Transcript of the September 22, 2014 NCVHS Full Committee Meeting
[This Transcript is Unedited]
National Committee on Vital and Health Statistics
September 22, 2014
National Center for Health Statistics
3311 Toledo Road
Hyattsville, MD 20782
CASET Associates, Ltd.
TABLE OF CONTENTS
- Call to Order, Welcome, Review Agenda – Larry Green, M.D., Chair
- Updates from the Department – James Scanlon
- CMS – Todd Lawson, CMS
- ONC – Judy Murphy, ONC
- Privacy – Julia Chua, ONC
- Privacy – Rachel Seeger, OCR
- Standards—ASC X12N XML Schema
- Virtual Cards/Credit Cards; UDI in Administrative Transactions; Attachments – FOR ACTION – Walter Suarez, M.D. and W. Ob Soonthornsima
- Standards – Attachments; ICD-10 – FOR ACTION – Walter Suarez, M.D. and W. Ob Soonthornsima
- NCHS Update – Charles Rothwell, M.S., M.B.A.
- ACA – Review Committee on Data Standards Charge and Expectations – Mr. James Scanlon and Standards Co-Chair
- Stewardship Toolkit, FOR ACTION
Privacy, Confidentiality and Security Strategic Plans – Leslie Francis, Ph.D. and Linda Kloss, M.A.
P R O C E E D I N G S (9:00 a.m.)
DR. GREEN: Welcome to another meeting of the NCVHS. We have a very brief and straight forward agenda for this meeting, as you may notice. We want to get started right on time.
Let’s run the table, as we usually do, identifying who is here and state whether or not you have acquired any new conflicts of interest.
I am Larry Green. I am from the University of Colorado, Denver. I am a member of no subcommittee but chair of the Full Committee. I have no new conflicts.
MR. SCANLON: Good morning. Jim Scanlon, Deputy Assistant Secretary for Planning and Evaluation at HHS and executive director of the Full Committee.
DR. MAYS: Vickie Mays, University of California, Los Angeles. I am a member of the Populations, Privacy and chair of the Work Group and I have no conflicts.
DR. FRANCIS: I am Leslie Francis, University of Utah. I co-chair Privacy, Confidentiality and Security, and I am a member of Populations and no conflicts.
MS. KLOSS: Linda Kloss, health information management consultant. I am co-chair of Privacy, Confidentiality and Security. Member of the Standards Subcommittee and no conflicts.
DR. COHEN: Bruce Cohen, Brookline, Massachusetts. Member of the Full Committee, co-chair of the Population Subcommittee. Member of the Data Work Group. No conflicts.
DR. CORNELIUS: Llewellyn Cornelius, University of Maryland. Member of the Full Committee and the Population health Subcommittee and the Full Committee. No conflicts.
MS. GOSS: Alexandra Goss from Camp Hill, Pennsylvania, with the eHealth Partnership Authority, where I am the executive director. I am currently a member of the Standards Subcommittee, the Framework Subcommittee, Work Group. I am hanging out in the Populations Group and also in the Full Committee. I have no conflicts.
MR. LAWSON: I am Todd Lawson. I am acting Director from CMS, Office of E-Health Standards and Services. I am from the government and I am here to help.
MS. DEUTSCH: I am Terri Deutsch from OESS, as well, and the lead staff of the Standards Subcommittee.
MS. MURPHY: I am Judy Murphy from ONC. No conflicts.
DR. WHITE: I am Jon White, your liaison from AHRQ. No conflicts.
DR. CHANDERRAJ: Raj Chanderraj, from Las Vegas. Member of the Full Committee. No conflicts.
MR. BURKE: Jack Burke, Harvard Pilgrim health Care from Boston. Member of the Populations Committee and the Privacy, Security, and Confidentiality Committee.
MS. MILAM: Sally Milam, West Virginia Health Care Authority. Member of the Full Committee, Privacy and Populations. No conflicts.
MR. SOONTHORNSIMA: Ob Soonthornsima, Blue Cross and Blue Shield of Louisiana. Member of the Full Committee and Standards Subcommittee. No conflicts.
MS. JACKSON: Debbie Jackson, National Center for Health Statistics, CDC. Acting Executive Secretary – still enjoying having my own microphone.
MR. WALKER: Jim Walker, Siemens Corporation. Malvern, Pennsylvania. Member of the Population Subcommittee and Full committee. No new conflicts.
(Introductions around the room)
DR. GREEN: Vickie Mays is spreading a rumor that Bruce Cohen got some sort of interesting award lately. Do you want to explain that, Bruce?
DR. COHEN: Well, I officially retired from my full-time job several weeks ago. I have recently received two awards. Most recently, last week, the Practice Award from CityMatCH and the American Association of Maternal and Child Health. Thank you.
DR. GREEN: Congratulations. I think we are ready for updates from the Department, Jim.
Agenda Item: Updates from the Department
MR. SCANLON: Thank you, Larry. Good morning everyone. I will try to be a little shorter this morning because I know we have a lot of other reports. Since we met in June, just a couple of personnel changes that I think you are aware of. We have a new Secretary, Sylvia Burwell Matthews. She has now been at HHS for three months now. She is moving right in and moving along. I will say that she is a data – she came from OMB. She is a data-oriented person. She is always looking at – you know, anecdotes are fine, but two anecdotes don’t make data. She is always looking at impact, in terms of before any choice or any decision, not just that it feels good, but what is the impact and what the priority and so on. She is very supportive of data and evidence and so on.
On the policy and program side, we continue with our strategic plan, as you remember, four goals and 21 objectives. My own office actually manages a system whereby we try to manage for progress on all of the high visibility plans in HHS, the strategic planning system. We support the Secretary and the Deputy in that way. We do have a couple of new initiatives. Obviously, you have heard of Ebola, antibiotic resistance, opioids – that is preventing misuse and morbidity and mortality associated with misuse, and delivery system reform, which is an outgrowth of the Affordable Care Act and some of the capabilities provided there.
On the budget side, we are in the final two weeks of this fiscal year 2014. Last Thursday, congress enacted a continuing resolution that will take us through December 11th, I believe. We are good then. There shouldn’t be a shutdown at least in October. We will have to see what happens in December after the mid-term elections.
Health reform – we have gone through the first open enrollment period. We will be coming up on the next one in November. On the data side, I think I mentioned previously we are monitoring impact in implementation through two dimensions, the administrative data, the enrollment and so on, and then surveys. In my own office, ASPE, we have been posting the enrollment data, the monthly enrollment data for that first enrollment period. We will be doing the same when we start again in November. Last week, we also published enrollment – ACA marketplace enrollment figures by zip code so people could see how they are doing there, as well.
We have a policy now. We are trying to implement that. Whenever anyone at HHS posts reports or research or anything like that, they accompany that with a machine-readable form of the data so people can take it up and analyze their own. It is really a multiplier. Everyone else can analyze the data, as well.
Again, the surveys are serving us very well. Finally, last week, we were able to publish findings on health insurance coverage from the Health Interview Survey, the first quarter of this calendar year, which was the first quarter for the enrollment period for ACA. We worked with the Census. They have sort of some methodological numbers on 2014, as well. It looks like there was a two percent in the uninsurance rate, which I am happy to see that. Otherwise, that would have been a big problem. When we have the next quarterly report in December, it will be six months of the Health Interview Survey. We would probably expect to see some increases there as well. The surveys are serving us very well.
We continue to look at what is the impact of ACA, generally, and the status of vulnerable populations even with – an insurance card doesn’t necessarily mean that you will have access or quality or so on. We are looking at vulnerable populations generally. We are trying to increase the capability there. Particularly, one of the new groups we have been adding, as I said previously, is to try to improve the data on the LGBT population. We are also looking at disabled, rural, and racial/ethnic minority populations as well.
Just to remind you of our data strategy, to be brief, about two years ago the Data Council was asked to sort of review our portfolio and see where we are strong, where we are weak, where we need to redirect and so on. There were basically three major parts of that strategy. One was to focus on high priority data gaps in a coordinated fashion. That is where we made a number of investments in the ACA monitoring.
Another dimension was how can we get the data faster? As you all know – you are in the same business. Everyone wants the data quicker, high quality, and cheaper. Everyone says you can have two of those, but you can’t have all three. At any rate, we looked at our portfolio. We looked at the technology and other methods. We had a couple of nice investments to try to shorten the turnaround time between the field data collection and getting the data back to us. Probably for most of the surveys, we have reduced the time now to within the same year. In a couple of place, we have a six month lag now, as well. We are moving along there as well.
The third part of the strategy really is what this committee has been focusing on as well. It is looking down the road to the future. It is a data alignment or a data integration kind of a concept. It is really – how do we begin to bring the fruits of the administrative data, electronic health records data and our normal research survey and surveillance systems – how do we begin to bring those various data sources into alignment to improve health and health care and human services?
There are a number of strategies for doing that. One of them is standards, as you know. Another is working across these areas. We are – we have a number of pilot projects, which I think we actually wanted to try where we are actually looking at using electronic health record data, administrative data for our surveys and research. We are having some successes there.
A couple of nice projects here with NCHS, particularly on the provider surveys and how we can get access to standardized data from electronic health records for our surveys. Some of the – for example, we have added, on the MEP Survey, we have added a longitudinal component to the insurance – this is the employer survey, the employer insurance component. We developed a web capability for the Health Interview Survey. We are looking at the provider surveys.
A study that we have coming up will be of interest to the full committee. We will be looking at the ICD10, the implementation of ICD10 and the provider surveys more in a matter of how does it affect measurement? Not the process, but does the ICD10 coding, how does it impact what we were doing with ICD9? One of the ways will be to look at the ambulatory care, which is the physician survey data coded already in ICD9 and how would that change the distribution and so on if it is coded as ICD10 as well. We are starting that with NCHS as well.
One other area, we have added community health centers – I think many of you are familiar with that program – to our Ambulatory Medical Care Survey. We are doing a survey of the clients of community health centers, trying to standardize the measurement there, as well.
One other arm, we are trying to see what the role of the formal public health – key amenities, state and local, particularly, what the role will be in health care reform, what functionalities might be looked at and emphasized in health reform. We are including health IT and the role of health IT in public health.
Let me stop there and pass it on.
DR. COHEN: I know the – and you started to touch on it with your last comment. Experience in Massachusetts is data collection focused on increasing access, but less thought has actually been given to the health impacts of greater access for the population that was formerly not covered. Is HHS developing a model to look at short-term and long-term health impacts of healthcare reform?
MR. SCANLON: Yes. Mostly at the national level. I don’t know that there is a lot at the state level except where ASPE – we are supporting a study on about half a dozen states. We will be adding about six more.
Part of the planning for Affordable Care Act looked at what are the measures besides health insurance coverage and hopefully affordability. What are the domains that we would want to monitor as ACA is implemented? There are ten domains. I think we have to update the measures. Besides health insurance coverage, there was affordability. There was access to care. There was preventive services. There was public population health. There was – I am forgetting what the others are, although, I have them all written down. Oh, workforce issues, impact on vulnerable populations, health information technology adoption, and I think cost and affordability, I think I said those as well.
We have already been monitoring. We report probably twice a year on indicators in those areas. We will be looking at what do we need to update and are there additional areas. Again, that is – now, we report that data at the state level where we have it, but we don’t have that for everything. At a minimum, it has to be available nationally. This is our health systems measurement project. Where we have state data, we are using that as well.
Again, we don’t have, necessarily, any – you will remember when Oregon had its sort of natural experiment with Medicaid. We don’t have – I would be interested – a couple people have asked if you are aware of state – since everyone is doing it simultaneously, we don’t have a natural experiment. It is a matter of getting state data. We have looked at Massachusetts. We have worked with Census on Massachusetts as well. Some of the early research on what happens when you have access and coverage, what does it do to the providers and so on, we have been using the work in Massachusetts. Massachusetts is a well-supplied provider state, at least parts of it. Other states are not quite like that. Any ideas you have, I would be interested.
DR. MAYS: As always, an exciting presentation. I have two questions. One is, as we try and move along with looking at vulnerable populations, is there any emphasis on now trying to segment them so that we are getting for racial groups much more subpopulation data? That is what is clearly driving, particularly within some of the Asian subgroups, real differences.
My second question has to do with under the Affordable Care Act, the research that you are doing about access. Are there also any ways that you are trying to determine what the barriers are to people utilizing their care? We start seeing more and more about discrimination based on statuses such as socioeconomic status or your language, et cetera. I think part of what we have been doing is talking about access. We have people enroll, but then when they don’t utilize, we don’t understand enough about what the system issues are. We really turn to personal issues about why they are not utilizing. Some of us have really been advocating looking at language, in particular, whether they are very poor, whether or not they have very complicated cases.
MR. SCANLON: Those are good questions. In term of the granularity and the disaggregation, you will remember we have a policy that we adopted two years ago where we developed and adopted HHS socioeconomic data collection standards for all of our population surveys. Race/ethnicity was one of those standards. Primary language was another. Disability was another. I am forgetting one, but those are the major ones – sex it was, I think.
Pretty much every one of our surveys has included those. The race/ethnicity item provides much more granularity than the OMB standard, which was the five categories. For example, in the Hispanic category, we broke it down into three major groups. The Asian category, I think we broke it down into about six, possibly nine. Again, the numbers have to be there to fill those cells. At least that will – where the surveys are large enough, they will begin to provide us these. We are beginning to publish now – along with over-sampling, we are beginning to publish analyses of individual groups in relationship to enrollment. We will follow them on access.
The other thing is, in terms of our measuring access, as you say having an insurance card doesn’t necessarily open anything up on its own. When we ask in our surveys about – we really ask about access to care as well. There is a set of questions that asks if the person had a medical problem where they thought they should see a doctor – that is not exactly – did they go? If they didn’t, what were the reasons they didn’t go? For some, there is still the cost problem. For others, it is distance. For others, it is – they don’t have a doctor in the area so they go to the emergency room or something. It is sort of for a regular provider of care or things like that. We are monitoring that as we always have.
On the LGBT side, as you saw, we added a question on sexual orientation to the Health Interview Survey, which is really the flagship health survey. Earlier this summer, we were able to publish the first year. It was the year 2013. Some of the findings from that survey – it was very interesting. The numbers seemed to come out a little bit lower than what the community has been estimating, not much though. It is fairly close.
Clearly, we will be looking at more research. We really are able to look at, now, health insurance coverage, access to care. Access is just – we always consider access to be these other questions about do you have a regular doctor, a regular source of care, is it the emergency room or some other source? If you did have a need, felt you had a need to see a doctor, did you go? If you didn’t, there is a whole – there are about eight questions about why. We will be following that as well.
By the way, we will be publishing I hope in the next month, our annual report on LGBT health and human services. It is still working through the clearance process, but we usually report on the accomplishments of the past year and the plans and objectives for the coming year, which would be 2015. Unless it has changed, there are a number of initiatives related to data.
DR. SOONTHORNSIMA: Thank you Jim. Expanding on the ACA questions a little bit further, through what means besides survey are you getting to that type of information, whether there is consumption, whether there is disparity in terms of access? My understanding is with risk adjustment, insurance companies are having to submit all of this data at some point this year. How might that be used? I am not sure you are looking at that at all.
MR. SCANLON: No, that is a good question. We are trying to look at thing beside the surveys. Again, even with health insurance coverage, there is some concern that – and as the plans correctly try to manage utilization, potential impact in some cases may be more – prevent problems for certain populations, chronic conditions, and so on. When networks are made more efficient that way or narrowed somewhat or when formularies are changed – understandably. These are standard utilization management strategies – is there inadvertent impact on certain populations because the medication is now less available or the providers are less available?
This is a big concern with a lot of the public health providers, behavioral health providers, who were not necessarily included in the networks of the health plans. There are providers in the public health area that always provided services that really, for whatever reason, weren’t offered that much in regular healthcare. Family planning was one of them and there are others, behavioral health. Except now there is a whole system, obviously.
They were not necessarily being picked up in the plans – in the network, marketplace plans. Now, again, the marketplace is a small percentage of the private insurance coverage, obviously. Most people still get their insurance, probably 80 percent, through their employer. Again, I think there was some worry there. We are trying to figure out, well, how do you even measure and research that? You want to look at what the plans are doing. You want to look at what the impact is on households and families, as well.
On the administrative side, we are – what we end up doing is we keep pushing this idea of a multipayer claims database, though, it seems to be harder to do than everybody thought. We have the Medicare data. We have Medicaid data. We have the survey data. We are relying largely on claims data. What we have been trying to do is try to get access to private – other plans besides Medicare claims data. On the prescription drug side, there is a good commercial set of that data that we have been buying and looking at. It is still a little spotty. No one has all of the national claims data, private data, but we are piecing together what we can.
DR. WHITE: So I prepared absolutely nothing for you, but in response to the questions about ACA implementation and understanding the impact, other parts of AHRQ deal with this, in particular, the Medical Expenditure Panel Survey and the Healthcare Cost and Utilization Project, HCUP. There are statistical briefs that have been coming out on a fairly regular basis. Jim is familiar with them. He works with Steve Cohen on the HHS Data Council frequently.
If you like, in December when next we meet, I will come back with a more comprehensive view of what is going on with those folks. Since two of you have asked now, it might be of interest.
DR. GREEN: I think that would be absolutely terrific. Todd, thank you for coming.
MR. LAWSON: Thank you. Good morning. Thanks for the introduction. It is a pleasure to join you here again at NCVHS. I want to highlight a few priority areas that may be of interest and our progress to date on them.
One area that we are working really hard on, ICD10 implementation. Successful ICD10 implementation remains a top priority for CMS. We appreciate the opportunity to share our regular updates on our progress and outreach efforts to help the healthcare industry as a whole to successfully transition to ICD10. Our goal is to keep building the momentum and the positive progress we have made this far.
Since 2008, CMS has been working to prepare for the transition to ICD10. We are taking a comprehensive approach to preparedness and testing for ICD10 to ensure that CMS, as well as the Medicare fee for service provider community is ready. We have additional information on our testing approach out on the Medicare Learning Network Special Edition article. I think the article number is SE1409 as an FYI.
Today, I would like to talk a little more about our end to end testing for ICD10, our acknowledgement testing efforts. In regards to end to end testing, CMS is planning to offer three separate end to end testing opportunities. It would be in January, April, and July of 2015. This testing includes submission of test claims to Medicare with ICD10 codes and the provider’s receipt of a remittance advance that explains the adjudication of the claims.
There are kind of three main goals of this testing. One is to demonstrate that providers or Medicare submitters are able to successfully submit claims containing ICD10 codes to the Medicare fee for service claims systems. Another goal is to demonstrate that CMS software changes made to support ICD10 result in appropriately adjudicated claims based on the pricing data used for testing purposes. The third goal is to demonstrate that accurate remittance advice is produced.
Roughly, we have about a little over 2,500 to 2,550 Medicare submitters that will have the opportunity to prepare and participate over the course of these three testing period. Each opportunity would be open to a limited number of providers that volunteer for the testing. Nationwide samples would be selected from providers, suppliers, and other submitters who volunteer to participate to represent a broad cross section of provider types, claims types, and submitter types.
As far as the upcoming – the first testing cycle in January, the one I alluded to, January end to end testing begins January 26 and ends January 30th, 2015. Looking at roughly 850 volunteers. They will be selected to test with their Medicare Administrative Contractors or MACs and the Common Electronic Data Interface contractor. This will give us a nationwide sample that should hopefully yield meaningful results and represent a broad cross-section of providers a clearinghouses.
To volunteer as a testing submitter, there are forms developed so volunteer forms would be available on each of the Medicare Administrative Contractor, MAC, websites. Those forms would be due in by October 3rd of this year. CMS would then review the applications and select a group of testing submitters. By the 24th of October, the MACs and the Common Electronic Data Interface Contract would notify the volunteers selected to test and provide them with information needed for testing.
We also have educational materials that we developed for providers and submitters based on the testing results. Acknowledgement testing, also – we are doing some special acknowledgement testing that will be held in November 2014 and then March and June of 2015 just to give submitters access to real-time help desk support if they need it. Of course, we do know that providers and stakeholders can conduct acknowledgement testing at any time with their respective MAC.
We had a lot of materials, events, and resources available on ICD10. Some of the major ones I might want to highlight are we have MedScape videos and expert column. We recently released three MedScape ICD10 continuing education resources. There are two videos and one expert column. Physicians, nurses, and other health care professionals can also earn CME and CE credits with those online resources.
We also made available a national training collaborative, working with several of our industry partners and local medical societies to reach small physician practices. We continue to have biweekly national implementation planning calls with payers, clearinghouses, vendors, providers, and industry associations. Topics include things like national outreach to providers, readiness, best practices, testing, et cetera.
I like to also mention last week we hosted – CMS hosted a National Health IT Week Code-a-thon. It was partnered with the American Academy of Professional Coders, AAPC. We basically offered AAPC certified coding experts to answer ICD10 questions that folks may have. Again, that was last week. I think we had about 2,200 participants on that. About 240 questions were answered by the coding experts. It was a good turnout.
We also have – continue to have our ICD10 email updates. We started that in 2011. I think we got over 182,000 listserv subscribers since we started doing that. The messages are often times picked up by trade media, et cetera, for websites and publications.
Another thing we have – we have a CMS ICD10 website. One of the resources we put out there is this kind of ICD10 Road to 10 for Small Practices. We have had over 180,000 website visits on that. It features a new – it is like a Road to 10 overview video, provider testimonials, specialized training modules, and a training events calendar.
Another thing that we are doing on a pilot phase is we are considering – we are doing a direct mail flyer to reach small practices that have five or fewer providers. Again, it is just a pilot. We are conducting that in four states: Arizona, Maryland, Ohio, and Texas. The idea is kind of a – it is a nice kind of glossy direct mail flyer, just aimed to raise awareness about ICD10 resources and the transition date of October 1st, 2015. In that pilot, we distribute that flyer to about 31,000 small practice providers. Our intent is to expand that direct mail if it is successful, the pilot is.
Moving off of ICD10, I will give you a little bit of an update on Health Plan Identification Number, HPID. As folks know, the November 5th deadline is quickly approaching. As of September 16th, last week, we received over 889 HPID applications and approved 776 of them. We also recently, in CMS, improved functionality of the HPID registration system to make it easier so that plans can enumerate more than one controlling health plan under a single EIN, Employer Identification Number. As we all know, the HPID enumeration process can take up to two or three days. We advised folks to the extent they can, to do it as early as possible to enumerate.
Moving on, just a few things about electronic funds transfer. We are seeing an increased use of electronic funds transfer for health transactions. As we know, EFT creates efficiencies in payment processing, including paper reduction, decreased risk of stolen checks, et cetera, quicker access to funds. In January 2014, more than eight million health care payments were made using EFT through the Automated Clearinghouse Network. There was about a 32 percent increase in EFTs for non-Medicare transaction from the last quarter of 2013 to the first quarter of 2014.
What I can tell you about Certification and Compliance Rule – a few words about that, in CMS we are still looking internally at some internal policy analysis with possible approaches and options. We are continuing to evaluate comments that are received to us to develop a strong and efficient program. CMS realizes and recognizes the value of a certain compliance program, which builds off of savings and efficiencies gained through standards such as EFT, et cetera.
In regards to Attachment Standards, CMS is continuing to engage in discussions with industry about clinical attachments in related technology. Since our last discussion, we have begun to reach out to industry to better understand their needs, existing gaps, and the added value of attachment standard, planning industry discussions, and anticipate hosting an industry listening session early next calendar year. We will continue to work with NCVHS and industry to achieve consensus on a national standard and utilize processes established by NCVHS as well as HHS regulatory process at the appropriate time.
The last thing I want to mention in regards to that is on the X12 Schemas, we are certainly evaluating the recommendations and recommended approach. We will be following up with this committee before its next session on the X12 Schemas.
One last thing I would like to mention and I want to kind of shorten this because I don’t want to steal Judy Murphy’s thunder because she is going to be – in her presentation on some of the high tech statistics, but a couple things about some key program data on the meaningful use in the EHR incentive programs as established in the High Tech Act. The EHR incentive programs, they have – the government has invested more than $24 billion in health information technology through incentive payments to providers for adopting, implementing, or upgrading to a certified EHR technology in a Medicaid program or for meaningful use of certified EHR technology in Medicare or Medicaid. That translates into globally about 92 percent of eligible hospitals have received an EHR incentive payment for either meaningful use or adopt, implement, and upgrade. The other 75 percent of Medicare and Medicaid eligible professionals have received an EHR incentive payment for either meaningful use or adopt, implement, upgrade.
With that, those are my remarks. I will turn it back over.
DR. GREEN: Thank you very much sir.
DR. COHEN: My question is around specific focus on state Medicaid agencies’ preparedness for ICD10. Could you comment on any outreach you are doing and what your assessment is on the status of state Medicaid agencies?
MR. LAWSON: Sure. We are partnering within CMS with our sister component, the Center for Medicaid, to conduct outreach to the states to make sure that they are ready. At this time, I would say probably the biggest thing we have, as far as getting our outreach out there is we are aware of about 16 states – it might be a little bit fewer than that now – that have to make hard coded systems changes to basically change what they had put in with the prior ICD10 date to kind of retrofit it so they can continue processing ICD9 until the new implementation date.
What we are aware of on those 16 or fewer states is that the majority of them have already begun testing or are at various stages of their testing. That is probably, to answer your question, the single biggest thing that has our kind of attention, just to make sure that all of those state – the readiness will be where it needs to be and be in good stead. Again, we are pretty confident that most if not all of them have at least begun. They are at different stages. That is one of our big follow up areas with them.
MR. CHANDERRAJ: I have three questions. If a provider doesn’t submit by October 3rd, can he participate in the subsequent testings in April and July?
MR. LAWSON: I think the way we are doing that – to get to your question, you are saying will the folks we go out to for the initial testing, are those the same testers that will go through all three months of the testing? I think so. They can be.
MR. CHANDERRAJ: My second question is if we submit a bill with ICD10 before the October 1st, 2015, will that be honored in lieu of ICD9?
MR. LAWSON: So is your question if folks submit claims prior to the implementation date of ICD10, will that be processed and be approved? Is that your question?
MR. CHANDERRAJ: Yes.
MS. GREENE: The final rule stipulates that you have to use ICD9 through September 30, 2015. Voluntary use of ICD10 is not allowed. They have to use ICD10 on October 1, 2015 and going forward.
MR. CHANDERRAJ: That leads to my final question. If the testing doesn’t go well, October 1st, 2015, when we have to submit all ICD10 claims, would that mean a substantial impact on the practice revenues?
MR. LAWSON: I think it would be substantial. However, as with everything, I think CMS would definitely look at some workarounds if that was an option, if folks weren’t ready and payments were being held. We certainly don’t want that type of a situation. It is not something that we are aggressively anticipating will be the case based on provider readiness and the efforts that are being made to-date. Certainly, if what you are describing, what if a bad circumstance happens and the healthcare industry, a lot of claims can’t be processed, I think we would have to look at a workaround. That is really not our big drive right now. We are pushing for the October 1st, 2015 date.
MS. GREENE: If I could just add that that really goes into part of the education that we have out there, which is helping providers to prepare early, looking at their internal processes, looking at their systems, testing their systems internally, getting their staff trained, all of those things, and also the testing. So the outcomes of the testing will be made available. That does give providers an opportunity to see what their results are.
