[This Transcript is Unedited]



September 22, 2009

Washington Marriott Hotel
1221 22nd Street, NW
Washington, D.C.

Proceedings by:
CASET Associates, Ltd.
Fairfax, Virginia 22030
(703) 266-8402

Table of Contents

P R O C E E D I N G S (9:00 a.m.)

Agenda Item: Call to Order

MR. REYNOLDS: Good morning. I would like to welcome you to two days of
meetings of the National Committee on Vital and Health Statistics. I would like
to call this meeting to order. This is the first of those two days of the
meeting events of NCVHS. The National Committee is a main public advisory
committee to HHS on National Health Information Policy. I am Harry Reynolds. I
work at Blue Cross and Blue Shield North Carolina and Chair the Committee. I
want to welcome Committee members HHS staff and others here in person and also
welcome those listening on the Internet. I would like to remind everyone to
speak clearly into the microphones.

Let’s now have introductions around the table and then around the room. For
those on the National Committee, I would ask if you have any conflicts of
interest related to any issues coming before us today would you please so
publicly indicate during your introduction and I have no conflicts.

MR. SCANLON: Good morning I am Jim Scanlon. I am the Deputy Assistant
Secretary for Planning and Evaluation at HHS and the Executive Director for the
Full Committee.

DR. WARREN: I am Judith Warren from the University of Kansas School of
Nursing, member of the Committee, no conflicts.

DR. FITZMAURICE: Michael Fitzmaurice, Agency for Healthcare Research and
Quality, Liaison to the Committee.

DR. SUAREZ: I am Walter Suarez, I am the Director of Health IT Strategy for
Kaiser Permanente, member of the Committee and the only conflict I have is
scheduling conflicts because this week is just horrible with H07 meeting in
Atlanta and the Health IT Summit happening just down the street.

DR. CARR: Justine Carr, Caritas Christi Healthcare, member of the Committee,
no conflicts.

DR. MIDDLETON: Blackford Middleton, Brigham Women’s Hospital, Partners
Healthcare at Harvard Medical School. I currently serve as a scientific
Advisory Board member for Intercomponent Ware which may be a conflict, in some
ways, with the Privacy PHR Letter.

DR. GREEN: Larry Green, University of Colorado, member of the Committee, no

DR. HORNBROOK: Mark Hornbrook, Kaiser Permanente, member of the Committee,
no conflicts.

DR. LAND: Garland Land, National Association for Public Health and
Statistics Information Systems, member of the Committee, no conflicts.

MS. MILAM: Sallie Milam, West Virginia Health Information Network, member of
the Committee, no conflicts.

DR. SCANLON: Will Scanlon, Health Policy Research and Development, member of
the Committee, no conflicts.

MR. HOUSTON: John Houston, University of Pittsburg Medical Center, member of
the Committee, no conflicts.

DR. FRANCIS: Leslie Francis, University of Utah, member of the Committee, no

MS. GREENBERG: Marjorie Greenberg, National Center for Health Statistics,
CDC and Executive Secretary to the Committee.

MR. QUINN: Matt Quinn, Agency for Healthcare Research and Quality.

MR. DECARLO: Michael DeCarlo, with the Blue Cross Blue Shield Association.

MS. JACKSON: Debbie Jackson, National Center for Health Statistics,
Committee staff.

MS. HORLICK: Gail Horlick, CDC, staff to the Subcommittee on Privacy and

MS. JONES: Katherine Jones, CDC, National Center for Health Statistics and
staff to the Committee.

DR. FRIEDMAN: Dan Friedman, Independent Consultant.

DR. PARRISH: Gib Parrish, Dartmouth Medical School.

MS. VIOLA: Alison Viola, American Health Information Management Association.

MS. KANAAN: Susan Kanaan, writer for the Committee.

MS. DOO: Lorraine Doo, CMS Office of E-Health Standards and Services and
lead staff to the Standard Subcommittee.

MS. BUENNING: Denise Buenning, CMS Office of E-Health Standards and

MS. JONSALEM: Good morning. I am Angela Jonsalem of the American Osteopathic

MR. REYNOLDS: Just to kind of take you through the day briefly, we have the
Agenda and after we hear from Jim then CMS and Karen, on the phone. Karen, do
you want to introduce yourself?

MS. TRUDEL: Karen Trudel, CMS, Office of E-Health Data Services.

MR. REYNOLDS: Then we will be going through the PHR letter and the ONC
update from Dr. Friedman, and during that period of time, Jim Scanlon and I
were able to meet with David Blumenthal in the last couple of weeks and talk
through how we all are working the same space in a reasonable way, making sure
that we all have our own space and then we all collaborate as we need to. I can
show you how they have already started using some of our collateral and vice
versa. So I will update you during that time as to what went on there. I am
very excited about the relationship.

MR. REYNOLDS: Then we will have our Committee discussion and then adjourn
for the Plenary. So with that –- does anybody have any questions before I
turn it over to Jim? Yes, Marjorie.

MS. GREENBERG: Just one administrative matter, all NCHS employees have to
sign a non-disclosure affidavit that they will not disclose any confidential
data. As special government employees who are on the NCHS payroll, even though
I know you rarely would have access to confidential NCHS data, though you do
sometimes meet in the NCHS building, we need you to sign these as well. So
Cynthia has one for each of you with your name on it and if you would see her
over the next day and give us your John Hancock, we would appreciate it. Thank

MR. SCANLON: Good morning everyone. Thank you, Harry. Let me start with the
membership status. The Secretary has recently reappointed two members of the
Committee. We are very happy to have Bill Scanlon and Paul Tang reappointed for
four year terms.


They have formerly accepted and so there is no backing out.

In addition, we had one open seat and the Secretary has appointed Tony
Rogers, who is the Director of the Medicaid Program in Arizona to that seat. I
think some of you met Tony at our Meaningful Use Workshop back in April, and he
is very attuned and has a lot of insights into the health IT part of Medicaid
and a lot of ideas for how health IT could improve health and improve the
efficiency of the Medicaid Program. He could not be here today, but he will be
here at our next meeting.

So that brings us up to a full complement, other than our seats at the
Senate, gets to fill, and we have asked our legislative folks to please try to
get us someone there as well.

MS. GREENBERG: If I could just comment, that we, of course, as always we
have to say goodbye to certain members who have finished their terms and in
this case, it is Carol McCall. We would have loved if she could have been here
at this meeting as well, but it was not possible for her, but we do have a
letter for her from the Secretary and we, as a group, should want to recognize
the incredible service that she gave and the creative thinking that she brought
to the table and we will miss her. But, I have already informed her that we
expect to call on her as an expert, like some of you who thought you had gotten
off the Committee forever about ten years ago — no, once a member, always a
member. So I hope we will be able to call on Carol in the future and she
certainly wishes everyone well and supports our work.

Agenda Item: Department Update, James Scanlon,

MR. SCANLON: Let’s see, within HHS, let me bring you up to date on
leadership. Obviously we have a Secretary and a Deputy Secretary and we have
now in place political appointees for most of our agencies — CDC, FDA, HRSA,
IHS, NIH, our Welfare Agency and our Administration on Aging. We do not have an
administrator for CMS but hopefully we will have someone there before too long.
Where we do not have political folks, we have senior career officials who are
managing the day to day program operations.

As I said, back in the spring, we established an HHS Office of Health
Reform. That Office works closely with the White House Office of Health Reform.
In addition, we have appointed in the past month, a new chief technology
officer at HHS. Many of you know him, Todd Park. Todd was the Founder of Athena
Health. He participated in some of our Meaningful Use discussions and he is now
full-time at HHS. His focus will be on how to use technology to improve HHS
programs, mission and operations. We have already begun meeting with Todd
within HHS about how to do that.

A couple of words about budget — we are winding down fiscal year 2009.
October 1st is the beginning of the next fiscal year. We are
awaiting congressional action on the President’s fiscal year 2010 budget. It
looks like, if we do not get a formal appropriation before October
1st, we will have continuing resolution probably for a month and
then we will see how long it goes from there. We have also begun working on the
fiscal year 2011 budget.

In terms of population health, again I think we are doing, at least the
plans are to do fairly well. The National Center for Health Statistics, for
example, received an increase in their fiscal 2009 budget. An initial one of
about 10 or 11 million was requested in the President’s 2010 budget and it
looks like the House and the Senate are close on that increase. But again, we
do not know for 2010. We are working on an increase, we hope, for the 2011
budget which is really in early formative stages now.

The total HHS budget, as you know, is nearly $800 billion but only about 10
percent of that is actually discretionary, the rest is mandatory programs like
Medicare & Medicaid and Welfare Programs. Some of the biggest news, as you
know, over the past few months has been the Recovery Act and the Stimulus Act.
And there are three major portions of that. Let me update you on that as well.
You are all familiar with the HITECH part of the Act that provided $2 billion
dollars for carrying out a number of activities designed to promote and
accelerate the adoption of Health IT. In interoperable Health IT in the U.S.,
much of that funding will go for standards, for the establishment of a grant
program or state health information exchange for regional technical assistance
centers to help with the adoption locally of Health IT also, for work force
development, for training and for a number of other things. An even bigger part
of the HITECH Act was probably 19 billion dollars or more beginning in 2011 for
Medicare and Medicaid incentives for providers and hospitals who adopt defined
health IT.

Funding announcements for the extension centers, I think you saw those
already, those were announced about two weeks ago. Funding opportunity
announcements for the State Health Information Exchange Grants have been made
as well. We are now working as well on how this program would actually operate
in terms of the incentives. What is meaningful use? When is meaningful use?
What are the different criteria and how will the whole program of incentives
work. It is fairly complicated as you all know.

A second part of the Recovery Act actually had to do with prevention and
wellness and it created within HHS a little over a billion dollars — it
created within HHS a prevention and wellness trust within the Office of the
Secretary. A fairly large part of the funding there will go to competitive
grants to communities for innovative community-based prevention and wellness
grants. And again, I think we announced that in a press release, the
availability of funds there as well.

A third part is comparative effectiveness research. That part of the Act
created about a billion dollars for comparative effectiveness research at HHS.
About a third goes to NIH, a third goes to ARC but the other third, more or
less, resides as a fund within the office of the Secretary to provide a funding
for hopefully, new kinds of cost effectiveness research outside the bounds of
the agencies specific programs. And as you are probably all aware, we created a
federal coordinating council on comparative effectiveness research. We asked
the IOM to give us some ideas about priorities within a framework. That has
been published as well. The report of the federal coordinating committee is up
on our HHS website. So we are basically in the last step here, where a spending
plan for individual projects, are at OMB. Interestingly, in addition to
conducting the comparative effectiveness research itself and dissemination in
translation kinds of activities, which is often, as you all know, the
comparative effectiveness system breaks down in terms of translation and option
— we also have a fairly large amount specified for data infrastructure
development as well. This would be, besides the usual randomized controlled
clinical trial, for comparative effectiveness research. There are other ways to
approach this so we have a number of proposals relating to data improvements
and data infrastructure using claims data, using linked health plan data,
presumably, using longitudinal datasets and so on. So hopefully that will all
be approved by OMB and make its way up shortly.

Just a couple of projects within my own office, we are, as I mentioned
previously, we are partnering with CMS — Karen may update us on this later —
on evaluations of personalized health records systems and the Medicare program.
One is a fee per service program in South Carolina and several others are in
the Western states. They will be plan-based programs in Utah and Arizona. So,
our job is to evaluate how that operates, what are the factors that determine
success so that we will build up a body of best practice for what will be most
useful. We are well underway with an assessment of health IT capacity and
information exchange in community health centers and the safety net generally.
We started a study last spring involving pilot studies of exchanging data from
the clinical setting to the public health departments. This was done in New
York City and that is just in process.

We have also within HHS, we started this I reported in the spring, been
looking at the capacity of our own data systems to support health reform. As
you know, we support a number of models, surveys and administrative data and we
are always looking at how to improve that. A lot of the data that you have seen
already was provided by HHS in terms of technical assistance and we will be
looking at, in terms of health reform itself, what would be the administrative
data, the clinical data and the overall data that would be needed to actually
carry out health reform and to monitor community health as well.

And finally, you will remember I reported that we established a while back
in HHS, a website, a gateway that provides you access to all of the statistical
information in HHS. It basically provides you with links to the agency data. We
are now going to be upgrading that and expanding that and trying to get access
to the data itself as much as we can while protecting privacy. A number of the
agencies provide not only reports and statistical tables and findings but they
provide customized software where you can build your own tables and in other
cases you will actually get access to public use datasets itself and we are
also trying to find a way to make it easier to get access to our research data
assistance centers. So let me stop there are see if there are any questions.

MS. MILAM: Your overview was really helpful Is there a schematic or a white
paper on the HHS website that has an overview of all of the different ARRA
funding pots and what their missions are? Where would you point me for that?

MR. SCANLON: Well, there is recovery.gov. There is a government wide website
recovery.gov and part of that is the HHS website, and that will tell you
exactly where we are with each of these programs. I only mention the three
bigger ones. There are a number of smaller ones as well. But that will take you
there and there is a lot of reporting associated with the Recovery Act funds.
So you will get an up to date picture there.

DR. GREEN: Jim could you say more about the project that involves exchange
of data between provider setting and public health.

MR. SCANLON: This was a project that New York City had and in fact many of
you know Farzad(?), who we now have imported to HHS so I hope it does not slow
down our study there, we were asked with HRSA to look at the interface,
basically, between the clinical setting and public health particularly working
with primary care providers, as a pilot study to agree on standards and
actually exchanging related to public health departments use. So some of it
would be reportable conditions and some of it would be, like in New York City,
relating to diabetes for example. So I can get us a full report. Maybe I will
get a briefing for the Committee on the full report. Again, I think that we
thought that was still somewhat of an underdeveloped link, that interface
between the clinical world and this public health reporting in public health
world. I think we have a summary I can provide at the Committee and we can
arrange a briefing.

DR. FRANCIS: Could you just make a couple of comments about what the
criteria are going to be for evaluating the PHR projects?

MR. SCANLON: Well, it will be everything from is it implementable, some of
these are more ideas, and use. Even when we reach out to folks, we have
outreach campaigns and so on, folks actually have to agree, use it and then
they actually have to sign in and presumably stay with it. So we will look at
everything from participation in use, what the use is for, satisfaction from
the side of the consumer and then to some extent, if we can, we will try to
look at outcomes data, but I think that is probably beyond what we are able to
see here.

We actually have some interesting findings from South Carolina — where
just marketing to folks obviously does not necessarily get folks to stay with
it and even when they enroll, they may come to the website once or twice and
not again. So there seems to be some dynamic of actually having a health issue
and if you go a fair length of time without a doctor visit or without a health
issue, folks do not always visit. We have folks who register once and never
visit the site again. We have others who are pretty religious users. We are
trying to understand what it is that makes that as well.

For the Arizona and the Utah website, we actually have data where we can see
to what extent use of the PHR is associated with changes in utilization and
potentially, outcomes as well. We actually have claims stated there. So that is
what we will be looking at.

MR. HOUSTON: Is there work on e-visits as well in combination with PHRs and
utilization? I know it is an area of great interest in our facility as we are
starting to get e-visits mechanism to –-

MR. SCANLON: We had not, John, these are commercially available PHR systems.
I am not sure any of them are tethered. We might want to think about that. We
often ask in surveys about that but, you know, that is really soft. You do not
know exactly -– it could have been a phone call. It is a good idea for
future work.

DR. FRANCIS: Just one other quick thought, are you going to be looking at
people who did not sign up and if so, what they perceived as the barriers?

MR. SCANLON: Yes. We have focus groups planned. We have had focus groups
conducted already at the South Carolina site — focus groups of enrollees,
those who enroll, those who did not enroll, as well as providers who were
interested. And I do not have the data, but it just –- again, if there is
not a current health issue of some kind, other things like the economy or other
things, just take over. But we will have all that written up shortly.

MR. HOUSTON: Just back to the e-visit for one second, one of the things that
we are finding very clearly is that there are certain types of visits that can
be done by e-visit. And the savings seem to be very dramatic. Other ones, there
is no difference. It seems as though they are not well suited for e-visits. I
just think, in terms of trying to look at efficiencies and productions, that it
is really an interesting area.

MR. SCANLON: I agree. It is an area I think we would want to look in to.

MR. REYNOLDS: Karen, are you prepared to give the CMS update please?

Agenda Item: CMS Update, Karen Trudel, CMS

MS. TRUDEL: Harry, I will provide a caveat in advance, and that is that I am
having a certain amount of difficulty understanding almost everybody but you
and Jim. So I am going to have some difficulty when we get to questions.

Let me start with the reason that I am not in the room with you today —
that we are moving towards some critical phases in developing the proposed rule
for the Medicare and Medicaid Incentives Program for EHR meaningful use. We are
currently still on target for our December publication date. There will be a 60
day comment period and we are anticipating the final rule will be published
sometime around May of next year. And I know there is a great deal of interest
in the definition of meaningful use. Obviously, I cannot say too much about it,
but we have used very heavily the background materials that we were provided
and recommendations from the HIT Policy Committee, the Standards Committee and
the NCVHS in the hearings this last spring, to try to establish an attainable
level of meaningful use for 2011, then establish a mechanism for moving forward
and raising the bar in 2013 and 2015.

In addition to meaningful use and establishing these criteria, there is an
awful lot in this regulation. We will be developing all of the program
requirements for Medicare and Medicaid and Medicare-Advantage for eligible
professionals and hospitals. We will provide proposals on how providers will
sign up, how they will report, when payment will be made and how that will
work. There will be a lot of coordination to prevent duplicate payments and we
are working very closely within HHS and CMS, working very closely with the
Office of the National Coordinator, and inside CMS to make sure that the
Medicare and Medicaid and Medicare-Advantage programs are as picked up as they
possibly can be based on the law.

We will also be talking about what the quality measures are going to be and
how they will be reported. So this is a fairly significant regulation and I
just want to say again, that as of right now, we are still on our timeline for
December publication.

Moving on to HIPAA security, I think some of you are probably aware that the
security enforcement function transferred to the Office for Civil Rights from
CMS effective July 27. That essentially was prompted, in part, by some of the
provisions in Title XIII of the HITECH Act which established additional
requirements for security training and also compliance reviews and audits, so
all of the process will be in OCR at this point. We are moving over some of the
processes that we are in the middle of. We are completing a set of compliance
reviews and moving the results over to OCR.

Moving on to e-prescribing, we are still working with the DEA along with the
Office of the National Coordinator on their final rule on controlled substances
in e-prescribing. We are having some in depth discussions with them. These are
not easy issues to resolve and there are lots of balances to be maintained. So
this is a process that has been longstanding, but I just that we are continuing
to work the issues and make some progress.

Also we are, as a result of the NCVHS requirements, moving forward with an
interim final regulation on MTPDP 10.6 which would allow the voluntary use of
10.6 along with the current version in our backwards compatible process. We
think that is probably going to happen sometime early in 2010.

Moving along to ICD-10 and 50-10, we are completing an analysis which will
be, I think on our website in the next few weeks, a more in depth assessment of
the CMS business practices –- which ones are affected, how they are
affected, which ones are affected the most, what is RIF and most importantly,
what are some of the opportunities to reengineer our business processes, based
on to take advantage of ICD-10, so that will be on our web fairly soon.

We are also in the process of setting up a program management office and we
have a contractor on board that is developing a comprehensive outreach plan.
And we will be looking to NCVHS to help us with monitoring the progress of the
industry on implementing the 50-10 and ICD-10. We are going to be working with
you at this meeting to start setting that up.

The last thing I want to mention is health reform legislation. I am sure
everybody has seen the fact that many of the proposals, including the Finance
chairman’s mark, include sound administrative simplification provisions. There
is a lot of interest in moving into the realm of operating rules. There are
also provisions having to do with electronic funds transfer and other standards
that seem to be something that will actually help all of the administrative
simplification pieces that are already in play link up and really provide a
greater degree of return on investment. So we are looking at that with great
interest and anticipating that any legislation may well contain some
administrative simplification provisions. That concludes my remarks and I will
make every attempt to answer questions.

MR. REYNOLDS: Okay, questions, comments from anyone? Okay, Mike.

DR. FITZMAURICE: Karen, this is Mike Fitzmaurice. Will the CMS business
practice report be public?

MS. TRUDEL: Yes, it will. We are in the process. There may be a few things
that we will need to redact because they may affect some program integrity
business processes that we do not necessarily want to make public. But
everything that we can share, we will.

DR. FITZMAURICE: Thank you, Karen.


DR. SUAREZ: Karen, this is Walter Suarez. I have a question about the claims
attachments rules. I know there is some mentioning of those on some of the
reform legislation. There are also some reactions or comments made about the
possibility that instead of being moved through the traditional HIPAA
rule-making process, they could be switched, so what ONC does with respect to
standards harmonization. Any comments you can make about the claims attachments

MS. TRUDEL: The claims attachment rule, yes, is included and mentioned in
some of the health reform provisions. We had pulled that out of the regulation
schedule while we were working on ICD-10 and 50-10 so that we did not,
inadvertently, place too much of an implementation burden on industry at any
one time. We have not actually discussed how to put it back on and when to do
that but keep in mind that if we are working with claims attachments with our
current legislative authority, the notice and comment HIPAA rulemaking process
is the only way that these can become standards that are applicable to the
healthcare industry as a whole.

MR. REYNOLDS: Larry Green.

DR. GREEN: Could you say more, Karen, about your report about security being
transferred to the Office for Civil Rights, if I understand that correctly and
particularly whether or not there are any implications for NCVHS in that

MS. TRUDEL: I am sorry I missed the last part — any implications for what?

DR. GREEN: NCVHS and the way we work.

