have to go through both the FDA process and our
process.

And then in health care organizations and communities, everything on this
spectrum map has to have a primary use or a secondary use or there is going to
be interference issues and that is our major regulatory concern. More to come
on that.

Something that is really exciting is that the mHealth Task Force has
actually transitioned to a federal advisory committee or consumer advisory
committee where we have the three co-chairs actually serving in that role. That
gives us a lot of opportunity to hold hearings, organize meetings, et cetera.
We are going to have a real presence at this year’s mHealth summit in December.

I will go quickly through this. A couple of examples of allocating dedicated
spectrum are in the area of medical radio, Medical Micropower Networks. This is
a way of supporting new kinds of assistive technology. Retinal implants,
Medical Body Area Networks. This is in support of remote monitoring and data
collection, et cetera.

Here is some information and links about the Healthcare Connect Fund and my
contact information.

As I said when I started, I really just wanted to introduce you guys to sort
of this angle onto the world and to get you guys thinking about how this could
support some of the broader health care initiatives how we could fit into that
broader strategy both at a big picture health care level, a health IT
perspective in catalyzing data availability and collection, but also as a piece
of the learning health care system at the community level.

DR. GREEN: Thank you, Matt. That was nice. Leslie.

DR. FRANCIS: Cool and fascinating. Here is a question. A lot of the
information transfer you are talking about is outside of HIPAA, not all of it,
but a chunk of it. I am curious about who is worrying about data security, data
stewardship, data repurposing, privacy policies, that whole end of stuff. Is it
you guys? Is it the FTC? Is it nobody? Is it a great big crack that we ought to
think about?

MR. QUINN: That is an excellent question. My colleague, Cora Han, over at
FTC covers some of that. I know that NIST has put out some good technical
guidance. A good way to describe it is maybe to describe the relationship
between us and FDA on safety type issues. Our main concern is interference.
Now, can interference cause privacy and security issues? Sure. Can it cause
safety issues? Absolutely. Can it not? Sure.

Where we stop is that we say that our box is interference. But we work with
other agencies including FDA and others when that results in something else. It
is often multiple regulatory processes.

One of the things that I would like to see is understanding so that folks
who go to market and have multiple systems like a health care environment
understand those interference issues that could lead to other things.

One of the recommendations from the FDASIA task force was around incident
reporting in health care environments. As you can imagine, if you have a
variety of wireless devices on multiple spectrums, some of them in license
spectrum, some of them in unlicensed spectrum like Blue Tooth and Wi-Fi and all
of this, there is a great opportunity for interference. That could have adverse
consequences.

FDA actually just released guidance on wireless medical devices, which is
similar to the technical guidance for other IT devices in that environment.
Users of those devices and manufacturers of those devices need to understand
what those risks are prior to going to market or as part of their use.

One of the areas where we actually are collaborating tomorrow with FDA is
thinking about what we can do to facilitate better understanding of that.
Things like wireless test beds. Things like relaxing testing in health care
organizations in academic settings to better understand those. Who has that
whole regulatory domain is not clear to me.

DR. FRANCIS: Just as a general point, the FTC worries about unfair trade
practices. The FDA worries about safety. You worry about making sure that the
communication goes through. HIPAA worries about stuff that covered entities
have. Was it a green paper that the FTC produced some time ago, which applied
to some extent to apps that contain a whole lot of health information? There is
a very scary failure to intersect out there.

MR. QUINN: I am with you. Even in environments where you think that data is
secure, when one signal stomps on another one, there are some really
interesting things that can happen.

DR. CHANDERRAJ: Do you think there is a real fear — the security issues are
for the government and now committees like us. Recently the federal government
security issues regarding telephone tapping and conversations that died down.
The public interest in security and privacy did not matter so much because
everybody said everything is there on the internet and nobody is worried as
much as we are.

DR. GREEN: I think that is Leslie’s point, isn’t it?

MR. QUINN: There is actually some really interesting case law right now on
what FCC’s domain is with regard to regulating the internet and the open
internet. I will let my attorney colleagues describe it better than me.

DR. GREEN: I want to thank you for the whole committee for including us and
doing this. It is interesting. It sort of fits with our current discussions. We
appreciate you coming very much.

MR. QUINN: It is my pleasure. Please just think about it both in terms of
this and in terms of your day jobs about how this could fit in and how we could
work with the committee and entities. I want to see the money spent well and
spent in ways that are going to catalyze some of these larger programs. You do
too. Thank you.

DR. GREEN: Thank you. A word about tomorrow. Are we going to lose anyone
else tomorrow? We will all be back. We are losing Lynn tomorrow.

PARTICIPANT: I think Vicky will be here tomorrow.

DR. GREEN: Did you say we are trading Lynn for Vicky? We have lost Paul for
the rest of the meeting. We will be starting the full committee at 9 o’clock.
Standards have work to do at 8 o’clock. We will be adjourning by noon.

The working group will be commencing at one tomorrow. We are going to stay
in this room for the break out meetings. They are supposed to start in about 30
seconds. I am going to turn that problem over to Bruce and Sallie and they will
pass it off to Leslie and Linda. Then they will converge at 5 o’clock and all
will be well by 5:30.

PARTICIPANT: Did we take a count as to how many were going to dinner?

MS. JACKSON: I just wanted to make sure the breakout sessions for this
evening are flowing in pretty comfortably because of the overlap in the
membership. But tomorrow it has a hard stop for standards. It really has to end
at 8:50 so we can do a setup for the full committee for the 9 o’clock meeting.
It is pretty important to staff to get that going.

DR. SUAREZ: We were just talking about the logistics for the 8 o’clock
meeting tomorrow morning in terms of shuttles coming from the hotel. I
understand that the shuttle does not come earlier than eight.

MS. GOSS: One shuttle was arranged. Several of the Standard subcommittee
folks who are staying at the same hotel. I am happy to transport folks, but I
thought there was a disconnect on the shuttle schedule.

DR. GREEN: We are adjourned for now.

(Whereupon, at 2:58 p.m., the meeting adjourned.)