Again, there is an expanded amount of testing available even through the acknowledgement testing that is going on. We believe that that testing is where providers really will see if their systems can actually submit an ICD10 code and also having that clinical documentation that really supports the claim. There are opportunities for providers to really engage and get involved. We have certainly reaching out to many of those groups as we speak.
DR. GREEN: Thank you, Denise.
DR. SUAREZ: Four quick questions. The first one is you mentioned October 3rd, later this week, as the deadline for – if I understood correctly, for submitting interest in –
MR. LAWSON: The application for testing. Yes, to participate.
DR. SUAREZ: Okay. So that is an important date for people in the industry to know about. You mentioned the max is about 2,500. Is that what you are looking at registering?
MR. LAWSON: Right. That is right.
DR. SUAREZ: I just wanted to confirm that. The second quick comment maybe more than anything is – it is an amazing amount of assistance that you are providing already. You mentioned the involvement of expert coders to assist in different ways. Have you thought about establishing – I am not aware of one, but establishing a specific sort of help desk with an 800 number that people would be able to call in, particularly as things get closer to the deadline of October of next year and through the transition period for the first several months? Is that something you have or is already in place?
MR. LAWSON: We don’t have a “ICD10 Call Center”, but we have several solutions and venues out there. It pretty much serves the purpose of what a call center would.
MS. GREENE: Todd is correct. There is an industry-wide ICD10 Success Collaborative that really takes in questions today for ICD10. CMS is a part of that and actually helped to establish it along with WEDI. We are taking in questions and triaging them throughout our agency. There are industry questions that are being triaged as well. There are a number of partners on those that answer those questions. We anticipate that will go beyond post-implementation and continue as we kind of all move into implementation. Certainly, the MACs are there to answer questions as well. We have staffed up the MACs to have more staff ready to get people in place to gear up as well. Thank you.
DR. SUAREZ: Thank you. That is great. It is important to have probably – inform a lot more the industry about it about the availability of it.
The third quick question I have is about HPID. I think we have been hearing about FAQs that are supposed to come out regarding HPID that help clarify the intent and its use. Any timeframe about when those will be issued?
MR. LAWSON: We are actually behind on those. We certainly apologize for that, but it is a priority for us. Very soon we should be getting those out. I would hope – within the next couple weeks, I would hope.
DR. SUAREZ: The last question is similar, I guess, about the Compliance Rule. You didn’t mention any timeframe. I know it is hard to pin a timeframe about it. Is it expected to come out before the end of the year at least? Do you have a sense?
MR. LAWSON: I don’t think it is going to come out before the end of the year. We are aware that we need to get some policy direction on that. We are engaged within CMS with the senior leadership on putting together various approaches and alternatives and options. I really don’t think we would see anything by the end of the year. It is on our radar scope that is for sure.
DR. GREEN: Thank you sir very much. We are about 45 minutes from break time. You guys are doing pretty good today. I am talking as a committee, here, not the presenters. The committee is being pretty well behaved here. I want to express appreciation and reinforce good behavior. Is Julia on the phone? I was just checking to see if you were there. We are going to go to Judy Murphy next. Thank you Judy for coming again.
MS. MURPHY: You can see I have got five quick topics. For the sake of time and staying on schedule, let’s go to the next slide, which shows the statistics related to – if we could go to the next slide – that slide – eligible professionals. 90 percent of them are registered for the program and 76 percent of them have been paid through either Medicare or Medicaid. Again, doing pretty well.
If we go to the slide after that, eligible hospitals, we can see, again, that the hospitals are doing quite well with 95 percent registered and 92 percent paid either Medicare or Medicaid.
On the next slide, this is just the month over month statistics related to the payments. Todd already mentioned the payout at this point is $24.8 billion dollars. Again, just to emphasize, that is above what was estimated. The reason that is above what was estimated is because we are expecting that there will be – the payout will be offset by the penalties. The amount will actually drop down in terms of the cost of the program. You may recall the original cost of the program was estimated more at $19-20 billion dollars. The penalties just really begin in 2015. We will see how that balances out.
Going to the next slide, this shows the 2014 attestations for Stage II. If we look at the eligible professionals, we have had 3,152 who have attested for Stage II. For eligible hospitals, we have had 143 attested to Stage II. Now, those other numbers are those that have used 2014 addition code for Stage I. The number that we have been kind of keeping our eye on, actually, is the Stage II.
Again, the numbers have been relatively low. We have been following up with many of these attesters to try to get a better understanding about exactly how they are achieving the particular criteria that have been tough. Those are three of them: the transitions of care, the view, download, and transmit for patient engagement, and the quality measures. Those are the three kind of sticking points.
What we are finding, in terms of the transitions of care, is many are describing a lack of trading partners. As I think you know, they have to be able to establish a connection and pass a transition of care summary document with an organization that is not their own organization and who is on a different electronic health record. Many of them are actually going outside the traditional provider or hospital group and using folks like long-term care facilities or long-term post-acute care facilities as their trading partners.
The good news, actually, on that is that it is actually spreading, if you will, to non-eligible providers, this ability to have electronic interchange. In some cases, it is being actually accepted and taken into an electronic health record. In other cases, it is being printed at the destination eventually. The point is we are getting kind of a ripple effect, if you will, with non-eligibles, which has been actually quite good.
Many of you have been probably – if you would go to the next slide – are aware that there is a flexibility rule that came out on September 4th, which is allowing folks to attest to Stage II criteria using the 2011 edition code. That helps folks sort of. You have also probably heard some of the press on the sort of part of this. If I am a hospital and I want to continue my journey, because of the full year reporting period, I actually still have to be poised to move to the 2014 code by October 1st. This rule only came out September 4th. There has been a fair amount of let’s call it press and a movement by various organizations to look at decreasing the reporting period in 2015 to a three month or a quarter based reporting period, which was similar to what we had at previous stages. There has been no activity about that as of yet.
The next two slides actually do show the options, in terms of the different combinations, if you will, of software that you can actually use to accomplish Stage I and then if we go to the next slide, at Stage II. Again, these are really meant to be references to you. I am not going through every single gory detail, but I think these slides are particularly helpful. There are additional fact sheets and information on both the ONC and CMS websites about these different options, if you will, to try to eliminate confusion. As you can see, it almost creates a small amount of confusion because there are options now instead of just really the single path. The tip sheets and things really do need to be used for people to fully understand this.
If we go to the next slide, I also wanted to highlight a second rule, final rule, that has been published since we last met. This was the rule that we put out for public comment back in February. The final rule was actually published on September 11th. The intent here was to talk about voluntary criteria so that folks could start to get a sense of where we were going with the next edition rather than waiting and then have that only 18 month time period to be able to acclimate if you were a vendor and had to create new code. This would give us signaling in advance. It would be voluntary, but it would certainly be giving a signal as to where we would be going with the next rule.
However, if you go to the next slide, we didn’t necessarily get a lot of positive response. In consideration of the stakeholder feedback, we actually adapted a very small subset of the information that was proposed in this NPRN that was published in February. When you look at the Final Rule, it really is a pared down version. I will show a slide on that in a second. It does only include ten optional and two revised certification criteria as well as a small amount of changes to the certification program and some administrative updates.
One of the things I wanted to spend a moment on, if we go to the next slide, is the naming convention. There was a fair amount of confusion about the naming convention, as well. Actually having worked with vendors for a good portion of my career in IT, a lot of our electronic health record vendors and clinical system vendors went through this same sort of thing where they named a release related to the year that it kind of came out. Of course, then as people were implementing and in subsequent years, it often became confusing. As you know, even our Google friends and our Apple friends and our Microsoft friends have gone through this kind of a frenzy as well, in terms of what is the right way to name things.
If we go to the next slide, there is interpretation of the past and the future. Again, I actually find this slide even confusing. It was created by Steve Posnack, the director of the Office of Standards and Certification. Again, if you kind of just focus on the future, basically, what it is is that we are going to stick with the year that it was to be enacted or used for the first time. If you go about halfway down the right hand side, you see 2014. Then it will be called 2014 Release II. There was some thought that it would be called 2015 and that would get really confusing.
The idea is when there are fixes or additional voluntary criteria that are created in between the cycles that match the stages of meaningful use, they will stick with the number from the previous one and just call it release two. Again, if you look at the red on the right hand side, 2014 Edition Release 2 is what is coming out now and then there will be 2015 edition for stage three. Any “fixes” or additional voluntary criteria will be called 2015 Edition Release 2. I hope that clarified and didn’t confuse.
If we go to the next slide, here is where I am hauling out the optional certification criteria that were in the final rule. As you can see there is only 10 of them. These were, again, the idea to give signaling of where we are going for those folks that want to use their current development to start looking at what new functionality or updated functionality they should be adding to their product line. On the right hand side, some revised criteria.
Probably the biggest thing on the criteria is for those of you who are into the interoperability space, we are separating out content and transport. That was something that was linked in the original rule. It has caused a fair amount of consternation because decoupling the two actually makes it easier for vendors and for providers to be able to look at the different options that they have for packaging up the content that they need for interoperability versus transporting it. Rather than linking those two together, those two have been separated.
If we go to the next slide, really what is next is the preparation for publishing a proposed rule for the next edition of the EHR certification criteria jointly with the next CMS EHR incentive program’s proposed rule, i.e. Stage III. We expect those to be published by the end of 2014. Again, these will be NPRMs. They will be out for public comment that the idea that the final rule would be sometime in 2015.
We anticipate that the next edition of EHR certification criteria will contain functionalities that will be required for the next stage of the EHR incentive program. Again, the public comment that we receive, both on that NPRM, but also on the voluntary program edition that we are putting out right now in Final Rule will help inform that.
Moving away from Meaningful Use, if you go to the next slide, I just wanted to give an update related to the workgroups for our federal advisory committees. I have listed here for the policy committee the restructuring, if you will, of the workgroups. There are six workgroups. You can see them displayed on the screen with their chairs and co-chairs listed. In some cases, they are a bit of a carryover from previous workgroups. In other cases, there is consolidation. In other cases, there are some net new. These are the ones that are being stood up, actually, right now. A few of them have already met. The majority of them will be holding their first meetings in September or October.
If we go to the next slide, you can see the restructuring of the standards committee workgroups along with their chairs and co-chairs. Again, the same thing, many of these groups have not yet met, but they will be meeting for the first time this fall. Again, a good number of folks from previous committees were carried over, but there was a nice influx of new blood as well, which was another advantage of restructuring the workgroups.
If we go to the next slide, this kind of shows the overall. Last time we met, I talked about the JASON Report. I talked about the Interoperability Vision paper. Those continue to be or the whole idea of getting interoperability locked and loaded and putting together, now, an actual roadmap from these more vision-type documents is a lot of the work at hand. A couple of the milestones are listed here, on the screen.
If we go to the next slide, I have actually provided the work plan as well, giving you a sense, in addition to interoperability – by the way, there will be a joint meeting of the policy and standards committee on October 15th. That is when the initial unveiling, if you will, of the roadmap that is the next step from the vision paper is going to be, if you will, unveiled. For those of you who are particularly interested in that you might want to plan on attending or dialing in and listening to that particular meeting.
It will not be completely done at that point. We will still be taking input after that, but that is where we are taking the more vision and actually locking and loading it, in terms of the specificity that is needed to achieve the three year vision.
Really, the only other thing that is called out on here is that we have been working on a Health IT Strategic Plan throughout HHS. Dr. Karen DeSalvo has been chairing that group. There are milestones on here related to getting to that locked and loaded strategic plan by the end of the year as well.
There are some extra slides in the slide deck that go into gory detail about the final rule, particularly related to that voluntary one. I plucked those out of the policy committee and standards committee presentations. I thought they might be particularly helpful to you, but I was not planning on reviewing them at this particular meeting.
DR. GREEN: Thank you.
MS. GOSS: Good morning, Judy. That was a great overview. Having participated in the state engagement portion of the vision document leading to a roadmap, it has been an intense process. I appreciate that you are doing that kind of outreach in multiple forms. It is hard work, but it is good work on the front end.
When I hear that they first cut of the roadmap will be presented on October 15th, I am wondering how that leads to any subsequent public comment period for those who may not have the fortune of already being in one of those channels of dialogue. Will there be an NPRM or an RFI or something that actually lets the larger stakeholder community have an input to it?
MS. MURPHY: Yes. I, at this point, do not know what it is going to be, but there will be additional opportunity for feedback at some point. It won’t be a rule. It will be more like an RFI or a comment. You know how we use sort of a wiki site right now for the comments? My guess is it will be something similar to that, but I know it is not locked and loaded yet. I also know —
MS. GOSS: It is not constrained to the federal rule making process. It is more about having a dialogue as a nation to set our own path forward to really invest in what we have already done and take it to the next level. I think that is great. I think it is showing we all have to come to the table and roll up our sleeves. It doesn’t have to be the heavy rulemaking process to make it work.
MS. MURPHY: Exactly correct. I think you probably heard Karen over the last couple of months consistently say exactly what you just said. We cannot do this alone. We cannot write something up and put it out there and expect people to do it. It is all of us digging in together to be able to figure this out and to actually get the buy in to get it done.
MS. GOSS: And I think that is really critical because we are a very diverse nation. We can’t expect a handful of people to be able to figure it all out.
MR. CHANDERRAJ: How many of the providers that you think have enrolled in Meaningful Use I – are you optimistic of enrolling all of them in Meaningful Use II? Are you going to see a significant drop off? If people drop off, are there penalties for dropping off?
MS. MURPHY: There are, of course, penalties for dropping off because – well, first of all, you don’t get the incentive. Second of all, you eventually get penalties. Therefore, my sense is that people will have to think twice about that. Now, the incentive payments, themselves, were frontloaded. You do get more money in the first year and less money in the second and the third years. That is what I think some folks are looking at and saying, oh, it is not worth the $3,000. It is not worth the $5,000. I am not sure they are factoring in the penalties.
MR. CHANDERRAJ: The second question I had was the Meaningful Use II criteria – you listed most of them as optional. Are anything mandatory there?
MS. MURPHY: For Stage II, a bunch are mandatory. This is that second rule that is the Release II. Not Stage II, but Release II. I just realized that is probably going to get confusing, too. It is Release II of certification criteria to give this signaling about what functionalities are coming for product developers so that they can start working on those things. It doesn’t change at all the Stage II criteria, which stays exactly as it was when published two years ago.
DR. WHITE: So just to be clear, there are two streams of rules related to electronic health records. One is Meaningful Use. That is what you have to do, doctor, to get your incentive payment. The second stream are certification criteria. That is what EHR vendors have to do to get their product certified. Judy’s optional criteria were for the vendors.
MS. MURPHY: That was helpful, John. Thanks.
DR. FRANCIS: I just want to say I am really glad that you have continued the tradition of having people from this committee cross-fertilize the restructured committees. Linda is going to be doing the privacy and security one. I think that is just terrific.
MS. MURPHY: Thanks.
MS. KLOSS: I was just going to ask about the other programs. What is the status or how the certification program, the regional extension center, the HIE support projects, how are they phasing down or changing or evolving, the other book of work, if you will, for ONC?
MS. MURPHY: As I think you know, the Beacon Program is completely shut down. The HIE program is absolutely almost completely shut down. It is just absolutely winding down. I don’t have the current statistics now that you are asking. I can try to provide that at the next meeting about how many of them are still sustainable. I think that would be interesting.
Thirdly, the regional extension centers, who have not yet wound down. They are in the throes of winding down, but they are not shut down. I know the sustainability of them is a lot greater than the HIEs. We were estimating 85-90 percent of them would probably be sustainable. A year or two ago, they already started pivoting and providing support for patient-centered medical home, accountable care, value-based payment. They have proven their worth in terms of people who now have to pay them for their services as compared to when they were more grant funded.
I can provide that at the next – again, the only one that is really up and running still in pretty much full swing is the regional extension centers.
MS. KLOSS: And certification is –?
MS. MURPHY: It is going through some changes, but that will be here for many years to come. By the way, just as a note, you mentioned other programs. There are some other CMS programs, for example, that require certified code – software to be used in those particular programs as well. That is maybe something that we could combine up on and give some clarity around the different kinds of programs specifically related to the harmonization of the quality measures and then the use of certified software for those programs.
MS. KLOSS: One of the areas that we haven’t talked about for a long time as a committee is the success with moving to e-measures. I think when our subcommittee on quality was active, we were kind of staying on top of that.
MS. MURPHY: That would probably be a good thing to do.
MS. GOSS: Carrying along with the book of business idea and also some of the prior comments that I have heard coming from ONC, can you talk about ONC’ work to align the policy levers, funding, and HIT plans within the multiple agencies? My understanding is you are trying to herd 35 agencies to really get coalesced, just like you are expecting the industry to get coalesced to the state and the vendor product, et cetera. Can you talk a little about that? I think that that, from a real world perspective, is going to have a huge bang for the buck once it sort of comes together. Can you talk a little bit about that issue?
MS. MURPHY: That was actually what I was referencing when I – on the work plan when I talked about the HHS Strategic Plan for Health IT. That was one of the groups that Karen reactivated, if you will, since she has come on board. They have been having monthly meetings since I want to say probably May, pulling that all together in terms of agency-specific plans that feed into the overall HHS Strategic Plan for Health IT, which then feeds into the more aggregated HHS Strategic Plan.
MS. GOSS: Which I think helps us with understanding where that is going. We are trying to bring admin, financial, and clinical all to bear. For future updates, that would be welcome.
MS. MURPHY: That would be another good thing to do. Got it.
DR. SUAREZ: Thank you so much for the update. Excellent report. The question I have is actually something that was in the law that was passed, in the Affordable Care Act, something called the Merit-based Payment System, MIPS. I don’t know how many people are aware of it, but MIPS is a program that is intended to consolidate three major quality measurement systems, the physician quality reporting system, the Meaningful Use incentive program, and the value-based payment system.
There is expected to be some regulations coming out around that. The convergence and the consolidation of all of this quality measurement programs by – I think the intent is to implement the program by 2017. Maybe this is also a question for Todd, but are there any updates or any news about the development of MIPS at this point?
MS. MURPHY: Not that I am aware of.
MR. LAWSON: I think that is really our Center for Clinical Standards in CMS, but I can certainly follow up with those folks and get back to you on that.
MS. MURPHY: What you said is true. They are working at it. I just don’t know what the update is.
DR. SUAREZ: This is, to me, one of the most significant, transformative changes, particularly in the quality measurement arena. Converging and consolidating the three programs is going to be a major, massive transition.
DR. GREEN: Thank you, Walter. I think Walter has just spoken for the whole committee. The committee is all about convergence. We would very much like to include that in our December updates. Thank you, Walter, very much. Julia, I think your slides are up.
MS. CHUA: So good morning everybody. I do thank you for the opportunity to speak today. From the ONC standpoint, I would like to give you an update on the Data Provenance S&I Initiative that we have launched this year. It is specifically an OCPO-sponsored S&I initiative. I will be going over the definition of Provenance, the issues we are trying to solve and the challenges. I will also share with you the goals, approach, and activities of the initiative and our progress to date.
This is the definition that the community within the initiative has agreed upon. We are using provenance as it refers to the attributes about the origin and source of health information at the time it is first created and it actually tracks the uses and alterations of the health information over its lifecycle.
A little bit of a background, prior to the launch of this initiative, OCPO actually conducted a landscape analysis in the summer of 2013. That produced a White Paper that we have leveraged within our work. Involved were unstructured interviews with EHRs, THRs, and HIEs. The paper actually focused on current standards and implementation of Provenance in different environment and new pieces.
One thing to note is, as we all know, it is a very important topic. There is a lot of literature and work on Provenance. We have also used this to leverage the work of the initiative.
The issues we are trying to address is, basically, in general, we all know that providers may not provide or use information if they are not confident with the source of the data and whether it has undergone any changes since it was created. If they don’t rely on this data and they use it, we will not really achieve the benefits of interoperability and health information exchange.
Why do we need provenance standards? The exchange of health information right now is increasing. The demand for the track of the provenance data over time and with each exchange instance is also increasing. Again, the confidence in the authenticity, trustworthiness and reliability of the data being shared is fundamental, in our minds, to robust privacy protected, safe, and secure health information exchange.
As I noted earlier, health care providers really need that confidence that they can trust the health data that they review, access, and receive. Another factor that is giving importance to provenance is the increased patient involvement in patient-generated health data. Of course, the trends right now are moving away from documents and towards atomizing data, meaning granularity of tagging the data with metadata.
The challenges we have identified is that while there are several existing efforts to address data provenance, there is really right now, no authoritative specification, standard, or model for provenance that has been commonly adopted to date within the context of health information technology. Another challenge is that there is a variability in how HIE, EHRs, and PHRs currently capture, retain, and display provenance. That is posing a challenge for the interoperable exchange, integration, and interpretation of health information.
Another challenge that I don’t have in this slide is that the receipt and integration of provenance information is equally valuable and dependent on specific systems capability. There is a challenge where one system has detailed provenance data, but those receiving it cannot process that level of detail exchange.
For those who are not as familiar with the S&I framework, this is just a slide showing what the S&I framework does and how we leverage that with specific initiatives. Two of the key things I would say to take away from this is that an S&I initiative is focused on a specific challenge. We try to work with the community to develop content at people’s specifications and reusable tools and services.
Another key thing about the S&I framework is that we rely on stakeholder volunteer participation. We make sure that we have the right amount of engagement with specific stakeholders that will pretty much benefit from the outcomes of the initiative. We do encourage anyone who is interested in this – we have specific topics to participate in, provide comments and feedback with the work that we are doing within each initiative.
I wanted to go over the actual initiative goals for data provenance. One is the improvement of the visibility of the source and alterations to the health information. Another is to improve, of course, the confidence healthcare stakeholders have in the authenticity, reliability, and trustworthiness of that data. Lastly is to establish a standardized way to capture, retain, and exchange the provenance of health information.
To achieve these goals, the community is currently creating technical specifications for standardizing data provenance. We have been developing guidance for handling data provenance in content standards, including the levels to which provenance should be applied. We have also been establishing a minimum set of provenance data elements and vocabulary.
We do acknowledge that the scope of data provenance is broad. There are differing perspectives surrounding priorities and expectations of these capabilities. We also realize that this will be an iterative process. We will not solve provenance on the first pass.
With that in mind, the initiative approach, we have decided that for Phase I, these are the challenges that we are going to be tackling or trying to address. Basically, it is the health data, when it was created, what kind of provenance should be persisted in there? Can a receiving system understand and trust that provenance information? Who touched it along the way? When it comes to combining information from multiple sources, how do we persist the provenance as well? When there is multi-sourced data assembled, how do we convey the provenance from those different data sources? Two actually specific questions that have come up with community discussion is is this considered new data? If assembling system picks from multiple sources, or adds some new health information of its own, how, again, do we convey the provenance of that information?
I do have backup slides that walk through questions. It shows it in a full diagram, which makes it a little easier to envision.
This is what the phases are within an S&I initiative. For data provenance, we are in the discovery phase. We focus on the development of use cases here, user stories, and functional requirements. It is important to note that for the development of use case, we are focused on defining the requirements for capture and exchange. We do have draft proposed user stories that have human actors in there. Basically, these user stories are examples of how this would be viewed, meaning our use case could be viewed in a real-world setting.
I wanted everyone to know that our aim is to make the use case broadly applicable and extensible. We do understand that there could be let’s say multiple trigger events that could occur to see a doctor’s visit or events after an exchange, meaning a clinician is using the provenance information to make a decision. We realize there are a lot of factors in here. For the Phase I that we are trying to do, the initiative is focused on defining the requirements for the capture and exchange of clinical data along with the provenance information.
This is just showing the initiative progress to date. As I mentioned, the initiative launched earlier this year in April. We achieved consensus on the charter in June. Within our use case development, we actually ended the end review comment period for our use case document, which you can find posted on the wiki page.
Also, we supported the data provenance project within HL7. We actually submitted a ballot for the implementation for data provenance. That is undergoing ballot reconciliation as we speak. We also looked at other HL7 workgroups on vocabulary condensation.
The last slide that I have is just some information on how to participate. We do encourage everyone who has a stake in this or has an interest in data provenance. We have our all-hands community meetings every Thursday from 2:30-3:30. We have all of our artifacts and material on our wiki page, which is indicated on this slide as well. I will end here and see if there are any questions.
DR. GREEN: Thank you Julia. Thank you for those additional backup slides that were copied for us. We appreciate them very much.
DR. FRANCIS: This is a quick question about privacy, actually, which is we have been very interested in following the data segmentation pilots and so on that are going on over at ONC. I really have two questions. One is can you tell us anything quickly about what is up with that?
Then has there been any conversation between the provenance and the segmentation folks? Provenance is actually a very interesting way of segmenting. For example, if I had privacy concerns about what I put in my PHR, it could be separated by provenance or mental health provider, behavioral health, separate management, again, by provenance. I am just interested in developments in that space and whether there has been any discussion back and forth between the provenance and the segmentation.
MS. CHUA: Absolutely. Thank you. Those are very good questions. So the first question is an update on the data segmentation work. Actually, if you all have been following the FACA committee meeting, one of the things that has come out of the Data Provenance Tiger Team was that they did have recommendations on including the DS4P standards and certification criteria, one for behavioral health voluntary certification and the other is for the general EHR certification criteria.
ONC has received those recommendations. We are looking into those as we speak. I will try to see if maybe for the next meeting, I will have a more definitive update on that, but that is something that we are definitely considering towards moving data segmentation forward.
In terms of data segmentation and provenance communication, absolutely, we have been working with the data segmentation people. Actually, we are using the white paper, which was focused on data segmentation based on provenance. We are making sure that we are aligned with the needs of segmenting data, in terms of privacy, particularly behavioral health information, of course, as well as towards the IT that was developed and is balloted right now in HL7. We did look at the provenance chapter within DS4P IT to be leveraged within the work of our initiative. I hope that answers your questions.
DR. SUAREZ: Good to hear from you. So a quick question is about the probably more challenging area, which is the level of granularity of provenance. What is your sense currently about that level? I know we are moving more from a document-centric exchange of information to a more granular sub-document, even data element-level exchange. Certainly, the expectation would be that we would be tagging information not just at the document level, but at the more atomic level, granular data elements. What is your sense about the progress towards that goal?
MS. CHUA: Actually, for the IT that we had submitted to HL7, we do include the header section and entry level for implementation guide. Toward the entry level, it is – I mean for the data element level, it is a challenge. We haven’t pretty much put work into that – into this IT, but it is something that we, as ONC, are very aware of. We are trying to make sure that we go forward with the data element granularity level.
Basically, within a lot of the studies and, specifically, the landscape analysis that we have, it is evident that sometimes or most of the time if the provenance data is not at that granular level, it may not be as useful. We are making sure that we address that in a phased way. We realize that we have to do this right for the foundation of things and the building blocks that we are trying do within this initiative because if we don’t do it right in the beginning, subsequent work will suffer. We want to make sure we do it right from the beginning. Thank you for pointing that out, Walter, because we are very aware of it.
DR. GREEN: I think I am quite confident I can speak for the committee that the reports from the ONC from Judy and Julia underline, underscore, put a box around the importance of our coordinating our work and collaborating with ONC. I wish you would also convey our appreciation to Karen and others for the efforts that are underway to see that that happens. I think we share a commitment to that. Thank you very much.
Rachel, we are going to aim for a break about ten minutes of eleven. Welcome back.