MS. TRUDEL: NCVHS? Okay. Well I think that the re-delegation makes sense on
a number of levels because privacy and security are so synced together. So we
had a situation where OCR was handling privacy complaints and CMS was handling
security complaints basically generated from the same incident at the same
covered entity. And we had what we called a dual process that we used to keep
ourselves coordinated. But there was a certain amount of overlap and a certain
amount of administrative overhead associated with that and so this actually, in
a sense, will streamline the process. Complained against entities should not
notice the difference, except when there is a correction action planned that is
open, that CMS has been monitoring and we have informed all of those entities
that their corrective action plans will now be monitored by OCR. I do not know
that there are any implications for NCVHS, except that this now sinks up better
with the fact that the Privacy and Security Subcommittee will be dealing with
that one office primarily.

MR. REYNOLDS: Okay, any other questions?

DR. HORNBROOK: Karen, this is Mark Hornbrook. This is kind of a far out
question. Is there anything in the long range to deep planning for CMS that
would allow beneficiaries to download the claims data into their PHR for

MS. TRUDEL: No we do not have specific plans going on in that regard. Again,
I was having a little trouble hearing but I know that Jim Scanlon did talk
about our pilot in South Carolina and in Arizona and in Utah and in a sense
that is exactly what those beneficiaries are doing. There are downloading
claims data, or claims data is being downloaded on their behalf, into their
PHR. So discussions about how that could be rolled out on a widespread basis
and how we would begin to staff and support that into the future are things
that we have looked at in a sense, but as I think Jim pointed out, we do not
have political leadership at CMS at this point and we certainly would want to
know what direction our new administrator had on the topic of PHRs.

DR. HORNBROOK: Thank you very much.

MR. REYNOLDS: Okay any other questions? Karen, thank you. It sounds like you
have got a little bit to do, so you need to get going.

MS. TRUDEL: Thank you.


We have a new visitor. Dr. Steinwachs, would you introduce yourself please.

DR. STEINWACHS: Don Steinwachs, Johns Hopkins University, member of the
Committee, no conflicts. Good to be here.

Agenda Item: ONC Discussion, Harry Reynolds,

MR. REYNOLDS: Since we are running a little ahead of schedule and the
sidebar is finished we will proceed. I thought I would go ahead and update you
on our meeting with ONC so that for the rest of meeting and for the rest of the
two days, you can keep that in consideration as you are going through what you
did. I will just walk you through what we put together as a piece of
collateral. I am not going to share it because it was a discussion paper. It
was to start the discussion and to make sure that we at least had our position
stated. We talked a little bit about NCVHS strengths -– things like
visiting the future, framing an issue, some of the stuff that we wrote to the

So we had written an introductory letter to the Secretary so that is some of
the things that we listed -– being able to frame an issue, identifying
consensus, and evaluating and forwarding standards. We reiterated our process,
which was clear, but it is always good to reiterate those things when you are
talking about building a collaboration. The fact that that process has worked
over and over again, including the meaningful use hearings, which were the most
recently conducted on behalf of ONC. The kinds of things that we did in the
NCVHS ONC relationship, the very first one, is the fact that we recommended
ONC, so that is always a good place to start. So we are still sticking with our
story there. The functional specifications we did and then obviously the
meaningful use.

In the near future, we felt that things like the Data Stewardship Primer
that we are going to be covering tomorrow, obviously, fits nicely into as they
continue to move forward, this whole story of privacy and stewardship of data.
As you know the gentleman that is going to be joining us that Jim mentioned,
was the one that talked about, in the Southwest, that the Medicaid environment
would be the stewardships of the individual Medicaid members’ data. So those
are the kinds of things that we continue to put forward out of our documents.

And then, our privacy body of work that we have done over time, which still
much of it resonates, and by the way, John Houston actually did present to the
ONC Policy Committee the other day.

So again we will continue to build our collateral. We will continue to deal
with the subjects that are important. And then we will let them be used by
others whether it is ONC, CMS or the general industry as to how to make things

Meaningful Measures, which is a quality group, has set up for October
hearing. The interesting point there is if you look at the meaningful use
document and you look out at 2015, it now says efficiency measures TBD. The
Subcommittee will be addressing what that TBD might look like and obviously it
would be a great piece for ONC to either build on and/or pick up, depending
upon how specific we become, pick up on and in fact, incorporate into their
work as they are setting out the incentives and what meaningful use is 2013,
2015 and so on. So that is another good synergy.

And then everything that has been going on about this engaging patient
populations, with what you guys have been doing on Population Subcommittee and
some of those things including the medical home and others, things that very
much are the interest of both.

I listed here some of the things 2010 and forward that we were working on.
Obviously 50-10 ICD-10 we need to keep track of that. That is, by charter, one
of our key things. The other thing though that is important there is that, and
Karen reiterated — I do not remember if Jim did — it looks like more and more
people are trying to discuss getting the thinking about ICD-10 into meaningful
use. This whole thing about putting in new systems in doctors’ offices, setting
up all these things and not taking that into consideration as you are going
along, does not seem like it is going to go well.


DR. SUAREZ: Yes, but ICD-10 is actually not really the recommended
vocabulary standard or clinical documentation, so –-

MR. REYNOLDS: It was not the recommendation that ICD-10 be the clinical
standard. It was the recommendation that as everybody is out there changing
these systems, that making sure that you are doing these things in concert so
that you do not go back and undo what you had to do — that is one of the

MS. GREENBERG: Actually, ICD-9CM and its replacement ICD-10CM is the
recommended administrative standard and I think the important thing, from what
you are saying, is that it needs to work well with the clinical standard. And I
think some of the international and domestic work that is going on about
mapping between SNOMED CT, which is the clinical standard, to ICD-10 is really

DR. SUAREZ: No, my comment was primarily to point out that absolutely, there
is ICD-9 and now ICD-10 for administrative transactions and for purposes of
administrative exchanges but the recommendations from the Standards Committee
was to accept both ICD-9 and ICD-10 between now and 2013, or by 2013 only
accept SNOMED for purposes of qualifying clinical information and exchanging it
via EHRs and HIEs. So after 2013 the expectation is that no exchange for
clinical purposes from EHR to EHR across an HIE would use ICD-10, it would use

MR. REYNOLDS: My point is that administratively, that sounds good for the
learned, but as each doctor’s office is trying to deal with it or others, all
we are saying is make sure that all these things are playing in the same
environment. Make sure people understand. I am not overselling. I am not a
clinician and I am not trying to be. It is the kind of thing that is being

MR. HOUSTON: I have a question more basic than that. I have this lingering
concern over this whole idea of meaningful use and how granular should
meaningful use be defined because when you have hundreds or thousands of
providers, in trying to come up with criteria that are measureable reasonably
across that size of a population, how much depth can you afford to get into and
secondly, what standards should be incorporated into a PHR? I thought this was
more of a certification question for the vendor and their products rather than
one which would relate to meaningful use. I do not know if I am being clear. It
seems like there are two pieces, EHR certification and then there is meaningful
use and I would think that would fall under EHR certification.

MR. REYNOLDS: Again, I was mentioning it; I was not putting it on the


I am talking about the conversation that we had and talking about how the
ecosystems being changed to anybody -– I am more than happy to have
anybody go deeper. So I am mentioning to you the kinds of discussions that came
up in the ecosystem and how are we all working in the ecosystem. I do not
disagree with anything that is said, and John, to your point, one of the
reasons out of the hearings that are going to go on in October as there is a
definition of things like efficiency measures, meaningful measures for 2015,
the practicality of those, the reality of those and other things are the kinds
of things that we are going to be working closely with ONC and I would like to
welcome Dr. Friedman.

Yes, Marjorie.

MS. GREENBERG: Well, I have read the meaningful use matrix and everything,
but I think Walter’s comments really make me focus on it more. I think this is
an area that the Standards Subcommittee really has to look at. When you think
of all the concern, and still there is concern out there about challenges of
transitioning to ICD-10CM and ICD-10PCS and the massive efforts that CMS is
undergoing and everything, by 2013 and then you think of the assumption that by
that same time in order to meet the criteria for meaningful use everyone will
be using SNOMED CT. And very few people are currently using SNOMED CT. It is
mind boggling.

MR. REYNOLDS: Walter, one more comment on this –- I think Mike and then
Walter. Again, I am giving you an overview. We can dive into this in our later
discussion. As I said, we are having the standards hearing in December to go
through 50-10, ICD-10 everything about implement, and then how it plays, where
it plays and so on. So we were working on the questions for that this morning.

DR. FITZMAURICE: John Houston raised a good point about precision. I think
for meaningful use reporting and getting incentive payments, you have to be
very precise. When you are talking about exchange of clinical information, the
doctors or the medical professionals at both ends have to understand what they
mean. I think Marjorie is right, I think there is a role for the Standards
Committee in looking at what is possible with SNOMED, working with NOM who is
the U.S. representative for SNOMED domain in the United States, to give
guidance to SNOMED as to, here are some gaps that really need to be filled and
to work through NLM to identify the gaps and get those filled. It may take
hearings to identify those gaps.

MR. REYNOLDS: Walter, last comment and then I will move forward.

DR. SUAREZ: Yes, just a quick point to clarify one thing and then to John’s
question about granularity. The requirement is not really that SNOMED CT will
be running natively inside an organization. The standards recommendations are,
for the most part, applicable for exchanges between organizations. The only
ones that they dived deeply into the organization, inside the organization, are
some of the security and privacy requirements that require identification,
authentication, audit, control, things like that, that have to go inside the
organization and establish some requirements. But all the other standards for
meaningful use are related to the exchange of information.

So yes, potentially, an organization will not have to run natively inside
the organization SNOMED, but whenever they are going to create a message to
send out on CDA or CCR or whatever they use for exchanging a summary record,
then they will have to convert whatever they have inside. It could be Excel
files, for all I care, but they have to convert them into SNOMED CT.

MR. REYNOLDS: Opportunities.

Chuck, why don’t you introduce yourself so that if you make any comments, we
will know that you were here.

DR. FRIEDMAN: Sure, sorry I am late. I am Chuck Friedman. I am, at the
moment, the Deputy National Coordinator at the Office of the National
Coordinator. I think as a lot of people know, ONC is undergoing a
reorganization which is not yet fully complete. When that organization is
completed , I will move into a new position as ONC’s Chief Scientific Officer.

MR. REYNOLDS: But, you are the liaison to NCVHS.


DR. FITZMAURICE: That will not change. I heard that from David, so I thought
I would pass it on to you, because otherwise, we would not take any of your
comments seriously.


DR. FRIEDMAN: Thank you.

MR. REYNOLDS: So the next thing that we talked about is obviously, and we
got a lot of discussion on that today, the whole 21st century health
statistics. Everything that we are doing there, the updating of the document,
we are going to hear more on that today. Those are things that we need to
continue to drive. Those are the things we need to continue, that is that
visioning of the future and some of the things that we need to keep going so
that we keep something out in front. You know, there is a lot of implementation
going on, but there is other stuff to come and that is what I think we will be
able to do nicely there.

Some areas we figured that we had discussed that there would probably be
some overlap is the area of population health. Really from the standpoint, I
know, that in speaking to David, they are very interested in coordinated care,
the medical home, so we had already done a lot of work on that. So making sure
that we keep ourselves at least philosophically together as to what we are
doing and how far out in front we are and where we are and where we could do
some things jointly.

We talked some about the possibility of having some of our staff in some of
their hearings at points planned or vice versa. So we could split up the work
and look at some things to do there.

Quality, from a standpoint, obviously, we mentioned the hearing where we may
be starting to work on the 2015 column and then they could pick it up and be
part of it after what the quality group is doing.

Privacy, we have already talked about that a little bit. The letter that we
are going to be doing today, obviously, fits right into this whole idea of
where they are going.

So you can see there are a lot of synergies but they are into implementing
and making sure these things happen within this time frame and we need to make
sure that we keep the things that we do.

Obviously, we have got to keep an eye on e-prescribed care and mentioned
still working with the DEA. So that is one of the things that is most important
to us. But it sometimes is mentioned in some language if you look at the
meaningful use so there is no subject right now that all of us are not writing
the word down one time or another. It is just where do we play, how do we play
and what do we play that is really the key thing.

Also the new administrative simplification requirements, and I will play off
of some things that both Jim and Karen said, if you look at all the main Bills
right now that are out there, NCVHS is prominently noted as well as ONC in
certain cases. So we are both prominently noted in the process. We are still in
the spot where we want to be which is, you know, using our process, using our
knowledge and then recommending things to the Secretary. So that is still
clearly in there.

There is a thing called operating rules that is now mentioned on a regular
basis where, different than in the past, you would have a rule come out. Let’s
take — Walter asked a question on claims attachment, so the rule would come
out but then there would have to be operating rules actually adopted because
one of the things we wrote in our letters on HIPAA from this committee, was
everybody implemented the transaction and implemented the package, but we
really did not do business. If you took eligibility you could answer yes or no
and you would be HIPAA compliant, but that is not really the business of
knowing whether somebody is covered when you go into a provider. So that is in
there, looking at a range of 12 to 18 months after a regulation would come
through, that there would be operating rules applied and then that would be
considered compliance. Okay not just a compliance with the package, compliance
with the package and the rules would be compliance. Then you would have the two
to X years, whatever, to decide to actually implement it.

The four main transactions that are flowing through right now are electronic
funds transfer, eligibility, claims status and remittances. They are in most of
the Bills. They are prominent and they are the ones where it looks like people
feel you can drive the most.

So the other things we talked about on our relationship is regular
communication which we continue to do and obviously we have Chuck as our
liaison, so that will continue to occur and so on.

ONC is a customer at times which has been the case with meaningful use.

The autonomy, when prudent, are chartered. So we have certain charters and
there are other things that we may prudently decide that we want to move out on
and we would use the appropriate courtesy to talk that through, but we will
have our spots where we feel comfortable.

And then the coordinated overlap, obviously we do some work –- John
just went and testified – we share the same thing on stewardship and some
other things. And more importantly, one of the things that we spend a good
amount of time on is both committees have to be clear to the health industry as
to what we are doing. Because you see there are a lot of times guests are in
these rooms and there are audiences, and some of them are having to chase the
same subject two or three or four places to actually cover it. So if you are
somebody outside in the industry looking in, we are all doing a lot of stuff
but where do they go to understand and who has the ball and what does it mean
and who is producing the collateral and how does the process work? So that is a
thing that we are trying to work through that you know is somewhat confusing to
the general populous in the health industry as we do it.

The assignment that came out of there is that, and Chuck was not able to be
at the meeting, we are going to work with Chuck and Farzad and Paul Tang, the
reason is Paul is on both. So it is kind of good to touch base with Paul since
he is sitting in both rooms, making sure that we understand who has what ball.
And in some cases we may divide the ball in two depending upon the subject and
meaningful use, I think, is going to be that. Some of those pieces of
meaningful use, probably the further out pieces, may be exactly a great example
of that where we take the ball, roll it around a little bit and then decide how
big it is or what it is or what are the issues and then they pick it up and
actually move it closer towards pragmatic implementation at a certain time for
a certain reason.

With that, since Jim was in the room, I will stop there. You had asked us to
get together and we did and I think we have got a great relationship. I am very
comfortable that any of us could pick up the phone and talk to each other.
Chuck is here regularly so I think that we are pretty comfortable. So I would
say to you please be about your business. Please do the things that you know
are important. And if we get a sense that they do overlap in any way, we have
the appropriate process now to deal with it in any way we need to, at any time
we need to, for any way we need to. And if you see new faces at the table now
and then, we may be doing things collaboratively –- just another voice in
the microphone making a difference. So if we get into it any more than that, we
are overselling this thing.


DR. FITZMAURICE: Sounds like you had a really good meeting Harry, and I am
glad to see that there is going to be a good working relationship as we go

You mentioned prudent autonomy and I guess based upon respective charters,
we advised the Secretary on the other hand the two FACAs of ONC advice David
Blumenthal who advises the Secretary. So we all end at the same point, it would
seem, that some aspects of our charter would get us more into the agency
business such as NCHS or ARC where we are advising the Secretary with regard to
the specific programs that might be something ONC might choose not to do or
might choose to do through the ONC. So that there is a broader aspect to what
NCVHS does then what the two FACA Committees do. But the working relationship
is the most important thing.

MR. REYNOLDS: No question and that is why we put it down that way. I mean
HIPAA, we own HIPAA so there are some clear things and I think as we stay out
front in something like population health, staying out front will be important.
So that there are things to pick up and start turning pragmatic and I think the
thing that we have had in the past is if we got out front too far, there was
not anybody or anything coming behind to pick it up and do anything with it.


DR. FRIEDMAN: O’Hair, now that you reassure me that my comments will be
taken seriously –-

MR. REYNOLDS: You are on the record that is all you needed to know.

DR. FRIEDMAN: So you may have brought this up earlier in the discussion, but
I would like to re-raise a point that was made at the last meeting of this
Committee. I am not sure if it came up at the meeting with David and Jim and
others, that unfortunately I had to miss, but it is the topic of data
integrity. I forget who on this Committee brought it up, the person who brought
it up introduced it in the context of having all of this information now in
electronic form. It is not a new problem, we have always had information. The
question of interest is — how accurate, how reliable, how reproducible is it?
And that really rang a bell with me so much so that I even remembered it a few
months later.


So I just wonder irrespective of whose agenda it is on it certainly would
seem to fit very nicely with the agenda of this Committee, whether that should
be an item that goes on some list, somewhere. I did not see it on any of the
slides for the meeting.

MR. REYNOLDS: Well I would say that that fits nicely into everything that we
have talked about on the whole data stewardship and so on.

I saw another hand –- Larry.

DR. GREEN: In light of information, Harry, and progress in structuring
things, I would just like to ask for consideration somewhere down the line,
that we structure some sort of exchange that goes beyond burdening Paul with
holding one seat on each Committee.

MR. REYNOLDS: We are using Paul to start the list with us. Paul is not the
conduit for NCVHS sharing information with ONC. It is just that we have got
somebody sitting at both tables and as we make our initial list, and get going
here and make sure what is what, David just asked that we consult with Paul.
But no, Paul will not be the liaison –- for example, John went and
testified on PHR. We will have the appropriate liaisons. If we are sharing
anything with ONC, it will be the appropriate liaison from the Committee. It
will not be just because Paul is on both.

DR. GREEN: Good. I think that is only fair and right. Again, what I would
ask for some consideration to, I do not have a clear idea here Harry, but I am
not asking for something specific here. As I look at the agendas for the Policy
Advisory Committee and I look at our agendas, I just see rich opportunities
emerging where I suspect that we will do better working in sequence and
together if we have just a little bit more exchange between our two Committees
in some manner and I do not know what that is.

MR. REYNOLDS: And I would say this, we are comfortable with that at the
leadership level. I would love for you guys to make sure that you help me at
the Committee level. We agreed to meet, we agreed to set up a structure, we
agreed to make sure the doors are open. There are no agendas other than making
a difference and so I look forward to comments now. As I said, you guys need to
be about your business. I am really anxious for you guys to help figure out
what that could be. I do not think that there is any question –- David
said it and we said it –- there is no question that there would be times
if there were things going on at ONC where we feel we do have a richness of a
background and or have done something to have our people play and vice versa.
So all the opportunities are there, we have just got to figure it out. I was
not going to set down a prescriptive list of exactly how we would pull all of
this off. We tried to make sure that CMS and ONC and NCVHS were in the room and
we tried to understand them.


MS. GREENBERG: Does the Policy Committee have any kind of like Executive
Subcommittee? I realize they are much newer and actually took, as the historian
here, I think it took about 40 years for the National Committee from its
inception to develop a Executive Subcommittee, but we are in 24/7 real time now
and so those were the old days. I wondered if they had any group like that —
sort of a leadership group or if the Chair meets with the Subcommittee or work
group or whatever Chair, because that would be a nice opportunity for the
Executive Subcommittee of the National Committee to have a half day meeting
with their smaller leadership group of that Committee. So it might be something
to think about.

MR. REYNOLDS: Chuck I will let you comment and then I will comment.

DR. FRIEDMAN: So the idea is interesting in concept. I am thinking that the
Policy Committee, although others could correct me, does not have an Executive
Subcommittee at present. It is also chaired by David who is obviously a Federal
employee. The Standards Committee does not, also to the best of my knowledge,
have a formal Executive Subcommittee but is has more of a collegial leadership
model. So there is something closer to it on the Standards Committee. I think
one idea would be to quote this up as a possibility and see if, for the purpose
of having this exercise, something that serves to function in the case of the
two ONC Committees could be created purpose specific. So I certainly would not
rule it out as a possibility but there is no obvious receptor site for it in
the structure of the two Committees as I understand it.

MR. REYNOLDS: The other thing I think we heard loud and clear from David and
I think it was again a very cordial and open discussion and I thought very
fruitful, is that and if you heard Karen today by May 10th there is
going to be a clear and precise definition of everything related to meaningful
use that people are going to start getting money for. So there is no question
that ONC has to keep their eye on that ball.

Now what we also heard clearly, was privacy is extremely important because
if you are going to implement all this stuff between now and 2015, privacy is
key. So we will always be bound philosophically in privacy. I mean because it
is a subject that does not go away no matter what the technology is.

The second is disparities — ICD-10 PHR is obviously core because when you
start doing these EHRs and then you start rolling off the PHRs now, do they
have a meeting in the next 12 days over PHR? I do not think so. But remember we
are all implementing in the same space. We are all talking about the same
space, so let’s play on.

If I go back to when I was co-chairing a Subcommittee we would take this and
we would come up with a plan as to what we think we should be doing and then
whoever we meet with, whether David alone, David and Chuck, David, Chuck and
three people that work with them, I am fine with that. You should not be
waiting anymore. That is what we did this for -– to not wait –- the
game is on, the game is open and we should be able to play, especially in our
sweet spots, and oh, by the way, if it is questionable, we have got the right
open communication to say who has got it, how do we do it, we take it first and
then you and then us. It does not matter.

MS. GREENBERG: I was just thinking that there might be some value in having
a little face time with actually some of the members of these Committees
because at a staff level, and it is a little different obviously with the
chair, and the standards has co-chairs right? — but sometimes it is easier to
collaborate when you have had a little bit of face time.