MS. SEEGER: Thank you. It is great to be here. I am happy to let you all know that we have a new director. This is Jocelyn Samuels. She brings tremendous continuity to the HHS Office for Civil Rights coming from the Department of Justice, Civil Rights Division, which is where our former director, Leanne Rodriguez came from. She had filled the same role as Leanne there as chief of staff when Leanna left. She has a tremendous enforcement background in civil rights, in particular, for enforcing Olmstead. This is going to be of upmost importance to us as we move forward and continue strong collaboration with the Department of Justice.
She also previous was the Vice President at the National Women’s Law Center. Many of you know how instrumental they were in the early development of the HIPAA privacy rule. Jocelyn has tremendous experience as a litigator. I really think that she is going to help us move forward with our enforcement efforts of the privacy, security, and breach notification roles.
A little update on our three pillar of the HIPAA privacy division. That is enforcement, policy, and communication. Since we last met, we had a very nice case to announce. This was an enforcement action. Parkview Health System really is an unfortunate case that sort of underscores the importance of proper disposal of patient information.
With this particular case, Parkview – they are a nonprofit health care system in the Midwest, in northeast Indiana and northwest Ohio. They were in the process of working with a retiring physician and giving her some assistance in transitioning her patients to new providers and considering the possibility of purchasing her practice. When they decided not to purchase the practice, they took the patient records that they had obtained from her. These are the records of 5,000 to 8,000 patients and dumped 71 boxes of these patient’s records back on her driveway in a very highly trafficked area.
I just want folks here, in Hyattsville, to imagine where we are sitting here. This is a kind of quasi-residential area. We all drive by houses in this very trafficked area. You can just imagine where these 71 boxes of patient information were dumped on this provider’s driveway.
Parkview has paid OCR $800,000 and has undertaken a very robust corrective action plan to address deficiencies that we uncovered in their compliance program, including revised policies and procedures, staff training, and reporting to OCR.
I just can’t tell you how often we hear from local media outlets on these same types of cases where information – patient information is disposed of improperly at a recycling center, is dumped in a storage facility and the storage facility – they no longer pay for the storage facility and then it becomes public property and the new owner or the facility is tuck with 71 boxes or more of patient information. Hopefully, this case, in particular, sends a very strong signal to the industry. It was a great way for us to push out again the guidance that we developed previously on permissible disposal of patient information. It is a very important case for us.
We also issued new guidance last week on HIPAA and same sex marriage. In particular, this guidance defines spouse, marriage, and family member in a way that is consistent with the Supreme Court Decision on United States vs. Windsor. We are not the only agency that is pushing out guidance on Windsor and the definition of spouse, marriage, and family member. In particular, for us, and our regulated community, this is very important. We receive a large volume of complaints from the personal representative of patients who are not able to access their loved one’s protected health information in a time of crisis.
Again, this makes clear that spouses include both same sex and opposite sex individuals who are legally married, whether or not they live or receive services in a jurisdiction that recognizes marriage. In the coming months, we plan to issue additional guidance and/or initiate rulemaking to address same sex spouses as personal representatives under the privacy rule – making it explicit.
Beginning tomorrow and through Wednesday, we have the 7th annual conference that we do annually with the National Institute for Standards and Technology, NIST. This is on safeguarding health information, building assurance through HIPAA security. We will be at the Grand Hyatt, here, in Washington, D.C. It is available via webinar for those who can’t attend in person.
Key highlights of this conference NIST’s cyber security framework. This is in response to Executive Order 13636. It provides guidance and a roadmap to the healthcare sector on cyber security protections. We have been working closely with our partners at ONC and NIST to look at how the security rule dovetails with the cyber security framework. I think you will be hearing from this panel, a panel at this conference. You will be hearing more from ONC, OCR, and NIST on this topic in the future.
The FDA is going to be doing an important session on mobile device security, securing patient information, in particular, on mobile applications. NIST will be doing a panel on safeguarding data using encryption. Verizon will be presenting on their data breach report that they issue annually. This is comprehensive to all industries, but as one of the 17 industries they look at, they do look at healthcare. There are some particular issues that stand out for us. I think that this industry, as we all know, can be very slow to adopt standards and technology. That certainly plays out when it comes to data breach.
We will be having an interesting keynote from Daniel Solove, who was at GW Law, Waking Up the C-Suite to Privacy and Security Risk. This is a really compelling topic. As you know in many healthcare settings, compliance and risk are really at the director level. They are not at the VP level, where marketing and sales are. I think it is very important that the industry come to realize that privacy, security, compliance, risk management are as important as quality management, utilization management, and often, unfortunately, IT is also at the director level as well. They are pushed down. We are trying to at least send a signal of the importance of raising compliance and risk management more highly within organizations. When there is a breach, it doesn’t become a PR nightmare for the organization.
That really also does play into the cyber security framework, which is very focused on having an incident plan in place. This is a requirement under the security rule. Covered entities often times stop at the initial risk analysis. Risk management is important, but also having a planned incident response strategy in place is essential, being able to mobilize immediately with an effective response when there is a breach or an IT incident like hacking from the get go.
We are also going to be hearing an update from the National Health Information Sharing and Analysis Center. This is a new ISAC for the healthcare industry. It is a private partner – public/private partnership that is embedded at Cape Canaveral out of NASA in Florida. There are many ISACs that have existed across industry. This is new for healthcare. It provides a secure environment for entities to share information about cyber security and other incidents that happen. It is a secure way for them to communicate with one another on strategies, on the incident, itself. I think it will be an important update for this conference.
Lastly, we can’t speak publicly on open investigations, but Community Health Systems did report the second largest breach, affecting 500 or more individuals. This particular incident affected 4.6 million patients. This is our largest hacking incident to date. I think we are going to see these cyber security incidents on the rise, even more so as you see in other industries, certainly Target is also learning the hard way, Home Depot. This information is very vulnerable.
Where the Community Health case is different – in the past, healthcare entities had been hit for proprietary data that they hold, maybe an application, some type of intellectual property. This case is different because it was patient-level data, not just limited to a visa number or financial information.
That is what I have.
DR. GREEN: Terrific, Rachel. We will take the three questions and head for a break.
MS. MILAM: Just a comment. Thanks for you fabulous guidance. I had occasion to use the fairly new mental health information just last week. It was right on point and addressed some really tough issues. Thank you.
MS. SEEGER: Thank you very much. I will take that back.
DR. MAYS: Thank you for a great presentation. In terms of your new guidance on HIPAA where you talk about same sex marriage, I have a question. One of the things that is occurring right now is there are advocates really pushing to make sure that the EHR is going to contain sexual orientation data. There are people on the other side who are really struggling with can we have some regulations and penalties, et cetera, in place.
For that group, there is less protection. Some of this will vary by states and everything else. They are thinking about things like what is going to happen if you have to say your sexual orientation or you are using some other religious services? They provide a lot of care for indigent individuals. If this is going to become and we think it probably will be – we think it will be part of the recommendation of the other part of the EHR – where is OCR about trying to think ahead to prevent problems as opposed to kind of waiting until it is in place and then asking for reports of violations? Is there any prevention?
MS. SEEGER: Yes. OCR is working feverishly on the development of an NPRM to address Section 1557 of the ACA, which prohibits discrimination of individuals based on sexual orientation under the ACA when they are receiving healthcare. It really is going to be a landmark piece of legislation for us. We are so happy that – this is really the director’s priority. We already had an RFI on Section 1557. Now, we are in the development of the NPRM. We are hoping – I don’t have timing to share, but we are hoping soon and hoping to move forward with that rulemaking as quickly as possible. It is really important.
DR. FRANCIS: Let me add my thanks, too. Just an observation. I realized there is a puzzle because the HIPAA privacy rule defers to state definitions of personal representative. It may be that somebody has to look at the privacy rule about that deference if states refuse to designate the personal representative as a same sex partner.
Anyway, leaving that one aside, I am interested in any thoughts you have about whether there are any areas that we might want to pursue that could be helpful to OCR. I have in mind minimum necessary and thinking through that or sharing civil monetary penalties and definition of harm.
MS. SEEGER: We have both guidance and rulemaking that is in the works on both of those topics. It is always helpful to hear from the subcommittee as well as the full committee with their thoughts on how we go about implementing guidances and rulemaking. We would be very receptive and open to that.
DR. GREEN: Thank you. Jim and Todd, Judy, Julia, and Rachel, that was another good show. Thank you very, very much for joining us. We appreciate the time you put into preparing and being here. I want to also thank the staff for a really nice management of the slides. It went very smoothly. We appreciate you very, very much.
It looks to me as if we missed our mark by four minutes. We will resume – we will start the marathon at 11:05. Hurry back.
Agenda Item: Standards—ASC X12N XML Schema; Virtual Cards/Credit Cards; UDI in Administrative Transactions; Attachments – FOR ACTION
DR. GREEN: We have a quorum sitting at the table. Jim Walker, are you there? Maybe not. We have been joined by Doctor Stead. Do you want to introduce yourself?
DR. STEAD: Bill Stead, member of the full committee, co-chair of the population health committee. No conflicts.
DR. GREEN: Thank you Bill, welcome. I mislabeled this as a marathon. It is more like five sprints, one right after another without rest stops. To frame this ever so briefly, we have had – Walter just assures me that the committee has brought forward a single letter that has had more recommendations then the recommendations in these letters combined, but no one I’ve been able to talk to in modern times who is alive and still has a memory recalls a springing forward five letters plus another work product at the same meeting. This has been possible because of a lot of work between committee meetings that has occurred virtually, keeping people posted. There has been a lot of participation.
We believe that this can be executed successfully in part because Walter is going to just lead us through them. We’re going to focus on the recommendations. I will plan on, Walter, interrupting around 12:25ish or so because we do need to take a lunch break. Just before we go to lunch, I’m going to invite public comments about the letters, however far we’ve gotten.
DR. SUAREZ: Thank you very much and indeed this has been a terrific summer for the subcommittee. I think if I were to put it into a word, this is more like a pentathlon rather than five different sprints, because it’s five different sports, if you will.
We are dealing with five different letters – actually, there are seven different topics all together in the five letters. We decided it was best to break them into different letters because of the uniqueness, if you will, of the topics and how important and significant each of them is. I just want to highlight this has been a relatively new process for the National Committee, in that we have started developing the draft letters, started to share the drafts and commented and received comments from executive committee, from the full committee and so it was a very iterative process and build-up process. We concluded by posting the letters in draft form for additional public feedback. I will highlight feedback that we received, very valuable feedback from the industry that we received on the letters as well.
So, the first letter is a letter about – it’s something that is called X-12-XML-Schema. Now, I’m not going to try to explain what all of that means. I think the key element is that now they – we have the standard for submitting a claim, for example, which is a very detailed, very elaborate implementation guided document that describes in detail where are the segments and the loops and the data elements and all the codes that I use and all that.
And then, if one wants to execute the transaction, itself, one can execute it in what is known as a batch mode, meaning, basically, I put all my claims into one gigantic file and send it using the standard with all the claims embedded and all that in a batch file – in what we call batch file, if you will, a large file. You can actually do that using new technologies, well, relatively new technologies nowadays and that is the XML language, the executable markup language, basically, or Exchangeable Markup Language I guess is what it means. That is the language that is used in more interactive exchanges in the web, basically. So you can operationalize these very complex implementation guides into executable language that is using web applications and then conduct the transactions that way.
The real issue, I guess, that we’re trying to address with this letter, specifically, is that, as we see the evolution of this – there has been a lot of different versions of that – schema is what it’s called, schema is sort of the – if you will, the guidance on how to describe or use this language and what we’ve seen and what we’ve heard through the testimony and through input from the industry is that there’s different versions and a variety versions of this schema and it has created some questions about the ability to comply with the original standard that the schema is trying to translate, if you will.
So, the request was for the industry to – for NCVHS to make recommendations about the recognition, the acknowledgement that there is a set of schemas that would be compliant with the original HIPAA standards and that schema or set of schemas are the ones that have been developed by the standard development organization that developed the original standards, themselves. That is what this letter is about.
I’m just going to go through the recommendations very briefly and then we’ll highlight a few of the comments that we received. The recommendations where basically these three recommendations – the first one was CMS/OESS should pose guidance in the form of a frequently asked question providing overall general parameters and practices of HIPAA standard compliant XML schema, basically some guidance that can guide the industry on using these schemas to translate to convert the HIPAA standard into a web-based transaction.
Recommendation two is CMS/OESS should recognize the NFAQ(?), the ASC-X12-XML Schema as meeting the parameters and practices of this schema concept, the practices of what a schema is to be compliant with the HIPAA transactions.
And then recommendation three is that X12 should make available that schema for a couple of – basically cover entities to be able to use them and then vendors to be able to use them, as well.
So, those were the recommendations, very simple, pointed recommendations. Through the input that we received – we primarily received input from X12, the standard development organization, so I’m going to highlight here, very quickly, the input that we received in the markup language. Now, this particular language you see there’s a few changes in the introductory paragraphs, if you will. Pretty much this entire section is a much better explanation of what this XML-Schemas are and these concepts are. The language, itself, is primarily a language that helps clarify what it is, what these schemas are.
These schemas come from the world wide web, W3C, international body that develop the standards for the web. They are called, actually, XSD’s or XML Schema Definitions. That is how they are really referred to. We wanted to be a little more consistent and accurate in the description and that’s why these suggested additions are being introduced here. They’re not, I can assure you, changing in any way any of the concepts. They are primarily to help clarify because this letter has become not just a letter, ultimately, to the Secretary, the most important part of it, but they’ve become documents that people read and try to understand. It serves us as a mechanism to educate, inform the industry as well, so we thought it would be valuable to introduce this additional language.
I can read it very quickly if people feel that we need to, or if you want to we can move along and go into the recommendations. Again, this particular part that is in red-line there is a description of what XDS is. To reduce the – as you can see in the red-line below – to reduce the variability, when independent organizations created their own schemas, AC-X12 Schemas can be used by the industry for two primary purpose. These are the kinds of things that we mention in the recommendation – to translate and convert X12 HIPAA EDI transactions into XML, the instance documents, and then to validate the XML instance document prior to transmitting directly to trading partners so that it ensures that it is in compliance.
So, I think that will – and this is the original description, we only had a small paragraph describing really what XML and what the schema – the X12 Schemas were. So it’s an extension of that to help drill a little different into what that means. All these other changes are more clarification changes. Nothing, again, changes the concept – the direction and the concept that we were putting in in the recommendations.
And then in the recommendations there are a couple of minor edits. One is, on recommendation one, there is no change. On recommendation two, we basically changed it to say it should recognize the NFAQ, that an XML instance document that is valid according to an ASC X12 Schema meets the general parameters and practices of – to make the schema compliant with the HIPAA transaction. So it is adjusting slightly, the recommendation to say that an XML instance that is valid according to the ASC X12 XML Schema would be considered to meet the standard.
And then the third recommendation is modified, also, recommendation three. That ASC-X12 should make available their XML Schema to the public through its online store alongside the ASC-X12 HIPAA Standard, basically. So we’re leading this two points – make it available to the corporate entities and make it available to the vendors. We just say make it available in their system along with the standards, themselves.
So that’s the modifications to the letter. I’ll stop here and take any comments or questions.
DR. CORNELIUS: I was just going to say, given that you have a lot of work up there, especially since we have five letters, it may be good as we go through them to really shift towards your recommendations, especially since I know my eyes are small. Unless I go up on the board, I don’t see the writing. I’ll trust the committee’s judgment.
MS. GOSS: I am excited by our increased efficiency with having a new process and discovering that we might have a slight sniglet going on. As a committee member, I haven’t seen this text until right now. We’re moving hard. We’re moving fast. We’re doing great work. As a committee member, I need to read the whole letter before I can support it and understand.
There are implications to the way words are used, and meaning and representations of things and the way they flow that I just, personally, will need the chance – and I know that the staff support is already accommodating the ability for me to get a complete version. So I just wanted to express that the timing sort of created a natural – a little disconnect, because our staff has been very efficient in getting advanced products out.
DR. SUAREZ: I should say that in the process, we posted this on the web and gave people, basically, up until Friday of last week, basically three days ago, to submit their comments. We did receive most of the comments around that time. So the challenge was between Friday, receiving comments, adding and modifying, making the changes and then bringing them today to you all, I think that’s part of the challenge. I think you are now being shared a copy of the letters with the edits in it.
DR. GREEN: So, Alex, the way we are going to do this is we are spending a day looking at any revisions and that sort of stuff, where you can ask questions about clarifying anything that’s going on. We will post the letters to our committee members – we’ll send them all to everybody so you can read through them at your leisure. We will come back tomorrow morning to vote on them.
DR. STEAD: The full committee, not just the subcommittee?
DR. GREEN: That is correct. The whole committee. We will organize this so that after the discussions of today, where these letters land by close of business today, the whole committee will get them. This is part of the reason we decided to not have a social event tonight. Your social event tonight can include reading through the revised letters prior to coming back tomorrow morning. If you are at the hotel, it will be on the 7:15 bus. You can now plan your life accordingly.
DR. SUAREZ: I can assure you, again, the edits that we have made are a lot more clarifications than anything else. There is no change in this letter – no edit based on the input that we received that changes in any way the direction that we originally have recommended.
DR. GREEN: For the full committee, we can ask questions as we go today. This evening when you look at them and you have more, we will ask them tomorrow before we take action.
MS. JACKSON: I will add to that and underscore what Walter mentioned about the use of the web in promulgating the draft. We did that not only on our homepage, but for those of you who received a notice and announcement of this committee meeting, there was information in there as well. People had a chance to review – this is one of the first times we have done something that extensive. It is amazing that we have had this collection of letters to do that with.
At the same time, this is the experiment within this committee for how you are processing material. You have always had a chance to caucus, as we discussed earlier, in a subcommittee session for this. It is all an ongoing process, but we are hoping that with the time allotted throughout the day and, as Larry mentioned, this evening as needed, then we will have discussion tomorrow, again, all in full committee.
DR. GREEN: Alix looks less than fully convinced.
MS. GOSS: She is trying to figure out since she already has plans for this evening, how she is going to get it all done. I think the process that we are doing now is great. We should continue to do it. I really am supportive. There is a lot going on in the industry. There are always going to be complexities like this. It is okay.
MS. DEUTSCH: I would like to make a suggestion also. If you have any comments earlier and if you want to give it to me, then I can work on it as well during the day and this evening. Walter and I have planned to do that. We can have your comments incorporated before tomorrow.
I don’t know – this is just a question, Deborah. Should we make a hard copy for the committee? Is that okay? This is a staff issue for her so I just want to make sure.
MS. JACKSON: Yes.
DR. SUAREZ: Actually, the good news is we have four letters that have edits out of the five. One of the letters did not make any. We didn’t have any changes.
DR. GREEN: Let’s do an analysis of that fifth letter and see how that came to pass.
DR. SUAREZ: So that is basically it. In a nutshell, basically, in two minutes, what this letter is doing is, again, requesting or asking ONC to pose guidance on what constitutes the general parameters and characteristics of a HIPAA compliant XML schema, recognizing that an XML schema document that is valid, according to the X12 XML Schema meet at least general parameters and characteristics of the HIPAA transaction. People that use a schema that is compliant or consistent with the one issued by ASC X12 would be able to meet the standard. And then asking X12 to make that schema available. Those are basically the three main recommendations.
Any questions about those three recommendations at this point? I know that you will have more time to review it.
DR. CORNELIUS: I am listening to the dialogue and I am asking myself, what is better, for you to go through all of the letters or do you go through each one and take the feedback and record it? I am hearing what people are saying. We want to make sure all eyes are on it. I am just trying to wrap my hands around what would work for the committee.
DR. SUAREZ: We will stop at each letter because each letter has a different topic. We will stop at each letter. If there are any comments, people can make them. If not, we can continue to the next letter. I think that might work okay.
DR. SOONTHORNSIMA: I think we are going to focus on recommendations so at least you understand the context.
DR. SUAREZ: Ok so that was the first letter. The second letter is a letter related to virtual credit cards. As you all know and you have heard now, virtual credit cards is a relatively new method of payment that health plans are using to pay for health care services provided by providers. The concept is a help line will issue a 16 digit – what looks like a credit card number. It is a credit card number, but it is virtually issued. The payer sends that to the provider. The provider runs that number, “runs” it, I guess, through their credit card payment system at the provider level. The providers accepting credit cards from patients, for example, they can enter that 16 digit and get paid by the health plan that way as well.
A number of the issues that were raised by the industry during the hearing included the various things that we highlight in the letter, concerns about the process for enrolling providers into these or, in some cases, what providers mentioned as being moved without their opt-in into these payment methods and being issued immediately that type of card or virtual credit card numbers and getting paid. Then the bigger ones were related to the fees associated with the payment, the fees that the provider would have to pay for that transaction.
Our recommendations were basically – I will highlight them here. We did not have any edits in the recommendations. We had a couple of edits on the up front review. One point I want to make note of here is that during the hearing, we did not have formal representation from the health plan industry. We did have, actually, impromptu comments provided gracefully by the number of health plans representative of – who were attending the hearing and that were going to testify in other topics, but they were willing to offer their comments at that point.
We formally request from AHIP a letter of comments to this. We received those comments. They were incorporated. They were included in the development of this series of recommendations. We have received a copy of that letter and made it part of the record of the hearing as well.
The recommendations are basically as it was presented in the original letter. HHS should issue guidance that define whether, when, and how virtual credit cards and credit card payments comply with the national HIPAA adopted standard for electronic fund transfer, electronic remittance advice, as well as options for health care claim payment and clarify and emphasize the current provision that prohibits the practices that discourages or prevents the use of a national HIPAA adopted standard in lieu of an alternative transaction method.
The second recommendation is HHS should work with the healthcare industry to encourage the increased adoption of EFTNERA, ensure there is full transparency, disclosure, and inform optionality between trading partners regarding the use of virtual credit cards and credit card payment systems, identify and encourage the use of nationally accepted good business practices in the financial sector with respect to the use of virtual credit cards and credit cards and ensure that the health care providers understand their rights with respect to the acceptance or declining to accept virtual credit cards and credit card payment methods.
The third recommendation was working – HHS working with the healthcare industry to identify market driven solutions that support the industry as it continues to innovate and improve administrative efficiency, educate itself on the use of healthcare administrative transaction standards as it relates to virtual credit cards, identifies and emphasizes generally accepted best practices of electronic payment and virtual credit card and credit card use, and then seeks to eliminate coercive business practice in the use of virtual credit cards and develop mechanisms to monitor and resolve inappropriate and unfair payment practice.
In essence, the concept was this is not about prohibiting the use of virtual credit cards. It is an alternative method of payment. This is about clarifying when and how it will be able to be used in compliance with the EFT transaction standards, as well as discouraging business practices that seem to be somewhat forceful, in terms of how providers are made or offered to be paid in this way. Again, trying to bring back – and this was one of the elements in the hearing – from the financial industry, trying to bring back the common, good business practices of credit card payment into the use of virtual credit cards in the industry. Rather than, again, having provided, be required or expected or in some cases forced to receive a payment via virtual credit card, have a very open and transparent understanding of the ability to enroll or opt-in, if you will, the ability to opt-out, and the implications of being paid through a virtual credit card. Those were the recommendations.
Again, let me just highlight a few of the changes. I think, basically, the changes were clarifying points in the introductory paragraph. You will have a chance to review them.
DR. GREEN: Walter, they are so brief. Why don’t you just quickly read those?
DR. SUAREZ: The first one is on the second paragraph. In addressing the concerns raised by the healthcare industry regarding the use of virtual credit cards and credit cards, NCVHS acknowledges the importance of fostering innovation payment methods and formulating recommendations. NCVHS also recognizes that the theme of this hearing focused on the difficulties expressed by the industry on the use of virtual cards, therefore, NCVHS believes that at this time, there is more pressing need to foster full transparency and disclosure, inform optionality, and to eliminate the practices that are restrictive or that force entities to adopt a specific option without choice. NCVHS recognizes that there are health plan providers who see the virtual credit card as a better value than other forms of payment. Consequently, NCVHS will be holding future hearings that will focus on the benefit of the use of virtual credit cards and, therefore, provide a counterbalance.
Again, this is emphasizing the fact that – because in some ways, the letter was being perceived by a number of people as being very negative, if you will, against the use of virtual credit cards. What we wanted to provide was a balanced perspective. We need more clarity about how and when and in what instances uses of the virtual credit cards are consistent with the national adopted standards and be clear about the recommendations around transparency and business practices that are consistent with the industry norms about use of credit cards, opt in and opt out rights of providers, and other things. That is mainly what we wanted to do with these edits.
DR. GREEN: Walter, I see absolutely no reason why – that implies that this letter is unbalanced. This letter is not unbalanced. This letter reports what was heard. It affirms the banking industry’s comments that were made there. I am opposed to including provide a counterbalanced view. I would like that deleted from this letter. I don’t want to sign that letter with those words in it. Let’s just end it with that will focus on the benefits of the use or perhaps we should put – yes, just focus on the benefits of the use of virtual credit cards and stop right there.
DR. COHEN: How about just take out the word benefits and focus on the use?
DR. GREEN: I like that, Bruce, very much.
DR. COHEN: It is unnecessarily provocative.
DR. GREEN: Yes, unnecessarily provocative and also disables the letter, as far as I’m concerned. Is that okay with you?
DR. SUAREZ: Yes. Great.
MR. BURKE: That edit addressed one of my concerns. I am just curious how prevalent those coercive practices were, at least those that you heard about. Were they widespread? Were they isolated? Was it about a particular large group of physicians or individual practitioners? Second, are there any distinctive images of virtual credit cards over electronic funds transfers?
DR. SUAREZ: With respect to the first one, they are not widespread. They are more spotty, if you will, they do involve small as well as large health care provider organizations. The concern – I guess the idea was by providing this letter, we would be averting any expansion of the inappropriate, if you will, or concerning practices about this and ensuring the appropriate practices can be put in place.
There was not a wide spread of this. We felt, actually, that it was very good that we could provide this letter as an early advanced set of recommendations on improving the practices and eliminating some of these non-positive practices.
With respect to the second question, which was about —
MR. BURKE: Did you see any distinctive – did you hear any distinct advantages of virtual credit card use over EFT?
DR. SUAREZ: Great, great point. So the main reason why in some cases, virtual credit cards would make sense was in a couple of instances. One, I am a payer and a new provider shows up with a bill and I can write a check, I can start the process of establishing an EFT and having that provider send me the account of the bank in which they want the funds deposited and all that process, or I can issue a virtual credit card and issue a very quick payment. That is one area where there are instances where – not necessarily small provider, but in some cases, providers that had no relationship in the past with a particular payer. We want to say, yes, send me the payment via virtual credit card. I will take it, otherwise, it will take me a long time.
DR. SOONTHORNSIMA: I am not sure – to your point, was that discussed in the hearing? I don’t believe we focused during the hearing – we did not hear those points. Those were after the hearing that we had more conversations around this. To Walter’s point, a lot of this is anecdotal. That is why we want to conduct additional follow upon the issue.
MS. MILAM: PCI standards of Payment Card Industry Standards govern the credit card transactions. I am wondering, do they not apply to the virtual credit card transactions? I didn’t see them noted and I was wondering why.
DR. SUAREZ: I am not sure about that answer, actually. I wouldn’t be able to confirm whether the PCI standards would apply to virtual credit.
MS. MILAM: They are important from a privacy and security standpoint in credit card transactions. I just don’t know if they apply to the virtual scenario or not. If they do, should we include them?
DR. WALKER: Can I follow that up? I agree with that. To put a little finer point on it, it seems to me that recommendation one is absolutely within our purview, but recommendations two and three do sound more like they would go to – that they would be in the domain of credit card regulation and general consumer protection, not having any specific healthcare information or other NCVHS-like characteristics.
DR. SUAREZ: Yes. I think the reality was that this was an issue that was brought up more as an application of the credit card process and, in this case, virtual credit card to the payment of healthcare services. In so far as it relates to that, this is not about the patient or the consumer practice that providers have with respect to credit card acceptance. This is about, specifically, the use of the credit card in the process of paying for healthcare services. In so far as it relates to recommendations two and three, we believe it is still consistent with the concept that there needs to be more transparency and better practices, in terms of the use of those in the payment of healthcare services by payers to providers.
DR. WALKER: I agree with recommendations two and three in substance. That isn’t the issue. The issue is, as I said, we don’t cite any relevant credit card regulations that might be extended to this. The point is it isn’t our strength. I can see saying, look, we heard these things that are in recommendation two and three. We think they are valid. We are going to send them to whomever you would send it to, Consumer Financial Protection Bureau or whoever we think would be the appropriate government agency to address them. It doesn’t seem like we or HHS are the ideal people to take care of it.
DR. GREEN: The way I understood recommendations two and three is that it is definitely within our scope and our purview to review and advise on all HIPAA transactions, such as electronic funds transfers. What we have identified here is an emergent phenomenon that, as Jim says, actually grows from another sector, intersecting with healthcare delivery that is stimulating reconsideration of the proper ways to do electronic fund transfers and reconcile them. We are actually just saying in recommendation two and three that HHS better start paying attention to this. They have to work with the industry to do this.
Jim, it seems to me that this places it in our wheelhouse and that it is what we are supposed to be doing and monitoring the implementation of the HIPAA transactions. I don’t – unless other committee members dissent, I don’t think this is inappropriate for us to call out the issue. The recommendations are not do X, do Y, approve them, don’t approve them. It is you have to go figure this out is what our recommendation is really saying. Other comments?
MS. KLOSS: My comment was on a slightly different topic, but I certainly agree that this falls under the category of administrative transactions and payment.
MS. GOSS: I would suggest that maybe we make sure to invite somebody who is a CI expert when we have future hearings just to make sure we are putting this all together. This is really about people not following the intent of the ERA/EFT kind of HIPAA guidance already. It is really about that culture enrolled more so than about how someone is using a credit card.
DR. SOONTHORNSIMA: I think it is also about encouraging innovation. We don’t want to prohibit, under HIPAA transactions alone. This is where you have cross – not overlapping, but convergence of different payment types. We don’t want to dissuade that development. At the same time, that is why recommendations two and three talk about industry, namely payers and providers coming together to say there are use cases for this type of transaction versus the other, whether you use this standard or the VCEC. We are not dissuading one way or the other as long as there is proper guidance, transparency, no coercion, that type of thing.
MS. KLOSS: My comment was getting back to Sally’s question. It did come up in testimony at the hearings that there are best practices in industry standards. We weren’t prepared at that hearing to learn about them. I think that is the other message that we aren’t starting from scratch here. We need to import and learn what best practices are that have been developed through consensus.
DR. GREEN: Jim, what are your reactions?
DR. WALKER: Again, we would get down the road faster if we figured out who the right agency to be addressing this with healthcare industry is.
DR. SUAREZ: We make recommendations to HHS, not necessarily to the Department of Justice Consumer Division, for example, Consumer Protection Division – the expectation is, certainly, that this type of recommendation – HHS would be identifying other partners within the federal agency that would need to be engaged in this consideration, I think.
MS. DEUTSCH: What I was going to say is that we did receive some suggestions that we regulate the industry. That is why we made it very clear that that is not within the purview, to regulate, but to indicate that there are situations where regulation may be not being followed, but that was not within our scope. As far as the other agencies, I think the statement that you made that this is going to HHS and it would be something that HHS would determine which of the partners they would have to partner with and convey the information and see if there is any infringement upon any of the regulations that govern the banking system.
To answer then just one other thing for what Linda said, we did recognize that our questions and our objectives for the previous hearings that we had did focus on the issues that we had heard about practices that were questionable and that we did not solicit any comments or any hearing from any industry members to tell us what are the advantages and how it would help. That was really the intent of that statement. I do recognize that it could be more controversial to leave it in. I think your suggestions are good to take out those extra words.
DR. COHEN: So I was wondering whether a friendly amendment would be HHS should work with the healthcare industry and other appropriate agencies?
DR. WALKER: If I am the Secretary and I get this letter, I am saying why does NCVHS send me this thing and say wave your magic wand, instead of saying, first of all, we talked to the credit card companies so that it is balanced in that way. We actually tried to identify realities. Second of all, why didn’t they say to me and we think that whoever – that these agencies would be the appropriate lead agencies to do this and do it, perhaps, in a context of – why are we, the interest group for care delivery organizations? There are lots of people, lots of business people who have these same problems or perceived problems at the very least with credit card companies. Why us? Why care delivery organizations and not credit card companies and not patients and lay groups?
It just seems to me like either we haven’t done a full enough job yet – I think we could send recommendation one. That is clearly us. It is probably important to get right early. On two and three, it seems to me there are a lot of stakeholders we haven’t involved, we don’t have anything like a full orbed understanding of the situation or set of recommendations about it, and if we are going to recommend something to HHS, we ought to do our homework and say and we think it might be these two agencies and the Better Business Bureau who would perhaps be a useful group of stakeholders to address this.
DR. SUAREZ: I would just argue that recommendations two and three are relatively an opening door, if you will, to advise the Secretary to look into these issues. In future – as we say at the end of the letter, in future hearings, we will be expanding on more specific recommendations about perhaps those kinds of points that, Jim, you are bringing up with which kinds of agencies or what kinds of solutions might be. At this point, we felt it was more important to make an early advisory to the Secretary of Health to work with the industry along with – and I think Bruce’s suggestion is great – along with other federal agencies to begin to look into this.
We are not prescribing. We are not defining specifically what kinds of solutions, of course, to address, but to look into it in so far as it relates to the effect that they have in the administrative process of paying healthcare for healthcare services. I am just taking on Bruce’s suggestion and inserting here, in recommendations two and three, HHS should work with the healthcare industry and other appropriate agencies, too, and do those other items, the items that we listed. Again, the expectation is that we, as a national committee, will hold additional hearings on this in coming months.
DR. STEAD: I am swayed by Jim’s comment. For us to highlight getting the connection with HIPAA right, which was recommendation one, is critical. The larger problem is big. If you look at the list of things we need to be holding hearings on, what is the relative priority of hearings on practices that are not health specific versus us either – us doing the legwork, if possible, to get it to the right place, which wouldn’t actually be a hearing. I would think it would be a due diligence process. I just want to support Jim’s statement.
DR. SOONTHORNSIMA: In response to that, I think step back a little bit and let’s just take a look at the overall goal. The overall goal is to drive more adoption of electronic transactions, particularly around payment. The opposite of this is paper checks and so forth. That is the context. Where the industry is today – I can’t quote what the percentage is. It varies from state to state. It varies by size of the practices and so forth.
If that is the goal, what this letter really says is three things. One, continue to increase adoption of electronic payment. Continue the adoption of that. That is what recommendation one is. Recommendation two acknowledges there are convergence opportunities. They are emergent of these new types of payment. How you bring that into the fold and continue the encouragement of that electronic transaction. We never said thou shalt not do this. We said how would you do – if we are going to do it, what are use cases? How do you do that? Again, the goal is the same – increase efficiency and effectiveness of how payments are conducted.
The last point, we are not at all prescribing what agencies nor what entities – we gave that framework around increasing adoption of the current transactions set or explore good usage of the new payment. That is basically the framework. I am not sure by taking those last two recommendations out would serve the better goal of driving efficiency and effectiveness through electronic transactions.
DR. SUAREZ: Let me just add to that. The recommendation – when you look at recommendations two and three, they do specifically relate to one of the major areas that we focus on, administrative processes. That is called business practices. We are not just about electronic standards. We are also, actually, now adopting something called operating rules that define business practices. What we are arguing here is that there needs to be more clarity around those types of business practices when it relates – when it comes to the use of virtual credit cards. We are really not infringing, if you will, on any type of other areas that are above and beyond our responsibility. We are actually exercising – as Ob mentioned, one of the priority areas that we have in our standards world, which is business practices.
Again, when you look at the recommendation, the sub-bullets on recommendation two, encourage the increased adoption of EFTNERA – I mean, I think that is even more specific to what we are doing. The second bullet is ensure there is full transparency, disclosure, and informed optionality between trading partners. That is part of the business practices that are to be set in conducting these types of transactions. Adopt and encourage the use of nationally accepted good business practices. Again, this is all about business practices. It is very much part of what we are responsible to do.
MS. GOSS: It is a very interesting level of conversation. I am feeling like – as we say in our world, it is a lot more red than you think. Sometimes you say the same things, but you don’t say it the same way. It is sometimes hard to see that there is overlap. I don’t think that the subcommittee has expected to stop conversations on this. I think the subcommittee is also trying to figure out where it does fit into the larger scheme of our own prioritization of the workload and time we can allocate to things.
I think this is a new and emerging business practice that not only HHS needs to get their arms around and understand as experts, who do give regulations and guidance to us, but also we need to do that in partnership. I am wondering if – I see recommendation one as sort of like we really need to get the clear guidance out. Recommendation two and three is working in that innovative spirit as we are evolving in the marketplace, but maybe there is a closing that says we are in this life boat with you, HHS. Maybe some of our hearings and forums can help shed light on this that we can further collaborate so that we don’t, to Jim’s point, make it sound like we are just sort of lobbing it over at them and running away, which is not how I ever envisioned reading recommendation two and three. I saw it much more as a we are all becoming learned and collaborating as we try to really get our arms around this. At the same time, we don’t want to get in the way of business.
DR. SUAREZ: I am just going to read the concluding comment. NCVHS recognizes the challenges that the healthcare industry faces today and will continue to experience over the coming years as they adjust to these transformative changes in the use of credit cards and virtual cards as well as other innovative methods of payment transactions. NCVHS will continue to support your efforts to increase the options, standards, and operating rules that help move the industry forward with technology to achieve greater efficiency.
I think we are, in essence, saying this is an issue that affects the efficiency process and the administrative processes that we are responsible for.
DR. GREEN: If you are a member of the standards committee, raise your hand. What do you guys want to do?
MS. GOSS: I like the letter.
MS. KLOSS: I don’t think that the recommendations two and three are very different than other recommendations the committee has made where it essentially says HHS should consider doing this. I think it raises issues and options.
I think, though, Bill has raised a really interesting question about if we look forward, how far can we go down this issue of payment and banking and things like that before we are just really needing to have another whole business process? That is just a whole world. I think you raise a really good question of scope.
DR. SOONTHORNSIMA: That is why we want to let the industry drive innovation.
MS. KLOSS: Then where do we stop?
DR. SUAREZ: We are not saying we are going to dive deep into any of these issues. We are certainly going to continue to balance our responsibility and our high level conceptual set of recommendations with the more specific.
MS. KLOSS: We are saying we are going to hold more hearings.
MS. GOSS: Also, I think we need to understand that like the X12, it is not just about healthcare. It also has a finance committee. Quite frankly, the 835, if I remember correctly, was owned by the finance committee not by the insurance subcommittee. There is already some industry collaboration going on in the standards community. I think we do need to constrain ourselves to the operating rules and the adopted standards.
DR. SUAREZ: That would be a commitment that we make, I am sure, as a standards subcommittee to certainly continue to balance our responsibilities. We simply are reflecting, truly, the perspectives that we received and heard during the hearing and advising on specific ways in which the industry can continue to evolve in the adoption of this and use of this virtual credit card.
DR. GREEN: Walter, if I am listening – and I might not be, but if I am listening well enough, the committee continues to recommend that we include all three recommendations in the letter. I think that is what we just heard from the membership of the subcommittee with the addition of recommendations two and three, that HHS should work with the healthcare industry and other appropriate agencies in both of those recommendations.
DR. WALKER: I am sorry. I think listening to the discussion if the committee could say – if there were to be a full discussion of this with all of the appropriate stakeholders and someone who actually understands banking transactions leading it, then how would the subcommittee and NCVHS learn from that process and as that process moves forward, identify the NCVHS related aspects of it, HIPAA, administrative transactions in healthcare, other sort of things that we are the experts on and would be using our time well. Having registered my concerns, it can go ahead with all three.
DR. GREEN: Bill, let me ask you a different sort of question here. Again, if I am listening to you correctly, you and a couple of other people just commented about prioritization here, different forms of electronic payment at the top of the standards committee’s work list right now, workload in the committee’s agenda or not – am I mishearing that? If so, please repair that.
DR. STEAD: First, I didn’t have any problem with the wording of the recommendations originally. I like Bruce’s edit. The thing that began to blow me out of the water was the language that was inserted that we are going to hold more hearings on this issue, which was inserted since, at least, I had seen the original version.
Jim’s point sort of underscored that. We are really probably not the right people to drive this issue. The recommendations, particularly with Bruce’s edit, I think, are solid. They are about HHS working with the industry and others. It is not about HHS taking the lead and solving this problem.
DR. GREEN: I get that. So Jim Walker, I am sorry you can’t see this, but the language is NCVHS recognizes that there are health plans and providers who see the virtual credit card as a better value than other forms of payment. It is the next sentence that Bill is saying actually constitutes a priority-setting statement that he is not comfortable with. That sentences is consequently, NCVHS will be holding future hearings that will focus on the use of virtual credit cards.
Bill, could you reword that? What would you like to see happen with that sentence? It could go away.
DR. WALKER: If I were to reword it, I would not say NCVHS will be holding future hearings. Perhaps NCVHS would stand ready to participate in future hearings.
DR. GREEN: Bill, what do you think of that?
DR. STEAD: I can live with that. Walter and Ob, can you live with that?
DR. FRANCIS: How about future efforts?
DR. COHEN: Not necessarily hearings, but future efforts. NCVHS stands ready to participate in future discussions of —
DR. GREEN: So Jim, if you couldn’t hear, that was Bruce. Lou is sitting next to him showing the most animation he has shown all morning. He likes it.
DR. SUAREZ: So if I read this statement, it would read consequently, NCVHS will stand ready to participate in future discussions regarding the use of virtual credit cards.
DR. GREEN: Yes. That is what I think Lou is excited about.
DR. SUAREZ: Jim, did you hear the amendment?
DR. WALKER: Yes. I agree. Thank you.
DR. GREEN: Let’s go to the next letter.
DR. SUAREZ: The third letter is a letter about the use of the unique device identified – oh, I should probably mention before going to the next letter I do want to acknowledge that we received a copy of a letter that was sent by NACHA, the National Association of Clearing Houses, the Financial Clearinghouse industry sent directly to the Secretary of Health and Human Services with respect to this topic of the use of virtual credit cards and it had received support from a number of organizations. I don’t think there is anything inconsistent, really, about what NACHA is highlighting in the letter with our own recommendations. I think it is very much in line. I certainly look forward to participating in that dialogue, as it has been pointed out now.
Okay so with respect to the UDI, the Unique Device Identifier, this is the new ID that has been established to identify devices in the healthcare industry. It is an international ID adopted by the Food and Drug Administration to start being issued and actually incorporated in Class I devices, the implantable devices and the type of devices that are more life-saving type devices.
The question was can there be an incorporation of the reporting of the UDI in electronic transactions, administrative transactions so that providers send the UDI in a claim, for example, to a payer. There has been a lot of discussion and debate. Right now, the UDI is not required to be reported in any specific transactions. Right now, the UDI is being considered to be incorporated into the Meaningful Use program to be added as one data element that electronic health record systems will be expected to capture and then exchange with other systems.
That is an element that is under development is the consideration by the advisory committees, the FACA’s HIT standards committee and policy committee to incorporate – actually, recommendations are being sent to incorporate the UDI in an electronic health record system. That won’t happen until 2017 or beyond, after Meaningful Use Stage II starts.
Then the question was can that be also added in administrative transactions. There has been a significant discussion and debate in the industry about that. I think we try to reflect that discussion and the elements of that in the letter. I think – I am going to go to the recommendations.
Basically, we highlight a few elements in the introduction. I think it is worth mentioning. There is sort of a short-term and a long-term consideration about this. The short-term meaning if there was a reason for incorporating the UDI in current electronic transactions, how can that be done because the electronic transactions today that are required under HIPAA, the version 5010 of all the transactions do not include a field or a data element that is called UDI or can capture the UDI? What would be a possible short-term solution if that was the desire? The long-term consideration is really the consideration that the standards development organizations are going through in incorporating the UDI in those transactions – the process, itself, that exists to allow an SDO to consider a request coming from the industry to incorporate UDI into the standard.
Those are two separate elements. We addressed the two and basically make the following recommendations – I am going to highlight, first, the recommendations as they were originally sent to you. There are not any significant changes, actually. Recommendation one, HHS should continue working with the industry to better understand and document the value, the benefits, and the cost of reporting UDI in administrative transactions, including the business reason for and cost/benefit of including UDI in administrative transactions, the added burden for providers and payers to capture it, and other points there, which transactions would be the best to report the UDI, for example, would it be the claim or an attachment or some other administrative transaction, what are the potential post-market surveillance roles of payers who would be then receiving the UDI in this administrative transaction. All of those are things that it would be important to further clarify and define before any formal adoption of the UDI in transaction.
HHS should work with the industry to consider implementing pilots to test and document the effect, value, and cost/benefit of incorporating UDI in administrative transactions. Pilots should initially focus on the reporting of UDIs for high risk implantable medical devices. Right now, as I said, there is no mechanism to include a UDI in an existing transaction. There is no exchange of UDIs. Ultimately, UDIs are not currently being yet implemented. There needs to be some transition and some testing of that incorporation.
Then the third recommendation is the SDOs, the Standard Development Organizations, and the operating rule authoring entities should consider developing national standard guidance to support any short-term UDI pilots. Guidance would potentially define how to report UDI in current version of administrative transactions and explore the incorporation of UDI as an option in the next version of administrative transaction standards, specifically considering what is the business purpose and need for such change.
The third bullet is consider the need to develop operating rules for reporting the UDI in future administrative transactions. It is not just incorporating the UDI element, itself, in the electronic standard, but also defining operating rules on how to report them.
Those were the three recommendations. We received comments from a number of groups. We received comments from the PEW Charitable Trust, who has been very active in facilitating discussions in industry about the adoption of the UDI in transactions. We received comments from the American Hospital Association, as well.
I think I am going to highlight mainly the additions that we had. I don’t think there were any changes, primarily on the front end. There is only one minor edit here. Instead of explore the possibility of implementing industry pilots on page three, instead of saying explore, it is really continue implementing industry pilots. One point that was made was really there are already pilots that have tested the reporting of a UDI-like, if you will, ID, an ID device in transactions. We were suggesting continuing rather than exploring implementing new pilots.
An additional recommendation that I have been thinking about including is —
DR. GREEN: Just a second. Jim, Walter is reading an addition to recommendation one. There are three bullets now. He is talking about a proposed fourth addition to recommendation number one.
DR. SUAREZ: Thank you for that. It is under recommendation one. It would be an additional fourth sub-bullet. It would read Standards Development Organizations should provide the information typically collected on a new proposed data element for administrative transactions and should not require more information on UDI capture and transmission than otherwise would be required for any other proposed data element.
The reason for this is really that – it seems like a cost/benefit analysis, per se, of adding the UDI data element could be interpreted as a much higher threshold, if you will, for any evaluation of the addition of any new data element. The question or the point here, it is trying to make is basically a standard development organization should certainly consider the business need and evaluate the business need of incorporating the UDI in transactions and should basically do that and not add any additional burdens in the evaluation of the adoption – potential adoption of a UDI in the standard.
It is basically equating the UDI as any other data element that is considered by the standard development organization to be added in a standard. They should evaluate it the same way, not less and not more, but the same way and consider the business use and the business need for it and not just purely what is the technical solution that needs to go into the standard? That is what we are trying to do in adding this here. I will stop there.
MS. KLOSS: I read that three times and I am still not sure I understand it. They are saying evaluate it as you would any other data element. However, it seemed to me that in testimony, one of the issues was that the general availability of the data element was as much an issue as was how you put it in a transaction. I think this oversimplified the issue of – it is certainly a standards and a transmission of a data element issue, but my understanding was – it is kind of the downstream issue. Do we have the data to begin with? Can we manage the data and maintain all of these identifiers as they change? I think that oversimplifies the issue.
DR. SUAREZ: That is a good point. It is a well taken point. I think this additional fourth bullet is very granular in many ways with respect to the expectation of the SDO. Ultimately, the SDO has standard operating procedures that are adopted in order to consider any new data elements. In some ways, I kind of feel it is not necessary to really highlight any of these points because it is something that is the practice of the SDO to consider that. It is supposed to do it because it is an accredited standard organization, accredited by a body that accredits standards organizations. They should follow those parameters. We shouldn’t be needing to highlight those kinds of things in the letter.
DR. SOONTHORNSIMA: So to that point, we could combine that last bullet point, if we are going to include it at all, perhaps with the second one. Which transaction would be best reported UDI and leverage the appropriate SDOs and their process?
MS. GOSS: There are really two points in that last bullet. The first one is really the confusing point that I think Linda is getting at, which is every SDO has to have a justified business case brought forward for anybody to explore inclusion and then have debate based upon someone presenting that business case. The second part is sort of a let’s not add more than we need to or just go add data elements to a transaction because somebody asked for it. Really let’s make sure we have this figured out. I don’t think this fourth bullet is needed at all because it is at the crux of what the standards bodies do. It just seems unnecessary to me.
DR. SUAREZ: One suggestion, maybe, and this is a way of highlighting that, is in the first sub-bullet where it says the business reason for and cost/benefit of including UDI in transaction, we can say consistent with accredited standards practices so that it clarifies that it really is consistent. The expectation is that the business reason needs to be evaluated and it should be done consistent with accredited standard practices.
DR. SOONTHORNSIMA: Does that need to be said? I am yielding to my two colleagues. You are right. That fourth bullet point is really unnecessary because that is what we are doing today. That is what SDOs do. Why say it at all? The first bullet point is a really good one. Leave it at that. That is really the focus of the recommendation. Don’t expand any further.
DR. FRANCIS: So this is probably completely off the wall, but I wonder whether in any of the discussion of this, the privacy issues because a unique device identifier is personally identifiable health information since if you can link me to the unique device, you can link me to all of the other information that comes along and whether that came up at all in terms of any of the discussions of any of this. If it didn’t, if it should have?
DR. SOONTHORNSIMA: I don’t believe so. This is my personal opinion. I think it is the same thing as drug – pharmacy data. It is the same thing – it is identified back to me as a —
DR. FRANCIS: What I was wondering about was if you have in my record a prescription that I had, if you just took the prescription information out like whatever thyroid hormone or something like that, you wouldn’t be able to link it to me. You would just know that it as a prescription. If you take the unique device identifier out, it is something – it is like taking my phone number.
DR. GREEN: We don’t have a recommendation about that. Leslie, what would you think if – can we scroll, Walter, to the third paragraph of the letter?
DR. FRANCIS: This was really a request for information. It could have been totally off the wall. I just wanted to know.
DR. GREEN: I don’t think it came up for exactly the reason that Ob said.
DR. SUAREZ: I am trying to understand the issue. The UDI does not have – even though it says unique device identifier, has nothing about an individual.
DR. FRANCIS: Oh. Okay.
DR. SUAREZ: The UDI, itself, has nothing about the individual. The UDI is an identifier of the device. In an electronic health record system, if I am implanted a new knee, that piece has a unique device identifier and that number will be added into my personal record. The UDI, itself, if you take it, does not identify the person.
DR. FRANCIS: I was confused. I thought you could not only tell that it was a knee of type X, but that it was this particular one that broke.
DR. SUAREZ: No. It is only until it gets added into the electronic medical record of a person and then links to the person when it becomes part of it. Now, another very critical aspect that needs to be clarified is there is a new – it is called GUD ID. It is a Global Unique Device Identifier Database, GUD ID, developed by the FDA to accumulate all of the unique device identifiers and all of the information about that device, but that GUD ID has no identification of the patient or anything like that. That is a database that is captured from the manufacturer once the manufacturer registers a device. It has no connection to the patient. The only connection to the patient happens when the implanted item, the UDI of that implanted item, gets added to the medical record of that person.
MR. SCANLON: Again, I am wondering, generally, there is no much support for adding more items to claims because it is every claim. You wonder if – whatever the public health value looks like in concept, it really is a heavy lift. I wonder if there is not a better way to retain this kind of information. I think in many cases, FDA requires that the manufacturer keep a register anyway. Maybe an electronic health record is a better way. Every claim that applies just seems a heavy life.
I would just say, maybe to one of the recommendations, if there were some other suitable – rather than a claim. That is a heavy lift for a claim.
DR. SOONTHORNSIMA: That is a second sub-bullet point that says which transactions should be best used.
MR. SCALON: Or some other means all together.
DR. SUAREZ: This was a specific hearing on adding UDI to an administrative transaction. It didn’t say claims. It could be any administrative transaction. There is UDI being added to many other registries, databases, and systems, like electronic health record systems. We didn’t attach – we were really focusing on is there any reason for adding the UDI in an administrative transaction? If so, which might be that one? What we are concluding is basically we need more information about the reasons behind it. We need more understanding about if there is a reason for adding it into an administrative transaction, which would be that administrative transaction.
DR. SOONTHORNSIMA: Break it into three stages: capturing, transacting, and reporting.
DR. SUAREZ: Another important point is that – I mean these recommendations, again, are not telling the Secretary, you should adopt the incorporation of this into the UDI. We are saying we need more information about it.
We know already that the standard development organization is in the process of considering this as a business need, a real business issue. It has been already billed into the standard development process for future standards. It has already been added to the consideration. Basically, someone requested that this be considered and then the standard development organizations are underway in the process of considering that. It hasn’t made any decision or anything like that. At some point, there will be a decision by the standard development organization about it.
MR. SCANLON: I understand. Maybe the bullet should say which transaction if any or something like that.
MS. KLOSS: You could add the word mechanism because a registry isn’t a transaction. That may be, at least in the short-run, a better approach.
DR. GREEN: I like what Walter has put up there. Jim Walker, in the second bullet under recommendation one, Walter put in which transaction, if any, or other mechanism would be best to report UDI.
DR. WALKER: Great. Thanks.
DR. COHEN: I want to go on to recommendation four about the FDA. We haven’t really discussed that yet. I don’t know whether we will have time before lunch. I am really concerned. I like the notion that we suggest that the FDA and stakeholders work together to improve mechanism for post-market surveillance of devices, but I don’t want us to tell FDA how to do their business. I don’t like the rest of the recommendation that directs the FDA to do certain things. I feel it is a little beyond our scope. I would – whether they use standard electronic methods or whatever, it is not our role to tell them how to do their business. I would encourage keeping the first sentence, but I would eliminate the rest of that recommendation.
MS. GOSS: Didn’t we sort of get at that in the last modification we just made, too? I am agreeing with you.
DR. SUAREZ: Thanks, Bruce. I totally agree with that.
DR. COHEN: If we feel that it has been covered by previous recommendations, we could —
MS. GOSS: Just the last – the deleted part is already done. I agree with keeping the first sentence.