MR. REYNOLDS: What I heard, they are moving full speed. I do not think they
are at that point to start talking about that kind of stuff.

Walter and then we will close this out and take a break.

DR. SUAREZ: I think it is great that we can go along and play along, but I
think it would be helpful to create a pictorial roadmap of what are the areas
where we clearly have our own space, for example population health, I do not
think the Policy and Standards Committee are necessarily focusing on that. On
the other three areas that we work on privacy and security standards and
quality, there is quite a bit of overlap. For example the Friday hearing on
policy was all about privacy and security and the mode of doing it was very
much like we do, which is a hearing. So I am sitting in the back and I could
picture our Committee holding that hearing rather than them. So there are some
areas where there is clear overlap and we should define what kind of space we
play on and overall we play on.

And then, in those same areas where they deal with policy issues and
standard issues there are some spaces where they are clearly not going to touch
on directly, like EHRs is one example, where they are going to deal in EHRs
primarily, standards for EHRs — all there is related to EHRs. They are not
going to deal with PHRs, so that is not an opportunity for us. I think we can
think of a number of examples where we can identify clearly these are areas
where we can contribute without creating duplication or significantly overlap.

MR. REYNOLDS: That would be the assignment to all of you in your breakout
sessions as Subcommittees. As I said, be about your business please. If there
are any overlaps or issues, we will cover them. And I would add Walter that the
richness of that hearing they had the other day was enhanced by the fact that
John could bring in our work to add to that.

So here we go. Please do not wait -– game on.

With that, let’s take a 15 minute break. Thank you.

(Brief recess)

MR. REYNOLDS: Okay. In the spirit of preparing documentation to be used in
new and different ways, I am going to introduce not Mr. Reynolds as it says on
the agenda, but Mr. Houston and Dr. Francis to discuss this opportunity that we
have in front of us. With that, please.

Agenda Item: Privacy PHR Letter. Leslie Francis and John
Houston, Privacy Subcommittee

DR. FRANCIS: Thank you. I am Leslie Francis, Co-Chair of the Privacy,
Confidentiality and Security Subcommittee. As you all know, we held hearings on
personal health records last spring. We have been working all summer on this
letter including conference calls and I am pleased to report, given what you
may know about the diversity of opinion on the Privacy, Confidentiality and
Security Subcommittee, that this draft has the full agreement of all members of
the Subcommittee — including Paul who is not here and Walter who is here,
Harry, John, myself and Sallie Milam who is a member of the Privacy,
Confidentiality and Security Subcommittee, although there is an error in the
Subcommittee listing in the materials provided to you.

So this is a very time-sensitive topic because of the recommendations that
will need to be made by February under the ARRA. Without further adieu, let’s
open the discussion. John is going to start reading text.

MR. HOUSTON: Actually, we will be more than happy to accept it without any


MR. REYNOLDS: However, the process would not allow you to do so, so you will
continue with your reading.

MR. HOUSTON: I will read. It is a bit of a long letter but nonetheless.

Subject: Protection of the Privacy and Security of Individual Health
Information in Personal Health Records.

Dear Madame Secretary:

A Personal Health Record (PHR) is an electronic record of PHR identifiable
health information on an individual that can be drawn from multiple sources and
that is managed, shared and controlled by or primarily for the individual. PHRs
may take different forms and are rapidly evolving. In some cases, the PHR is a
“portal” view into a provider’s electronic health record (EHR). In
other cases, the PHR is created and operated by a third party (generally not an
entity covered by the Privacy Rule promulgated under the Health Insurance
Portability and Accountability Act (HIPAA), which is not regulated or subject
to HIPAA protection. Consumers (including patients) often do not fully
understand the extent to which their information is protected by law and may
inadvertently consent (e.g., through an “I Agree” button) to
information sharing and use. Due to these types of concerns, the American
Recovery and Reinvestment Act (Recovery Act) requires a report to be prepared
by the Department of Health and Human Services (HHS), in consultation with the
Federal Trade Commission (FTC), that recommends privacy and security
requirements for PHRs that are not operated by HIPAA covered entities. This
letter contains recommendation from the National Committee on Vital and Health
Statistics (NCVHS) about the privacy and security of PHRs for HHS to consider
when creating this report, or considering other policy changes.

DR. HORNBROOK: Can we take this by paragraph or how is your process?

MR. HOUSTON: Yes, by paragraph.

MS. BERNSTEIN: Is it big enough for everybody to see up here on the screen
that is in the room?


DR. HORNBROOK: Francis and John, questions of clarification. In passing in
this paragraph, it seems to imply that a PHR is a web-based entity and
therefore you are dealing with a situation where some web service somewhere has
this data in it and there is ambiguity about who can use it and who can access
it and who owns it and none of that is stated. I do not know whether this
applies to paper PHRs, because somebody could carry around a piece of paper in
their pocket or in their wallet, in fact, Blackford and I were talking this
morning about the need that all of us should carry a PHR in our wallet in case
you are unconscious and brought to the ER. So none of that is conditioned here
and it seems like it would be a good thing for clarity purposes to state that
this is electronic, that it is or is not web-based -– it is not based in
an electronic card that you carry with you, it is not based in some sort of
hardware I am carrying with me like a thumb drive or anything. Is that true or
wrong? Am I on base?

MR. HOUSTON: The definition that we are using, by the way, which is the
definition from the Recovery and Reinvestment Act, does say an electronic

DR. HORNBROOK: Is it an electronic of any form? Do you take it that way?

MR. HOUSTON: I guess it could be a lot of different forms. I think the
assumption is that most of them are web-based. I understand your point.

DR. FITZMAURICE: It may be just by putting a sentence in there saying that
we are going to focus on the electronic health record, realizing that there are
other kinds of health records that people may carry around with them to help
them in an emergency.

DR. HORNBROOK: Well if we are dealing with web-based that is fine. I just
was not sure whether you wanted to go beyond that or not. If you do not want
to, that is fine with me. I have no problem with it.

MS. BERNSTEIN: Are you suggesting that people could be using dial-up
directly into their provider tethered PHR -–

DR. HORNBROOK: Thumb drive –- they could be carrying it around with
them on electronic form in their person. Do we care or not? I do not know
whether we do or not.

MS. BERNSTEIN: That is included in this definition I think. It does not say
web-based. It just says electronic.

DR. FRANCIS: This covers all electronic.

DR. HORNBROOK: Okay. Another thing is, actually two things, one is that
people likely have multiple providers. So the whole point about the benefits of
a PHR is you link across independent providers whose records are not linked

MR. HOUSTON: If you will see in here there is discussion about
interoperability. So, it is later in the latter.

DR. HORNBROOK: Well, it is just a portal view into a providers, paren
“‘s” when it could be “s'” records.

DR. FRANCIS: Well, that is only one example of a type.

DR. HORNBROOK: But you are signaling to whoever is reading this that you are
dealing with a one to one relationship and you may not -– you may be
dealing with a one to many relationships. That is just a question of setting

MR. HOUSTON: I think it is fair. We will change providers with –

MS. BERNSTEIN: Where are you? What line are you on?

MR. HOUSTON: On the 5th line — a “provider’s”
electronic health record –- into providers plural, rather than a

MS. BERNSTEIN: I think the point there is what Paul was trying to say is
that this is an example of the sort that they have at Palo Alto where it is
tethered to an EHR and you are just having a view as opposed to one where you
do in fact have multiple sources.

DR. HORNBROOK: Correct. That is correct.

MS. BERNSTEIN: I want to make sure I am not messing with Paul’s concerns.

MR. HOUSTON: No, I do not think you are.


DR. HORNBROOK: I think we want to include the concept of one to many even
though one clear example was a tether which is an excellent example. I am not
saying anything about that.

MR. HOUSTON: I do not think it changes Paul’s -–

DR. HORNBROOK: It is just a question of flow of the naïve reader into
it. You do not have to wait to get to the rest of the letter to get a context

The final point is do we want to say and I do not know about this really, do
we want to say anything about the benefits of PHRs? This is all pretty
threatening, threatening -–

MR. HOUSTON: This letter is specifically to privacy and security. I think we
could probably add another hundred pages if we want to talk about the benefits

DR. HORNBROOK: No, I am thinking editorially. I mean acknowledging that
these things can have benefit as a way of simply saying -– we are trying
to deal with something that is going to be beneficial to patients and consumers
and their families and yet we want to protect them in this process. We are not
dealing with something that is being created just to make things evil, although
a lot of this letter deals with pits of evil.

MR. REYNOLDS: I believe we did hear testimony to that.


DR. SUAREZ: On the second page actually we talk about the benefits.

DR. HORNBROOK: I am just trying to deal with the issue that you have the
Secretary’s attention and you want to set the tone of the letter correctly at
the very beginning and you want to be balanced, you want to be insightful. Do
you want to point out exactly what you are doing? I mean, you are almost there
-– that is all I am trying to point out.

MR. HOUSTON: I will tell you what -– I have a suggestion then — about
halfway down there is a sentence that starts consumers and then in parenthesis
including patients. Why don’t we say, while there are substantial benefits to
consumers –- before that say, while there are substantial benefits to
PHRs, consumers including patients often do not fully understand the extent to
which their information is protected by law or may be inadvertently consented
to information sharing and use.

DR. FRANCIS: Why don’t we say health benefits to PHRs.

MR. HOUSTON: We can wordsmith this just a little bit more.

MS. BERNSTEIN: Can I make a suggestion? One of the things we talked about
that did not get in here was to have before this paragraph a statement that
says hello here is why we are writing to you. This letter makes recommendations
and we might have some introductory sentence that says about PHRs -–
because this sort of launches right in. Most of our letters have something that
says up front we are writing to you for the following reason –-

MR. REYNOLDS: And we will assume that the Subcommittee will do that and
bring that back tomorrow and it will enhance the tenure of the later, not try
to change it.

Justine, and then Judy.

DR. CARR: I would just try to speak more strongly to the benefits and I
would actually put something in right after the first sentence and say PHRs
have benefits in the following ways as opposed to just having it as a kind of
qualifier of saying something bad.

MR. HOUSTON: We will add an introductory statement.

MR. REYNOLDS: Judy and then Marjorie.

DR. WARREN: So up in your first sentence, you are saying a PHR is a PHR. Is
that PHI instead of PHR?



DR. WARREN: Okay you refer it to a definition below as a direct quote and it
is not a direct quote. So if you are paraphrasing it, take off the quotes.

DR. FRANCIS: It is a direct quote –-

DR. WARREN: No, it is not. Bottom says electronic health record of
individually identifiable health information. The top says electronic record of
PHR identifiable –-

DR. SUAREZ: Two different sources.

DR. FRANCIS: No. There are two different sources. The definition comes from
the FTC 163 CFR 318, the statutory language is from ARRA which is a different

DR. WARREN: Okay but you have got the same footnote. You say it comes from
number 1 and you have that down there, maybe the footnote is the one that is
confusing. But anyway, to me, I keep reading a personal health record is an
electronic record a personal health record. And you do not want to define
something with its own phrase.

MR. HOUSTON: To Judy’s point, why don’t we say this –- a personal
health record (PHR) is an electronic record of and then strike the PHR and then
put the opening quote before identifiable. All you are doing is truncating
slightly the definition to make it more readable.

DR. FRANCIS: Why don’t you take out the electronic though?

MR. HOUSTON: No, leave the electronic in there and take out PHR on that
first line, the second instance of the acronym PHR. Delete PHR there. I believe
it still encompasses the definition.

DR. FRANCIS: Yes, it does.

MS. BERNSTEIN: Do you want to put a little compare down here in the footnote
so we know we are comparing two different definitions?

MR. HOUSTON: Marjorie, go ahead.

MS. GREENBERG: You addressed this John but on the other hand when you start
a sentence with “while” it always looks like what? And I was looking
at the second paragraph on the second page where it says the committee noted
that PHR systems were evolving rapidly and served a variety of beneficial
functions for consumers and their caregivers. I think that sentence could be
moved up to this first paragraph even saying if you are introducing the
National Committee that the National Committee, whoever it is, has had a
longstanding interest in these PHRs and has noted and you already say they are
evolving rapidly and take many forms so just take that sentence out of the
first paragraph and then you can get into some of the concerns but I think that
will set the stage nicely.

DR. FRANCIS: We will do that.

MR. REYNOLDS: Also one comment I would like to make and I would like to ask
the Chairs before we go any further, so as you said, this letter as it is and
the beliefs in this letter have been approved by the Subcommittee? Is that


MR. REYNOLDS: Then as individual lines or other things are addressed, I
would rather not have individuals in the Subcommittee identify that somebody
that is here would have to defend against. So it is the Committee’s letter now,
then it should be addressed by the Subcommittee because if we go to individual
desires then it is not the Subcommittees letter anymore. It is only in there
because somebody wanted it. I am just asking that if the Subcommittee brought
it forward then whoever asks a question on the floor, the question is on the
floor and we deal with it.


MS. BERNSTEIN: Are you saying you do not want me to make the changes?

MR. REYNOLDS: I did not say I do not want you to make the changes. I am just
saying earlier there was discussion about what somebody wanted –- it is
either the Subcommittee’s letter or it is not. So all I am saying is the
Subcommittee brought this forward as an approved letter then please defend it
as the Subcommittee. You are defending it because you might be upset at what
somebody might say.

MS. BERNSTEIN: I am sorry. That was me. I will be careful.

MR. REYNOLDS: I do not care who it was. The point is that puts the person in
the room at a disadvantage and I choose not to do that. The Subcommittee
brought the letter forward. There is enough representation in the Subcommittee
to play this game. So let’s please proceed accordingly.

MR. HOUSTON: Okay. Let me continue reading then.

MS. BERNSTEIN: Marjorie made a comment. Do we want to address that comment?

MS. GREENBERG: You can just take that back to your Subcommittee meeting.

MR. HOUSTON: I thought we were going to take that into consideration.

DR. FRANCIS: Yes, we can take it back.

MR. HOUSTON: A lot of these comments we will just take back in raw form and
try and incorporate them in our deliberations this afternoon and bring it back
to the Full Committee if that is okay. I do not think we want to wordsmith

Prior NCVHS Activities regarding PHRs.

Over the past few years, NCVHS has made a number of recommendations about
PHRs specifically and about the privacy and security of individual health
information more generally. Most importantly, NCVHS has recommended that common
privacy and confidentiality rules apply to all entities that collect, retain,
use, compile, or disclose identifiable health information, under a
comprehensive federal privacy law.

In February 2006, NCVHS issued a report making general recommendations on
PHRs. In that report, the Committee noted that PHR systems were evolving
rapidly and served a variety of beneficial functions for consumers and their
caregivers, healthcare providers, payers, employers, and society more
generally. NCVHS recommended developing a framework for characterizing PHRs and
educating consumers based on that framework. NCVHS also recommended developing
privacy best practices for PHRs and a model notice of privacy practices in a
form that consumers could easily understand. For the many PHRs that are not
within the scope of the privacy and security protections afforded by
regulations under the Health Insurance Portability and Accountability Act
(HIPAA), NCVHS recommended voluntary adoption of strict privacy practices and a
policy of non-disclosure of information without consumer authorization. Since
that report, PHRs have continued to evolve, but guidance regarding privacy best
practices has been limited. For example, in December 2008 HHS published a set
of privacy principles for health information technology and a model privacy
notice for PHRs for comment. But, to date, a final model notice has not been


DR. HORNBROOK: Just an editorial, you do not need to repeat the full
definition of HIPAA. It is on the first page.

MR. HOUSTON: Yes, I recognize that thank you.

Okay, next paragraph.

In today’s market, there are many forms of PHRs. Some PHRs are portals
maintained by health care providers, through which consumers may view their
electronic health records (EHRs). In some provider-maintained PHRs, consumers
may only view information as entered by their health care provider. In other
provider-maintained PHRs consumers are able to enter their own information
–- for example, blood pressure readings taken at home, and depending on
the PHR design, the provider may or may not be able to access such
consumer-entered information. Other PHRs have the ability to download
information from EHRs maintained by the patients’ health care providers or
health plans, as well as to incorporate information entered by the consumers.
Still other PHRs are composed solely of information entered by the consumer,
for the consumer’s own use. In some forms of PHRs, consumers may also enter
information for purposes extending beyond their own use, such as sharing their
information with others who have similar medical conditions, or allowing their
information to be used for research. The recommendations in this letter are
intended to apply only to PHR systems and not EHR systems maintained by a
health care provider or claims systems maintained by a health plan, even if the
information from such systems can be viewed by consumers through a PHR portal.

MS. GREENBERG: Could you just clarify, so what are the ones that it is
referring to –- it is PHR only?

MR. HOUSTON: Here is the dilemma that we had or the issue that we were
trying to deal with here. EHRs get tethered to a PHR. There is often simply a
view into that EHR. And so then when the patient is viewing data within this
PHR they are actually looking at data that actually is -– it is not data
within the PHR, it is actually linked directly back to the EHR. So there was a
concern that if the patient could readily edit information within their PHR
that was actually simply a link back to their EHR, you could be affecting the
integrity of their underlying EHR. And if a patient needed to or wanted to
change information that was really within the EHR even though it was viewable
from the PHR, the patient needed to go through the process that HIPAA describes
which is go back through covered entity, contest the fact that that data is
accurate and go through the process to have it evaluated and if the provider
decided that the information is wrong, they are required then to change that
data, otherwise the patient certainly has a right to make a notation and things
like that. But that is the reason why we delineated the balance of this letter.

DR. FRANCIS: Can I add to that that is not the same as the distinction
between tethered and un-tethered. So this is not a letter that only applies to
un-tethered for the following reason. There are some tethered designs that have
both the opportunity for the consumer to view portal-wise into the EHR and the
opportunity for consumers to enter their own data. We try to be clear later on
that if the design of one of those systems and these designs vary too, that if
a consumer entered data formally becomes part of the EHR in those systems, then
it is EHR and consumers should be told that. On the other hand, if there is a
section where consumers can continue to muck around, it does not become part of
the EHR, but that might be viewable by a provider, that’s consumer-entered data
and subject to continued consumer editing change and so on. So the better way
to put the distinction is EHR/non-EHR rather than tethered/un-tethered. And
please, if you do see a place where we are not clear about that, let us know,
but that is the distinction we were trying to capture clearly

MR. HOUSTON: And it is very difficult to describe this and it was with a lot
of work to make sure we got it right. I am going to call up one person on the
Subcommittee, because Paul really worked with us on this because he deals with
this difference all the time. So we really tried to come up with terms that
were meaningful in describing this distinction.

DR. FRANCIS: Walter.

DR. SUAREZ: Yes just to add to that too, I also now with Kaiser work quite a
bit on these issues of PHR. The point I would like to make is really the fact
that data that comes to us begins to be a part of what we call protected health
information. So a lot of the recommendations that are listed in this letter are
recommendations that entities that are subject to HIPAA already are, in many
respects implementing or doing and actually doing far more than what is
recommended in this letter because a lot of the data is really in our hands
considered protected health information. So that is why most of these
recommendations based on that statement that we made apply primarily to EHR
systems but are not really linked to the EHR.

MR. HOUSTON: Does that explain things?

DR. CARR: This would lend itself to a grid. I just want to say that. What is
in and what is out and why. But I always say that.

MR. HOUSTON: Okay next paragraph.

Understanding the application of the HIPAA Privacy Rule and its limitations
is critical to understanding the current state of privacy protections for PHRs.
There are limits to the protections provided by the Privacy Rule, but consumers
may not understand these limits nor their significance for information patients
enter into PHRs themselves. For example, the Privacy Rule does not protect
information from certain disclosures for law enforcement purposes, but
consumers may assume their PHR information is completely private. Furthermore,
only PHRs that are created or managed by HIPAA covered entities (or business
associates of covered entities) must comply with the Privacy Rule. Consumers
may believe that information they enter into any PHR receives HIPAA privacy
protection, whether or not the PHR supplier is covered by HIPAA. Moreover, once
information is transferred from a covered entity to a PHR supplier that is not
covered by HIPAA, a consumer may not realize that protections afforded under
the Privacy Rule will no longer apply. The differentiation between
“tethered” PHRs (those that are integrated with a HIPAA covered
entity’s clinical or claims systems) and “untethered” PHRs (PHRs that
are not integrated with a covered entity’s systems) is becoming less clear, as
PHRs are increasingly aggregating information from multiple sources (including
providers, payers, pharmacies and consumers themselves). As a result, concerns
have been voiced about the adequacy of privacy and security protections for
PHRs, whether or not they are covered by HIPAA.

In order to develop additional recommendations regarding privacy and
security of information in PHRs, the Privacy, Confidentiality and Security
Subcommittee of NCVHS held hearings on May 20-21, 2009, and on June 9, 2009.
The hearings included testimony from experts about how PHRs specifically, and
health information technology generally, are expected to evolve. The
Subcommittee also heard testimony from vendors of free-standing PHRs, and from
representatives of PHRs offered by health care providers and payers. Consumer
advocates and experts on the privacy and security of health information
testified, as did representatives of the two Centers for Medicare and Medicaid
Services (CMS) PHR demonstration projects (in South Carolina and in

MR. REYNOLDS: Michael:

DR. FITZMAURICE: Just an observation, on the paragraph above the one you
just read, it starts understanding the application, I read “consumers may
not understand these limits…a consumer may not realize that protections
afforded…will no longer apply.” It seems to me that including a
strong recommendation would be educating consumers, because it does not really
address harm that may come to consumers, only that they do not understand.

MR. HOUSTON: I think there are some recommendations below that address
exactly what you are talking about. It may not be in this overview, but I think
there are some good recommendations that we can talk about below.


Four important themes emerged from the hearings: (1) the need for a standard
set of fair information practices to govern consumer rights across all PHRs,
(2) the need to maintain regulatory flexibility to foster development and
innovation in the field of PHRs, (3) the importance of protecting consumers
from unanticipated or inappropriate uses or disclosures of health information
in their PHRs, and (4) the need to develop a consumer education strategy that
will ensure appropriate understanding of the purposes, uses, and privacy and
confidentiality limitation of PHRs. To address these themes, it is vital that
there be true informed consumer consent, including to any disclosure of
information in PHRs. Such informed consent requires absolute transparency into
a PHR supplier’s privacy and security practices, as well we effective education
and understanding on the part of consumers.

Mike, that probably addresses some of your comments?

DR. FITZMAURICE: It does. It is just that one wonders that if consumers are
very well educated, then they can look out for their harms themselves, right —
so that because they are not educated we need to look out for their harms.

MR. HOUSTON: I think part of the issue to is that the only way for consumers
to be protected is through education because people’s need differ so much and
what they are willing to tolerate in terms of PHR practices that the education
that we decided upon was really one of the most important tools to getting
people to really understand their protections and limitations.

DR FRANCIS: Before John reads the next paragraph, I just want to call to
your attention that the names of folks who gave testimony are here only for the
Committee’s information. We dropped a footnote on that and they will be taken
out in the final version of the letter.


DR. HORNBROOK: I just have a question about the major subheading for this,
Values and Policy. Is the word values meant to apply to the themes, the opening
paragraph or is there something else that is talked about values later? The
themes to me were not really values.

MR. HOUSTON: Good point.

DR. HORNBROOK: I mean if you want values, you should also put in something
which we probably did not talk about and we value PHRs for their benefits. That
is not here. I am just concerned about the logical connection between the word
values and the content coming below. That is all.

DR. FRANCIS: We could call it policy themes.

MR. HOUSTON: That works. Okay, great. All right, let me move on to the next
paragraph then.

NCVHS, the Office of the National Coordinator for Health Information
Technology, (ONC), and the Markle Foundation, among others, have separately
recommended sets of fair information practices that include consent and
transparency regarding information collection, and permissible information uses
and disclosures. These information practices require that, as PHRs are
maintained for the benefit of consumers, information in PHRs must be adequately
secured and not be collected, used, or disclosed without truly informed
consumer consent.

Fair information practices discussed at the hearings also include:

-Consumers should be able to receive electronic copies of information
contained in a PHR. (5/20 Lemieux, Donner, Marshall)

-Consumers should be able to make corrections to information they have
entered into their PHRs or others such as family members have entered on their
behalf (5/20 Donner)

-Consumers should be able to exercise control of disclosures at a level of
granularity that permits them to protect sensitive information or information
they have entered themselves into their PHR. (5/20, Sarasohn-Kahn, Evans,
Stokes, 5/21 Taffel, 5/21 Sullivan).

-Substantive changes in use or disclosure policies should require proactive
communication to the consumer of such changes and a prospective explicit
renewal of consumer consent. (5/21 Wynia)

-Information security, quality, integrity and availability should be
maintained through the use of appropriate administrative, technical, and
physical safeguards. (5/20 Weitzner)

-The consumer should have the right to an accounting of who accessed the
consumer’s information, as well as a process to address consumer complaints.
(5/20 Weitzner)

-PHR suppliers should be required to take appropriate steps to mitigate a
security breach or inappropriate use or disclosure (including providing timely
notice to consumers of any privacy or security breaches that may have
occurred). (5/21 Taffel)

Finally, certain disclosures or uses of the information in PHRs are likely
to be particularly troubling to consumers. Many consumers may object to use of
their PHR information for marketing purposes. Some types of health information
may be especially sensitive or likely to give rise to stigmatization or
discrimination, and as a result, disclosures to insurers (Heywood, 5/20) or to
employers (Weitzner 5/20) may appear risky to consumers who fear the loss of
benefits or a job. In addition, many consumers object to their information
(either individually or as part of a database) being sold without their
consent. These uses and disclosures should be specifically identified for
consumers and should require explicit consent at the time that the disclosure
from the PHR is contemplated.


If consent is to be fully informed, information collection practices,
planned information uses, and any information disclosures must be fully
transparent to consumers.

Unfortunately, there are numerous reasons why transparency is difficult,

-Some PHRs are designed to address the needs of consumers who are older or
who have chronic diseases. These populations may have limited familiarity with
interactive web technologies.

-At the point of initiation of a PHR, consumers may “click
through” privacy notices and consents without fully reading or
understanding them.

-Consumers may not be aware that protections afforded to information in one
context do not follow information transferred to another context. Consumers may
assume erroneously that privacy protections that apply to an EHR carry forward
when information is transferred outside of the EHR to a PHR. Consumers also may
not be aware that the information consents or restrictions that they make in
one PHR do not carry forward if information is transferred to another PHR.

-PHR suppliers typically reserve the right to change the PHR’s terms and
conditions, including the privacy terms. Consumers who may have invested
considerable effort in creating a PHR may find it difficult to change PHR
suppliers even if changes in terms are unacceptable to them

-Consumers may not be aware of their rights or the disposition of their
information in the event that the PHR supplier is sold, merges with another
entity, or goes bankrupt.

-Consumers may not realize that following a link to a site outside of the
PHR may reveal their identity or information about them.

-Consumers may not be aware that health information (even without explicit
identifiers) may be re-identified using information from other publically
available sources.

At 12 pages long, the “Draft Model Personal Health Record (PHR) Privacy
Notice” that was published by HHS illustrates the difficulty in providing
information that is clear, complete, and also concise. Presenters at the
hearings emphasized a variety of problems in relying on this or a similar
notice as a basis for ensuring transparency (5/20 Marshall)

DR. C. FRIEDMAN: John, are you taking comments?

MR. HOUSTON: Sure at any time Chuck.


DR. C FRIEDMAN: Can you scroll up to the first bulletin in the list? The
point is clear and well taken but I was wondering if you should specifically
focus on consumers who are older and have chronic diseases or whether the point
isn’t stronger if it is made in relationship to anyone who may be unfamiliar
with interactive web technologies and then state that this may apply
specifically to older folks and people with chronic conditions.

MR. HOUSTON: That is a good point. We will flip the sentences and make them
to say populations may have limited familiarity with interactive web
technologies for example consumers who are older who have chronic diseases.
Thank you.

DR. FRANCIS: Thanks.

MS. BERNSTEIN: Say again — somebody said something over there?

MR. HOUSTON: Blackford do you want to -–

DR. MIDDLETON: I think both Mark and I had the same reaction to Chuck’s
comment, really it is not about the elderly as a subpopulation per se, it is
really about a computer literacy issue and access to these technologies and
digital divide type stuff, which as a general framework might then allow an
example to be drawn on the elderly or those with chronic diseases.

MR. HOUSTON: It is more meaningful that way. Good point. Can you provide us
with a little tiny bit of language that might -– you talked about the
digital divide –- if there is a way to articulate that in this bullet? We
are open to comments.

DR. FRANCIS: We will fix it.

MR. HOUSTON: Okay. Recommendations.

NCVHS heard consistently during the hearings that many different
constituencies believe it is critically important to develop a clear set of
common privacy and security standards for all PHRs that consumers will be able
to understand and to rely on with respect to the information in their PHRs.

I. Transparency and Informed Consent to Information Uses and Disclosures

I.A. Consumers should have the right to consent or to withhold consent to
uses and disclosures of their information by a PHR supplier. This
recommendation does not apply to information in EHRs maintained by health care
providers, unless the information has been separately transferred to a PHR.

By the way, when we do recommendations, there is typically a descriptive
paragraph below the recommendation. If we really want to talk about a
recommendation, let’s talk about it after we read both the descriptive
paragraph and the recommendation itself.

The need for consumer consent was a consistent theme across the hearings.
PHRs should not be structured in a manner that results in disclosure of health
information without the consumer agreeing to the disclosure. For example, it
would be inappropriate for a PHR website to contain advertising or other links
that reveal the consumer’s health information -– without the consumer’s
explicit consent to the disclosure.

However, a consumer’s ability to control access to information in a PHR, if
tethered to an EHR, should not be allowed to affect the integrity of the EHR.
Ensuring the integrity of information in a health care provider’s EHR is
critical to ensuring quality in patient care. It may not be easy to
differentiate between health care provider-supplied and consumer-supplied
information, because of the multiple forms of tethered and untethered PHRs on
the market today. Therefore, the key criterion regarding whether information
becomes a part of an EHR is not the source of the information, but whether it
is incorporated into the record relied on by the provider in making treatment
decisions. If a tethered PHR is designed to integrate consumer-provided
information into the EHR, then this feature should be made clear to consumers
before they enter any information. The principle of consumer consent governs
information that a patient authorizes to be transferred into a PHR, including
information downloaded from EHRs or from claims systems.


DR. HORNBROOK: John, in some cases the value of a PHR may be for a caregiver
that has power of attorney for the care-recipient. Is the concept consumer
broad enough to cover that situation?

DR. FRANCIS: We mean for it to be.


DR. HORNBROOK: I mean, if you think that is clear then –-

MR. HOUSTON: If you look at the top of the letter, I think there was some
discussion but I agree, it needs to be clarified a bit more.

DR. FRANCIS: We will make sure we drop a footnote to indicate that consumer
refers to a consumer or their appropriate representative.

DR. HORNBROOK: Thank you. This seems to come across as me talking about my
personal information. Of course, we do not want to leave out those folks who
are taking care of somebody. They do everything for power of attorney.

MR. HOUSTON: I hate to go up to the very opening paragraph, but at the top
it says consumers including patients, we could say consumers including patients
as well as or and their caregivers.

MS. BERNSTEIN: We could drop a footnote that indicates anyone using the PHR
on behalf of a patient whether it is the patient themselves or a caregiver or
family member.

MR. HOUSTON: Well, the nice thing is that when we define it in the first
paragraph we defined consumers including patients, we could also say — that
would be a good place to define consumers as broadly as we need it to be. So I
think it is a good place.


DR. MIDDLETON: I guess one quick question in this space –- we define
the concept of a proxy for access to the tethered PHR and the partner’s
environment. I wonder if there is anything that we can point to as a statutory
or regulatory description of that relationship, which may or may not be
familial it may or may not be the caregiver, it may be actually a designated
proxy. It may even become sort of one for hire in a new world order of care
managers and whatnot. So to the extent that we can find, if you will, the
definition of this relationship, it will have legal implications.

MR. HOUSTON: Right. Maybe what we need to do is put a footnote under the
definition of a consumer or caregiver to make that clear. That is an important
distinction but it also gets fairly technical as well and I do not know how we
discuss it without muddying up the letter unless we maybe put it as a footnote.

DR. FRANCIS: Yes, it is complicated because the question of an authorized
proxy is a matter of state law.

DR. SUAREZ: Well, there is a term, personal representative, which is the one
that is used in HIPAA. A way to describe anyone that has the ability –-

MR. HOUSTON: Maybe we could do that — refer to HIPAA and put that in there.

DR. SCANLON: You need to tell me why I am reading the italics wrong. The
idea that the consumer has the rights, and then there is the issue of EHR
owners’ rights, unless the information has been separately transferred to a
PHR. This, to me, suggests that we need to educate the owners of EHRs that if
they give out the information to a PHR, they have lost their ability to use the
EHR information.

MR. HOUSTON: Well I do not think that was the intent.

DR. SCANLON: Well, I know it might not be the intent, but that is the way I
read that.

DR. FRANCIS: What it should say is that the EHR remains intact. Whatever has
been dumped into the PHR is a separate copy that can be manipulated.

MR. HOUSTON: Can I suggest -– I understand your concern, the word
unless –- it if changes to until?

DR. SCANLON: It is the idea that this recommendation does not apply to the
information in EHRs.

MR. HOUSTON: Right, but I am just saying –-

DR. SCANLON: So what we are saying here is when information either, unless
or until, is transferred, then the information in the EHR has something applied
to it.

MR. HOUSTON: But, the first part of this 1A — they have this right until
such time -– except where the EHR is maintained by the provider.

DR. FRANCIS: Would it work better if we put a period after PHR supplier and
then started — this recommendation does not apply to information in EHRs
maintained by health care providers, put a period, and then say — however,
information that has been separately transferred to a PHR insofar as it is in
the PHR, is covered by this recommendation.

DR. SUAREZ: It is too complex.

MR. HOUSTON: Why don’t we say –- comma, except –

DR. FRANCIS: That is another solution. We could just dump the clause.

DR. SCANLON: I do think that your intent is to have the EHR owner maintain
their ability to use the data that is in-—so if you just stop after, does
not apply to the information in the EHRs –-

MR. HOUSTON: It is a matter or integrity. We can drop it but maybe we are
trying to be too clear and we made it less clear by –-

MR. REYNOLDS: Well, that has been a consistent theme for the last five years
–- is that the EHR belongs to the practicing physician and we cannot undo
that — once it goes into a PHR, whatever the person wants to do with that, in
particular, is their business. But, the EHR is still owned and managed by that
particular physician that did or did not do it.

DR. FRANCIS: I think the point is actually made clear by — maintained by
health care providers — because when it is dumped into a PHR, it is no longer
maintained by a health care provider, so it works.

MR. HOUSTON: Yes. Okay. If there are no other comments we will move to roman
numeral I.B.

I.B. The process of consent to uses and disclosures of consumer information
contained within a PHR, and to other PHR supplier practices, should be
structured in a manner that enhances consumer understanding.

NCVHS heard considerable testimony that the “click through”
processes, while common, do not effectively inform the consumer regarding
anticipated practices of the PHR supplier, or uses and disclosures of their
information. Consumers may be eager to complete their planned transactions
(sometimes not even knowing what the software application does) and simply
click “I agree” to the online terms. NCVHS also heard testimony that
the ONC draft notice of privacy practices, in its current form, does not yet
succeed at conveying information in a way that is likely to be useful to


MR. REYNOLDS: Kind of a style thing, as I am looking in this section, if I
was just somebody picking this letter up, I think I would know that the first
paragraph, I mean it is in italics and everything, is a recommendation, but do
we want to say recommendation I.A. –- so that if people are picking this
up and trying to use it they do not read the whole paragraph and then go back
and say, which of these pieces –


MR. HOUSTON: We do apologize because when we wrote this letter we, this
became sort of a non-standard format. In the past, through discussion and
recommendation, we could not untangle it at the stage where we were at.

MR. REYNOLDS: Well if you will just clarify that then I will back off my
earlier –-

DR. FRANCIS: Yes, we will put recommendation before each one of them.



DR. FRANCIS: Just the way that you have it.

MR. HOUSTON: Roman numeral I. C.

Consumers should be informed that information transfers from HIPAA-covered
entities or their business associates to PHR suppliers not covered by HIPAA
will place their health information outside the scope of HIPAA (though some
protections may still be afforded through FTC regulations).

The HIPAA notice of privacy practices given to consumers by providers,
health plans and other covered entities has become familiar to consumers. Some
PHRs are offered by entities that are covered by HIPAA or that have business
associate agreements with HIPAA covered entities—-PHRs offered by health
insurers, or by employers in connection with health plans, for example -–
and consumers may think of these as just an extension of their health records.
Consumers may also authorize transfer of their protected health information
from health care providers to PHRs offered by entities that are not within the
scope of HIPAA, making the health information lose its “protected”
status under HIPAA. Before consumers authorize transfer of their
HIPAA-protected information to a non-covered PHR, they should be warned
explicitly that HIPAA will no longer apply, though FTC regulations may still

Recommendation I.D. Changes in PHR terms, policies, and procedures governing
practices, uses and disclosures should not be permitted without explicit notice
to consumers and prospective explicit consumer consent (i.e., a PHR supplier
should not be able to obligate a consumer simply by posting revised terms on
its website). Consumers should be given a reasonable period of time within
which to decide whether to agree to the change, arrange for the transfer of
their information, or request deletion of their information.

Several witnesses testified that many PHR suppliers reserve the right to
change their terms simply by posting the revised terms on their website. The
NCVHS believes that this practice is not adequate as a method for obtaining
consumer consent. Some witnesses pointed out that consumers may have invested
considerable time and effort in the development of their PHRs, and as a result,
it might be difficult for them to change to a different PHR supplier should a
change in terms be unacceptable to them.

Recommendation II. Other Fair Information Practices

Roman numeral II.A. Consumers should have the right to an electronic copy of
the information in their PHR in a format that allows it to be transferred
directly to, or reentered into, a different PHR.

Roman numeral II.B. PHR suppliers develop their products in a manner that
facilitates interoperability by incorporating national standards.

A consumer may invest considerable time establishing a PHR. Without the
ability to electronically transfer information in a standard format, it may be
impossible for the consumer to switch to a different PHR.


DR. SCANLON: Could I ask a question about II.B.? The issue is what is HHS
supposed to do about this? It sounds like a nice goal but if I have a PHR and I
am marketing it, I do not necessarily want to make it easy for people to go and
use a competitor.

DR. FITZMAURICE: I would suggest that, not that I am recommending this, but
it is possible for HHS to say, this is part of a set of standard which are
required either under HIPAA, under incentive payments, although that does not
apply to people who do not want to get incentive payments, but those are the
boundaries. This would seem to go beyond the boundaries of those two possible

MS. BERNSTEIN: Or by participating in the standards process. That is one of
the things we do.

MR. HOUSTON: Good point. This is one of those odd recommendations that I am
not even sure what this has to do with privacy, other than it gives consumers
choice. It is something, I agree, but can we impose this —- I suspect that
would be a bit difficult to do. I think it is something that we would
encourage. I do not know whether –

DR. SUAREZ: When it says incorporating national standards, it is not just
technical standards versus change, it is also a national privacy and security
standard. Even though it is not explicitly clear, but it teaches supply issue
develop their products in a manner that facilitates interpretability by
incorporating national standards. Those national standards include privacy and
security -–

MR. HOUSTON: I think the intent was only interoperability standards, I

DR. SUAREZ: There is a privacy and security interpretability standard.

DR. FRANCIS: There was also a serious privacy issue that underlay this which
is — suppose that you have established your PHR with one provider. You have
invested a good bit of time with that provider. That provider has reserved the
right to change privacy practices, and does it in a way that is unacceptable to
you. You cannot make the provider go back to the old privacy practices. That is
not something you have the power to do. Presumably, what you would want to do
is transfer your PHR information to another provider that has privacy practices
that work for you. But, if the data are not in some way interoperable, your
only choices are going to be that you dump the PHR completely or you are
effectively coerced into staying with the privacy practices that you do not
want. So this was actually testimony we heard from on that WINEA from the AMA,
and it was an important part of our discussion that it should be there, to
protect people’s ability to move, if privacy practices change in unacceptable

DR. SUAREZ: Yes, I think John’s point is really about privacy. What does
this have to do with privacy not so much with the ability for the data to be
transferred to another provider or to another PHR provider. The point I was
trying to make was that part of the interoperable national standards are
privacy and security interoperable national standards. The choices that a
consumer has made in a PHR with respect to privacy can be electronically
transferred – the privacy element in an interoperable way. In fact, one
suggestion could be, by incorporating national standards including privacy and
security standards.

DR. WARREN: So I have a question -– why don’t we just say instead of
including, because to me national standards is incredibly open wide here in
this letter, we need to say incorporating national standards for privacy and
security. And leave it at that and not look at all the terminology, all of the
transmission standards and everything else that are involved there. Or if we
want to go there, then those need to be specified.

MR. HOUSTON: That was not the point. The point was national standards more
generally because they would allow for interoperability which would give the
consumer a choice. It –

DR. WARREN: If that is your choice, I think we need something more than
national standards. I think you need to point to something that says who sets

DR. FITZMAURICE: John, I think that you are hitting other fair information
practices, leads you to the recommendation that you would like to HHS to adopt
these as fair information practices, maybe not as regulations, maybe not as
laws but as fair information practices for consideration.

MR. HOUSTON: That is correct. Chuck I know and then Marjorie had comments.
Go ahead Chuck.

DR. C. FRIEDMAN: So I would just share, seeing this fairly cold, and fully
taking the point that Leslie made about the benefits to transferability from
standards -– nonetheless, this recommendation strikes me as stretching the
scope of the document by not falling squarely into the privacy and security
space. I wonder if you could take Leslie’s point or the point from the intent
of the group drafting this, and include it somewhere but not have it rise to
the level of a recommendation.

MR. HOUSTON: Maybe I misunderstood Leslie’s point, but I think part of our
concern is that if you do not have the ability to transfer your records you are
locked into a particular PHR which may, therefore, compel you to have to agree
to modified website terms that are not of your liking. You sign up, you invest
all of this money in a PHR, they change their online terms and even though you
do not like them, you cannot move them because you cannot get your data out. I
think that was the tie to privacy if that makes sense.

DR. C. FRIEDMAN: No. I understand that, it is just a couple of levels
removed. Instead of the focus being privacy and security, the focus becomes the
need you might have to transfer to another PHR because the one you have does
not adequately protect your data. And that one level of indirection is what is
concerning me.

DR. FRANCIS: Suppose what we did was change the recommendation to say that
HHS should encourage PHR suppliers to do this, and then expand the paragraph to
make the point I made clearer. Would that work for you? We would like to have
the point out there in the space because it is so critical to consumer privacy
protection. Would that work?

DR. C. FRIEDMAN: Yes, that would be fine. I was reacting more to that
recommendation as stated, just sitting there really being about something else.

MR. HOUSTON: Okay. Marjorie:

MS. GREENBERG: Well, I think mostly it has been covered, but one was that I
think it is directly related to your point here of privacy, because as you said
it locks you in otherwise. If there is no way to transfer to another product if
policies change maybe that has to be made a little more clearer. And I think
what you are recommending is a good idea to encourage incorporating national
standards for exchange of clinical information. So it may be unrealistic to
expect, literally to drop the content from one product into another, but to the
extent that it is as lined as possible with national standards for exchange of
clinical information than it should not be totally impossible.

MS. BERNSTEIN: Is this recommendation in conflict with something, Chuck,
that is happening somewhere?

DR. C. FRIEDMAN: No, I was going to the coherence focus of the letter as a

MR. HOUSTON: Walter.