DR. SUAREZ: So for Jim, I think what we are saying is recommendation four will contain basically the first sentence and the second sentence will be deleted. The first sentence reads NCVHS suggests that FDA and stakeholders work together to improve existing mechanisms for market surveillance of devices using standardized electronic methods.
DR. COHEN: I would stop after methods, right after methods.
DR. GREEN: That is good. Delete everything else. Are you satisfied with that, Bruce?
DR. COHEN: Yes. Thank you.
DR. GREEN: Jim Walker, do you have any adverse – any suggestions for this recommendation four?
DR. WALKER: First, I want to thank Ob and everyone for the always excellent work. A friendly thought, at the very beginning of recommendation one, the business reasons for and cost/benefits of including – and then a similar theme is sounded at the end of recommendation two where we say should initially focus on reporting UDIs for high risk implantable medical devices. I agree with both completely.
What I want to raise is that one of the things that happens in these initiatives, take for example electronic quality measures, is that no one – and I would think it would be a governmental task or at least governmental commission – no one ever does the work that here, we kind of half imply of saying of the 300 or however many there are of UDIs, 6,000, whatever the number is, who is going to be responsible to identify cost/benefit equation for each one of those? As, presumably, and I believe we will, move into this world, how do we have a shared, transparent way of saying out of the 6,000ish, these are the 1,500 that we are ever going to build into this system because they have a cost/benefit equation that makes it reasonable and all these others are great and we are going to have UDIs for them, but we are not going to build them into this mechanism because the cost/benefit equation just doesn’t work?
It seems to me that it would strengthen this – although, I don’t regard it as essential, but I think it would really get us a lot farther down the road faster – if we called out the need for an explicit rank ordering of UDIs by estimated benefit/cost equation.
DR. SUAREZ: Jim, I hear you. I think that is a great point. Part of the concept was that, yes, there probably are thousands of potential devices that would be – if this were to be adopted as a standard element, would be able to be reported in a transaction. Of those 6,000, maybe not all of them are necessary. At the end of the day, if there are hundreds of them or a number of them that are needed, then there is a business need to do it for those and it doesn’t mean that for all the other ones, they will be required.
DR. WALKER: Right. All I am saying is how are we going to know – as a society, as an industry, how are we going to know when we have gotten to that breakeven point where the cost is as great as or even greater than the benefit and we say, okay, we have worked this all the way through to number 488 or number 767 and from the analysis that we have done, that is as far as we are going because from there on out, the cost goes up and the benefits go down. Until we have new evidence on those, we are going to stop here. It just would give the industry a rational way to work that it typically ends up not having and wasting all kinds of resources because we don’t have it.
DR. GREEN: It seems to me, Jim, that the recommendations about doing pilot work and that sort of stuff is congruent with what you are saying.
DR. SOONTHORNSIMA: I think Jim was saying something more than the cost/benefit. The first one is cost/benefit of doing UDI in administrative transaction. What Jim is saying is beyond the pilot, when you start doing this, there has to be a sort of life cycle of the next set of devices. That is what Jim is talking about, I think. We are not saying that in here at all.
MS. KLOSS: But it could be incorporated in, too. It does say pilots should initially focus on reporting UDIs for high risk implantable medical devices. You could take that a little further and say establish the cost/benefit.
MS. GOSS: From the FDA testimony during this hearing, they want this data for manufacturing benefit. I am feeling like that is an intersection point back to what Jim is saying. We need to learn from the experience. I think FDA has plans. I think they are trying to figure out the best way to get the data to inform that assessment process.
DR. GREEN: Walter, we are going to have to stop. I want to get Raj’s question on the table before lunch. We may just need to pick this up again after lunch to finalize this. We will come back and finish this up after we hear Rag’s issues.
DR. CHANDERRAJ: It is not a question, but a comment. I think the UDI is a very good concept. It should be coming soon. We see a lot of times devices are put in the heart and we don’t know where they were put in, why they were put in. It has a lot of clinical benefit for identifying the UDI not only for the knee transplants or the hip transplants. We don’t know if they are MR compatible. Some devices are MR compatible. Some are not. If you have a unique identification number, we can quickly reference that and identify that. It makes a big clinical impact on patients.
DR. GREEN: I think the clinical community is hungry for this to get decided and get done. Public comments. Anyone in the room want to tell us where we just went off the rails or anything else? Is this the secret to suppressing public comment? Starve them.
MR. NACHIMSON: Good morning. This is Stanley Nachimson. I have been doing some work with the PEW Foundation and others on the UDI. I think the concern that we had about asking for cost/benefit analyses and also the comment, the recommendation about not asking for more on UDI than you would on any other change is relevant, first, because NCVHS seems to be asking a lot more of the UDI and proving the worth of the UDI than most of the other initial data changes that have been asked for in the past.
As a matter of fact, even if you go back to ICD 10, there have not been the significant cost/benefit analyses done on ICD 10 before it was adopted as a standard. We did not want this burden placed on the adoption of UDI that has not been placed on other data elements and, in some sense, asking for additional pilot tests and things like that tends to delay the adoption rather than looking at the information that has already been collected.
We have had, as Walter mentioned, and we provided at the subcommittee hearings some pilot tests already that talk about the cost and benefit analysis. We hope that perhaps getting some further information from those pilot tests on this information would be better than having to establish another pilot test. That is number one.
Number two, in terms of the prioritization that has already been looked at in terms of the high risk implantable devices, there is agreement that that is what we are going to focus on. There is prioritization of both the UDI and the inclusion of claims just for in-patient hospitals on those small devices. Thank you.
DR. GREEN: Thank you. Walter let’s look at the undue burden issue again. You guys just think about this and see if there is a place where we need to insert something to make that absolutely explicit. We went by that three times now.
We will reconvene at 1:30, finishing up this letter or at least sort of finishing up this letter and then we will head into attachments.
AFTERNOON SESSION (1:36 p.m.)
DR. GREEN: We have a ten-person quorum, at least, so we’re under way. Continuing the story of UDI.
DR. SUAREZ: Just to finish up the UDI letter, I think it’s important to highlight a couple of points. One is that the National Committee is responsible for advising the Secretary on adopting new standards at a high level, and national code sets, such as ICD-10 and others. When it comes to adding a new data element, for example, to a standard, the responsibility rests on the standard development organization, the SDO. We as a national committee don’t get into “you should add a data element here or there,” because there is a standard procedure that the SDOs follow in order to receive a request for an additional data element to be included. They go through the process of doing the analysis, including not just what the technical solution is and jumping to the technical solution — the first thing that an SDO does is, why is it that we need to add this data element here? Who is bringing this case, and what is the business case for it? Why is it that we need this element to be included?
Once they do their business analysis, then they consider the technical solution and say, okay, we understand now the business analysis and the business reason. Now let’s talk about what the best technical solution is to add a UDI.
So that’s why in our letter we are really highlighting the fact that the SDO is the one that ultimately needs to work on that. I think that’s part of what recommendations 3 and 4 are.
I know that there have been some questions about this wording of “cost-benefit.” I just want to clarify that, in no way by virtue of stating it in this letter, are we elevating the threshold or the bar of evaluation of a data element or a standard. Certainly the expectation is it’s not like there’s going to be a full-fledged investment of analysis of the cost and benefits into every single instance of the need to report a UDI. If there is a business reason, again, to report it in an administrative transaction mechanism, what we want to highlight certainly is that there needs to be an analysis of the value and the benefits.
I know there have been some concerns about the wording of “cost-benefit” and the perception that we are elevating the bar for evaluating UDI. We’re not. We’re just telling, really, the industry, and particularly the SDO, that they need to do their due diligence, as they always need to do, in evaluating a new data element.
MR. SOONTHORNSIMA: Would it soften the tone — I think the rationale is there. Maybe the term “costs and benefits” caused the angst here.
DR. COHEN: That was my suggestion, if we just said “for business reasons, cost and benefits,” so it’s not implying a cost-benefit analysis.
MR. SOONTHORNSIMA: I was actually going to go even lighter than that, but maybe that’s fine — or “rationale,” instead of “cost and benefit,” to say “rationale for including.” No?
In addition to that, we already talked about “including the added burden for providers and payers.” So that implies administrative efforts and costs.
I just don’t want us to —
DR. SUAREZ: How do people feel about replacing “cost-benefit” with “rationale”? I think people are saying this is okay. All right.
MS. KLOSS: You have one extra “and.” “Business reasons,” comma, “costs, and benefits.”
DR. SUAREZ: Okay, I’ve got it on the screen, corrected.
One other important point is that ultimately the next time that we as a National Committee hear about this might be at a point when a decision has been made by the standard development organization regarding this. In other words, it is really — and I want to emphasize that the responsibility of the standard development organization to perform its due diligence in evaluating the business reason and doing the kind of thing that they are always responsible for doing in considering any new data element. The industry itself is represented at this point of discussion, and so it’s important for the industry to raise their questions and concerns at that level so that there is a good process, as always, that they have to go through in order to consider any new data element.
I think that’s the main change that we were considering in this letter.
MR. SOONTHORNSIMA: There was another change that Jim brought up before lunch about the future —
DR. SUAREZ: Oh, in recommendation 2.
MR. SOONTHORNSIMA: Yes, I think it might belong in 2. What Jim was articulating was, in the future, how do you vet additional cost-benefit of additional devices that would be included. That’s beyond what we were talking about here.
DR. SUAREZ: I certainly heard Jim’s point. I was trying to think of how to articulate that. It’s very hard to say the threshold for defining the cost and benefit is this. In this letter we’re saying that there needs to be an analysis of the cost and benefit and the business reasons for it, but that analysis is the one that has to say the reporting of this type of UDI for this type of implantable device, out of the 6,000 that exist, is critical. That is hard to prescribe in the letter, I think.
MR. SOONTHORNSIMA: Maybe you can add, “Pilots should initially focus on reporting of UDIs for high-risk medical devices and evaluating any future inclusion of additional devices,” something to that effect.
DR. SUAREZ: Okay.
MR. BURKE: In the first sentence in recommendation 2 you might want to add “costs and benefits,” in symmetry to how you are expressing it earlier.
DR. SUAREZ: Thank you for that. That’s good.
MS. MILAM: I’m wondering if recommendation 2 is a good place to put some placeholder language for Leslie’s issue around individually identifying numbers. It may be that the UDI does have a unique component. And to the extent it does, would want, since we’re talking about pilots and testing, to identify any privacy issues, in addition to the other issues that we’re interested in hearing about?
DR. SUAREZ: Privacy considerations should also be evaluated? Is that what you’re —
MS. MILAM: I’m wondering if we can just build it in above, not calling it out separately, because we don’t really know enough now to call it out separately.
DR. GREEN: Sallie, how about in that first sentence, where we say “test and document effect, value, cost.”
MS. MILAM: “Cost, benefit, and privacy implications of incorporating” —
DR. FRANCIS: After “privacy,” you could say “if any.”
MS. MILAM: Victor did a little research, Victor Richardson, our public health law fellow, and I think he did identify that there is actually an identifiable portion of this number. So I think there are privacy implications. But given the diversity of opinion among the committee, I thought maybe we ought to be more oblique about it.
DR. GREEN: Leslie, are you okay with that?
DR. FRANCIS: Totally.
DR. SUAREZ: You’re saying there is an identifiable — as in it identifies the individual?
MS. MILAM: It identifies the specific device, and because there is only one number, when you look at the definition of PHI, it would be a number relating to an individual.
DR. SUAREZ: No, no. If you take the UDI per se, there is no identifiable information that connects the device to an individual in the UDI.
MS. MILAM: Right. There’s one number assigned to the UDI that then relates to the individual once it’s put in their records.
DR. SUAREZ: Well, there’s the medical record number.
MS. MILAM: Right.
DR. SUAREZ: But that’s once the UDI itself is incorporated into a medical record.
MS. MILAM: Right. It’s associated with an individual.
DR. GREEN: If you will allow, I think the fact that we just saw that exchange means we need to put that in there.
DR. SUAREZ: I think it’s important, it’s valuable. No disagreement. I just want to make sure that there is a lot of misunderstanding perhaps about the concept of UDI and the concept of patient identifiable information in it. There’s no patient identifiable information in it, unless the UDI is incorporated into a medical record and is connected to an individual in some report, like a claim.
MR. BURKE: If there is a UDI number for an insulin pump, once that is implanted in a patient, the patient is identified as a diabetic or in need of insulin.
DR. SUAREZ: There are implications about the —
MR. BURKE: But, as you say, it’s not until it goes into the record.
DR. SUAREZ: Exactly. The UDI is a number that identifies, let’s say, the serial number of a device. It’s a serial number plus a number of other things. It has several other elements — the date of manufacturing, the place where it was manufactured, all sorts of elements. But per se the UDI has no information about the patient. You need to put that UDI into a medical record, and that connects the UDI to a patient. In any event where, for example, I’m referring a patient to a cardiologist post an implantation of a pacemaker, in my electronic summary of record that I send to the cardiologist, I will in the future include the UDI in that record of that patient. So that goes together and that identifies that the device was implanted in that patient.
But by itself, the UDI doesn’t identify patients.
MS. MILAM: It’s like a license plate. At the time they are made in the prison, they are not associated with anybody, but at the time it gets on your car, it is.
DR. GREEN: Terry?
MS. DEUTSCH: I just wanted to bring up a question. We had a public comment about a question raised if any of the requirements are more stringent for the UDI as opposed to any others. I just want to bring that up to everyone, to just look at the recommendations and the additions to see if you think any of these are more stringent. It was a comment that we did get.
MS. MILAM: Just to throw something else out, I wonder, as we move down the road with this issue, if we really need to think about the UDI before it is even related to an individual. In Victor’s and my lunch conversation, between us, we determined that it really didn’t become PHI until it was associated with an individual, meaning it has this huge lifespan, getting from the manufacturer, sitting in inventory, before it ever becomes protected. It’s outside of HIPAA during that entire process. So when you look at software and devices probably getting hacked by folks down the road, you have this whole area that is completely unrelated, at least by HIPAA.
DR. GREEN: So we had better leave “and privacy implications” in this.
DR. SUAREZ: Absolutely.
DR. GREEN: Any other comments about this letter?
DR. SUAREZ: Okay, we’re going to go to the next letter. The next letter — we reserved the better one for after lunch.
The next one is “Attachments.” “Attachments” has been a topic very close to the National Committee. We have, as you know, made recommendations in the past about adopting very specific standards. As recently as last year, 2013, we made formal recommendations on — in fact, one of the larger letters that we have written recommended, I think, 12 different things about attachments, including the definition of what an attachment is, the codes to be used in attachments, transactions, the content standard — all sorts of things. We made recommendations about them.
Since then, there have been a number of developments around attachments, including, of course, revisions and updates to the standards that are being considered right now by the standard development organizations. In addition to that, there have been new business needs presented to the standard development groups, including the business need presented by CMS, by the Medicare program, under the electronic submission of medical documentation, ESMD, raising a number of needs that they have, business needs, and they talk again about raising a business need in order to discuss with the industry the adoption of a standard.
Since then, there have been a number of developments. We brought back again as part of our hearings in June the groups to discuss the status of the standard and what kinds of recommendations we can make. We heard a few things.
Number one, just very briefly — and I apologize, I’m going to probably skip a number of things, and the letter actually highlights a number of the things that we have heard — number one, everybody is still very much into definitely having the adoption of a national standard for attachments.
Number two, the attachment recommendations that we made, which were standards for a particular version, a particular release, were the ones that we had in place, and the new ones that are being finalized are new ones that are being finalized. They have not been yet formally published or issued as a new standard by the standard development organization. It will happen in the next several months. In fact, by the end of this year or early next year, we’ll have published new national standards that can be used for attachments. But in today’s circumstance, as of today, September, we have only the published standards that we have recommended in the past.
The third thing we heard was — in the original letter back in 2013 we thought that standards for attachments should apply to attachments in general, meaning not just claim attachments, but several other attachments that are used in the health-care industry, attachments associated with eligibility transactions or with prior authorization transactions and other things. We thought that attachments should be the same in terms of the standard for those types of applications, for those types of transactions.
The recommendation was that we should really focus more on starting with a more narrow application of the standard. Even though it could apply to others, the adoption of the standard should be narrowed to a particular area.
Based on those recommendations, we basically came back with these four recommendations. The first one is, at this juncture, given that the next version of the standards has not yet been finalized, NCVHS stands on all its June 21, 2013 recommendations to the Secretary. So we are not modifying at this point, with this letter, the recommendation of the standards. We consider that it is premature to recommend a new standard currently under development at this point. It is under development and hasn’t been finalized and published. NCVHS believes that once the standards have completed the full standard-development cycle and have been formally published, then they merit certainly consideration to be adopted as national standards.
Secondly, in our June letter we recommended adopting standards for a broad application of attachments, which included claims, eligibility, prior authorization, referrals, et cetera. In this letter we’re refining those recommendations by recommending that the initial focus of the standard to be adopted should be limited to health-care claim attachments. The HL7 standard has defined a template for the standard.
So we’re really saying now, let’s focus initially as a starting point on claim attachments. Certainly the possibility of expanding and applying the standard to other areas is there, and it could be done in the future.
The third recommendation: Timing for the adoption of the standards should be aligned with the timing of the implementation of Stage 3 Meaningful Use Program as much as possible to facilitate a common, consistent transition to the new standards on both EHR and administration and financial systems.
In other words, the timing for compliance should be aligned with meaningful use. It should not be sooner. It’s very hard to adopt in regulations and implement a standard in regulations and expect that to happen before what would be the beginning of Meaningful Use Stage 3, which at this point looks like it’s going to be January of 2017. We’re saying we should align those requirements of the use of the attachment standard with the Meaningful use Stage 3 start.
DR. COHEN: Walter, around that point, what if Stage 3 is delayed significantly? Do we want to not promulgate the standard? I understand your desire to link it to Stage 3, and I also have concerns about linking it to implementation.
DR. SUAREZ: Great point. Maybe that’s why we say “as much as possible.” But you have a very valid point. So far Meaningful Use Stage 3 has been already delayed once. It was supposed to start in 2016, and now we have pushed it to 2017. So there is the possibility that at some point it might be delayed further.
I think, as the regulators, CMS will be writing these regulations around attachments. At that point, which could be in 2015, there will be some level of understanding of whether there are going to be any delays or not and what type of a connection there is between Meaningful Use and the standard.
There is no reason to specifically require that the standard be adopted the same date as Meaningful Use. We’re just saying that, as much as possible, try to align the two. But the regulation for adopting this standard might be a specific day that is independent of Meaningful Use Stage 3.
With respect to this recommendation, we’re simply saying that the timing, as much as possible, should be aligned with Stage 3, which right now looks like 2017. I think mostly the consideration is that we’re sort of in between standards. Right now we have a published standard for attachments and for Meaningful Use. We have a new version of a standard being finished, to be published at the end of this year or early next year, that likely will be the one adopted in Meaningful Use Stage 3. What we are saying is that: That standard that would be adopted in Meaningful Use Stage 3 should be aligned with the standard, and the timing should be the same, or aligned at least.
I don’t know how to handle it, except saying “as much as possible.”
MR. SOONTHORNSIMA: Walter, would it make sense to say “no sooner than” or “not sooner than 2017”?
MS. GOSS: I think what we’re trying to do is — attachments are really the way to blend the admin/financial with the clinical world. So there’s a further motivation that I think is really driving this.
MR. SOONTHORNSIMA: But the point is, if MU3 is delayed further out, then — that’s why putting sort of a time —
DR. COHEN: I would say “not later than” rather than “not sooner than.”
MR. SOONTHORNSIMA: “Not later than,” that’s what I meant.
MS. KLOSS: Maybe the way to do it is to focus on contemporaneous development of the standards. Then when they are implemented matters less than getting the alignment of the standard.
MS. GOSS: Especially because claims attachment has a really bad history of being —
MS. KLOSS: What we don’t want is to end up with two solutions, even if they are just a little bit different.
DR. SUAREZ: The other reason to mention the timing is that under the current statute, under the current Affordable Care Act statute, the requirement is for the Secretary to publish final rules on attachments January 1, 2014. We’re already past that. The compliance date for attachment standards would be two years later, January 1, 2016. So what I’m trying to address with the recommendation is actually to push it out to align with Meaningful Use Stage 3, which at this point is January 2017.
MS. GOSS: Is it really about aligning with the goals of Stage 3, not the timing of implementation?
MS. KLOSS: Right, just so we aren’t modeling when they get implemented. It’s getting the standards developed.
MR. SOONTHORNSIMA: We are saying that it has less value unless they are aligned. That’s what, really, we are saying.
DR. COHEN: Maybe we should separate those two issues, the timing and just the specific —
MR. SOONTHORNSIMA: The specific standard.
DR. COHEN: Make sure that it’s aligned with Meaningful Use Stage 3 when it gets implemented.
DR. SUAREZ: So the standard should be aligned with Meaningful Use Stage 3. What about the timing? Do we say anything about the timing?
DR. COHEN: Separate it out.
MR. SOONTHORNSIMA: The timing to be determined as appropriate.
DR. GREEN: Is there any reason to say anything about timing?
MR. SOONTHORNSIMA: No.
MS. KLOSS: Especially since they’re behind.
MR. SOONTHORNSIMA: I don’t think we know. We have no data to suggest any timing.
DR. STEAD: It seems to me the key point you made is that you want to align the development of the standards, which are distinct from the regulation and incentive program.
DR. SUAREZ: The timing —
MS. GOSS: The underpinning standards should already be aligned, because a lot of this is coming out of the Health Level Seven world, and those are the same ones that are meeting on Meaningful Use. So it’s more about the policy around them and the expectation of use around them, I think, that might need some clarification.
DR. SUAREZ: Part of the consideration here is that at the end of this year, as we heard, there will be an NPRM, notice of proposed rule, with Meaningful Use Stage 3 recommendations about the metrics, the Meaningful Use incentive program, and the standard. The expectation is that that type of standard that is going to be recommended to be adopted for Meaningful Use Stage 3 would be aligned with the standard that we would be recommending shortly after, I suppose, when we make all the recommendations on this. That’s the alignment of the standards.
DR. GREEN: Someone propose language for recommendation 3.
MR. SOONTHORNSIMA: I’m not sure we need to change it. Sorry to keep going in a circle here. That’s really the point, Meaningful Use 3 and attachment standards need to be aligned. Unless they are aligned, let’s not tacitly adopt something.
DR. GREEN: Maybe “adoption” is the word that matters here, not the timing. So maybe recommendation 3 becomes, the adoption of these standards should be aligned with the implementation of Stage 3 Meaningful Use Program.
DR. SUAREZ: So what is the recommendation? Deleting the word “timing” —
MR. SOONTHORNSIMA: “Adoption” is the word we need to change.
MS. GOSS: The adoption of the standards should be aligned with the adoption of the Stage 3 Meaningful Use Program.
PARTICIPANT: Or with the implementation of it.
PARTICIPANT: You adopt the standards first and then implementation takes place after.
DR. GREEN: “Align with implementation of Stage 3,” would that work?
DR. SUAREZ: So the wording would be — I’m sorry, this is a PDF file; I don’t have a Word version of this — we will be deleting this “timing for” and then it will be “adoption of these standards should be aligned with the implementation of Stage 3,” and delete this part.
MR. SOONTHORNSIMA: If we’re saying Stage 3 has to happen first, then that’s not —
DR. COHEN: No, we’re not saying Stage 3 needs to happen first.
MR. SOONTHORNSIMA: Therefore, what he just said is not correct.
DR. SUAREZ: I don’t think the word “adoption” necessarily would be the — I think it’s more, the implementation of these standards should be aligned with the implementation of Stage 3. Really, there are two implementations. If we say “adoption of these standards,” it gives the impression that we won’t adopt the standard until the implementation.
DR. GREEN: Write that down. Let’s see what that looks like. Get rid of “timing for the adoption” and start with “implementation of these standards should be aligned with the implementation of Stage 3 Meaningful Use Program as much as possible.”
DR. SUAREZ: Exactly. So I’m deleting this “timing for the adoption” and replacing it with “implementation of these standards should be aligned with,” then deleting this part, then say “implementation of Stage 3.”
DR. GREEN: Right.
DR. SUAREZ: This is a PDF file, so I can’t edit this particular version of it. But we will take care of it.
MS. MILAM: Walter, you might be able to use the comment feature so people could at least see the typing. Then you can highlight.
DR. SUAREZ: So this would be the change. Then I would just insert a word here. Instead of the “timing for the adoption,” it will say “implementation of these standards should be aligned with the implementation of Stage 3.”
DR. GREEN: Other comments about these recommendations, or questions?
I have one. I want to build off of what Alix was — Alix, a moment ago, said what I have heard Bill Scanlon in years gone by say about the importance of being able to unite claims and clinical data. If you now look at the way recommendation 3 reads and then we go back to recommendation 2, do these two recommendations line up right? When we start saying that in 2013 we recommended adopting standards for broad application of attachments, now we’re rescinding that. We’re retracting that. We’re saying — I’m exaggerating this — don’t worry about the clinical stuff; just do this stuff that’s needed to adjudicate a claim.
Is that what recommendation 2 means?
MS. GOSS: I don’t think so. I think that recommendation means, dip your toe into the water methodically. Don’t make it a ubiquitous attachment standard. Start out with something and get some experience with it before we move on.
Would my subcommittee members agree?
DR. GREEN: So in this letter we are refining those recommendations by recommending that the initial focus on the standards to be adopted be limited? Is that the word we want to say?
DR. SUAREZ: It’s limited to the health-care claim. The key is, before, we were saying that it should apply to claims, eligibility, prior authorization, referrals. Here we’re saying, no, no, instead of applying to all of those, let’s start with only claims. That’s all it says in this recommendation. Don’t apply the requirement to apply the standards to all these other transactions starting at the same time. Just start with one transaction, claims.
DR. GREEN: Okay, I get it. So let’s talk about the “i.e.” Why is the “i.e.” there?
DR. SUAREZ: These “i.e.’s” are examples of claim attachments, attachments associated with a claim.
DR. GREEN: I think you mean “e.g.” You mean “for example.” Let’s get rid of “et cetera.” “Et ceteras” don’t help.
My memory doesn’t seem to work as well as it used to, but it seems to me that we heard very direct testimony from some parts of the industry that really want to restrict the use of attachments to the information that’s necessary for adjudication of claims. I’m just suggesting that we be careful to not let recommendation 2 mean that we agree with that. That’s my point. We believe the day is coming when the clinical and administrative data flow together and we can make sense of them.
DR. STEAD: You made a very clear statement of what this recommendation meant. I don’t think the text is as clear. What you’re really saying is that you want to limit it to — you have your sentence: “claims, eligibility, prior authorization,” et cetera. “In this letter we’re refining those recommendations to limit the initial implementation to claims.” Then have the words you have around HL7 and so forth — is a “to follow” of the nature of the limitation.
MS. GOSS: I also think part of the limitation is that we have had more experience with robust HL7 claims attachment-type standard and implementation efforts. We haven’t done that for a preauthorization or an eligibility claim. We have experience here. We know the market wants it. They’ve gotten benefit out of it. They are willing to dive in on this one. Let’s start there with claims attachments, because —
DR. STEAD: Understood. I think you have enough more words there that are making the simple limit to claims
MR. SOONTHORNSIMA: Maybe we could flip it. We can wordsmith it later, but to your point, start by saying we need to limit it to just claims, even though — flip those sentences.
DR. STEAD: And the experience comes earlier in the letter.
MR. SOONTHORNSIMA: We’ll take care of that. We’ll start by saying the recommendation is to start with claims, even though we recommended back in June 2013 — instead of having them read two or three sentences before you get to the recommendation.
DR. SUAREZ: So you’re saying limiting the initial implementation to claim attachments, rather than applying it to all the others.
MR. SOONTHORNSIMA: Yes. We’ll start with that.
DR. GREEN: And then the recommendation comes along and says “then implement that in alignment with the implementation of Meaningful Use.”
Alix, you’re good with that, I hope.
MS. GOSS: I am. I’m trying to go back and remember the hearings. I don’t remember all the details. It’s a while ago. But it works for me.
DR. GREEN: Okay. What else? Have we done recommendation 4?
DR. SUAREZ: Recommendation 4: “Due to the complexity of health-care claim attachments, HHS should work with the industry to implement a series of pilots addressing various types of covered entities and business situations where health-care claim attachments are needed, to develop and document best practice before universal rollout.”
This is emphasizing, first of all, let’s start with claim attachments, and because of the complexity of claim attachments, let’s do additional pilots and get a better sense of how the rollout of the implementation will happen.
MS. GOSS: I’m wondering now, after all this other discussion — this is really just health-care claim attachments — if this is also about getting at all the other points that we thought maybe needed to be explored, the exceptions that we have under recommendation 2.
DR. SUAREZ: Pardon me?
MS. GOSS: Under recommendation 2, we have all agreed to take out — we’re retracting our June 2013 perspective to eliminate eligibility, prior authorization, referrals, et cetera, from the attachments’ scope. I’m wondering, under recommendation 4, if this is more than just claims attachment types. Do you want to develop different document standards from HL7 to support the business needs, if it’s also looking at those other types of transactions that happen in the administrative/financial world. Or do we really mean to say this is just health-care claims?
MS. KLOSS: This letter is entitled “Claims.”
MS. GOSS: So we really did mean it? Okay. Thank you.
MS. KLOSS: I think what was our thinking here was the idea of inserting the pilot process. This was a great opportunity to pilot, refine before a standard was final and implementation was obligatory. I think, if we do anything to this recommendation, maybe we emphasize the importance of using a pilot process.
MS. GOSS: And it is all the way around. We are not road testing there fully before we’re asking millions of people —
MS. KLOSS: And we thought this was a really important one to test that approach.
DR. GREEN: Recommendation 4 seems to me to be quite clear. Is anyone unclear about what it means or object to what it says?
Jim Walker, are you there?
Walter, anything else about this letter?
DR. SUAREZ: No. That’s all we have on this letter.
DR. GREEN: Okay, what’s the next thing?
Agenda Item: Standards — Health Plan ID; Coordination of Benefits; ICD-10
DR. SUAREZ: Let’s go to the next letter. This letter combines three topics, basically. This is our last letter. It combines three topics: health plan ID, the coordination of benefits — one of the earlier transactions, part of the HIPAA transaction — and the ICD-10 discussions and hearing. Those are the three topics covered in this letter. I’m going to go very quickly through the three elements.
The first one is health plan ID. With respect to the health plan ID, there is a final rule already in place that says basically that the health plan ID is. It’s adopted. Health plans have to comply with the enumeration process. We heard earlier this morning about the health plan ID process that CMS is implementing. It takes two or three days to obtain a plan ID. There is a requirement to obtain one by, I think, November 1 of this year and then begin to use it by the beginning of November of next year.
So there’s all that already in place. The final rule has been published.
The one question that came out was, while the health plan ID is a good idea for a number of programs, such as the Affordable Care Act marketplaces or the implementation of reform or, for example, the compliance certification program that is coming up, the concern is that the requirement to use the health plan ID in the health-care administrative transactions was not anymore needed, that there was actually a potential of disruption of the process for routing and exchanging health-care administrative transactions.
In other words, right now, if a provider sends a claim to a payer, they can include a specific payer ID that they need to send that claim to. The health plan ID is a different number, enumerating a different body or potential sub-body of a health plan, and if that was the one that I needed to put in the transaction, the claim would go to a different place erroneously, and that would create a major disruption of the processing of claims.
The recommendations are two, basically. Number one, we should rectify in rulemaking that all covered entities will not use the HPID in administrative transactions and that the current payer ID will not be replaced by the HPID. That’s a very significant, very important recommendation that basically is asking the Secretary and HHS and CMS to issue appropriate corrections with respect to the expectation of the use of the HPID in a transaction, meaning that there is no requirement on the use of HPID in the administrative transactions, so that the payer ID, a different ID used by providers to route the transaction to the appropriate payer of the claim — the payer could be different than the health plan ID. That’s what is important in this processing of claims. So there would now be a change in that and the claims would route to the wrong place.
That’s the first recommendation.
The second one is that HHS should further clarify, in this upcoming certification of compliance final rule, when and how the HPID would be used in health plan compliance certification and if there would be a connection with the federally facilitated marketplace. That’s the second recommendation.
So the HPID should not be used in the transactions. That’s the first recommendation. Then the second one is, for the other uses that are in the final HPID rule, which includes health plan compliance certification, there should be further clarification about how the HPID is going to be used and if there are any other uses, like for federally facilitated marketplaces. That’s part of what we would recommend be included in the compliance rule.
Those are the two recommendations about the health plan ID.
DR. GREEN: Let’s just discuss these.
Maybe there’s no animation on this because my memory is that no one could tell us what a health plan is, and so it was very difficult to decide what the ID was. Then you couldn’t decide what it was for. It looks to me like these two recommendations sort of thread that.
MR. BURKE: I’ll try to shed a little light. To distinguish, in recommendation number 1, a health plan from a payer, not all health plans are payers. Half of the people enrolled in a health plan are enrolled through a self-insured product, where a separate entity — often a health plan, but not always — is a third-party administrator and is the payer. The self-insured account hands the health plan its checkbook.
Does that help?
DR. GREEN: Yes. I think you make the point very well. A health plan is not a health plan, is not a health plan.
MS. DEUTSCH: For the last letter of recommendation that we wrote from the previous hearing, we asked for clarification of definitions, et cetera. This is not repeating what was in that. This is additional information that we have learned subsequent to that letter.
DR. GREEN: I guess we’re ready to go on.
DR. SUAREZ: ICD-10 delay: We only have one recommendation there. Basically, what we heard in the hearing was — we already knew, of course, that there is a delay, another year. So the question was, really, what do we need to do to ensure that there are no further delays and that there is a smooth transition into ICD-10? I think the most significant aspect of this is really being more proactive in terms of educating Congress and others with respect to the merits and the reasons why we’re adopting ICD-10, so that there is a better expectation that there is not going to be any more delay and that there needs to be more work around how to implement it, not any more about when to implement it.
So that’s basically the main recommendation. We already have heard the amount of work that CMS is doing, expanding their education, their outreach, their plans for end-to-end testing and implementation of end-to-end testing and all that. I think we just need to be more proactive in informing and educating Congress about the merits of ICD-10.
So that’s the only recommendation we have about ICD-10.
DR. GREEN: Comments?
Walter, I think you have worn us down.
DR. CHANDERRAJ: I have one question. Is educating the Congress the right word? Are we saying they’re ignorant? Are we saying that we’re going to educate them?
DR. SUAREZ: One of the roles that we play certainly is education and outreach to the industry and to Congress and others. By saying “educating Congress,” we’re certainly not implying they are ignorant or don’t know or understand. We just need to educate them specifically about the merits of this.
MR. SOONTHORNSIMA: It’s a euphemism for “lobby.”
DR. GREEN: Raj, what word would you prefer rather than “educate”?
DR. GREEN: “Inform.”
PARTICIPANT: It would be better if the industry did this, by the way.
MR. BURKE: How about “reemphasize”?
DR. GREEN: Raj, what do you want to see here?
PARTICIPANT: “Reemphasize” might be good, “reinforce.”
DR. GREEN: So instead of “inform” or “reinforce,” say “reemphasize”?
PARTICIPANT: It implies we have already done it and we’re continuing to do it.
DR. GREEN: So HHS should take proactive actions to reemphasize the merits of ICD-10 — reemphasize to Congress.
MS. GOSS: Do we know for a fact that they have been given that tutorial? We know they have heard the bad stuff, clearly. Do we need to say “reemphasize”? Could we just say “emphasize” and just not get into that dynamic?
PARTICIPANT: We should educate them.
MR. SCANLON: It would be much more powerful if industry leaders would — if you put a recommendation for industry leaders.
PARTICIPANT: So who do we send that to?
MS. GOSS: Are you saying replace it or add it?
MR. SCANLON: Add it.
DR. GREEN: HHS and industry.
MR. SCANLON: Industry leaders.
DR. GREEN: Or “HHS should work with industry leaders to”?
DR. CHANDERRAJ: I think “emphasize” is better than “educate.”
MR. BURKE: I agree. I like “emphasize” better than “reemphasize.” How about getting rid of the word “action,” too?
DR. GREEN: Okay, we’re going to leave this in the Standards Committee’s hands now. This is your last chance for commentary today, to and for.
DR. SUAREZ: We didn’t talk about coordination of benefits, but we didn’t have a recommendation about coordination of benefits. But it is important to acknowledge that we did have a hearing about this transaction. Most of you might not have heard too much about coordination of benefits lately, but it is a significant transaction, a transaction that has created a number of issues. Most of the issues are not related to the standards per se, because a standard for conducting coordination of benefits is the same standard as the health-care claim transaction. But for the most part, the issues are related to the business processes and business rules.
So we’re emphasizing the point that we need operating rules to be developed for coordination of benefits. But that is something that is to be developed by the organization responsible for developing operating rules.
So we don’t have any specific recommendation about coordination of benefits. But it was important to highlight it and acknowledge that we did have the hearing on coordination of benefits and that we identified as the main issue this issue around business rules, not so much the standard per se.
DR. GREEN: Okay. Ob, Terri, Walter, you’re good to go?
MR. SOONTHORNSIMA: Yes.
DR. GREEN: Our next step here will be that they will do their magical stuff and bring us finalized versions to look at in the morning. Is everybody good to go with that?
I want to take this opportunity to move into recruitment mode and advertise that there are opportunities for you to join the Standards Committee. There is plenty of work. We will hear more about it in just a few minutes. There’s a lot of work here. The membership is a little thin, and we need to expand that.
The way you’re looking back at me, I think, instead of recruiting, that sounded more like a warning.
Thank you all very, very much. Debbie and I will certainly welcome your feedback about the way we did this today. We want to continue to learn how to do this process better. We’re open for suggestions, so let us know.
We’re privileged to have Charlie Rothwell here. Come join us, sir. Thank you very much for making time for us and coming for what we have so briefly labeled “NCHS Update.”
MR. ROTHWELL: Actually, thank you. You’re the ones who had to travel all the way over to Hyattsville. It’s great to be able to present to you. I just have a few things for you.
One is about you all. You’re probably wondering when the replacement for Marjorie is going to be and what’s happening with Donna and Debbie, and those types of things. Unfortunately, things go slowly in government, especially hiring, especially at a high end. We have yet to make a selection. There’s a position that reports to me that is basically responsible for NCHS’s planning and legislative activities. The person who will be in that role will take over the responsibility of being the secretariat, if you will, for the committee. Until that time, Debbie has that, and the staff will remain where they are once we make this hire.
But I felt that it was too much to ask Donna to take on everything else that was on her plate and the new things that she was going to take on her plate that Marjorie had and this committee. I thought that the committee needed to have a more direct line.
Anyway, that was my idea. Unfortunately, it hasn’t moved out as quickly as I would like. We also have a vacancy for the deputy director of NCHS. We’re in the throes of interviewing on that. I’m hoping that there are some good candidates. I haven’t seen them yet, but hopefully they will be given to me and I’ll have a chance to interview them.
So that’s my number-one priority. My number-two priority is this position. Then there is, for lack of a better word, a chief information officer or chief innovation officer — there’s a variety of terms they come up with now — somebody who is going to be leading our data dissemination activities from an IT perspective and also tune us into CDC.
So those are the three positions. I just wanted you to know how it impacts you all.
The other is that I gather we still have not resolved the payment issues with people on the committee at various times. I apologize for that. I thought it had been resolved. Hopefully it soon will be. But I think I said that six months ago. But hopefully that will be taken care of.
Last week was an interesting week. We had the early release of HIS, the early release program. The reason why this — it’s not unusual. We do it every quarter, but it just so happened that this quarter was the first quarter of the year that corresponded with ACA being in place. As you know, the ACA really wasn’t in place at the start of the year, through a variety of issues. But we came out with a report on Tuesday that said that there had been a significant impact on health insurance coverage in the United States.
I would like to take another look at this — sort of a statement about what I think a federal statistical agency is about, why we have them, and why they are important to you all and others.
I guess it was three months ago, four months ago, there was — how would you say it? — a brouhaha about the Census Bureau. In the Census Bureau, basically what they had done was to change some of the questions on the CPS to better monitor health insurance. This has been in the works for some time. It had been in the Federal Register. Everybody knew what it was about. Frankly, they did it because what they were collecting was not as good as it could be.
So they did this for all the right statistical reasons and got lambasted in the press for basically knuckling under to the Administration, perhaps trying to cover up what the negative impact of the ACA might be. That was not the case at all — at all. But that’s what played in the press, and it made good press.
I had a chance to talk with the Census Bureau director. He was greatly concerned about this, not just relative to health insurance, but with the credibility of the Census itself. We decided together to do a joint presentation in August. We got the public affairs folks out of the room. We called it a technical briefing. Basically, what we did was we made a presentation to other researchers, to policymakers. There were people on the Hill. There were also media that were listening in, and it was also a webcast.
What we tried to do was explain, number one, what these two surveys were, why we collect health insurance in different surveys, why that makes sense, and what you can do with these surveys and what you can’t do with them, and what they can expect in the future, and then what they’re going to expect, not next month, but next year. We’re in this for the long run. I tried to explain in my short presentation that this is nothing new for the Census or us. We have been doing this, at least in NCHS, since the late 1950s, and Census has been doing it for equally as long. We have changed the questions during that period of time because, frankly, ACA is nothing — nothing — compared to how the health insurance has changed in the American landscape over the last 50 or 60 years. Medicare wasn’t even in existence at that time. TRICARE was not there. There are so many changes that have been involved in the health insurance landscape that required both our agencies to change how we collect this information.
So we felt it was very necessary for us to make this statement so that when we came out with this information in September, people might not like the information, but at least we hoped they would argue over one data set, they would have confidence in the data itself, and they could make a decision on whether this program at this point in time — i.e., ACA — was making a difference or not. That’s our role as a federal statistical agency, not to say it should or shouldn’t have had an impact, but what did it do. That’s our job. We don’t set policy. We just say, here it is, folks, do it.
The Census was so concerned about this that they did something very unusual, which I am grateful for. I think it also shows, unfortunately, where the country is and what one has to do. They released also, at the same time, their poverty rates, which also include health insurance information, for 2013. We were releasing 2014.
It just so happens, when the Census does the CPS and the supplement that collects this health insurance information, they just so happen to collect this information in the first quarter of the calendar year. So here they were, sitting on — it would seem like they were reporting on 2013 data, and yet they were sitting on 2014 data. I wonder what that shows. What isn’t being said?
They were in a quandary. Federal agencies can only release information through certain types of reports. That has to be preapproved. What were they going to do? We have a fairly flexible mechanism for early types of release, which they do not have. They were willing to provide us their own data to release for them. So we released a comparison of the 2014 data that we had versus the Census. There were differences. There were no statistical differences, as I remember, between the ages of 18 and 64, by certain age groups. There were differences c certainly, but they weren’t statistically different.
So there really wasn’t anything to hide, but we really felt that it was appropriate for us to do this release. What we wanted to make sure was that, whatever people’s expectations were, they believed that we weren’t trying to hide anything, that we weren’t trying to cook the books.
What really amused me was, at the end, the criticism that we got was that the health insurance coverage is much better than that. It’s because, since it was the first quarter, we were only looking at mid-February, if you will, as an average. Of course people came in at the end. As a matter of fact, they came in after March. So there’s much better coverage than this. And why can’t NCHS provide this information even quicker?
As a follow-up to that, I had my senior leadership meeting this morning with Tom Frieden, and guess what the first question he had for me was? “Charlie, why can’t you release this quicker?” I said, well, the Census is only releasing 2013. It doesn’t make any difference.
That’s what I like. That’s where the pressure should be. We’ll have to see. Can we do it even quicker than we have been in the past?
Anyway, I think the job of our agency is to be the — the data that we do produce — we can’t produce everything, but what we do produce should be rational, should be believable. It’s going to have warts in it, but we should be able to document where the warts are, and people should have trust in what it is and how it can be used.
So I thought this worked out very well. I thought it was very much of a — what could have been a black eye turned out not to be one for the federal statistical community. I’m hoping that we can do similar types of activities with other federal statistical agencies, whether it’s the National Center for Educational Statistics, whether it’s with the Bureau of Labor Statistics — a variety of other opportunities where we could come together and really talk about why we need a federal statistical system as we have right now.
Anyway, that made for an interesting day. It was also interesting because, at the same time that we were releasing that information, CDC had something else on their mind. The President was visiting Atlanta on the Ebola situation, which is more serious than you think.
On staffing, Jane Gentleman, speaking of HIS, who has been the longtime division director of the Division of Health Interview Statistics, has announced her retirement. I have named Marcie Cynamon as the acting director. Marcie has been with us for many, many years, is extremely competent. She will keep me out of trouble, I believe, as Jane has done in my short time.
But we’ll miss Jane. Jane had a terrific impact on us. I would not be arguing over 2014 data if it hadn’t been for Jane. We didn’t have an early release program before Jane. We have it now. She is the one that put pressure on all our statistical activities in the center to speed up and get the lead out. We’re going to miss her.
She has also helped us strengthen our outreach to Statistics Canada. As you may know, she worked there for many years. That in itself brought us to have a joint HIS one year with Stat Canada and also helped us help Stat Canada develop what we would call Canada NHANES, but they call it something else.
Budget: Things are looking good. A lot of the agencies were having problems. As I have explained to you in the past, we aren’t completely funded so that we can do our surveys, as I talked about. We need additional funding from a variety of agencies throughout the Department. This year was one of our best years as far as getting interagency transfers of dollars to support HIS or NHANES or the National Survey of Family Growth. We even got funding, for the first time, for doing some activities in Vitals. I was very pleased, because a lot of these agencies have had cuts, and they made the decision to fund us. When you’re cut at home and you give abroad, that really gets your attention.
The other thing I said this morning — because some of these givers were in Atlanta that were with Tom — I just said, thank you very much, because we wouldn’t be able to do what we do without their funding. It was a total of well over $18 million or so that we got in for the center, which is really important to us — actually, that was just for NHANES, I believe. I should have brought my notes, sorry.
I see some of you here, but all of you are invited — and I’m blocking on the date, but it’s in October. We’re having an alumni luncheon. Bruce, Jim, and others, we would love to have you. As a matter of fact, the invitation — I’ll have it sent out to you — should have been sent to all of you. We would love to have you. We’re hoping to have past center directors here, as well as folks who are still scratching their heads on why I’m sitting here, and some of them younger than I am who have retired.
It’s a good time for us. Last week we had our awards ceremony for staff within the center. It really does give you an opportunity to pause to see the strength that we have in NCHS in a variety of areas, from the research end of things, methodological end of things, to data dissemination.
I think we are, as an agency, very healthy. I’m worried about, as I have told you in the past, the move over to the building next door, where we are going to be split up in two. Some of us will stay here. Some of us will move over there. Then we move over here to less space. Hopefully that will work out, because morale is important. I’m worried about that.
Other than that, the other budget problem that we face is that — we have been helped in the past with money from the prevention fund that has allowed us to expand our survey, the questions in HIS, as well as its sample size, as well as support our health-care surveys. Last year that money didn’t come to us. It looks like the Senate has decided that that will be the same this year.
We were bailed out by CDC last year so that we could fund, fortunately, this year, so that we have a full sample size and we have all the questions in the HIS. So we will be able to monitor the ACA appropriately. If we hadn’t been able to, then I think it would have been a real black eye for everyone. But fortunately that didn’t take place. We had the money. Next year is a different question. I think that at that point we’re going to have to reassess — well, we’re not going to be able to have the sample size that we have had. That means that we won’t be able to do state estimates. We will hopefully be able to keep all the questions that we have relative to health insurance.
We’re also going to be redesigning HIS in the coming years. The reason why is that we’re still operating on, not the last census, but the census before that relative to determining how our sample design is. That has to change, obviously. So we’re going to be doing that, as well as looking at it from scratch and saying, what questions do we really need in the HIS? It has gotten longer and longer and longer and longer. What do we really need? Do we need to collect some of these questions every year? Can we break things up a bit?
Why this is touchy is that some of these questions are ones that the folks who pay us the money to keep these surveys in place would like to keep there. So it will be an interesting dance that we have over the next three years or so as we redo our sample size, as well as the questions on our questionnaire.
That’s about it at this point. There are probably other questions you have. I would be glad to try to answer them if I can. Bruce?
DR. COHEN: Thanks, Charlie. Earlier today people acknowledged me for winning a local practice award at the MCH meetings, and I just to acknowledge Marian MacDorman, NCH staff person, who won the national award at the same MCH meeting. On behalf of NCVHS, we congratulate her.
MR. ROTHWELL: Thank you. Marian has done a lot of interesting work, especially looking at issues of infant mortality and issues of prematurity, and comparing us with the rest of the world. It’s not the most simple comparison that the press would like to make. But she has done a great job in that, as well as looking at issues surrounding fetal death. She’s a great credit to us.
DR. MAYS: I just want to echo your sentiment about Jane Gentleman and just say from the committee’s perspective, whenever we have needed anything, she has been wonderful. She’s very generous. And what I like — she’s a solutions person. She’s not a “no” person. When we bring some difficult things to her, she thinks about it. She really does try to find a solution to some of the issues that we put on her plate.
I’m devastated to hear that she is retiring, because she has just been great for NHIS.
MR. ROTHWELL: She is one of the youngest people of my age that I know. She’s great.
Just to pick up on that, I sent her an email this morning, after I had talked with Tom Frieden, after he said, “Why aren’t you even quicker?” I said, “Guess what, Jane?” She came right back and said, “We’ve been thinking about this. We’ll let you know what we would need in order to make this quicker, and we’ll get it to you within the next week or so.”
That’s exactly the way she is. You have nailed her.
DR. GREEN: Any questions for Charlie?
MS. JACKSON: Thanks so much, Charlie. It has been a while since we have been able to get some remarks from you, and the fact that we were here at home base was really important.
I want Donna Pickett to stand up. Donna took charge and was always there for me, for this committee. Things happened behind the scenes, under the table, all kinds of ways that you have no idea of, just to make things happen as far as support. So I just wanted to thank everyone for being here.
DR. GREEN: Jim Walker, are you back?
Charlie, a quick question about that interesting dance about old stuff, new stuff, longer surveys, et cetera. What’s your thinking and what’s the plan for redesigned health care that occurs virtually? How do you envision monitoring care that is rendered without there being a claim, without there being a transaction, without there being a face-to-face encounter, that was through emails that were exchanged during the course of the day — the way health care is actually being practiced now?
MR. ROTHWELL: Golly. We’re having trouble just figuring out how we’re going to get electronic health records for our surveys in health care and get hospital participation and make sure that they are standardized. How we measure those things where I’m dealing with my physician over the Internet, because I didn’t come in for a consultation or something of that nature — I think we’re going to have to do that probably through HIS or something like that.
The problem we are having with our surveys is that they are more difficult to do and more costly to do face to face. It’s getting more difficult to reach people via telephone to have appropriate coverage. There’s this great pressure to say, gee, we have all this information out here that’s collected by a variety of folks. Why don’t we just put it in a big box, stir it up, and see what we get out and make proclamations about it? Some people call that Big Data. Some people call it data mining.
I think we’re probably going to have to look at non-probabilistic sampling more, or at least consider it, consider what some of the issues are and what they are not. By that I mean it could be Internet-based surveys of specific population groups.
But I don’t know. I don’t know. That would be a great topic for your population subcommittee to consider — how one might approach this.
This is going to sound like an excuse. I guess it is. We are driven by what we do. We know how to do surveys the way we have done them in the past. We’re so busy, not just publishing what we have now, but dealing with the survey that is in the field, it’s pretty hard to think about what we should be doing four or five years from now. That’s something where we could have your help, have the help of our Board of Scientific Counselors, as far as how we might consider that.
But I don’t have a good answer for you. I’m sorry.
DR. GREEN: Vickie, I think you get the last word here.
DR. MAYS: Thank you. It’s about budget. We have here before heard presentations and they have often told us, in terms of budget, that because budgets are either too flat or being cut, something that is lost. Can you be more specific about your budget concerns and what that translates into, so that if population or some other group needs to consider this, we can?
MR. ROTHWELL: I have to say that there are many governmental agencies that are not in as good a shape as we are. That being said, our costs for data collection, which are primarily through — not primarily, are through contracts — those contract costs continue to go up, because those folks have to pay competent people in order to keep them employed, whether it’s the University of Michigan, which does our National Survey of Family Growth, whether it’s Westat, whether it’s the states, who are providing us vital statistics and need to have their systems in place and their staff paid.
What that does is, as those 1 percent, 2 percent, 3 percent, 4 percent increases take place, as well as now, fortunately, increases to the salaries — there will be a 1 percent increase, I gather, for our staff for this coming year. I think that’s what the proposal is. That will come out of our hide. They are not giving NCHS 1 percent of its salaries in order for us to give a raise. They are saying, take it out of your hide. This has been happening for a number of years.
So we are thinner. When I give Tom back his thing on HIS, we are very thin. The same people who are analyzing the data as it’s coming in from the field are also the ones that are trying to write the reports on the data that has already come in. We are very thin as far as the methodological staff who are going to be looking at the redesign of HIS, because, by the way, some of the people who are writing those reports and looking at the data coming in are also going to be working with our form staff, our research methodologists, to do the redesign.
We are spread very, very thin, and so when something new comes up, it’s very difficult for us to respond.
For HIS, for example, I would think we probably need at least five to six staff. That’s a lot of money. That’s a lot of money, just for that one division. I would think there are several other places in the center that are similar.
Our successes in vitals relative to coding are such that we have been able to take over the coding for the states. But the medical coders that we have, who handle all the coding for our automated systems — all the difficult codes that can’t be handled automatically — they are my age. Some of them are a little younger, but they are about that age. They’re leaving. It takes us three years to four years to train them. I need to fill those positions, but I don’t have the money to do it.
That’s the type of thing that bothers me. Yes, we’re in good shape. Yes, we’re doing a good job. But we’re getting a little rickety. The bone structure is not quite as thick as it used to be. I’m worried about it. But I think that’s the way in many government agencies.
DR. GREEN: Okay, thank you again, Charlie, for your time and coming in and doing this. We appreciate it very much.
You’re welcome to stay for the rest of the day. It’s just going to get better and better.
We’re close to on time here. The Review Committee on Data Standards. I think this is Jim.
Agenda Item: ACA — Review Committee on Data Standards
MR. SCANLON: Thanks, Larry.
We teed this up at the June meeting. I think we’re coming to a successful conclusion to initiate this committee.
Remember that the Affordable Care Act had a number of provisions relating to the next round of administrative simplification. Thanks to the committee’s advice and CMS, a number of those standards and operating rules and others have been issued already.