DR. SUAREZ: Well, I was just going to comment that I think that this has to
do directly with fair information practices. This is not an extension or, I do
not think, personally two steps or three steps removed from the purpose of this
letter. Transferability is a fair information practice. In fact, it is part of
some of the privacy and security concerns. So I would say that it is still very
relevant. It maybe is the concept of transferability is not stated openly or
explicitly, but –-

MR. HOUSTON: Yes. Let’s try to clarify this. We have some time tomorrow. Why
don’t we take a shot at this recommendation and bring it back to the Committee
and make sure everybody is comfortable with it tomorrow.

Harry, did you have a comment.

MR. REYNOLDS: Yes, you are talking about fair information practices, but
there is the discussion out there about certified systems. I think all those
come into play. In other words, at some point if you look at the trend line
-– the trend line says whether you are a consumer, whether you are a
provider, whether you are somebody else, all of these national standards are
coming out –- you would like to know about something called a certified
system you would like to be able to pick a certified system and you would like
to know that there are certain characteristics of a certified system. And so,
whether it is fair practice as to how it handles the information, whether or
not there are certified systems or vendors or something that you buy, I think
it is all wrapped up into this. So, what you are saying is –- as HHS and
others build this trend, how do I select the right thing that protects me
–- protects me, my investment, protects my information, protects my
ability to move from one to the other. I think we want to bring all of that
along and oh, by the way, we heard it again and it also includes the privacy of
information and whether or not I can move somewhere. That is the overall story
if you are looking at all the issues. Now, how we want to pull privacy into
that -– that train is already going down a track and I know a lot of
people are working on it. So we want to make sure that every time that train
moves we have got a car in it that says you have to take privacy and security
along with you.

MR. HOUSTON: But we have to be careful about one aspect of this letter with
respect to PHRs is — one of the things that we really have tried to say here
is that we do not want to foster innovation and development —

DR. FRANCIS: We do want to foster.

DR. SUAREZ: We do want –-

MR. HOUSTON: We do want to foster we do not want to stifle the development,
sorry, I got that backwards. And the concern about certified EHR -– I do
not think we wanted to go as far as saying that we needed certified PHRs simply
because there are too many kinds of PHRs out there with too many different
types of uses and purposes. The fear would be if you had to certify everything
that would potentially cause –-

MR. REYNOLDS: I was using certified as a subject not recommending that all
systems be certified. I am putting it as a subject. There are subjects and that
is one of the subjects and I know, for example, if I am going out looking with
one and there is some kind of certification process, I am going to go look at
the certified list first. I am not telling anybody to do or not do, but it puts
me under a further umbrella of comfort that somebody’s looking at what I am

MR. HOUSTON: Okay, I misunderstood. Well, then to that point, would you say
then that there should be recommendation about a voluntary certification


MR. REYNOLDS: There is a trend line going on right now that includes a lot
of the things that we talked about. Just make sure that we list as these things
are considered as certification processes, as protections, as fair practice
keep in mind that people will be doing these and keep in mind that if they
cannot, it causes privacy –

DR. FRANCIS: Real quick, let’s put that in the discursive paragraph.

DR. SUAREZ: Just a quick comment. Certification, that is already underway.
There is nothing in the regulations of anything that calls for or requires a
certification of PHRs. Everything is about HER. When you talk about
certification, everything is about HER. But voluntarily, there have been some
efforts, I guess, at this point under CCHIT to start and it is already
underway. The development of some certification criteria for PHRs is all a

MR. HOUSTON: That is fine.

MR. REYNOLDS: But the exciting thing about our letters –- let’s go back
to some of the bodies of work that we did four or five years ago. The thinking
was pertinence so as we build, these subjects are on the table. We are not
recommending it, but if the subjects are on the table, let’s stay pertinent as
we move forward.

MR. HOUSTON: Okay. Let’s move forward. I know we have about three pages left
here and we have just a little bit of time left.

Roman numeral II.C. Consumers should have the ability to add, correct or
delete information they have entered into their PHRs; this does not imply that
a consumer has the right to change directly information in a health care
provider-maintained EHR. Rather, the consumer should follow the process set out
under the HIPAA Privacy Rule to request the correction of information in an

When the consumer authorizes information to be added to a PHR, the consumer
should be able to control that information. But, this does not imply that a
consumer should have the right to change information in a health care
provider-maintained EHR, even if it includes information that was entered by
the consumer through a PHR. (A consumer does have the right under HIPAA to
request correction of information in an EHR.) If a PHR receives information
from an EHR, and the EHR source is later updated, the PHR should be updated
consistent with the HIPAA Privacy Rule.

Roman numeral II.D. Consumers should have the right to request that all of
the information in their PHR be deleted, whatever the source of the

MS. GREENBERG: There might be a little confusion here that the HIPAA Privacy
Rule does not refer to PHRs, right?

MR. HOUSTON: Yes, but it has a process for –-

MS. GREENBERG: for updating EHRs.

MR. HOUSTON: Right. So I think what we were trying to say here is if you go
by that process to update your EHR then to the extent you update your
information in the EHR, then the PHR could be updated as a result of that

MS. GREENBERG: Yes, I think it is confusing to say that phrase would
indicate that PHRs are covered by the HIPAA policy.

MS. BERNSTEIN: No, maybe I can clarify. What HIPAA says is that if you have
disseminated information into another source using your accounting of
disclosures, you can figure out what those sources are and you can, if a
correction is made, you can disseminate the correction to places where the
error has been made.

MR. HOUSTON: In the interest of getting done, can we highlight this sentence
and maybe then go back and look at it again and see if we can clarify it?


DR. FRANCIS: We will just put in say — consistently with the requirements
of the HIPAA Privacy Rule.

MR. HOUSTON: Yes, let’s look at it this afternoon because we will have a
couple of hours.

All right. Roman numeral II.D.

Consumers may find that they no longer agree with the privacy and security
practices of their PHR suppliers, or may decide for other reasons that they no
longer wish to have PHRs maintained on their behalf. Consumers should
understand, however, that a decision to delete information in a PHR does not
affect the status of information in an EHR maintained by a health care
provider, nor other places where the information has been transferred.

Roman numeral II.E. Consumers should have the right to an accounting of the
uses and disclosures of their information.

Many presenters at the hearings emphasized the importance of tracking uses
and disclosures to consumer trust in PHRs. Consumers may wish to know who has
accessed their information as a way to ensure accountability or to facilitate
correction of errors.

Roman numeral II. F. Consumers should have the right to file complaints
related to privacy and security of their PHRs and be afforded processes to
address their complaints.

Roman numeral III. Additional Protections for Information in PHRs

Recommendation III.A. Disclosures of information from PHRs to insurers or
employers should require explicit consent immediately prior to disclosure to
reduce the risk of unlawful discrimination.

NCVHS heard testimony from consumer groups and privacy advocates about the
possibility that information may be used to unlawfully or unfairly discriminate
against a consumer in such areas as employment or insurance. Because it is
difficult to police against discrimination, and because consequences (such as
loss of employment or denial of insurance) can be severe, consumers must give
explicit consent to these disclosures at the time they are made, rather than at
the time that a consumer signs up for a PHR or when information is transferred
into the PHR. This does not apply to uses and disclosures to carry out
treatment, payment, or health care operations that are permitted by the HIPAA
Privacy Rule.

MS. BERNSTEIN: I just noticed something that I did not notice before which
is that in the paragraph we say unlawfully or unfairly and we do not have that
actually in the recommendation. We might want to put unfairly as well.

MR. HOUSTON: That is fine if nobody has an objection.

DR. SUAREZ: Well, I was just reading these again and thinking is there a
lawful and fair discrimination?

DR. FRANCIS: Yes, there is discrimination -–

MS. BERNSTEIN: There are things that are lawful but not fair.

DR. FRANCIS: Yes, there is discrimination that consumers might consider
unfair but that is legally permitted.


MS. BERNSTEIN: We are just talking about reducing the risk, not eliminating

DR. FRANCIS: Yes, disability issues.

DR. SUAREZ: I was just thinking we could just say we run the risk of
discrimination, lawful or any way.

MR. HOUSTON: People are permitted to discriminate based upon certain
criteria though, so I guess there is -– I mean you could discriminate on
insurance coverage based upon pre-existing medical conditions for life
insurance. I guess you could argue that there is that discrimination though

MS. BERNSTEIN: I think that is exactly the reason we chose those adjectives.

MR. HOUSTON: Roman numeral III.B.

Disclosures of a consumer’s information for purposes of marketing or in
exchange for financial remuneration, directly or indirectly, should require
explicit consent immediately prior to disclosure.

NCVHS heard testimony that consumers are especially concerned about the use
of their information for marketing purposes. On the other hand, testimony also
indicated that consumers may want to receive information about treatments or
other services that are available to them. Accordingly, the disclosure of
information for marketing should be prohibited, unless the consumer has given
explicit consent to any disclosure for marketing purposes. This recommendation
parallels the HIPAA Privacy Rule’s requirement for marketing disclosures of
protected health information.

Nonetheless, advertising is an important revenue source for some PHR
suppliers. Advertising may also convey helpful information to consumers about
their conditions or treatments. This principle does not, therefore, require
explicit consumer consent at the point advertising occurs on the PHR site.
Consumers should, however, be informed at the time they establish a PHR whether
advertising will be part of the PHR design, as this may affect their choice to
sign up for the PHR in question. Under no circumstances should the PHR design
allow consumers to follow an advertising link outside the PHR site in a matter
that reveals their identities to advertisers, without explicit warnings and
consent at the time the advertising link is followed.


MS. GREENBERG: I think I raised this question before, but it has been quite
a while -– you are saying here that any marketing should require explicit
consent immediately prior to disclosure. So that means that although you say on
the other hand consumers may want to receive information about treatments or
other services that are available to them, but every time that is going to
happen, they have to give consent right before it happens.

MR. HOUSTON: Well, again, this is marketing versus advertising. I think that
was the distinction we were trying to make. Advertising where all you are doing
is getting something displayed on the screen where there is no transference of
information, is not something that we are recommended limiting. What we are
saying is to the extent that information is sent to a third party, in order for
them to send you something to market their services to you, is at the point
where you need to provide consent.

DR. SUAREZ: I think it is important to clarify the difference between use
versus disclosure. In other words, the entity that is offering and providing
the PHR can use internally the data to produce their own marketing and market
whatever their own product to the consumer — if the consumer, of course, asked
to allow for that to happen so that has not been disclosed to anyone. The
information about the consumer has not been disclosed to someone else, so that
someone else can do their own marketing. The information being used by the
entity to do the marketing –- that is a critical, significant difference
in the use versus disclosure. So what this is saying is that basically any
disclosure that Microsoft will do, if I can use as an example, to some third
party to market some new blood pressure cuff system, that is not a Microsoft
product, that is a disclosure of health information or a consumers to a third
party through due marketing to that individual. That is what this first
paragraph is about.

The second paragraph is — Microsoft having the data about the consumers in
their database, can use the data to do marketing so long as, of course, the
consumer explicitly has given consent.

MS. GREENBERG: I understand that. The point is this idea which is in the
recommendation but is not covered in these paragraphs. It is the same concept
as the one above which is very clear to me, that any time that your data is
going to be provided to an insurer or an employer, you should be able to know
about it before it happens and approve it. But, the way you have this –-
if that is the same thing with any marketing information to you, because that
is what it says in the italicized words, then you would be incapable of saying
to your PHR provider, I would like information about diabetic products to be
provided to me and that is fine.

DR. FRANCIS: That is not a disclosure.

MR. HOUSTON: Well, actually there is another way to look at it –- if
you are saying, I want diabetic information disclosed to me, that would be an
authorization if there was some third party out there that would have to
provide that information — that, in my mind, would be an authorization to
allow them to communicate.

MS. GREENBERG: But you might want to say that up front, rather than every
time that information is going to be provided to you which is what this says
–- immediately prior to –

DR. SUAREZ: Well, anytime the disclosure of the data is going to happen.

MR. HOUSTON: I think, what we heard was that there were concerns that doing
it up front was not necessarily meaningful because that often, you click
through at the beginning when you sign up for a PHR, maybe is the wrong time to
say, oh sure, okay fine, I am signing up for everything.

MS. GREENBERG: This says every time your information is disclosed to the
marketer, you have to give permission.

DR. SUAREZ: Exactly.

MR. HOUSTON: There was testimony to –-

MS. BERNSTEIN: And thereafter, they might continue to send you things.

MS. GREENBERG: Okay. So you could disclose it to them once and then you
recognize you are going to be getting information from them many times and it
does not require you to approve every one of those. Okay, that makes sense.


MR. HOUSTON: Harry, we are almost at noon. I know there is an ONC update at
noon with Chuck. We have another page here.

MR. REYNOLDS: You have got seven minutes. And then what we will do is stop
because I know Jodi is calling. We will have the update and we have to have
time at 2:30 to -–

MS. BERNSTEIN: The last recommendations are probably less than the earlier

DR. FRANCIS: Yes, go fast.

MR. HOUSTON: Okay, Yes, I will read really fast.

DR. FITZMAURICE: Suppose in Walter’s case, Microsoft does not get the data,
but Microsoft has invented a new glucose monitor and comes to the PHR provider
and says, I want you to send out to all the patients who have diabetic in their
record, my advertisement for this glucose monitor. Does that require the
patient’s authorization? Since it is not being disclosed outwardly but the PHR
provider is using it to get to you.

MS. BERNSTEIN: It depends on whether they are covered by the new rules.

DR. SUAREZ: That would fall under the second paragraph.

MS. BERNSTEIN: There are new rules for that under the HITECH Act actually.

MR. HOUSTON: All right. Let’s move forward.

Roman numeral III.C.

PHR products should be designed to allow consumers to identify designated
categories of sensitive health information. The consumer should then have the
ability to control the disclosure of the information in these sensitive
categories (including in emergency situations).

NCVHS previously recommended that when information in medical records is
transferred for purposes of treatment via the NHIN, individuals should be able
to request sequestering of certain defined categories of sensitive health
information. Examples of such categories include: domestic violence, genetic
information, mental health information, information about reproductive health,
and substance abuse. Similar design functionality should also exist in PHRs,
but with the ability vested in the consumer to determine whether a health care
provider may “break the glass” to access the categories of sensitive
information in emergency situations.

MR. REYNOLDS: I would like to see you move the fourteen footnote up into the
recommendation. I mean if we are referencing ours and people may just take out
the recommendations and use them. I would rather them refer back to what we
named sensitive categories and not have to read the paragraphs.

MR. HOUSTON: Sure, we will do that then.

MS. BERNSTEIN: You want to move this language that refers to the letter?

MR. REYNOLDS: No, I am just saying footnote 14.

MS. BERNSTEIN: Footnote 14 wants to go into the text?

MR. REYNOLDS: I want it into the text of the recommendation.



DR. SUAREZ: I think it would be helpful and this is for consideration, I
just noted that in III.C. –- it says, have the ability to control the
disclosure. It should be — the use and disclosure of the information in these
sensitive categories.

MR. HOUSTON: That is fine.


MS. BERNSTEIN: I want to make sure –- can I just capture that. I was
making a note about the other.

MR. HOUSTON: Roman numeral IV. Uniform national standards for essential
protections for privacy, confidentiality and security in PHRs

MS. BERNSTEIN: I need to capture Walter’s comment, I am sorry.

DR. FRANCIS: He said use and disclosure –

MS. GREENBERG: under the III.C., the third line, the third word — use and

MS. BERNSTEIN: Thank you.

MR. HOUSTON: Roman numeral IV. A. Consistent with the other recommendations
provided herein and established in a manner that supports PHR innovation,
national privacy, confidentiality and security standards should be established
for PHRs.

A primary benefit of PHRs to consumers is the ability to access their health
information when they are away from home. Consumers should expect the same
level of protections for their information wherever they access it. Presenters
at the hearings voiced considerable concern about the difficulties for PHR
suppliers who operate in multiple states, when there are differences and
inconsistencies in privacy laws among the states.

Although this letter is directed specifically to PHRs, NCVHS also heard
considerable concern in testimony about difficulties encountered by providers
operating in multiple states when EHRs are subject to differences and
inconsistencies in privacy laws among the states. As the NHIN develops, the
need for national uniformity is likely to increase. Because of the interplay
between PHRs and EHRs, NCVHS believes that there should be common national
privacy, confidentiality, and security standards for both EHRs and PHRs, and
that these standards will facilitate PHR/EHR integration and use.

MR. REYNOLDS: That sounds a lot like a recommendation.

MR. HOUSTON: It is a recommendation.

MR. REYNOLDS: Well it is not –-

DR. FITZMAURICE: It is the word common. You are saying there should be
uniform federal standards –- uniform common standards across states as
opposed to letting each state have its own standards.

MS. BERNSTEIN: Can you talk into the mic, John?

MR. HOUSTON: I was not sure what Harry was saying.

MR. REYNOLDS: No, I am okay.

MR. HOUSTON: So we do not need to do anything then?


DR. FITZMAURICE: But it does raise the question, do you want common national
standards or do you want to permit states to override them?

DR. FRANCIS: This is a complicated question and we spent a lot of time
talking about it. HIPAA is currently a floor not a ceiling and it would require
legislation to make that change. So I think the next step territory we did not
want to go there in this letter.

MR. REYNOLDS: Now, John I think I do have something.

MR. HOUSTON: Go ahead.

MR. REYNOLDS: We all of a sudden bring EHRs in the last sentence of the
comment at the bottom. Because of the interplay between PHRs and EHRs NCVHS
believes that there should be common national privacy, confidentiality, and
security standards for both EHRs and PHRs. So that is different than the
recommendation. The recommendation is only focused on PHRs. So it is bringing a
new subject and it is putting it under the same thought.

MS. BERNSTEIN: Have we not previously made that recommendation regarding

MR. REYNOLDS: Well, if we have, let’s note that we did. The point is it is a
new category stuck down here like it means something and we either recommend it
or I am not sure what point we are making.

MR. HOUSTON: Why don’t we say roman numeral IV. A. the actual recommendation
–- if we said something to the effect of consistent with other
recommendations, including previous recommendations regarding EHRs or
recommendation right here as well as previous recommendations regarding EHRs.

MR. REYNOLDS: Well, I am comfortable -– take it under advisement, just
the point is, we added a strong statement down there that sounds like a
recommendation and adds a new category.

MR. HOUSTON: This afternoon, we will go back and look at this and try to
rectify this, because I think it is an important point. We will come back with
our changes to that.

MR. REYNOLDS: Okay, hold on one second. Jodi, have you joined us on the

MR. HOUSTON: Okay we have a little bit let to do so that is good.

DR. WARREN: Can I ask one question? On this one do we really need EHR in
that recommendation? Think about it this afternoon when your group meets about
whether or not HER needs to be there.

MR. HOUSTON: Good point. Okay.

Roman numeral V. Security standards

Roman numeral V. Security standards similar to those that are required for
information covered by HIPAA should be extended to PHRs.

Among witnesses that testified before NCVHS, there was strong consensus
about the importance of common security protections for all health information
repositories. Information security, quality and integrity should be maintained
through the use of appropriate administrative, technical, and physical
safeguards. All of the witnesses who commented on this topic felt that the
HIPAA administrative, technical, and physical safeguards provide a reasonable
framework. This recommendation does not imply that PHR suppliers are covered
entities under HIPAA or that they should be treated as such on other matters.


PHRs take multiple and changing forms in today’s market and contain
increasing amounts of sensitive health information about consumers. The
development of consistent and effective protections governing PHRs is of great
importance. NCVHS will continue to study this area and to make further
recommendations about consumer education and information practices as


And we always sign it Harry Reynolds so we can put him on the hook

MR. HOUSTON: Or John Hancock, whoever.

DR. SCANLON: I asked a question and since I do not know what the security
standards for HIPAA are -– what this means for users — since I have in
various contexts had to, in order to log in, put in a random number. There are
lots of security standards depending upon the circumstance — whether the ones
for HIPAA will be a barrier for us on the part of the people who want to use a

MR. HOUSTON: The HIPAA security centers, just so you know Bill, are really
intended to be technology neutral and flexible. I think the expectation is
that, it is more of a framework for types of things that people need to have in
place with regards to –- right now covered entities have to have in place
for their EHRs. It does not necessarily dictate that you must use a particular
method for doing strong or stronger authentication. But, again I think to the
extent that the HIPAA security standard is involved, at least it is a common
framework in which to –-

DR. SUAREZ: The other important thing is that HIPAA security applies to
entities that are the subject of HIPAA, not the consumers. So as a consumer I
would not have to log in and use my rascality little thing. That is actually as
a provider, as a physician I have to use it, but not as a consumer. So the
expectation will be that those same security requirements apply to the entity
that offer PHRs.

MR. HOUSTON: Sallie, do you want to say something?

MS. MILAM: One thing we might want to double check in our Committee meeting
is the recent recommendation from a Policy Committee that has really specific,
technical standards for authentication, password controls, that sort of thing,
to see if to validate this statement against those recommendations coming out,
because they are getting a lot more granular and then a lot more specific than
the general HIPAA Security Rule.

MR. HOUSTON: Okay with that we need to move on to ONC if we can.

DR. SCANLON: I was just going to say to Walter that what I am saying that I
do not want the user, the consumer, to have the same standards as the –-

DR. SUAREZ: No, this would not apply to the consumer.

DR. SCANLON: I do not know if I can get all that in here.

MS. BERNSTEIN: Well, if we change the recommendation—

MR. REYNOLDS: Okay, just hold on a second. Did you guys hear Bill’s comment?

DR. SCANLON: It is basically so that Walter’s point be clear. What we are
not saying is that the same standards that may apply to physicians and
insurers, are going to end up applying to consumers. Whereas the recommendation
right now maybe –-

MR. HOUSTON: Can I suggest maybe a second -–

MR. REYNOLDS: Well, let’s do this. You heard his comment. Let’s make sure
you cover it in your meeting this afternoon. I need to move on to ONC.

DR. FRANCIS: We will make sure we do it.

MR. REYNOLDS: And if anybody else has any comments, please give them to the
Committee Chairs or anybody on the Committee.

MS. BERNSTEIN: Members are welcome to come to the Subcommittee meeting if
they are available.

MR. REYNOLDS: All right. That would be true too.

DR. FRANCIS: Can we just say -– great work?


MR. REYNOLDS: We can say that also yes, well done.


DR. FRANCIS: Thank you.

MR. REYNOLDS: Instead of taking the opportunity to realize that this first
time we have read a privacy letter that nobody hurt each other in the first
reading, it is a marvelous occurrence. Thank you very much to all of you.
Chuck, I would like to have an update. Jodi, are you on – have you joined


MR. REYNOLDS: Oh great, good to have you with us today. Thanks for joining

DR. C. FRIEDMAN: Okay, hi Jodi. This is Chuck, thanks for joining us.


Agenda Item: ONC Discussion, Charles Friedman, Ph.D. and
Jodi Daniel, J.D., M.P.H.

DR. C. FRIEDMAN: So what we are going to do is update you on several of the
activities going on at ONC. Currently, which pretty much equates to our work
implementing HITECH, I tend to divide the world of ONC/HITECH into four areas.

Area one, broadly is what might be called national coordination through a
permanent ONC.

Area two, is the whole domain of payment incentives to providers and
hospitals who demonstrate meaningful use. This is, of course, an area that
brings in CMS, but I include it in a complete exposition of what HITECH is.

Area three, embraces the six supportive grant programs that were authorized
in HITECH and item for already referred to many times in this meeting, are
enhanced privacy and security revisions.

So, I find it useful to divide this universe into these four categories.

Jodi and her remarks and updates will focus primarily on the first area,
what I call national coordination through a permanent ONC. This includes, Jodi
will not touch on all of these areas, spontaneously, but she may or I may, in
response to your questions.

This includes the two federal advisory committees, the revision of the
strategic plan, the process to adopt a first set of standards certification
criteria, and implementation specifications. The creation of the position and
office of the chief privacy officer and the governments of the nationwide
health information network and others — that complex of activities is pretty
much what comprises AREA 1 under what I call national coordination.

So, Jodi with that list to pick from, why don’t you update us in those areas
in which you would like to delve.

MS. DANIEL: Okay, that’s a lot Chuck and thank you for having me come and
talk with you all.

I was planning to focus primarily on updates from these federal advisory
committees on health IT that are providing advice directly to the National
Coordinator. And the activities which we have to date with respect to the World
Banking for adoption of standards and certification criteria. We may address
some of the other information as time allows.

So, I think we have talked with you all, John Glasser and I, giving you an
update sometime over the summer on the two Committees that we have in place,
the Health IT Policy Committee and the Health IT Standards Committee. Just to
refresh your memory, with the Health IT Policy Committee, we currently have
three work groups, The Meaningful Use Work Group, the Certification and
Adoption Work Group and the Information Exchange Work Group. All of them have
been submitting recommendations up through the Full Committee and most notably,
as we talked about the last time we updated you, they were recommendations
relating to Meaningful Use Objectives and Measures that were submitted to the
Full Committee and that the Full Committee were graded on and made
recommendations on to the National Coordinator.

So I will say what is going on with those. I am going to interject the FACA
discussion and the regulations discussion because they are so closely related
since the advice inputs into our regulatory process.

So now that we have those meaningful use recommendations from the Policy
Committee, ONC is working very closely with CMS and CMS is drafting the
regulations for the incentive program to encourage adoption of meaningful use
of certified EHR technology. In doing that, CMS is including in their
regulatory effort, a description and definition of meaningful use which is what
an eligible provider or hospital would need to comply with and demonstrate in
order to successfully obtain the incentive payments. So we are looking very
closely at the recommendations that came in from the Policy Committee. They did
a lot of really wonderful thinking and gave us some great input in a very short
timeframe but as I said we are working closely with CMS as they are developing
their regulations for this incentive program.

So just a little on process — the CMS regulation will be notice of proposed
rule-making on their incentive program and meaningful use definition and the
target for that to come out is in December of this year. So coming up, right
around the corner and both are working feverishly to try and get this nailed
down. So that is the Policy Committee and Meaningful Use.

Of note, the most timely topic, is their most recent hearing which they held
last Friday where the Policy Committee, the Full Committee received testimony
on privacy and security issues primarily focused on privacy issues as it
relates to health IT and health information exchange. The goal is really to
solicit testimony and get a broad base understanding of the various issues that
the Committee may want to consider and some various perspectives on those
issues. Some of our Committee members are expert in privacy and security
issues, others are less expert so it was sort of a listening session,
understanding what the issues are and helping to think through what the
Committee wants to take on here. The panels we had were focused on patient
choice, control and segmentation of data, the second was use disclosure and
secondary uses, and we did have John Houston come and testify but he was able
to inform the Committee somewhat, on some of the activities that NCVHS has done
in that area. The third was models for data storage and exchange, aggregate
data ID identification and the fourth was on transparency audit and
accountability. So it was covering the whole gamut. The testimony was fairly
broad-based although they drilled down on some specific issues.

What is happening now, is a group of folks that helped organize this hearing
are getting together to try to think through priority setting and triage. So
what are the areas that the Policy Committee might want to take on as a
priority and then are there particular work groups that should consider those
issues. I also want to note that Paul Tang is the Vice-Chair of the Full
Committee and has been also leading the group of folks that have been
organizing the hearing, so he is also, obviously, bringing to the table the
work NCVHS is doing so that we are making sure that we are learning from
testimony you have received and recommendations you have made and not trying to
duplicate efforts there.

Switching to the Standards Committee side, on the Health IT Standards
Committee there are three work groups currently, a clinical quality work group,
clinical operations work group and a privacy and security work group. And they
are supposed to take direction from the Policy Committee as far as what
priorities they are supposed to be focusing their standards and certification
recommendations on. And so they have made recommendations specifically for
standards for implementation specifications related to the meaningful use
criteria that the Policy Committee came out with. We look at those as very
helpful inputs to us in our rule-making efforts on standards and certification
criteria. The clinical operations work group came up with a lot of the
standards required for meaningful use, the clinical quality work group were
looking a the measures that were set forth in the meaningful use and coming up
with some recommendations on standards in that area. And the privacy and
security work group has been coming up with recommendations in privacy and
security of kind of all of the areas you would expect acts of controls, audit,
authentication, management, et cetera.

They all made recommendations for 2011 but also looking forward to future
years and some recommendations of where the standards might be headed that we
may want to try and regulate them.

Now, transitioning from the Standards Committee to our regulatory process, I
told you about the CMS regulatory process for the incentives program, including
meaningful use. ONC is working on a companion regulation for standards
implementation specifications and certification criteria that would be tied to
certified EHR technology. Our standards reg is also scheduled to be released in
December of this year. The difference is that will be an interim final rule as
opposed to a proposed rule. It will be an inter-final rule although we will be
expecting comments on the interim final

rule and will be incorporating those comments and be developing a final
final rule. But it is final when it is published -– it is called interim
final because we accept comments on it. These two regulatory efforts need to
work hand in hand and so CMS is working with us on ours and we are working with
CMS on theirs and we are trying to make sure that they are well aligned,
because they are all influencing the same program, the incentive program for
adoption and meaningful use of the technology.

There is going to be a third regulation in this suite of regulations. We are
required to come up with a certification program and so we are going to be
developing a notice of proposed rule-making on the process, the certification
process itself as opposed to the criteria. And how one would become a
recognized certification body and how products would get certified. That will
be the third in the suite of regulations. The goal is also to release that at
the same time as the other two in December of this year. And that will be a
proposed rule which we will accept comment on and then finalize.

The one thing I did not mention on Health IT Standards Committee is that
there is a new work group that was recommended and headed by Denise Chopra
focusing on implementation and adoption issues with respect to the standards.
And so we are working on trying to put that together. So that is a new fourth
work group of the Health IT Standards Committee that is forming.

So that, in a nutshell, is it on FACAs and Standards and I am looking at the
list that Chuck sent for us to see if I could say anything else about other
things that might be helpful. The strategic plan, this is something that I
believe Chuck has already briefed you on from our prior strategic plan, ARRA
requires us to update that strategic plan clearly with all the new mandates and
programs that are set forth in ARRA. That strategic plan needs to be updated to
reflect those and to address current thinking in light of the Recovery Act. So
we are planning to do that. The statute also requires that we get public input
into or state holder input, to weigh into that strategic plan.

So we are thinking about how we are going to do that at this point. And this
is a process that is just starting underway, the revision of the strategic
plan. So I do not have many details to share at this point.

Similarly, on this chief privacy officer, it is something that the statute
requires us to adopt. I think it is actually great to have somebody who is
going to be focused purely on privacy and health IT within ONC. I think it is
going to be very useful to have a position clearly focused on that. ARRA
requires us to have that person in place by February of next year. It is
something that David Blumenthal is very committed to and we are hoping to beat
that deadline, although I do not have any specifics to announce at this point.

I think that is it on the stuff that I am supposed to cover although I would
be happy to take questions.

DR. FRIEDMAN: Okay, thank you Jodi. What, Harry, I would propose we do, is
take some questions from Jodi and then when those are finished, I would like to
update the group on our grants program.

MR. REYNOLDS: Okay, if she does not take all your time.


DR. FRIEDMAN: Well, if there are a lot of questions, that would be fine.

MR. REYNOLDS: Hey Jodi, this is Harry -– one question I had –- you
are doing the rule on certified EHRs right? You did not say PHRs.

MS. DANIEL: Correct.

MR. REYNOLDS: That is fine, based on our earlier discussion, I wanted to
make sure I had that right letter.

MS. DANIEL: Yes, the standards and certification criteria that we will be
developing through regulations will relate to electronic health records, not
personal health records.

MR. REYNOLDS: Okay, that is good. Thank you.

Questions? Leslie –- please speak into the microphone.

DR. FRANCIS: I was interested in your comment that the privacy work group
was going to be putting together a set of priorities and I wanted any further
thoughts that you might have about how we would coordinate well, because our
own privacy, confidentiality and security subcommittee this afternoon is going
to be looking to some further work on priorities as well and if you had any
thoughts that we might find useful, so that we are not each treading the same
path, rather than selecting useful complimentary paths.

MS. DANIEL: That is a very good point and it is something that we have
talked about with the folks that helped organize the hearing to make sure that
we are figuring out where there are areas of priority and then how best to
address them and how to make sure that we are again, building up your work,
complimenting your work, but not duplicating effort. So, I echo your thought.
Somebody from my staff, Jonathan Ishee is planning to attend your meeting this
afternoon to make sure that we know what you are talking about and can bring
that back to the table. We just had the hearing on Friday, so we do not have a
game plan yet to share that you could use in your discussion this afternoon,
but hopefully I do not know where you are and whether or not you are trying to
make decisions today or this is ongoing dialogue. I would say that maybe we
could just have some talk offline, also including Paul Tang who has been sort
of heading up this effort for the Policy Committee before we made a
recommendation to the Policy Committee on priorities that we run it by you all
and see where we might be able to be complimentary.

DR. FRANCIS: Thanks.

MR. REYNOLDS: Okay, Walter?

DR. SUAREZ: No, actually that was the same question.

MR. REYNOLDS: Okay, anybody else have any questions? Jodi, thanks that was a
great update, very comprehensive because nobody is bashful about asking
questions so you covered a lot of good stuff. So Chuck, please.

DR. C. FRIEDMAN: Thanks very much Jodi, I really appreciate it.

MS. DANIEL: Okay thank you, bye-bye.

DR. C. FRIEDMAN: Bye-bye.

So I thought I would say a few words about the grant program to compliment
what Jodi said about some of the other activities. I think I mentioned in the
update I gave at the last meeting and I am sure you have all committed it
firmly to memory, that there are six grant programs called out in HITECH. You
all passed the quiz last time, but I will repeat that again. There are actually
four mandatory grant programs. The program of implementation assistance,
otherwise known as the extension program, that program was announced on August
20th through the issuance of a funding opportunity announcement. I
will come back to that. The second of the mandatory programs is a program of
grants to states to promote health IT – that program emphasizes health
information exchange and it too was formally announced on August
20th through the issuance of a funding opportunity announcement.
Another statutory program which has not yet been announced, is a program to
build the health IT work force — stay tuned. The fourth statutory program is a
program that emphasizes research related to health IT. This is called in the
Act the program of enterprise integration centers. It is a program that is put
under the care of NIST and it too has not yet been announced, but also stay
tuned for that. There are two, call them optional programs. They use the
language MAY in terms of whether they are established or not. One is a program
of grants to states and tribes for the purpose of giving loans to support
health IT adoption and the second program that uses the MAY verb is a
demonstration program integrating health IT into health professions education.
It is a companion program to the mandatory health IT work force program coming
at education from a different direction — in this case, the education of
health professionals.

So let me just say a few words about the programs that we have released and
maybe I will say a few additional words about the work force program that is
forthcoming, what I can say at this point, which is not much. So the extension
program funding opportunity announcement announced the awards totaling $598
million dollars. It is expected that approximately 70 regional extension
centers to support health IT adoption would be established by these awards.
Applications to establish these regional extension centers are going to be
accepted in three sequential cycles and each cycle is going to consist of two

First, the submission of preliminary applications and then a submission of
final applications from that subset of preliminary application submitters that
is given the green light to submit a full application. The first cycle of
preliminary applications has already begun. The deadline for submission was
September 8th. So that has passed and the first set of preliminary
applications is in. If you read the funding opportunity announcement something
that would strike you very quickly I believe is the priority afforded to
primary care providers including physicians and other providers with
prescriptive privileges and there is a clear goal set in the funding
opportunity announcement to support over the first two years of operation of
the centers, an excess of 100,000 primary care practitioners in adopting health
IT with the hope that they will attain meaningful use.

The regional extension centers will not operate completely independently of
one another. They will, in fact, form a consortium and will work together and
share their learning and experience. The consortium will be coordinated through
an entity called the HITREC, we love our acronyms, which stands for the Health
IT Research Center. I would say that most people believe the word research in
the title is a bit misleading. The HITREC certainly will take an investigative
demeanor in what it does, but it will exist primarily for the purpose of
providing central resources and support to and supporting and coordinating the
efforts of the consortium of regional extension centers. So that is the
regional extension center program.

The second program that was announced, the program of grants states focusing
on health information exchange, announces awards that could totally $564
million dollars. These awards will be to states and territories or their
designated entities. I believe the number of states and territories eligible
for these awards is 56, it might be 57, but I think it is 56. These awards will
be processed through a single application cycle with the applications due on
October 16th. Just coming to some of the highlights of the funding
opportunity announcement, there are five specific aspects of a health
information exchange called out in the awards. The approach is quite
comprehensive. It includes governments, finance, technical infrastructure,
business and technical operations as a fourth, and legal and policy issues as a
fifth, so it lays out a comprehensive approach to promoting at a state and
territorial level of health information exchange. And the general model that
the states or their designated entities will follow in doing this work will be
driven by both a strategic and operational plan that each one will be required
to produce as a basis of the activities that they will subsequently undertake.
In each of those five areas I mentioned, there is laid out in the funding
opportunity announcement, a set of key accomplishments relating to health
information exchange which each entity is expected to achieve.

Just one quick word on work force — it is clear from the funding
opportunity announcements that we are conceptualizing even the extension
program, the state HIE program and the work force program as kind of a triplet.
We hope, obviously, to announce the work force program soon. Several published
studies and other estimates we have seen estimate the shortage of the health IT
work to be on the order of 50 or 60 thousand in terms of what will be necessary
to support not only the work of the extension centers, but the entire movement
nationally toward meaningful use of health IT. So there is educational work to
be done and as I said, we hope to issue this program funding announcement soon.

So that completes a quick run through of our grant programs and the very
exciting things that happened last month. Harry, I would be happy to entertain
any questions.

MR. REYNOLDS: Okay, questions?


DR. FITZMAURICE: You mentioned, Chuck, the research related to HIT –-
the integration and integration enterprise integration centers of NIST. Is
there any information about that? Has NIST begun work on that?

Dr. C. FRIEDMAN: No. There is no detailed information that I can share in
this meeting, Mike, but I can tell you that that planning of this program has
begun and as I said, we are hoping to announce it as soon as possible.

MR. REYNOLDS: Okay, we have got Larry and then Judy.

DR. GREEN: Chuck, a conceptual question about the extension service – I
have seen in the last month, a couple or three more publications that go back
through a hundred years of agricultural extension. It seems to be a quick
hitting flurry of interest and activity about this. These papers are raising
the issue about that every county in the United States presently has an
extension service structure already in place that developed over a hundred
years through agriculture and that it includes health as one of its pillars.
What is the thinking –- is there an interaction expected or possible or
probable or maybe -– what is the interaction between this extension
service that already exists and the extension service to be created?

DR. C. FRIEDMAN: It is a great question, Larry. I have to be very careful
about how I answer that because there is a funding opportunity announcement on
the street and an active competition underway. I would call attention to the
language in the funding opportunity announcement that weaves a great deal of
flexibility, or applicants for these centers to be creative in the way they put
the centers together and draw on a wide range of resources. I cannot quote you
chapter and verse, I have it here and we would be delighted to point you to
this section where a wide range of entities, as examples, are specifically
denoted as having potential important roles to play in putting these centers
together. So I think it is safe to say that the intent was to leave the
applicants to draw on the resources as best they can, that they have available
to them, as they put these regional centers together. We did not say, this is
the chemistry of a regional extension center and it has A, B, and C and that is
how you make a center. So we are looking forward to seeing what comes in.


DR. WARREN: So mine is kind of a clarity question, Chuck -– help me
understand relationships because the Department of Labor has just issued a
grant opportunity to train health IT work force. Now that is going to be the
third one that you release. Is there collaboration between the Department of
Labor and HHS on these? I mean, how do we know how to make sense of all this
new stuff that is coming out in the government?

DR. C. FRIEDMAN: Again, I have to be careful, Judy, because the Department
of Labor does have a funding opportunity—and

DR. WARREN: And I am talking about that high level collaboration between the
two departments — that is all I am asking.

DR. C. FRIEDMAN: Right and I can say that we are in contact with them, but I
need to emphasize that when the HHS program is released, it will be a program
with its own criteria and characteristics.

DR. WARREN: And that is what I needed to hear from you. I did not want you
to go down deep.

MR. REYNOLDS: Any other questions?

Larry Green, again.

DR. GREEN: Conceptual question about the number three the HIT work force
building off of Judith’s -– is there a concept that the HIT work force is
destiny to become an integral part of the health care delivery team?

Dr. C. FRIEDMAN: What do you mean by the health care delivery team?

DR. GREEN: What I mean by the health care delivery team builds off of the —
to err is human, the quality chasm, and a decade of published work that says
that you get the high performance health care delivery system only by working
effectively in teams, that it is a team sport from here on out. Then, it links
to the HIT is the critical technology to get to the high performance team and
now we need the people that know how to do this actually do this amazing thing
called work together.


That is what I am talking about, so to beat it to death, we can have a grant
program that focuses on computer science training and administering health care
IT systems, that sort of thing, that occurs in splendid isolation, the way we
intended to do this for a hundred years. You know, God forbid that the nurses
and doctors would ever work together on a training program you know. Is this
going to be another one that siloed pretty much, or will there be opportunities
in this work force development to try to do something to promote the teamwork.
This is very crucial to the overall policy objective, in my view, and my
question really is –- is it possible that that grant program would
actually encourage the HIT work force to be developed in a way that encourages
them to become integral members of taking care of people?

DR. C. FRIEDMAN: Yes, thanks, Larry. I am actually going to take what you
said as both a statement and a question.


As a statement, it is good input for us because this program is not yet
announced. It is a statement that we can take to heart in designing it. Second,
to respond as much as I can to what you said as a question, I mentioned that
the three programs, the state HIE program, the extension center program and the
yet to be announced, work force program, are referenced in the two announced
FOAs as a kind of triplet that is going to work together. I think if you read
the extension center program announcement particularly and how it is going to
operate, add to that the statement that these are a triplet and will be
designed to work harmoniously and in a mutually supportive manner, I think you
will come to a conclusion that I think you would find satisfactory given what
you said in your statement.

MR. REYNOLDS: Okay, Judy has a comment that needs no answer from anyone and
then we will break for lunch.

DR. WARREN: It is one of those things that I feel passionate about, and when
it is mentioned I think we are in a new era of defining the health team and
part of one of those team members is the health informatician that really makes
what happens that clinicians need and provides that bridge into the computer
technology or the computer science people who really do not know what we need.
We have a very unique work space and we need to start adding thinking about our
teams in a little bit of a different way. And if you follow some of those
spectacular failures of EHRs, et cetera, its most of time, there was not a good
translation or attention paid to what clinicians needed.

MR. REYNOLDS: Okay, the last point of business before we break for lunch.
Well, first thing is thank you, Chuck.

DR. C. FRIEDMAN: Thank you, Harry.

MR. REYNOLDS: Who is going to dinner tonight? Put your hands up please.

(Whereupon a luncheon recess was taken at 12:45 p.m.)

A F T E R N O O N S E S S I O N (1:45 p.m.)

MR. REYNOLDS: Okay are we set. The people that actually know what they are
talking about are here. So welcome back and we are going to hear from Dr.
Friedman and Dr. Parrish on updating our health statistics for 21st
century report and I appreciate this because I have to use this an education
session for me to get completely up to date again and I can say what we have
done during my tenure.


Agenda Item: Updating Health Statistics for the
21st Century Report, Daniel Freidman, Ph.D. and R. Gibson Parrish,

DR. FRIEDMAN: Thanks and when you see Don Detmer and John Lumpkin you can
blame part of this on them.

MR. REYNOLDS: I will tell them that we have it back up again because they
did not quite understand how important it was but we brought it back and now we
are going to make it important. I will get them.


DR. FRIEDMAN: We are going to try to be relatively brief. When I was a
Committee member my favorite presentations were the ones that were quick and
went under time. So I will try to follow that.

We are quickly going to review the purpose of the project, the process that
we went to and our findings and we are doing this under the assumption that
folks have or will review the report that is in the agenda book. So we are not
going to slavishly review everything.