One of the provisions of that section, Section 1104, required the Secretary to establish a Review Committee — that’s what it was called — to advise HHS and the industry basically on how we are doing with administrative simplification. The focus was to be on assessing and looking at the overall impact of the suite of administrative simplification standards and operating rules that we have already adopted.
The committee certainly helped us tremendously. We looked at and worked on and issued administrative simplification standards over the years. We sort of focused on each one individually. Almost every year and almost at every committee meeting, there was kind of a reflection of how we’re doing on the individual standards the claims standard, for example — and others.
I think the idea here was to set up a committee that would advise HHS and others on how we are doing, how we are doing more reflectively and overall, and to provide advice and recommendations on how to proceed. We refer to that as the Review Committee.
The statute actually said that the Secretary may designate the NCVHS, but it kind of left it open. Of course, that causes all sorts of headaches for our lawyers. Everybody thought it should be the NCVHS. Everybody thought it was meant to be the NCVHS. But it did leave that open. The Secretary could choose some other group if she wanted.
You will remember that we talked a bit at the June meeting. I asked the committee if the committee would be willing to serve in that capacity. Honestly I don’t know of any other committee that could really do this. It would be silly to create another committee or designate another committee, if the committee was agreeable.
The parameters — I want to be realistic about the expectations, though. This is not in a research or grant program or contract program. This is really to be carried out in the normal’s way of review and reflection and assessment of what’s occurring and the normal processes, as you do and as we have spent half the day doing already.
We put a memo together for the Secretary. About two weeks ago, she agreed that the NCVHS would be designated as the Review Committee. So everyone’s happy now, and we’re at the point now where, as we hoped, this committee, the NCVHS, will serve in that capacity.
We have been working with Terri and the co-chairs and staff on what that means and how we would carry it out. I think that will be discussed in terms of this Subcommittee on Standards discussion. I think it was recognized that we already have the expertise, the process, the unbiased and objective approach to things, and the good relationship with the industry and communications with the industry, and that it would make a lot of sense to have this committee serve that.
Thankfully, we have had this committee designated now, and we’re probably ready to move forward on a work plan and a process and an approach, which I think, Walter, you and Ob are going to talk about.
But again, I want to stress, no one wants mission creep here. We’re really not in an expansive situation. We rejected other approaches. We’re really looking at a way now of using the expertise of the committee, the committee processes to kind of give us — as you do almost every meeting, but certainly when we do the annual report kind of a reflective assessment of where we are and where we need to go.
Remember that when we started out on the path of administrative simplification, there were estimates that improvements in administrative simplification through electronic technology could save as much as 15 percent, which is probably an overestimate, of some of the administrative costs in health care. That was 1996. I think we probably have, particularly in terms of the electronic claims attachments and so on. I think CMS alone could probably estimate how much they have saved through electronic and getting almost everyone to do this electronically. And you get faster payment as well.
But I think everyone is still looking forward to the real simplification of some of the other procedures and processes. I think this was, in many ways, viewed as the key, sort of where we are and how we are doing.
Thankfully, the committee is well equipped. Walter, I think we’re going to go over now what the approach would be.
DR. SUAREZ: Thank you. This has been very exciting news and a very exciting process. As I said, we had an amazing and exciting summer, and this was sort of the top of the cake, if you will.
We have heard, as Jim mentioned, officially the announcement that we are being named as the Review Committee. We worked, as Jim mentioned — Terri, Ob, myself, along with members of the subcommittee, and Suzie Burke-Bebee and Jim Sirashi (phonetic), from Jim Scanlon’s office, have worked on putting together what would be a charter of this Review Committee, consistent with those guidelines that Jim mentioned a few minutes ago, really building upon the experience and the processes that we as a National Committee have already established and have proven already several times, really focusing and trying to concentrate our work around certain elements of what we do when it comes to the Review Committee, and not really expand the overall scope of responsibility. It was a perfect fit, really, as we saw it.
The statutory background in this charter of the committee is basically highlighting what Section 1104(i) of the Affordable Care Act stipulates — basically, four things: The Review Committee shall:
• Conduct hearings no less frequently than biennially to evaluate and review the adopted standards and operating rules.
• Provide recommendations not less than biennially to the Secretary for updating and improving such standards and operating rules.
• Recommend a single set of operating rules per transaction, maintaining the goal of creating as much uniformity as possible in implementation of the electronic standards.
• Ensure coordination as appropriate in the development of the recommendations with the standards that have been supported and are specified under the certified electronic health record program of the Office of the National Coordinator.
Based on that, we came up with this charge to the Review Committee. Consistent with Section 1104, the purpose of the Review Committee will be to review existing health-care administrative transactions for which standards, code sets, identifiers, or operating rules — we’re referring to this as standards or operating rules just in general — have already been adopted and are currently in use. It’s really existing standards, code sets, identifiers, operating rules that have been adopted. That’s the focus, really, of the Review Committee, reviewing how things are going with the standards adopted already.
For these existing administrative transaction standards for which standards and operating rules have been adopted, the Review Committee process will determine if the adopted standards, one, continue to meet the current industry needs and there’s no need to change them, two, do not meet the current industry needs and therefore need to move to the next version, a new version, of the standard or operating rule, or three, they do not meet the current industry business needs and therefore there needs to be a new standard, a different standard, adopted for that. Those are some of the possible elements of the work of this Review Committee that will come up.
The following would be not included in the scope of the work of this Review Committee:
• New health-care administrative transactions for which standards or operating rules have not yet been adopted. If we’re going to be looking at a new transaction – for example, acknowledgments — acknowledgments are electronic transactions that have not been named as HIPAA transactions and for which there has not been a formal standard adopted yet. That will be a responsibility of the Standards Subcommittee as part of the work that the standard subcommittee does, but it’s not really under the realm of the work of the Review Committee. If you can think of a larger circle that’s called a Standards Subcommittee, the standard subcommittee has some responsibilities that are above and beyond those that are part of the Review Committee responsibilities under this new assignment. This is a specific one. Reviewing new standards for new transactions will be an activity of the Standards Subcommittee and not really the Review Committee. So that’s not in the scope.
• The second one is standards and operating rules adopted for another set of programs outside of HIPAA — for example, Meaningful Use — which are already under a different process and the purview of a different group, a different agency — ONC in this case.
• Privacy, security, and transport standards would not be within the scope of the Review Committee.
We’re trying to be very clear about the focus and the difference between the role that we would play as a Review Committee and the role that we, the Standards Committee, will have, above and beyond the Review Committee.
Consistent with the statute, the Review Committee will coordinate its recommendations with those adopted by the Office of the National Coordinator. That’s part of what we are already saying and doing in some of the letters that you are seeing — the fact that we need to make sure that there is alignment between the recommended standards, like in attachments, and those being adopted by the national coordinator.
Here we have the description of the designation of the Review Committee. NCVHS has now been designated as the Review Committee. We are providing some background. NCVHS has delegated the responsibility of the Review Committee to the Standards Subcommittee. So the Standards Subcommittee, in effect, will be really operationalizing the process of this Review Committee.
The general organizational roles and responsibilities for development, maintaining, adopting, implementing oversight standards are included below. I’ll mention them in a few minutes here.
Just to be more specific about the difference between the role of the subcommittee as a subcommittee and the role of the subcommittee as the Review Committee, there are the three areas that currently the subcommittee work focuses on — primarily three areas:
• New health-care administrative transactions not yet named in regulations as HIPAA transactions and for which standards, code sets, operating rules, or identifiers have not yet been adopted. That’s one set of activities we do as the Standards Subcommittee.
• The second one is existing administrative transactions that have been named in regulations as HIPAA transactions — for example, claims, claims payment, eligibility, enrollment — and for which standards, code sets, identifiers, and operating rules have been adopted. Again, examples are those here.
• The third category of activities is all other topics within the responsibility of the subcommittee — for example, public health informatics standards, the development of an e-health roadmap, simplification of other administrative processes outside of what HIPAA has focused on.
Those are the three primary activities that we do. As you can see, number two really is the one that will be done as a Review Committee. The other two will be done separate from what we call the Review Committee. I’ll make a point about clarifying that in the process here below. I just wanted to clarify those three distinct areas of activities of the Standards Subcommittee, and which ones really constitute the Review Committee.
The Review Committee membership: All the members of the Standards Subcommittee will be considered members of this Review Committee. The co-chairs of the Standards Subcommittee will act as the Review Committee co-chairs. The lead staff of the Standards Subcommittee will act as the lead staff of the Review Committee. Any other members of the full National Committee can also participate in the Review Committee by joining the Standards Subcommittee, by virtue of being a member of the Standards Subcommittee.
We’re doing a subtle plug to please join us.
The special activities that we would do because of being a Review Committee really will call for sometimes needing to call upon expertise, additional expertise. When that additional expertise is needed, content experts, subject-matter experts, may be invited by the Review Committee co-chairs to address specific issues. Additional expertise would be also accomplished either through limited participation of individual subject-matter experts at Review Committee meetings or the formation — and this is something that we want to put in there as a possibility, not that we will be exercising that all the time — the formation of a time-limited, purpose-focused Review Committee task group. At some point we might decide that we need a special task group with subject-matter experts that can advise the Review Committee on specific topics.
Technical support will continue to be provided by the Standards Subcommittee lead staff and other existing Standards Subcommittee staff and resources. Again, the expectation is that none of this will generate or require any additional investment or cost or additional resources, above and beyond what we are already currently depending on.
What is the process? The Review Committee will basically do these five or six things:
• We’ll be convening a hearing no less than biennially to review the status of adopted standards, code sets, identifiers, and operating rules.
• Convene additional hearings, as necessary, in between these biennially convened hearings.
• Conduct periodic working meetings and working sessions as a Review Committee.
• Engage content experts when necessary to provide advice to the Review Committee.
• Convene, again, these time-limited, purpose-focused task groups.
• Provide, ultimately, recommendations to the Secretary of the Department.
The Review Committee work will be accomplished primarily via our regular process — the virtual meetings, email communications, scheduled hearings, other scheduled meetings like onsite meetings that may be held during scheduled NCVHS full committee meetings and subcommittee meetings, as they are necessary.
The Review Committee hearings: We would be convening them at least biennially. It’s interesting to point out that so far what we have been doing, really, is convening this annually, every June, basically. It has become sort of our customary way of operating. The hearing in June is focused on specifically reviewing the status of standards. That has been our experience over the last three or four years, and it has worked really well.
But consistent with the statute, we’re saying we’re going to convene hearings at least biennially, through the Standards Subcommittee acting as the Review Committee. Those hearings will generally be held during the second-quarter meeting of NCVHS, again usually during the month of June. Then additional hearings besides those may be scheduled at the discretion of the Standards Subcommittee.
All hearings will be conducted in accordance with the FACA policies and our NCVHS practices, including issuing early public announcements about the hearing, developing an agenda and defining the topics that will be covered, establishing a set of questions to be addressed by testifiers, identifying and inviting industry representatives to provide oral testimony, and then also inviting the industry and the public at large to provide written testimony, and then allowing for public input during the hearings as well, as we have done consistently in all our hearings. All of them will be public, and we will be making them also available remotely through voice and webcasts.
The purpose and content of these hearings: We thought it would be important to identify certain elements in them that are really addressing the points that are expected to be addressed by the Review Committee. At the Review Committee hearings, testifiers will be asked to address a set of specific predefined questions that will go around the following points:
• The current status of implementation of all HIPAA-named transactions and their corresponding standards and operating rules. We really need to now be more deliberate about covering all the HIPAA transactions. For example, at the last hearing just this past June, we held a special hearing on one transaction that we haven’t really focused on too much over the last few years, coordination of benefits. Now we have added that, making sure that we have an understanding of those transactions and the status of those standards.
These other points are the really critical ones:
• The degree to which current standards, code sets, identifiers, and operating rules continue to fulfill the business needs of the health-care industry. That’s a critical point, specific to the expectations. Are they still good, to continue to use them, or do we need to modify them?
• The degree to which the use of the standard or operating rule results in discrepancies, ineffectiveness, or inefficiencies in the implementation of a transaction, which causes conflicting or unanticipated negative impact to transaction implementers and the industry as a whole. So we’re going to ask testifiers, okay, if you don’t think that this standard is meeting the current business needs, explain to us and tell us how it is that they result in discrepancies or ineffectiveness, inefficiencies in implementation, and that creates some conflicting or unanticipated negative impact.
• Any inability or limitation of the standard or operating rule to meet new and emerging business needs of the industry. One of the things is, well, today they do meet the needs, but we just have something that’s coming up called ICD-10, just to give you an example, and the current standard doesn’t meet that business need. So we need to begin to think about how to update, if you will, or change the standard to allow for the industry to meet new or emerging business needs.
• Whether changes in current standards and operating rules for any particular transaction are needed. If this doesn’t meet the standard, what is it that we need to do? Change the current version to a new version? Change the current standard to a different standard?
The DSMO, the designated standard maintenance organization, as well as all the SDOs, the data content committees, the DCCs, and the operating rule authoring entities, ORAEs, will be invited to testify and address these questions for each of the existing named transactions. In addition to that, groups representing different sectors of the industry will be asked to review key — I mean, these groups, actually, will be asked to review key maintenance changes made to existing standards or operating rules since the last report to the Review Committee. Certainly the standard development organizations will be able to tell us what has been changed, what has been modified since the last time that they presented to the Review Committee.
Representatives from various segments of the health care industry — payers, providers, clearinghouses, public programs, vendors, and others — will be also invited to testify. The health care industry at large will be invited to submit written testimony. All testifiers will be requested to provide, as much as possible, objective data to support their testimony, to explain any instances where the standards are not meeting the business needs. As much as possible, this can include analytical data, market research, cost-benefit analysis, other forms of objective analysis.
Consistent with the Affordable Care Act, the Review Committee will, subsequent to each hearing, provide recommendations to the Secretary on the need to update specific standards. The Review Committee will prepare a letter similar to the ones that we have prepared to the National Committee, and this will be presented back to the full for action and approval at the next NCVHS meeting, before it gets sent to the Secretary as a Review Committee letter.
Again, the same kinds of things that we have been doing with respect to letters: findings, themes, observations, and recommendations will incorporate what’s in the written and oral testimony received by the Review Committee, as well as any input received from subject-matter experts or time-limited, purpose-focused working groups.
The Review Committee will also ensure that any changes in standards or operating rules recommended to the Secretary will be coordinated with the standards adopted by the Office of the National Coordinator. Subsequent to the full NCVHS decision, the formal letter of recommendations will be sent to the Secretary.
That is basically what we have developed as a charter. In the charter we have attached the Review Committee statutory reference. This is actually the language in the Affordable Care Act, Section 1104, now coded as Section 1173 in the U.S. Code: establishment, interim and final reports, interim final rules. All these elements are the original language in the regulation.
Then, very briefly, there is Attachment 2. This is sort of a picture of the work that is being done with respect to standards today. When you think about standards development and maintenance, there are all these organizations involved:
• For the DSMO, the standard development organizations.
• For the code sets development and maintenance, the data content committees responsible for them.
• For operating rules development and maintenance, the operating rules authoring entities that are responsible for them.
• For standards and operating rules rulemaking and mandate, certainly CMS, the Office of eHealth Standards and Services, is responsible for that.
• Then for the standards and operating rules oversight and recommendations, the NCVHS Standards Subcommittee is the one responsible for guiding those. Again, just to separate the two, for new transactions, it will be the NCVHS Standards Subcommittee and for existing transactions, this will be acted upon as the Review Committee.
That’s basically all we have.
DR. GREEN: That’s it? Oh, my gosh, Walter.
Did someone just join us on the phone?
MS. HENRY: Yes. This is Maureen.
DR. GREEN: Thank you. Welcome.
The purpose of our next discussion here is to collect your reactions and commentary about this charter and to get feedback about it so that Jim Scanlon and Debbie can hear that and then they can finalize this charter in a way that allows us to go forward.
Is that fair, Walter?
DR. SUAREZ: Yes.
DR. GREEN: Okay. Bill and then Alix.
DR. STEAD: As I read this, I couldn’t tell whether the scope of the Review Committee is limited to HIPAA-named transactions and related operating rules or whether it’s actually something related to the ACA, which might be bigger than HIPAA. I didn’t know. I therefore couldn’t work out in my head how different this would be than the regular report on HIPAA.
That was one question.
The second question is, it seems to me that if we can identify the scope, under this charge, we actually have to have a systematic way of knowing we are addressing each one each time. So it’s not just reacting to comment. We actually have to systematically know where we are with each one.
Those are just two thoughts — well, one question and one thought — that I didn’t see explicitly in this.
DR. SUAREZ: Great observations.
On the first one, very quickly, the Review Committee — the statutory language that calls for it talks about reviewing the adopted standards and operating rules established under this section. When you go back and review what “this section” means, it is the HIPAA portion, because this has been inserted into the HIPAA structure, the section in the U.S. Code that is HIPAA. So this is intended to primarily focus on standards and operating rules adopted under the HIPAA regulations in the U.S. Code.
So that’s the first specific answer to that.
The second one about — great point — my sense is that, at least within the two-year period, the biennial period, we need to ensure that there is a way to evaluate the adopted standards. By that I mean it could be that a hearing about, as an example, eligibility transactions — during a hearing, we hear that everybody is okay and everything is going fine, there are no issues or questions. It will be a short evaluation process. There is no reason for doing more than that.
But my sense at least — and it hasn’t been fully defined — is that within that two-year period that the statute is calling for, we would review the standards adopted for all the administrative transactions. There are only eight, to tell you the truth, at this point.
DR. GREEN: Bill, further comment?
DR. STEAD: I’m sensing that we might need to go beyond hearings, in some way to find out if there are data that will tell us where things are and are not working. If we could get data on problems — what are the reject rates for each of these? — I don’t know what it is, but whatever data there would be that actually would give us a vital sign on each of the transactions and related rules, and to have that side by side with a hearing that explores more of the why, rather than having the hearing actually be the survey, if you will, of these problems.
MR. SOONTHORNSIMA: I think, Walter, once a year, when we have the DMSO report and SDOs, in June, typically, if I remember correctly, they would go over some statistics. We need to go back and relook at that just to make sure that we actually have those practices in place.
MS. GOSS: But I think it needs to be more than the usual suspects. I think that’s what Bill is getting at.
MR. SOONTHORNSIMA: We need to back and relook at whether or not we have done that, making sure those practices are much more formalized, to Bill’s point.
DR. GREEN: Alix, go ahead.
MS. GOSS: A couple of things. I agree with what Bill asked about, because I was also a little confused about it and thought that it might be worthwhile, not in the charter, but maybe in an ancillary document, for the subcommittee to have a finite list or at least the section references that put the standards and operating rules within one place and say, this is where you go to find exactly what you need. Then we can almost have a checklist. I have been doing this for a while, and I got confused.
DR. GREEN: Let me say back to you what I’m hearing the two of you say. You want to see added to the charter —
MS. GOSS: I don’t. I want an ancillary working document for the committee that has a charter.
DR. GREEN: So you want in the charter a reference to an ancillary document that says, and these are the things that you are going to review.
MS. GOSS: I wasn’t going that far. I just want a worksheet to guide us, because you know what? As much as I don’t Walter and Ob to ever be term-limited, it’s going to happen.
DR. GREEN: You want a document that answers the question, what is the Review Committee supposed to review?
MS. GOSS: And look at on a regular basis, so there’s no question. There’s danger there.
DR. GREEN: Is that what you want, Bill?
DR. STEAD: I think that is part of what I’m wanting. I’m also wanting a hook of data-driven surveillance of what’s working and not working, in addition to the hook for hearings, because I think the two need to work together.
DR. SUAREZ: Yes. We need to get some measures and metrics around these.
DR. STEAD: That doesn’t have to be in the charter if there’s a way to dilute the focus on hearings, because the hearings are just part of it.
MS. GOSS: And I hear “resources to do that” and I see none coming along with this duty.
DR. GREEN: So let me say that back to you. You actually also want something to say that there will be data collected about the what in preparation for the hearing.
DR. STEAD: We will obtain objective data about which transactions and rules are showing signs of effectiveness and signs of failure. We should be able to look at that —
DR. GREEN: As opposed to holding a hearing every other year, where a bunch of people get invited to come in and tell us what they think is going on.
DR. STEAD: Using that data to guide the hearings.
DR. GREEN: Got it.
MR. BURKE: Bill’s asking for telemetry, which guides the intervention that will come from the hearing. You want ongoing monitoring.
DR. GREEN: Terri, you were about to say something.
MS. DEUTSCH: I think what he’s saying is that something that we did talk about is that we would have analyses that would determine where the problem areas — I’m going to put that in quotes — are as far as the standards and operating rules, and then we would hold hearings to get more analysis on it. The reason that we at this time did not include it is that that’s pretty resource-intensive, and we didn’t think we had the capability of doing that. As a compromise, we thought that if we added the statement that if someone is going to testify and say that there are issues or problems with the standard or operating rule, they would provide the data and the analysis to demonstrate that there was this concern. Then the hope is that maybe in the future, when there are more resources, it could switch and it could be driven more by what we identify.
MR. SOONTHORNSIMA: Bill, we’re relying on — there are three conditions. One is to review whether the current standards or operating rules should continue because they are meeting the industry needs, and if there are conflicts. When situations like that arise, we envision that the SDOs or DSMOs and the operating rule authoring entities would surface it through their vetting process, through their normal operations.
So when you are talking about measures and metrics, my takeaway is that we need to check to make sure that those organizations are already tracking the adoption or any challenges and issues that they are facing. They have committees that do this already.
So it’s not additional work on the committee. In fact, it is a subset of what we are currently doing. That’s really the spirit of what we put together here.
DR. SUAREZ: I think what this is creating is an opportunity for us to be more structured, consistent, systematized in not just the way we process the information about which transactions we’re going to cover in each hearing, but also working with the industry to consistently collect those metrics about how things are evolving, whether they are working or not. In reality, the industry is the one that is — it is on the industry to collect that information. The expectation is that the National Committee will not be doing the actual data collection, but working through industry organizations that we already work with to collect that information in a more systematic way.
DR. STEAD: But won’t the Review Committee be able to make recommendations, just like the National Committee does? Those recommendations can be about the type of data that needs to be collected and aggregated to let us understand the health of the transaction infrastructure.
PARTICIPANT: But the committee won’t be collecting that.
DR. STEAD: We don’t have to collect it. We have to have access to it.
MS. GOSS: I would propose that this is worthy of conversation that does not need to hold up our ability to finalize the charter, especially because it’s caught up in a whole bunch of other issues. I think it’s something we really do need to look at. I like the way that Walter was describing it, as something reproducible that we can tap into to trend and figure it out. But it’s going to take us a while, I think. It’s a must-do, I think.
DR. GREEN: You had a second point, too.
MS. GOSS: Moving on, if I may, I have a couple questions.
I have a question under the charge of the Review Committee, what’s not in scope, Walter, at the bottom of page 1, on why we included transport with privacy and security and why that was kind of thrown in here. I get security and transport, but it was just an interesting bucket list.
DR. SUAREZ: Yes. What we have been arguing in general is that we organize electronic standards into message content, message format, vocabulary, terminology, security, and transport. Those last two are areas that we have, as the National Committee, really not been involved in.
MS. GOSS: I’m okay with that.
In regard to the ONC coordination — and I’m really glad to see us proactively addressing our coordination with them and the other FACAs — I think an ancillary activity to the charter is for us to come up with a protocol about how we resolve the gray areas and the stuff that really isn’t in one camp or the other, but where we’re going to work together. I’m already seeing it happening, but I think we need to formalize that more, because players change.
MR. SOONTHORNSIMA: Is that done at the subcommittee level or at the Review Committee? Keep in mind, this is in the context of the Review Committee.
MS. GOSS: Since I’m sucked into both, I’m having a hard time distinguishing it.
PARTICIPANT: New and old.
MS. GOSS: I think it should be new and old. I think we should be proactively coordinating with them, especially as we’re going to start to see conversions. I see that continuity-of-care document and their e-clinical quality measure reporting expectations under Meaningful Use actually driving a lot of the data that people are looking for.
DR. GREEN: Anything else?
MS. GOSS: On page 4, DSMOs are made up of SDOs and DCCs, so I was a little bit confused as to why we’re calling them out. It seems duplicative to me.
DR. SUAREZ: Good catch. Yes, the DSMO organization is formed by SDOs and DCCs. There is a DSMO organization that provides annual reports to the National Committee and then there are the SDOs and the DCCs that separately will be able to provide advice and input.
MS. GOSS: We’re just letting them come without having the consensus approach of the DSMO.
DR. SUAREZ: Yes, definitely.
MS. GOSS: I’m good with that.
Under the last main bullet, “Consistent with ACA,” at the very end of that paragraph where it says “presented to the full NCVHS for action and approval,” and it says “at the next,” I would propose that we label that “a subsequent.” It isn’t always immediate.
DR. SUAREZ: That’s fine.
DR. GREEN: Linda, are you sure you don’t want to bring something else up?
MS. KLOSS: Not on the charter.
DR. GREEN: You think you’re okay with the charter.
MS. KLOSS: I reviewed my concerns last week and several of them got incorporated.
I really care deeply, though, about the issue of stepping back and looking at how the committee intends to go forward with this. I guess I’m recommending that the committee as a whole take some time to deliberate on this, framing that, then kind of more formally delegate the subcommittee to incorporate that into its work. I think this is really an opportunity to look at how the committee carries out a charge — and I’m going back to Bill Scanlon — where we set some goals. We’re trying to help the industry reduce administrative costs by X over the next ten years. If we could start kind of big-picture and look at that and set some goals for ourselves — I don’t think it needs to built into the charter — but then think about how that can be done — because all of this burden may not only fall on the Standards Committee. There may be some other work that can be done.
So I think this would be worth an hour or two or a half a day by the full committee to think about how to do this. It’s an important charge. I think we could come up with measures and milestones, and I think that would be a great help to the subcommittee, before you jump off into what is really a very complex new task.
MR. SOONTHORNSIMA: Could that be done at the National Committee level? That’s what you are —
MS. KLOSS: I am. I’m saying, when we come together in December, take three hours and really work on how we might innovate this review process, before detailed work plans get laid out and hearings get set. Just step back a little bit.
MR. SOONTHORNSIMA: Yes, absolutely.
DR. SUAREZ: And I’m very glad you mentioned this, Linda. I think more and more we are operating as a National Committee. For many things, we are all getting together to talk about all these topics, and it’s very valuable to hear the various perspectives from population health about privacy and security across the board. I can picture the process being more of a National Committee-driven process in which the Standards Subcommittee really functions more as a behind-the-scenes operating — kind of an organizer, if you will, coordinator. The hearings perhaps — and this might be something that will come up in December — the hearings themselves might be National Committee hearings rather than Standards Subcommittee hearings.
MS. KLOSS: That’s why it was important that the delegation be from the Department to the National Committee.
DR. SUAREZ: Definitely the designation is the National Committee, the full committee. So I think that’s a great perspective.
DR. GREEN: So the full committee is getting complicated. We have these subcommittees and then we have a working group and now we have a Review Committee. They all channel together. It probably would be a good time to stop and think about how we’re going to operate this thing.
I have one more question. Then we need to take a quick break and get started on our next business item, which is very exciting and may require you to open up different parts of your brain. You might want to jump up and down a while and wake up. It really is one heck of a product we’re about to look at.