The purpose of the project is to support observation of the Committee’s
anniversary through assessing progress on the health statistics vision report
recommendations, since its publication in 2002 and then reconsidering and
revising the vision in light of developments since 2002. The first phase of the
project is the one that we were undertaking and the purpose was summarizing
progress on vision priority recommendations, reconsidering those priority
recommendations and then suggesting next steps for the Committee regarding
reconsidering the vision.

The process that we went through, and we have already explained this to you,
was first of all a review of the literature, second working with the Committee
and the Subcommittee on selecting 8 priority recommendations from the initial
36, selecting interview topics for key informants, selecting key informants for
us to interview and also selecting NCHS experts for us to interview. That
selection process was iterative, particularly with the population Subcommittee
and the population Subcommittee staff.

We conducted 12 key informant interviews that lasted anywhere from 20 –
60 minutes and the folks who we spoke to, their names and positions are listed
at the back of the report. People were very generous with their time and we
felt positive about the range of views that were represented. And then we also
spoke with 9 NCHS experts and then finally we reviewed the findings with this
population Subcommittee and Committee Staff.

Now I am going to poll the Committee quickly and this does not require any
discussion or a vote, on whether or not folks want me to quickly review the 8
priority recommendations that were chosen by the Committee.

You do –- okay.

Well you, the collective you, choose 8 of the 36 recommendations through a
voting process that you may recall.

The first recommendation that you choose was developing systems to actively
monitor the population’s health and potential influences on the population’s
health in order to identify emerging problems. Now, again, this is a subset of
36 recommendations from the 2002 report.

Second, to assure that appropriate measures of functional status and
well-being are included in ongoing systems that a part of the health statistics

Third, to develop person based longitudinal datasets and surveys, in order
to develop portraits of influence on the population’s health, throughout the
life cycle.

Fourth, develop a tool box of privacy, confidentiality and security best
practices for use throughout the health statistics enterprise.

Fifth, support and fund on-going multi-purpose data -collection systems and
data integration efforts.

Sixth, adopt or if necessary develop standards for data elements commonly
used in all methods of data collecting, for electronically transmitting data,
for presenting and disseminating data and providing electronic access to data.

Seventh, develop and fund a research agenda to explore new data-collection
strategies that can rapidly and flexibly provide data on emerging influences on
the population’s health, assess the validity and reliability of items used in
key on-going data systems and estimate any loss in accuracy from early
publication of provisional incomplete data from on-going data collection

Eight, to develop methods to validly and reliably estimate important
indicators of the health and of the influences on health of state and local

Now the key informants that we spoke to had some general comments that
applied to all of the recommendations. And this summarizes those general
comments. And the feeling was, first of all, the recommendations needed to be
better explained to a broader audience. That explanation needs to include why
the recommendations are important and needed. The recommendations need to be
strengthened. The recommendations should be tested through pilot projects and
especially, that they should be specified through the inclusion of outputs or
products and a specific roadmap of how to get from here to there. And that
latter point was especially emphasized essentially specified and talk about how
we get from here to there. Now there were also some general comments that were
provided, we asked folks about the impact, since 2002 of health information
technology on health statistics. And here is what we heard and these were
pretty close to consensual comments. First of all, that HIT has not
significantly impacted health statistics broadly since 2002. Second, that HIT
holds huge unrealized potential for health statistics. And third, that HIT
should be used to improve communication of health statistics to communities.

Now based upon what we heard and we are not going to go through the report
in detail, but based upon what we heard from the key informants, we have
reformulated those 8 recommendations into 3 more overarching recommendations.
So let me quickly go through those.

First to improve strategies, data sources and systems to actively monitor
the population’s health and potential influences on the population’s health.
Objectives of the health statistics enterprise should include identifying
emerging problems, measuring access quality efficiency and value of health
services and identifying and targeting health inequities. The health statistics
enterprise should meet at least 4 requirements where appropriate provide
person-based longitudinal data where appropriate multi-purpose and support
multiple data users, where appropriate align with data standards for clinical
records and incorporate privacy, confidentiality and security best practices.

Second, assure that appropriate consistent and comparable measures of
functional status and well being are provided by the health statistics
enterprise. These measures should be valid and reliable as well as comparable
and consistent across the health statistics enterprise.

Third, develop and fund a research agenda to explore new data collection
linkage, analysis and communication strategies that can rapidly and flexibly
provide data on the population’s health. The agenda should include methods to
and I am going to circle back around to this notion of a research agenda in a
moment. The agenda should include methods to assess the validity and
reliability of population health items used in key ongoing data collection
systems and in electronic health records systems. Address the effects of
non-response and missing data, estimate any loss in accuracy from early
publication of provisional incomplete date from ongoing data collection systems
– I am just going to put a little bracket and make a comment here.

One of my former employers many years ago was Blue Cross and Blue Shield of
Massachusetts where of course we worked with claims data and every year we
worked with incomplete claims data in doing actuarial projections. And one of
the things that is striking for those of us in health statistics are the
differences between how actuaries deal with claims data in terms of working up
completion factors and making projections from incomplete data. And what we do
and do not do in health statistics. And finally, estimate important indicators
for state and local populations.

Now those are the restatement of those recommendations. Again, based upon
our discussions with the informants, there were a number of new recommendations
that they focused on. These included conducting research on new data collection
techniques and especially more flexible and cheaper means to obtain data that
augment traditional health statistic surveys, methodological innovations,
survey and dataset integrations, health statistics and electronic health
records. Need to link and integrate health statistics with clinical care
through health information technology. Needs to devote analysis and research to
uses of electronic health records for health statistics. And research on mining
techniques to extract health statistics from electronic health records. Health
statistics and personal health records (electronic health records). Need to
devote analysis and research to uses of PHRs for health statistics. Decision
support based upon health statistics should be built into personal health
records. I should say in terms of the EHRs NCHS has made some investment in a
workshop and a project relating to uses of EHRs for population health
monitoring and research purposes. New recommendations, organization and support
for the health statistics enterprise. Again, this reflects what we were told by
our key informants who emphasized that any new recommendation relating to the
organization and support for the health statistics enterprise should emphasize
the “shameful lack of funding for health statistics in federal
agencies”. Roll of data collection dissemination and analysis and research
needs to be elevated at HHS. And training in health statistics needs to be
increased. In academic training and public health in bio statistics needs to be
better attuned to health statistics. And this is certainly a large gap.

Now, based upon what we heard from the key informants, what we heard from
the NCH experts about changes in the priority recommendation since 2002, Gib
and I have a number of straightforward next steps to suggest.

The first, is not so much a next step as a reaffirmation. It is our feeling
is that the core concepts that NCVHS put forward in the 2002 vision report in
the 2001 report on information and health, really remain valuable and useful
frameworks. The notion of the health statistics enterprise that was put forward
in the 2002 report, the thoughts that were presented there on the influences on
the population’s health and then finally the concept of the national health
information infrastructure with the overlapping health care consumer in
population health dimensions. Now, I should say in the interest of full
disclosure, that I do, as it were, have a dog in that fight, because I
participated in writing both of those reports.


But having said that, the frameworks are still good.

Second, NCVHS should specify means through which EHRs and PHRs HIT generally
can improve health statistics. And how health statistics can improve clinical

Then finally, and this was something that we had talked about at the very
beginning of the project, that NCVHS should sponsor a series of high focused
workshops or hearings with each of those exploring a really highly specified
topic. Such as conceptual development of the population health dimension which
has not received a lot of attention in the past 6 or 7 years. Again,
parenthetically, Gib and I are working on a paper that we are going to be
submitting for pure review in probably around a month that deals with that and
then builds upon some of NCVHS’ ideas from just about a decade ago.

A second topic for a workshop or hearing could be formulating a broad
research program. With the emphasis on program here rather than agenda for
improving health statistics. Maximizing the contribution of the health
statistics enterprise to improving health care quality, access and efficiency.
Using EHRs and PHRs to improve health statistics and using HIT to increase the
contribution of health statistics to clinical care.

So what we would say is that each workshop or hearing should focus on a
single highly specified theme, clear statement of purpose for each. And we
would suggest both soliciting invitations for presentations as well as having
open invitations. One thing that in my experience the Committee has not done,
was solicit brief proposals, a paragraph or two, for topics for presentations
and then essentially choosing which ones are most appropriate and that may or
may not be a popular suggestion but it is something to think about. Providing
presenters with specific questions and a very brief issue papers for each topic
and then perhaps based on the content of presentation, selecting a smaller
number of participants to develop brief working papers that could be published
by the Committee.

Se that is where we are and we would be happy to end it to entertain any
questions or comments or suggestions.

MR. REYNOLDS: Judy and then Mark.

DR. WARREN: So one of your key informants, I think it was on the third
recommendation that you were making, you talk about assessing the validity and
reliability of population health items and un going data collection in
electronic health record systems. So, where in all of this should we put the
education of our clinicians in providing data integrity or valid reliable data
when they actually come in and document on their patients and we want this to
be able to be then aggregated up to a population health statistic.

DR. FRIEDMAN: Well, I am going to turn to my clinical colleague here.

DR. PARRISH: Well, certainly there is the issue of accurately documenting
the clinical care that is provided whether it is diagnostic work, laboratory
work, treatment modalities, whatever. When I was in medical school, I actually
took epidemiology in my second year and as a part of the medical school
curriculum, I was at UCLA and gained a pretty good appreciation for, in fact,
the importance of the kinds of data that are generated in the clinical setting
for use in larger population studies and health statistics as well. So I do not
know, I think that trying to do what can be done to get that message across in
medical education is important.

DR. WARREN: Careful, there are other people besides physicians giving care.

DR. PARRISH: There are indeed.


MR. REYNOLDS: Well you walked around there. We have all been there and you
are not alone.

DR. WARREN: I have gotten others on that, so do not feel bad.

DR. PARRISH: I think it is important and I think particularly as was
emphasized in the presentation here that there is a real opportunity for sort
of a interaction between what we know in terms of health statistics and the
provision of care because it can help to guide diagnosis, it can help to guide
what is done in terms of specific –-

DR. WARREN: So as we get more of the health team members documenting, and we
now have maybe 5 or 8 or 10 people, physicians, nurses, physical therapist,
respiratory therapists, social workers and we are all documenting –- if we
document from our own silos you may not be able to aggregate data that should
be the same because they have documented it differently or with different
levels of commitment to the data integrity. And I think that is kind of one of
our next challenges is how do we get across to all of our students, this
commitment to data integrity and not just chart something because that is what
is next.

DR. PARRISH: Well and I think one of the points made toward the end of the
presentation was also having some research that is actually done looking at
what we do have now as well as what we might have in the future and how that
can be used given some of the difficulties you just described in terms of
pulling information together and then trying to aggregate it for the purposes
of health statistics. That is a very good comment and a good point.

MR. REYNOLDS: We have got Mark, Justine, Dee and Blackford.

DR. HORNBROOK: Could you think about the issue of currency of data for both
clinical and population health management? I mean the H1N1 situation we are in
right now. It seems like –- is it just the CDC’s responsibility to protect
us from that epidemic or is there a general responsibility for all the health
care system to be prepared to deal with H1N1 or any other epidemic that comes
along. The same issue with medical homes, is there a way to get statistics in
real time about people’s access to their medical homes –- do they have it
or not? And then finally the integration between personal health needs and
disaster preparedness – I mean I am assuming that in Katrina, we lost a
number of lives because people were separated from their health care providers
and their information and there was not an adequate preparedness for that. I am
wondering if in dealing with this health statistics issue if we have an
opportunity to educate our various audiences about the fact that their health,
their own personal health is part of an informatics system and a disaster
preparedness system and a quality assurance system even a drug safety system
that they need to be responsible for as members of our society. Or am I just
preaching to the choir?

DR. FRIEDMAN: All questions and firm positions I will refer to Gib here.

DR. PARRISH: Well, the issue of timeliness of data, and I think that is what
you started your question with, I think is a very key question –- it is
something that has hounded health statistics for awhile given the way that many
of them are collected and again one of the things that we suggested was that
there needed to be a careful look at innovative techniques for obtaining some
or the information similar to what you described to in a more timely way.

And Dan alluded in his remarks to this issue of incomplete data and trying
to work with that, rather than having to wait until the very last birth or
death certificate comes into the system. So I think that there is research that
can be done in this area to try to improve our use of what we have at hand.

Certainly, CDC has been working on methods of gathering population based
data from pharmacies, over the Internet in terms of the Google approach to the
flu in the last year, to try to get at least some indicators of where a disease
may be heading or if there may be something new that is coming out. But I think
that all of these things are ripe for further exploration.

There have been suggestions that there might be attempts at population based
surveys using the Internet in an informal way and you could even use existing
surveys to look at the validation of those. So, again yes, I think that in fact
these are good things to be exploring in the next 5 to 10 years with HIT that
we have now and the advent of the electronic health records.

DR. HORNBROOK: I am just trying to deal with the privacy advocates that want
to go to the extreme of restricting access data for all just because of the
right to privacy without acknowledging that there are conflicting objectives
that would even them to be healthier.

DR. PARRISH: Well actually let me add one thing to that, one of the comments
that we heard from actually at least 3 or 4 of the key informants, was that
they felt that the privacy issue was one less of regulation and much more one
of communication. That there needed to be a lot more effort put forward to
actually communicate what privacy is about, what the important uses of the data
are and how to frame that better than it has been framed to date. So that came
up repeatedly in our conversations with people.

MR. REYNOLDS: We will just go around the table because everybody wants to
talk and we have got time, so Larry you put your hand up, so we will just come
right around.

DR. GREEN: Could you comment a little further about this assumption.
Listening to your presentation and having read the Shaping the Health
Statistics Vision 7 or 8 years ago, the take home message from your
presentation that you need to repair for me if it is wrong, is that we are at a
juncture in history where our approach to developing health statistics has the
opportunity to change substantially. Is that a consensus statement — is it
correct or not?

DR. FRIEDMAN: I think that that is true. We have the opportunity to build on
what we have been doing well but also trying to think prospectively and
expansively about how changes in the collection of data for health care can
affect health statistics in the future and it is a difficult discussion. The
answers are not always clear because there are certainly some uses of data from
health information exchange and electronic health records that are fairly
obvious -– lab data, STDs, but there are other uses that are less obvious
and maybe more difficult to realize those uses. It is a subject that needs to
be really honestly explored. By honestly, I mean really looking at it
critically and saying what can we do with electronic health records and
personal health records and health information exchange and perhaps what can’t
we do or what can’t we do right now. Part of that revolves just around the
nature of our own health care system because what one can do in England, or
Canada or Sweden with electronic health records for population health purposes
when you have full population coverage and provincial or national health
identifiers is different than what can do when one does not have those.

MR. REYNOLDS: Blackford.

DR. MIDDLETON: Thanks for a terrific report and analysis. I just had a
couple of questions and maybe a couple of requests. You know one of the things
reading the document and thinking about health statistics as we have
traditionally construed them is that that is a very well known and sort of
accepted term I think within the Beltway. You know what it means and within the
confines of this organization we know what it means et cetera. But I think you
are pointing to a much broader definition of health statistics.

So I wonder if actually we need to think about changing the label in this
kind of document and perhaps elsewhere wherein it might arrive at or support
additional funding in extending the sphere and scope of the traditional health
statistics notion. I think that would be very powerful, it is your intent but I
do not have a suggestion on the new label, but it is a request.

I think the second thing, what I look for in this document or maybe tell me
Mr. Chairman if it is appropriate to look for this kind of analysis in this
document, but I think the call is clear. The clarion call for increased funding
and support and the important and the relevance is clear. What is not clear is
where are we failing from a management analysis today in the national health
care information infrastructure, and particularly with respect to health
statistics, gathering, use and dissemination and et cetera.

So is there something that we need to do, or some insights that we might
offer based on the collective expertise, particularly of folks in the business
about what is working with respect to the current national architecture for
health statistics and allowing us to focus our comment on the management side
of that as well. What is working well at the federal level what is working well
or not at the state level and even what might be working well or not at the
community level.

I think that raises the question that also, what is the public/private
connection here for health statistics or the broader conception of health
statistics. I do not think that was commented on. And this then might lead to
recommendations about not only management in structure but appropriation which
would be the final goal.

DR. FRIEDMAN: Blackford, if you have a couple of minutes later, we just want
to you separately on one part of that.

DR. MIDDLETON: Certainly.

DR. FRANCIS: Thank you for a great presentation. I just have a comment which
gets back to Chuck’s comment earlier about data integrity. As we are preparing
for our hearings on meaningful measurement we are looking at the supply chain
of the making of a data element and I think that I was struck by the importance
of data definitions and then education and sophistication of the whoever it is
who enters it – doctors or administrators or other health care
professionals. As we envision what could be and certainly enamored very much by
the immediacy of electronic data, we need to balance how much do we invest in
the construction of the data elements because the rest of it all falls on that.
So thank you.

DR. WARREN: I want to play off of Larry’s comment because I really do think
we are at a paradigm shift through the way we look at health data. For me to
separate off of Chuck and say this is health statistics and this is clinical
and this is administrative really is some of the old world thinking and we have
tremendous innovations in programming languages, tremendous innovations in
hardware and servers, tremendous innovation in the way that we are beginning to
put databases together that we did not have 5 years ago. And so for us to still
think about paper data collection or some of these or some of the problems we
had with that sort of troubles me.

I would like to push this to where we really do kind of look into the future
and see the change between the way that we currently collect clinical and
statistical data which is still primarily paper based in this country, and
start shifting that into electronic and information system base and start
getting our health profession students ready for that new future because right
now we really are kind of not which tells me that we really are close to that
huge tipping –- whether it is the tipping of an iceberg or one of my
favorite cartoons and I show my students is the chicken and egg thing and the
chicken says, wow, paradigm shift and there is the broken shell that is beside
him. And I think that is kind of where we are. It is an abrupt shift and it is
coming fast.

MR. REYNOLDS: This has been an interesting area to me because I am not a
doctor and I am not a statistician. And there is a big gap between, and I think
everybody has touched on it, a big gap that I do not think most of the industry
is looking at this to where everybody is building new systems and building new
thinking and building new ways of collecting data and doing all that and a lot
of us in our day jobs to that. It is hard to learn this. And so I liked your
idea on some of the hearings and we are about to do a primer on data
stewardship but there is not necessarily for the masses — there is not a
primer in this field, and so I can comfortably tell you, a lot of people are
spending a lot of money right now. But neither can they walk as far to
everybody that is good at this. Nor is anybody that is good at this coming back
far enough to talk to them.

And so as I sit here, for the 5 years that I have been on the Committee,
this is probably the area that I wish I could help the most but I do not even
know how to start doing it. As somebody that is in the business, I am serious,
and so consequently this is a lost subject in the day to day operational
environments of many places. And so therefore if it is not prepared, if it is
not captured, if it is not used in a way and brought forward in a way that it
can be used, then even with additional money it might not help as much.

So making the group swell, use the things like meaningful use and you
mentioned LTD and you mentioned a few other things that I know I have seen on
the thing, so you get this idea that if some of these things become part of the
fabric so that just by the process of doing health, we capture some of this and
we keep some of this and we use some of this. It might be very helpful. And so
I know, whether I am voted down or not, I know I will vote when we have any of
these hearings, is almost that I am happy to be the model –- you know
health statistics for the dummies, I am more than happy to be there, I have
been there plenty of times in my life and will be there tomorrow for something


But I think this whole idea of how do we help the industry bring it to that
environment, not necessarily have that environment continue to remind the
industry that nobody is helping, because I would not know how to help. And so I
think that is going to be exciting as we look at how we update this. It is —
teach those of us that aren’t, how to help, and then maybe we will help a whole
lot more and maybe we will help just as a by-product of what we are doing and
not have to come up with anything magic and mystic.

It would just be nice to be able to give it to you in a way. I mean we have
created incredible numbers of standards on the HIPAA stuff and everything else
that is going on. Well, what are the kinds of things that can be automatic? Are
things like the continuity care document -– is that, I mean I am showing
my ignorance, but that kind of stuff is flowing out but it is not flowing out
at least that I can tie it to this end. And so I think that will be very
exciting to me as we update this. And then we hold some hearings to help that
gap. It is a struggle. Every time I hear this, I am nodding my head, but I
cannot help. And so I think that it would be good to get a lot of other people
maybe to that point and if it is just me, please somebody take me aside and
help me. I will be happy to take that too.


So that is my comment.

Marjorie, we are going to keep going around if we could.

MS. GREENBERG: I do not mean to be light about this, because I think you are
dead on, Harry. But I was just going to say that we are going to be driving
down to Charlottesville and be together for the next three days, so maybe we
can bring a statistician with us and do some in car training or something.


MR. REYNOLDS: Hey do you have an audio book I can borrow?


MS. GREENBERG: We are going to have a captive audience I mean for a number
of hours. But seriously, I want to thank Gib and Dan, whom Debbie Jackson and I
who have been sort of shepherding this project along, refer to as the


And I will say since I last saw them or they retired from their respective
jobs, they have gotten younger which is probably a lesson for all of us. But, I
want to thank the “boys,” no, I want to thank the doctors or really
doing a superb job on Phase I here of this effort as Dan said, I do not want to
minimize how difficult their work was, but it was certainly made easier by the
enthusiasm of everyone whom they wanted to talk to about this which was
encouraging to me that people who were not just health statisticians or people
in population health specifically, how really receptive people were to their
request for the key informant interviews et cetera. And I also want to thank
the population Subcommittee who has been kind of the home for this and I hope
will continue to be.

I think that this discussion really resonates with our discussion at the
June meeting, doesn’t it seem like a long time ago, that June meeting — it
certainly does to me. But we met at NCHS as you may recall and there was quite
a bit of talk about the lack of resources for research in improving health
statistics and in improving population health and I think this really resonates
to me with what several people have been saying because I think the
opportunities are potentially huge to harness all these new sources of
information, but without the ability to do the research that is needed to
validate that in fact, the information that you are getting from all these new
sources either can replace some of the traditional methods or at least can very
robustly supplement them.

I think one should appreciate the anxiety that people in this field feel
about every time they hear, this is a paradigm shift this is going to be a new
thing, we do not need birth and death records the way we have known and loved
them, we do not need health interview surveys we do not need health examination
surveys, that is the extreme, but you do hear that a lot. And I for one, do not
believe that is the case and I kind of doubt anyone around this table thinks
that is the case, but on the other hand if we are going to harness these new
methods and approaches for collecting information and both have them improve
the way we collect some of our traditional sources.

In some cases we place or amplify, there has just got to be research done to
show that in fact we are getting information that can be used in the way that
health statistics have to be used. Not sort of convenience samples and here say
or if you have seen one x you have seen one x, but really can be used to
generalize about the population with the denominator and a numerator. I know I
am singing your song here and Dan’s head is going up and down and I appreciate
that, but it is true. I think that I cannot fault my fellow colleagues who are
statisticians for kind of going, wow, when they hear about the brave new world
out there because there is just no good evidence that this can work.

So, if we want to see this happen, we just have to put the money into the
research that will allow it to happen because I believe that it can, but I do
not believe you can expect people to take it on faith. And a lot will have to
happen to make it work.

MR. REYNOLDS: Okay, Leslie. Dan were you going to comment.

DR. D. FRIEDMAN: A quick comment, Gib and I both completely agree with that
and several years ago NCHS funded a project that I was fortunate enough to do
on national strategies for electronic health records and their potential for
population health monitoring and research. And I spoke to a lot of folks in the
U.S., Canada, Australia and New Zealand and England, and one of the comments
that was most memorable was made by the them head of ONC, David Baylor, who
said to me, you know when it comes to health statistics it is really all about
the denominator. And that is a point, again particularly in this country where
we do not have, we are not going to have universal coverage of electronic
health records and that is an extraordinarily important point as we think about
how we can use electronic health records for statistics purposes.


DR. FRANCIS: We have skipped over confidentiality in between privacy and
security and as I understand the ideas, privacy is about whether there is the
initial access to you that gets your data into the system. And confidentiality
is about the protections when that information moves around. And what I want to
ask you is what this vision involves the use of aggregated data sets in new
kinds of ways and the incorporation of data, the integration of kinds of data
that have not traditionally been integrated into population statistics. Now, I
share the view that there are all kinds of benefits to this and that the sort
of idea well my data ought not to go into this kind of thing, that is not what
I am talking about.

What I want to ask you is -– when you talk to informants was their
discussion about the new kinds of harm that might come on the confidentiality
side and how some of those might be addressed? In particular questions like,
re-identification when data sets get merged of individuals, or the ability to
figure out information about small groups who might then be stigmatized, people
who live within a 2 block radius of, whatever. So do you have any thoughts for
us about how to try to address those new kinds of harm from this very powerful
set of ways of using data.

DR. PARRISH: Well yes, there were a few comments in this area. There has
been some work for example at NCHS specifically directed toward dealing with
the kind of potential problems that you are talking about –-
re-identification or the ability to combine data sets in order to identify
individuals. And, both software has been developed as well as analytical
methods to, in fact, perturb the data a bit if you will in order to make it
much less likely that a person can be identified through though methods. Some
of this work has also been done at the census bureau. So I think that people
are aware of that, aware of these issues, research has been done and should
continue to be done, specifically looking at this, and how to in fact, deal
with this.

I mean, one of the advantages of the aggregate data sets are in fact, that
they are aggregated. And that, as you aggregate them up, you of course the
chances that you will be able to identify anyone in particular and there are
certain techniques, for example now in state health departments that as people
look at data for specific groups, and you reach a point where that data might
be used to identify people in fact the data is either suppressed or it will not
return an answer to a query of the data. So, these are things that are
important to keep in mind. But I think given the potential uses and benefits of
the data, that really we need to focus on dealing with those techniques, trying
to do research in them and get them out there in widespread use. so that we can
take advantage of the data.

DR. SCANLON: Let me add my thanks to the two of you for doing an incredible
job in this report. I think you have helped us think about seriously about what
our next steps need to be.

I would like to pick up on what Larry and Leslie were talking about in terms
of this being a transformative moment or a tipping point, because I really
think it is. About 2 years ago, NCHS had a workshop on how electronic data
might be used in terms of population statistics. In some ways, at least for me
it seemed to be a very academic exercise. This was something that was so far
out in the future, it is like, let’s not get too excited, I can retire sooner
than it is going to be a reality. But ARRA money has changed that. It has
really changed what is going to be the prevalence of electronic health records.

And I had always believed that there was the potential there, that we could
do something very, very different and now it is going to be sort of closer to a
reality. There is also a real chance that we are going to blow this
opportunity. The electronic health record could become the electronic paper
record. It sits in an office or in an institution and it never goes anywhere.
What we do need to define is the mechanisms that get the data to flow which I
think is critical. If we can get the data to flow sort of in the right way with
the right protections, we have tremendous potential. And I think we can maybe
even stop talking about the health statistics enterprise and think more about
the health enterprise and that they are integrated. That we have got health
care, enterprise is generating data that one of its by products is the health
statistics that we need. Another one of the byproducts is better health care
for the individual, sort of that point of service. But it is going to be a big
job sort of to make that happen.

And I think there will be a continuing role to fill in some of the gaps. I
mean the electronic health record is not going to do everything and even with
getting the data to flow it is not going to do everything, and so we have to
think about the strategy to fill in the gaps.

At the same time, this is one of those areas where we cannot allow the
perfect enemy of the good. If we talk about health statistics today, I made a
lot of money as the health services researcher on a relative basis over the
years, using both claims data and survey data. In proposals you talk about how
good these data are and how they are going to allow you to answer these
questions. If you were pressed you could talk about how bad these data are, how
sort of insufficient, inadequate et cetera that they are, but they are the only
data that we had. It was better to have some light on a question that to have
no light on a question. Now we are talking about being able to improve things
in a very significant way, if we can get some of this information sort of in
the right places and used in the right way.

And Harry, I would say that you do have the expertise that we need for this
area because one of the things that I think about is –- why isn’t the
claim a primary vehicle for what we want to know about the way the health care
enterprise is working? The marginal cost of electronic health records adding a
bit of information to a claim is zero. Once it has been programmed, fixed costs
are done, it is going to be zero. The question then is have we put in the right
information and have we protected in the appropriate ways sort of over time.

But once we do that, there is a lot more data that is flowing in claims
today than is flowing through HIE. And that is going to continue for a long
time. It is going to continue to be that way and so the question is -– how
can we tap into that to make this enterprise much more reasonable. I see this
as a natural for the Committee because we have this interest on the part of the
quality and populations group and overall sort of aggregate issues. We have the
interest on the part of the Privacy Subcommittee in terms of issues of
individuals and we have the whole Standards Subcommittee plays a role in terms
of well, how can we make these vehicles work together. So it just seems like
this is the right time to think about this issue, particularly for this

DR. STEINWACHS: Is there anything left to say, there must be. So I want to
thank you two mainly from a very selfish point of view. Early on Harry said to
me, what is the Population Subcommittee doing?


And so the two of you have made us look very good.

When we look back at the 21st century, we did the right thing.
You created it, we have nurtured it. So Harry that is what I have done.


MR. REYNOLDS: I appreciate you gentleman coming along. I just we would have
seen you a little earlier.

DR. STEINWACHS: Just a couple comments that came to mind. One is, I liked
your actuary comparison and two things struck me — that health economists, at
least economists used to be once, there is no data set to dirty for an
economist to crank and come out with some conclusion. And you then take the
other extreme where people say if you do not get survey response rates at this
level and this level that we will not touch the data. And so I still am
fascinated by that kind of issue of what is useful in the data you have that
you can use and I think what makes it different today and claims data is part
of that, is that claims data is really 100%.

So it is not a sampling survey, you know everything there is about some
items within whatever the limitations are for everyone. Well, we are starting
to envision the possibility that as electronic health records progress it may
not get to be 100 percent, but the concentration is far different than what we
think of now as the NHANES study or other things where you are talking about a
small sample, instead you have got a good part of that universe out there.

So it just seems to me that maybe we need to think differently about how do
you look at things that are closer to large parts of the population in terms of
those questions about if they are missing data or their lags or other things,
can we not adjust for those maybe better than surveys.

The other part, which I always loved about the vision and it did not
explicitly come up here, but in your diagram you identify kinds of data coming
into the health care arena that we usually do not have. Environmental data,
which never shows up in a doctors’ office as far as I know, but you could think
of that being a feed in through electronic health records. Other ways it brings
the application of health statistics to the clinician in a way that is relevant
for the patient that he or she is seeing.

The other that has always made me envious, but that did not come up here
either, was — I understand between the credit card companies and the grocery
store and some others that I could figure out for Larry exactly what he eats,
he drinks and I know about his home and his environmental exposure and I would
know something about his profession and those exposures. There is a kind of
statistical profiling that it seems to me that I would probably be interested
for myself, because you say how well can I report my diet? Probably nowhere
near as well as if you pull together aggregate statistics.

And so I also have wondered sometimes, you know, like credit reports. We
now have a quid pro quo that industry accumulates all this stuff and now they
have to let us see it once a year for free. It just seemed to be an interesting
twist on thinking, could you do that same thing with those other private
industries that are profiling us and provide us with information that we then
could share with our clinician or that you could bring into the public health
arena, because it has a — many times, a geographic population base. Again,
there are imperfections in it as you and I know.

So what I loved about the vision was the fact that it also stretches out in
ways that maybe it is not only the tipping point of electronic health
technologies, and so on, but it also seems to me it needs to be the tipping
point of really encompassing that whole diagram and not just the things that we
sort of parochially say, oh well, these are the things that we are accustomed
to seeing and maybe information that may be much more useful to us like an
obesity epidemic and other things. Thank you again.

MR. REYNOLDS: Garland.

MR. LAND: Just a couple of in the weeds comments on the report again, I
appreciate the report. It was very well done. The examples that were given in
recommendation number 1 were quite good. I think another good example would
have been talking about the changes that have occurred in the Vital Statistics
arena since 2002, in terms of electronic systems in terms of birth and death
systems and there has been some really significant movement in that area. Also,
I thought I had it, I think it was recommendation 8 that talks about the
indices at the state and local populations, again another good example I think
of that would be the environmental public health tracking network that talks
about environmental data and how they are trying to link that up with
population based data at the state and local level. So just a couple of
examples there.

I guess to reiterate what Marge was saying and others that said –- I
see this statement here that HIT holds huge unrealized potential for health
statistics. That is almost stated as a reality and I guess I would prefer to
see it stated as a hypothesis that needs to be tested. I do not know if we know
that that is true or not. I think it is still out there as we see is a
potential, but we do not really know to what degree and where it works and
where it does not work. And I think it does need a lot of research. We are in
the process with national center staff and my staff are trying to develop some
standards for moving data from electronic records to burrs systems.

When you get down into the nitty gritty or it, it is not all that easy and
what we thought could be done is really challenging and we are really starting
to step back and wonder when it works and when it does not work and so forth.
So I think it is something that we certainly hope will yield good results but I
think it really does to be tested quite a bit to see where it works and where
it does not work.

MR. REYNOLDS: Okay Mark, back to you again.

Oh, Ed, go ahead. You took your glasses off and sat back and I figured you
were — why don’t you introduce yourself Ed?

DR. SONDIK: I also give you my thanks for this. I think the way you have
done this is actually extremely informative in terms of laying out these
developments since the recommendations. There are a number of the comments
-– let me start with one question that Chuck asked me? He wanted to know,
what does it mean improvements? In here it talks about improving health
statistics and the sense he had was that the health statistics we have are not
good, or maybe that is a hypothesis, as opposed to need to be expanded. So I
think something in this report, since this is a draft, that is clearer on what
improvement means because you do use it all the way through.

Several of you commented, in particular Bill but several others concentrated
on what I would view is not so much the health statistics, the data, but really
on the use of it. And I wonder where my head is on this because when this
report was originally, I thought it was really terrific. And yet, when I look
at what you have done and I look at where we are, I think, not you guys, I
think we are missing the boat because I think we should concentrate on both the
data, but lead into that by being much clearer on the use of it. In the various
ways that it is used and hypothesize ways that it could be used, because I see
all of this as management information.

In fact, I think, I know I will live to regret this, but the emphasis here
is on statistics and this causes Harry to say and I am not exactly a
statistician and we will tutor him in the car and this kind of thing. This is
not about statistics. I am really serious. This is not about statistics. This
is about information to manage the health care system and I will not say the
trite 2 trillion, 4 trillion whatever the figure is today system, but that is
really what it is about. If you go back and look at the NCHS legislation, which
is now 50 years old and where it lays out all of the areas that should be
collected –- it is done in the context of what we need to manage the
health care system. I think that is something that we are missing. I think we
are not putting enough emphasis on the use of this and ideally I think, from
this effort, would come another set of legislation that would update the
legislation that we have.

That is why I may live to regret this, but that would update that
legislation in light of where we are today. Now we are operating NCHS and in
essence the system is operating under the legislation that is 50 years old. And
it was based on the information that you could get then or likely could get
then. But there is more today and there are all these issues that go along with
it as well, in confidentiality and so forth, but I think there is more that
could be done -– that is a hypothesis, I agree, but I think that we could
come up with any number of examples of information that is available today that
no one would have dreamed of 50 years ago related to health care quality
related to the Dartmouth Atlas and the Dartmouth Atlas squared for example,
much more information that you could get. So I am quite serious, I could see I
would like to pose that as a direction for this that this series of meetings be
held, but that they be held with a goal. Not solely to update the report. But
to aim at NCVHS which really is the organization in HHS that can deal with
this, giving recommendations on where all of this should go in the future. It
might give guidelines or recommendations or write legislation, but guidelines
and recommendations for needed modification to where we are. Which could range
anywhere from those recommendations of how it should be directed with HHS to
something that would link as well with the rest of the health statistics system
-– the Census Bureau, Education, you know I mean that diagram that you
referred to emphasizes the terminates of health. Well, a lot of those
terminates of health is gathered elsewhere in the federal statistical system.
So I have this sense, this is making my day, it did not start out great —


But I think there is a tremendous amount of promise here and I think this is
very much related to the Charter of this Committee, and I think this focus on
how the information can be used, could be used, what it takes to manage the
system. Based on what you gave, I am not sure I would bring in the Head of CBO
or GAO or well, I probably would bring in the Head of OMB because we all know
he has expressed such an interest in this, in contract to other Heads of OMB. I
think there is a very strong sense here of management of the system. So, that
in essence is my comment. It is not in terms of what you have done. I think it
is more in terms of where we go next with this and I would like to see it focus
on how this system should be transformed. I think the research part and all is
terrific, you know that. I think in my comments to you I emphasized that. What
I am surprised at, is that I do not think I emphasized what I am saying. I
think I did not do that because I did not see it all laid out like this. So
thank you for your very valuable contribution.

Agenda Item: Committee Discussion

MR. REYNOLDS: Okay, I am going to stop. We have been around once and I know
that some others had some comments, but we have already gone 15 minutes over
what we expected and we have to break at 3:15

Thank you very much.

If you remember I told you I met with ONC — autonomy when prudent or
chartered, this would be prudent and chartered as far as territory that we can
go in unencumbered; we can go in as we choose to and then, hopefully whatever
we come up with can be shared in a good, solid way. So I think this is a clear
shot, that is why I talked about it in those things, it is a clear shot, we do
not need help, we do not need S and then hopefully what we come out with can be
rolled into, whether it is meaningful use or some of these other things, to
really start actually making it pragmatic.

Mark, you had your hand up.

DR. HORNBROOK: You talked about a tipping point earlier and I want to come
back to that. I think this is for the whole two days, not just this one
presentation. We are the tipping point in the sense of what Bill described was
the claims data and of course to me, as a health economist, claims data are
inputs. They do not tell you anything about what is being produced with those
services that are reasonably well documented. So in our society and our health
care system, we had very few measures of outputs. We do not have accountability
for what our health care system is producing. There is no way of measuring it.

I was part of a consortium put together to respond to the FDA Sentinel
network and what that is doing is creating the new drug safety system for the
whole country. It is a multi-million dollar plus multi-millions of people
effort to put together all of the electronic data systems regarding drug use
and aspects of your health once you got the drugs. They will find out whether
you had a certain drug in your children in the hospital, or whether you got it
in surgery or you got it at home over the counter whatever and will find out
whether you had some adverse reaction later. To me, this says quite
dramatically to us that we have a chance to move this whole system forward by
getting functional health status on a national basis with the same kind of
level of effort and vision that the FDA has got on the Sentinel network. We
need a health output, functional health status, preference weighted health
status measure so we can get global measures of output that we can compare our
resource allocations so we know what we are getting for the fact that we are
spending more money than any other country in the world.

Why aren’t our health statistics equal to that? Well, because we are wasting
a lot of things. And this relates to the comparative effectiveness agenda for
HRQ and the ARRA where we want to find out where when you produce a lot of
services, you do not get much in return, you have got to stop that. Well,
functional health status to me is the holy grail of being able to really find
out who is well and who is not well. Even though they all have the same
disease, some are very vigorous and very highly functioning and some people are
house bound or bed bound and we do not have measures of that. I was saying that
in some sense, we could put into our IT systems, when I fill out my request for
a drug prescription on my PHR or my EHR, you could also come back at me with a
health status questionnaire.


DR. SUAREZ: One thing people might not realize is that starting 2012 we are
going to be on a claims standard called 50/10 for the next probably 8 years.
You know, I have been around on the claims arena for many years to know that
trying to add a data element into a claim so that it gets reported from a
hospital to a payer or physician to a payer it takes 4 or 5 years. Now with
HIPAA adoption process we move from 50/10 to the next version, whether it is
50/50 or 60/10, it will be another –- well they just passed the rules
-— we are going to be on 50/10 on this same claim standard without being
able to add or report anything in addition to that for the next 8 years.

I think what I wanted to say in my comments to the report was, I think we
are at an unprecedented moment where we are just making an incredible
investment on EHR adoption. If we are really going to be at the 2014 mark of
hopefully 100 percent of EHR adoption, I think the real opportunity is how much
the vital statistics system is going to be capable of interacting with that EHR
into the future because that is the kind of exchanges and the kind of
expectations that there are going to be.

I am going to expect that instead of having to create this message to send a
birth record, I am going to press F9 from my EHR system and a message gets
created and sent using the standards that are supposed to be used by the HR
system. And be able to receive back information from the vital statistics
system from my state to periodically know what the situation is electronically
and give me some pictures and there are some situations coming up or that have
occurred -– all that type of real time, electronic, standard based,
interoperable, interaction is what is expected. And in 2011, some of us are
supposed to be demonstrating meaningful use of EHRs and two of the measures
involve public health and I wonder how many public health systems are going to
be able to respond to my submission of an EHR message so that I can demonstrate
that I am actually using meaningfully my EHR.

So I was looking at your slide that said that health IT is not significantly
impacting health statistics in 2002 and try to put this light in 2014 and see
what the change in that message would be. How much health IT has significantly
impacted health statistics because it has not been able to support an
interactive exchange of vital records data bi-directionally and so I think the
opportunity that we have is to build upon the unprecedented funding and
adoption of EHR that is going to happen in this country and try to align the
vital statistics systems to be capable to talk to those EHRs.

MR. REYNOLDS: Well, Don, you and Bill now have plenty of help in the
populations group to take this and work with it so there would be no question.

A couple of housekeeping matters before we break. There will not be a
quality breakout session tomorrow. We have got some people leaving. Or they may
be an amendment to that.

DR. CARR: I just want to make sure by way of explanation because I wanted to
be respectful of the folks that are here but Matt is not here and the goal was
to discuss the agenda and Matt is not here, Paul is not here, Blackford cannot
be here, Morris cannot be here and so if there is a need right before the
hearing for us to regroup by phone, I think we will do that, but in the absence
of the key players I am reluctant to do work that we then redo.

MR. REYNOLDS: The other thing I want to mention is the significant success
of this Committee has always been the staff support that we have and two people
will be kind of stepping away from the Committee. One is Mary Jo Deering, most
of you are aware she had kind of moved into another role so we will be sending
obviously a letter from the Committee to her thanking her very much and again
some of you only see these people periodically when their subject is in the
Full Committee, but they are the ones that really make the Subcommittees go
from a standpoint of being really helpful to us. And the same thing, Denise
Buenning is here, Denise stand up so people that do not know you would see you.


And for those of us that have been anywhere near the Standards Committee,
most people only need one crutch or two, she sometimes was all three crutches
we needed when we were trying to get things done and drove an awful lot for us
so I want to thank her and them Loraine Dew is here from CMS who is actually
going to be following in Denise’s footsteps and a lot of us know Loraine
already from being a key player in the industry. So thank you to them.

Reiterating some comments on Carol McCall, again as I told you we are having
our off site with the former Chairs and since I have only been Chair for a year
I do not have a lot to say as a former Chair yet unless I do not do well in the
rest of this meeting. But the point is that the uniqueness of the people that
we bring in here, the richness of the discussion, the person like Carol McCall,
that when she spoke it was like, you listened and you listened because it was
thoughtful and you listened because it was about the common good, it was about
making a difference and I think that is the most exciting this when all of us
show up here is that you do have a chance to make a difference within a
structure, within a process, that is not overly cumbersome, hears all voices,
we do it collaboratively which is a word to many people, not an action.

So even the letter today, the Privacy Letter is a perfect example of that so
we miss everybody we have, but we bring them back like Dan and we make sure
that they come help us in a different way. And so if you get a chance, I would
appreciate it if any of you that spent some time with Carol, reach out and let
her know how much she did mean to us and we are looking forward to the new
additions and the retreads that we decide to bring back again, being even
better this time now that they know what they are doing. But seriously, so with
that we will break for today.

(Whereupon, at 5:10, the meeting recessed to reconvene the following day at
9:00 a.m.)