I want to ask a quick question about the timing. By statute, we’re already behind. It wasn’t appointed by the time it was supposed to be appointed. It wasn’t charged by the time it was supposed to be charged. Can you just give us some sort of clue about when the launch date is?
MR. SCANLON: I think we have launched it today. I will duly note in my report that the committee has been established.
MS. GOSS: And is it really that we’re looking to approve a charter? Is there a protocol around that meeting to be adopted? To Linda’s point about trying to put a little context more into this — I guess I’m trying to kick the can, Larry, a little bit, down to 2015 — I think we should get through that kind of deliberation, discussion, bigger picture of what we really think we need to be accomplishing, how it ties to a roadmap.
MR. SCANLON: The charter is your guidepost. It’s not like a FACA charter. The committee still has all of its methods and procedures and leeway that it normally has. So does the Subcommittee on Standards and Security. Within the language here, there’s nothing that would preclude metrics.
My only worry is, I don’t want you to expect that a lot of resources and original data collection is going to take place. We’re largely going to be relying on the industry data. You can recommend to HHS that metrics be established and that the industry report on metrics, but I don’t think it’s realistic, to be honest to the committee. We’re not going to have the resources to do any sort of survey or big evaluation. It just won’t — I don’t even want you to think that would be possible.
On the other hand, you can recommend that industry — that these are the metrics we would like to see them do. The Medicare program itself is the biggest payer of all, and I think they probably have metrics as well. We get them reported on internally. It’s a good reflection of what is happening generally. I think for that certainly we could do that.
I just want to be realistic. We’re not going to have, nor should we be having, an advisory committee collecting — it’s just not a good idea.
MS. DEUTSCH: I just have a question. I think everybody is talking about the procedure and process of how we would implement. The charter is one thing that we are presenting today. We are not prepared in any way to talk about process. That didn’t even enter into the situation. So I guess we would want to know, is there a problem with the charter? The next steps then would be that we would talk about — whatever methodology is used — what the process will be.
DR. GREEN: That’s exactly right. Debbie?
MS. JACKSON: Using the next meeting to do that usually the ending meeting of the year has been very strategic. You remember that what we did last year was what set the course for the committee meeting as a whole. That happened in full committee discussion. We didn’t have any actions at that time and it really kind of worked out.
So that we can finalize the discussion on this, I’m wondering if we can call for public comment on this component so that when we go into the stewardship, it will be a new segment.
DR. GREEN: Yes, we can do that.
MS. JACKSON: Any public commentary on what has been going on in the last couple of hours?
I just wanted to check. Thank you.
MR. SCANLON: Remember, the SDOs actually wrote in to the Secretary. Did we share that letter, Debbie? They are recommending and affirming that that’s who they thought they meant in the statute. At any rate, that’s how it was drafted.
DR. GREEN: Okay. Until tomorrow, when we will be finally approving letters, I think you standards guys can take a break.
We’ll take a ten-minute break. My apologies to the toolkit folks. We will get going.
DR. GREEN: Do we have anyone on the phone?
DR. WALKER: Jim’s here.
DR. GREEN: Welcome back, Jim. We’ve asked you about seven questions so far this afternoon. I’m just teasing you. We did inquire if you had other things to say. We’re glad you are there.
We’re just a little bit behind now, Jim. We’re at our 3:45 agenda item about the stewardship toolkit. Our plan here is analogous to what we have done with the standards work so far. This is the time for discussion, discernment, debate, deliberation, and preparation for this becoming an action item for the committee tomorrow morning. We’re going to turn this over to Linda and Leslie and Maya.
PARTICIPANT: Are there other people on the phone?
MS. HENRY: This is Maureen. I’m on the phone still.
DR. GREEN: Anyone else?
Agenda Item: Stewardship Toolkit
DR. FRANCIS: Let me open this first by thanking everybody for all the hard work, especially Maureen. Let me also say that we had a webinar, which was a committee first. I want to thank the staff. I see Debbie over there cheering. We had a lot of folks who gave us enormously helpful comments.
We have had since then comments from committee members, several of them, not all of which we have had a chance to incorporate. So if some of those come up — and I believe they will during the course of this discussion — we should make sure to assure you that there is still plenty of time. We hope we’re all satisfied with the basic framework, but if there are bits that need still some revisions and help, we are certainly wanting to do that, and I think we can do that consistently with getting this finished because I think they are small bits, or at least I hope they are fairly small bits.
Linda, maybe you want to say something about how we’re going to do this discussion. I know that there has been a request for one public comment that might be of general interest, so we might want to take that before we go section by section.
MS. KLOSS: Our game plan is to scroll through the document and, not read it, but call for comments on sections. The pace of this — we have plenty of time. We really have until 5:30. We don’t necessarily need to use every minute until 5:30. In fact, what the subcommittee would like to do is reserve some time to talk about two additional topics: dissemination, brainstorm with you on how we might get maximum dissemination for this, and then engage you in some discussion about where the subcommittee should focus its efforts now that this major project is, at least hopefully, coming to a close.
I think that kind of gives us a sense of timing. We have enough time. You will help set the pace. So that’s our plan.
DR. FRANCIS: Maya, you said there’s something with a public comment?
MS. BERNSTEIN: Would you come forward? You have a public comment to make, and if there is anyone else who has a public comment on this document, after Mike. Introduce yourself and tell us who you’re representing — who they are and why you are here.
MR. DE CARLO: I’m Michael DeCarlo. I’m the director of health IT policy for the Blue Cross Blue Shield Association, but today I’m here on behalf of the Confidentiality Coalition, which is a broad group of hospitals, medical teaching colleges, health plans, pharmaceutical companies, medical device manufacturers, vendors of EHRs, biotech firms, employers, health product distributors, pharmacies, pharmacy benefit managers, health information and research organizations, clinical labs, patient groups, and others, founded to advance effective patient confidentiality protections. Through our diversity, our members are able to offer a nuanced and comprehensive perspective on the impact of any legislation or regulation affecting the privacy and care of health consumers.
It has been around a long time, probably going back to the mid-1990s, when the HIPAA rule and PIPA law and rule were both under development. It has a long history and a broad experience dealing with issues related to privacy and confidentiality, and specifically is focused on issues lately with the high-tech changes to the HIPAA law, particularly with the data stewardship user toolkit.
We’re pleased to support the community data user toolkit. Like NCVHS, we believe strongly that:
• One, good data stewardship practices should be encouraged across communities.
• Health-care data plans can provide tremendous benefits to the health-care system for individuals.
• Third, a failure to use the appropriate data stewardship practices can result in both privacy harms and inappropriate or ineffective use of health-care data.
The Coalition advocates for policies and practices that safeguard the privacy of patients and healthier consumers, while at the same time supporting policies that enable the essential flow of patient information that is critical to the timely and effective delivery of health care. Timely and accurate patient information leads to both improvements in quality and safety and the development of new life-saving and life-enhancing medical interventions.
We believe that the proposed toolkit is an important project that provides a useful framework for community users and others in their efforts for appropriate data stewardship activities related to health-care data. We believe that the data stewardship principles outlined in the toolkit are useful, address the correct ranges of topics, and should be understandable and usable by community users. We also believe that these principles may have important uses in other contexts, such as with the mobile application developers who are attempting to integrate these principles into application design.
We have paid particular attention to the sections of the toolkit discussing de-identified data. Appropriate uses and disclosures of de-identified data are important issues of concern for many of our members. We believe that the appropriate uses of de-identified data present significant benefits with small risks to individuals. Good de-identification practices should make re-identification extremely difficult. Use of de-identified data whenever possible is a good privacy practice, as it reduces risks of breach and violations of personal privacy.
While we support the useful discussion of these issues in the toolkit, we would appreciate the opportunity to work with NCVHS on minor revisions to the toolkit to correct or clarify certain limited areas of confusion or ambiguity in the discussion of de-identified data.
We appreciate the opportunity to express our support for this important project. Please let us know if you have any questions about our comments or if we can be of any assistance to the NCVHS with the toolkit, on de-identification topics or otherwise.
If you need further information, we ask you to contact Tina Olson Grande, chair of the Confidentiality Coalition and senior vice president for policy at the Healthcare Leadership Council.
MS. KLOSS: Thank you.
MS. BERNSTEIN: Can I just ask very quickly, Mike, I saw in my email that your group sent some comments, which I have not perused. Are they these comments or are they the minor corrections and amendments?
MR. DE CARLO: The minor corrections.
MS. BERNSTEIN: You sent us those already.
MR. DE CARLO: I haven’t, but I can.
MS. BERNSTEIN: Okay, that would be great.
DR. FRANCIS: Maybe when that section comes up, we can all talk about how to deal with that.
MS. KLOSS: And feel free to stay there. We might come back to you for suggestions from you on dissemination. It sounds like you have a wide net that can help us get this product out.
Bruce, do you have a comment?
DR. COHEN: I was just curious about the minor corrections that you mentioned —
MS. KLOSS: If you don’t mind, we’ll wait until we get to the de-identification section.
DR. COHEN: Are they around the de-identification section?
MR. DE CARLO: Yes, they are.
DR. COHEN: Okay.
MS. KLOSS: Any other intro comments?
DR. FRANCIS: We definitely want to get it right, so corrections on various things.
DR. COHEN: I d have a comment on the intro.
DR. FRANCIS: Okay, that’s where we are, page 4.
MS. KLOSS: If you will recall, when we were together in June, this was much briefer as an intro. But the committee suggested that we be more thorough in our discussion of what the toolkit is intended to do and who the audience is. Hopefully we have accomplished that.
DR. FRANCIS: I do know, Bruce, that you brought up including a definition of community.
DR. COHEN: Yes. I don’t know whether you need me to repeat the stuff that I already sent. I don’t know whether everybody on the committee has seen it or not. I don’t know how you want me to handle that.
MS. KLOSS: Everything that has been sent to us has been channeled to Maureen. We’re prepared to do another version update following this meeting. So if you have already submitted it, it’s in the works.
DR. FRANCIS: But this one in the works was to include our prior definition of community.
DR. COHEN: Probably on page 3 rather than on page 4, there are a couple opportunities in the introductory paragraphs to include the definition of community.
But Mike’s comments actually raised an issue for me. Your focus was clearly on using data in the health-care, issues around privacy and confidentiality related to health-care data. I don’t know whether we ever talked about the focus on use of public health surveillance data and health-care data to encompass the context of what we’re really talking about.
I don’t want this to be totally focused on health-care data. It’s not, clearly. So somewhere in the beginning, discuss the broader context. I haven’t read it carefully enough to — but he just reminded me that that needs to be in —
MS. KLOSS: Certainly the focus is on non-provider uses of data. I think that threads through.
Anything you would add on that, Maureen?
MS. HENRY: What I would say is that we were focusing on provider, but we were also thinking about surveillance data, as well as non-health-related data, like other things within a community that might be relevant. We were trying to cast the net broadly. It was challenging to get all of that in context without going too far afield. But that’s what we were aiming for. So absolutely, at least in my mind, I was thinking about surveillance data, as well as data from providers.
DR. COHEN: So maybe in that section, what the toolkit does or something, just a sentence or two that the goal is to cast this wide net, as you describe, Maureen, that includes provider data, public health surveillance data, and other data that communities might use in their investigations of public health — however you want to phrase it. Just make it clear that it’s all those things.
MS. HENRY: Sounds great.
MS. KLOSS: Thank you.
Page 4: why a toolkit, why now, what the toolkit does, and then a description of appendices. Any urgent, compelling comments?
We move then, on page 5, into a couple of pages just framing pretty foundational data concepts: the brief description of thinking about data across the lifecycle, on page 6 original versus repurposed data, and then on page 7 the relationship between technology and the data lifecycle. Those are really helping people expand their thinking about these data, if they aren’t people who think about these data all the time.
Any comments on those framing pages?
MR. SOONTHORNSIMA: Just one. On page 7, the relationship between technology and data lifecycle, I think that’s a really good section. I wonder — because it sounds to me as I read this that this is really about gathering or storing of data — I don’t want to shortchange that section, because I think it’s much broader in context. For example, it might be collecting the data, aggregating, transmission of data — sort of get into more lifecycle technology — not that. That’s really lifecycle data. Technology, if you think about it, means so many things to different people.
This triggered a thought. Mike, in your comment you brought up mobile. That’s a piece of technology, for example, of how to disseminate or consume the data. You see where I’m going with that? Without getting into the whole discussion around technology, I think that’s what the context here is — collecting, aggregating, transmitting or disseminating of data. Those are different pieces of technology.
MS. KLOSS: So you’re saying to describe the types of technology that support data across the lifecycle.
MR. SOONTHORNSIMA: Thank you. That way you don’t have to get into too much detail.
DR. FRANCIS: Could you say the words you just said? I was trying to write them down. Collect, aggregate
MR. SOONTHORNSIMA: Collect, aggregate, transmission, use, disseminate.
Keep it simple enough so that when somebody reads this, they can give examples of technologies that they use to collect, to exchange, disseminate, report, whatnot. There are different relevant technologies for those actions.
MS. KLOSS: Good. Anything else on data lifecycle? Vicki.
DR. MAYS: This is just a minor thing, but I kind of kept coming back to it. That’s the term “community health data users.” Some people will see themselves as that and others not. I was trying to think of another phrase to use, either “health data users for communities” or “health data users in communities.” It’s an identity thing. I just think some people — oh, well, this doesn’t apply to me because I’m this or that.
MS. KLOSS: Well, it’s not minor. It’s quite foundational, because it’s the title of the document and we have used it throughout.
MS. GOSS: It took me reading this document to — by the time I got to the end of it, I got who it was for. I struggled. Was it research? What was it exactly, in the beginning? I think your point is spot-on.
MS. KLOSS: Okay.
MS. MILAM: I think we heard a lot of that at the webinar. At the end, somebody testified as to what they thought the target audience was, and one of you said, “Aha, that’s it. That’s what we need to put in the document.” I’m wondering, did that find a home in the beginning, and where is it?
I don’t know that we ever really unpacked the testimony from that webinar. But that was, to me, an important takeaway. I thought we would perhaps reframe some of this document to get focused on who our audience is.
DR. FRANCIS: I think it would go in the introduction. The introduction was trying to do that. If it doesn’t capture that — it’s the kind of thing — the second and third paragraph of the introduction. But we could say a lot more there.
MS. MILAM: And I don’t remember — it was one of the invited guests and it was towards the end of the day. It might have been Denise Chrysler. I just don’t recall. But it would be in the transcript, I’m sure.
DR. MAYS: I just kind of went back and forth when I went throughout and said, well, that’s that group. Then I realized I kept having different groups. That was kind of where it came from.
DR. FRANCIS: We could also introduce the community group-government group distinction. This is meant to be relevant to both.
MS. KLOSS: I think maybe we can tie it also to the prior reports from the NCVHS on community uses of health data. It needs to be linked to that.
MS. MILAM: Some of them, I felt, were a little blurred in the past, and it wasn’t as important to get them distinct. But it really is now. When you look at who we call the community, we had folks at the state level releasing UB data, we had leadership from health information exchanges, we had researchers at universities supporting communities, and then we had people in the communities. So when we think about who is going to use this toolkit, I think we need to be really clear and pick who that audience is, or is it everybody.
MS. KLOSS: So you would favor narrowing it.
MS. MILAM: I would. I think when we heard the webinar, we heard that there is a gap, that they need something useful, that they want something shorter. It was very interactive, and as they sort of reacted to who the target audience was, it seemed like there was consensus across them as to, yes, that’s who this toolkit should be for.
I don’t recall right off. Whoever that was, I think we ought to pull that out and make it really clear.
DR. COHEN: I have a slightly different take. I think there might be a primary audience. I do understand the problem with no clearly identified audience or audiences. Even though the end users might be folks in the community, this would be a very valuable tool for data collectors to review, to understand their responsibility with respect to what they need to do prior to when a community uses their data. So I don’t want to narrow the audience so much that we lose the value of the breadth of this document, because I think a lot of different audiences would benefit from understanding this content.
MS. KLOSS: And I think we thought that the stewardship principles are broad enough so that they resonate across the industry.
But we’ll go back and look at that recommendation.
MR. SOONTHORNSIMA: I thought we were defining them based on their role — for example, if they are collectors collecting the data versus people who are doing research, there might be two different groups — and then sort of defining the communities based on their roles as well. I think that’s where you were going. I got that piece. But at the end of the day, you also have a community itself that is the subject of whatever policy that may come out of that. I don’t think they are part of this, are they? In other words, let’s say you live in a certain neighborhood and there’s a study that’s taking shape that might impact me. Do I have a role in this study? I don’t think so. That’s why you want to clearly delineate what you mean by community. It’s based on the roles that they play.
MS. KLOSS: But I think you might very much have a stake in this. Every individual, in some ways, should have a grasp today about stewardship principles and practices.
MR. SOONTHORNSIMA: But I’m not sure this document is addressing that audience.
MS. KLOSS: It’s definitely addressing —
DR. FRANCIS: It addresses them at least derivatively, in the sense that if data from you or about you are being used by someone else, what can you reasonably expect?
MS. KLOSS: And what should you be expecting? If you know more about the stewardship principles, you will perhaps push back if there hasn’t been disclosure or you haven’t been invited to express your opinion. So I think we deliberately kept this a little broad-brush because you can’t chunk out the users. It’s converging.
MS. MILAM: I guess I disagree with that. We have a set of principles, and where they find value is where they have been tailored to the specific audience. For example, ONC has taken the same sort of privacy principles and said, okay, in HIE, here’s what it means for you. Here’s how you can do consent. It doesn’t work that same way for a researcher maybe or for somebody not covered by HIPAA. So you have different laws covering different groups where you sit, and you have then different values and different approaches to application of these principles for where you don’t have HIPAA or where you don’t have an HIE, where you have, generally, a community receiving mostly de-identified aggregated data, but sometimes collecting its own or getting other data, and needing to know how to secure it and how to work with the information in a way that it’s safeguarded and how to publish results without breaching confidentiality, which is where I think we are with this. Others will find value from it, but I think for it to have real value is for it to be tailored to those uses, as opposed to trying to be something for everybody.
MS. KLOSS: I think our reason for having an Appendix B with the federal and state laws was to make sure people were clear that, for certain situations, there are specific, delineated laws.
DR. FRANCIS: A checklist is — different roles might be subject to different law, but you need to think about what law you might be subject to. And that’s something that applies to everybody. If you’re a researcher, you have to think about research rules. If you’re in public health, you’re going to have to know what your state rules are and so on.
It was meant to be at least a high-level that far and then to be more specific, particularly for the kinds of issues that the primary community audience would hit.
MS. KLOSS: Bill.
DR. STEAD: First, I want to say how much I really like this. I get the tenor of the discussion. I found it to be a very helpful general primer to people interested in doing this kind of work. It pointed to when you needed experts quite quickly — like, if you’re going to do this kind of analysis, you need an expert. So we may want to, as we do the edit check, make sure those hooks are there, because over time, then, much as you have your current checklist and appendices, pieces can get built out as people need it.
I do think it’s a bridge too far to make it the resource for the individual member of the community that is not part of a community-improvement effort. At that point it would need to be rewritten in whatever the current standard is for pieces. That’s the language that ought to be in a notice, for example, not in the overall primer. So I want to support the level that you have done.
MS. KLOSS: On page 8, we have discussed on this briefly the governmental versus non-governmental data collectors and users.
Then we really begin to introduce stewardship as a concept on page 9, in that little diagram that follows us through the —
DR. STEAD: The next-to-last line in the data stewardship section, “communities to advance health must trust” or “will trust”? Is “must” the right word there?
MS. KLOSS: I’m sorry, were are you?
DR. STEAD: The next-to-last line in data stewardship, I don’t see how it could be “must.” I think that must be “will.”
DR. FRANCIS: Or “can.”
DR. STEAD: “Can,” yes.
MS. KLOSS: Anything else on introducing stewardship?
DR. CHANDERRAJ: Linda, I have a comment. I agree with Sallie that keeping it a broad, encompassing thing probably won’t get you the information that you are looking for. I think it’s more likely that you will get more information if you channel it in the identified parameters where you are collecting the public health data to address certain issues that are affecting the national health in general. There are eight identified disease processes, and I think if you go after them, just like the Framingham study went after reducing the cardiovascular morbidity in the country — they looked at data and they came out with reasonable conclusions about cholesterol, smoking, and hypertension — that kind of channeled collection of data would be more important to address the public health issues than going in a broad, undetermined way.
MS. KLOSS: Larry?
DR. GREEN: One way to listen to what people are saying here is that we have a dispersion of opinions within the committee about who the intended audience is for this. I don’t want it to be too encompassing, but I think it will help us if we remember that this document is pretty darned organic. It came from communities trying to improve their health by measuring things and using data. They tried doing this at a local level. We heard a great variety of approaches to this, from coast to coast. We have had several hearings. We have done direct interviews with people who are trying to do this. I don’t think we want to lose sight of this at this stage in the game.
This toolkit, as I understand it, is fundamentally for communities, as defined the way — Bruce has encouraged us to say, let’s define this thing up front, because everything turns on that.
We have to, in our discussion, settle on how particular and how general it is to be useful to all sorts of communities, from small, rural communities on the eastern plains of Colorado to Los Angeles. And it might even be useful in New York, who knows.
But what I want to just express an opinion about is, I think it’s really coherent as presented now for community users who are not the usual suspects. They are not people who have been studying hypertension for the last 30 years. These are folks that come out of a PTA meeting and say, “We have to do something about violence in our neighborhood.” Simultaneously, in Indiana, someone else is coming out and saying it’s the teenage suicide rate. It just goes on and on and on.
So we are looking for generalities here that create this — the toolkit is the notion that you — even you and even your community, even in your state, even under your circumstances — here is a place where you can figure out how to get started on acquiring, using, understanding, applying data.
You guys fix this if I’m framing this wrong, but I think that’s where we’re trying to land, right there.
MS. MILAM: I have an idea. On page 3 is where you’re going, Larry, in that bottom paragraph. The sentence is, “The purpose of the toolkit is to support community data users by promoting,” blah, blah, blah. It’s that “community data user” term that is causing the problem. What if we bump it up to “communities”?
DR. FRANCIS: Or “communities using data.”
DR. GREEN: Yes, that’s what it should say.
MS. KLOSS: And then we’ll insert the definition of community. That works. Thank you. Thank you, Sallie.
Now we step through the stewardship topics over the majority of this document. As this was being developed, we were really looking to flesh out the stewardship framework as it appeared in the letter to the Secretary that went to her in December of 2012. We had some debate about whether we include all of the principles or whether we have some or whether we group them. But we settled on including all of them with a consistent flow and format.
Any comments or suggestions on accountability, page 10?
DR. STEAD: Is “focal” really “focal” or is it “local”?
DR. FRANCIS: The question was, did we mean “focal” or “local”? We meant “focal,” a person who is the focus. We might want to make sure that word is clear. A central person?
MS. KLOSS: Or a person who is the topic of the information. Something a little more vernacular.
DR. STEAD: I didn’t know if it was a person that was focused on that community, and therefore knew the community and how to bring this, or whether it was a person that knew the resource.
MS. KLOSS: Okay.
MS. BERNSTEIN: Did you mean somebody assigned for that role in particular or something like that?
MS. KLOSS: Yes. Page 11? Or are you on page 10, Walter?
DR. SUAREZ: I’m on several pages. As I was looking at this and looking at the structure on page 9 of the elements of data stewardship, I was wondering about the choice of order in the sequence. For example, I think openness, transparency, and choice should be a much earlier element of the data stewardship structure there, probably below accountability.
Another thing I noticed is that the last one, “protect de-identified data,” in the table of contents is actually called “Data De-identification.” In fact, the heading of the section on page 27, which is where I think that section starts, is “Data De-identification,” and the table of contents is actually “Protecting the De-identified Data from Re-identification and Disclosure.”
I think we need some consistency in the title —
MS. KLOSS: Matching the title.
DR. SUAREZ: But then the larger question really is the choice of order in the disaggregation of the components of data stewardship and my recommendation, I guess, of bringing up “openness, transparency, and choice.” “Openness, transparency, and choice” is sandwiched between “data security” and “de-identification,” which don’t seem to flow well in the document, in my view.
MS. KLOSS: Maureen, could you comment on that ordering? Any thoughts on that in terms of the flow and what it would do to resequence these?
MS. HENRY: I don’t specifically recall where we got this, but it has been moving around over time. I don’t see any objection to moving the sections around. I think there were some reasons why we didn’t go exactly with the stewardship letter. Frankly, I don’t recall what they are right now. We could go back to that.
And yes, you’re correct. Some of the sections got changed following webinar and I did not go back and get the titles changed.
MS. KLOSS: Thank you. In general, we tried to make each of these sections sort of stand alone, because we envisioned that they could be hyperlinked on our website and you could just read whatever page you wanted to, and it needed to stand alone. So I don’t think resequencing makes any difference.
MS. BERNSTEIN: I’m sympathetic, in some parts, to what Walter is saying, because we normally talk about stewardship in terms of the lifecycle of the data. First we collect it, then we store it, then we use it, and then we disseminate it. That normally makes sense.
But I do think in this case talking about accountability makes some sense first, because what we’re saying is that you need to bake in somebody to be responsible for this process before you start down the road of collecting it. It does no good to talk about accountability, as an example, at the end, when we normally talk about — we normally talk about it as, who’s responsible when something goes wrong. But what we would prefer, I think, to do here is to say, assign somebody up front to be the person responsible before you take on any of these tasks.
DR. SUAREZ: My suggestion was actually —
MS. BERNSTEIN: About the other things, I understand that we could make it work in a different order. As Maureen said, they are designed to be independent.
DR. SUAREZ: I don’t have any issue with accountability being first. I think openness, transparency, and choice should be right after accountability.
DR. CORNELIUS: It seems curious, though. Right above that there’s a beautiful phrase that says “Nonlinear, Overlapping Concepts,” which to me means that these beautiful things on page 9 — as a social worker, I always think of the phrase “start where the client is.” A community may move these things in one order. Another community may move it in another. That fits the idea of nonlinear. We’re having a wonderful discussion about where to place it, but once this toolkit goes out, it may bubble in a different way.
DR. SUAREZ: While I agree with the concept of nonlinear, it seems to me that in a document there needs to be some logical sequence for some of this — not sequence in the sense of linear, but at least sequence in the sense of flow of information. If you sandwich “openness, transparency, and choice” between “data security” and “data de-identification,” it seems very odd in any sort of sequential document, even if the community can pick it up and independently only focus on open, transparency, and choice.
MS. KLOSS: Point taken. Mike?
MR. DE CARLO: Going back to where Walter started this conversation, that was one of the comments from the Coalition with regard to de-identified data, and the thought was that it ought to be framed as a privacy stewardship practice in and of itself rather than as a data utility. The way that it’s stated here is “protect de-identified data.” There was a suggestion that it be changed to “create de-identified data,” as one of the stewardship principles.
MS. KLOSS: Thank you.
Are you ready to move to page 10, accountability? Page 11, community and individual engagement. Vicki?
DR. MAYS: I was trying to figure out when to do the — not boxes, but the little round things. There’s one on 10. There’s one on 11. There are different ones. Maybe I’ll try to do a general comment.
MS. KLOSS: There’s one for every —
DR. MAYS: Yes. Some of them really identify the person, like this one about Vanderbilt. Are they really okay about this being put out? There’s good and there’s bad in it. Then the repurposed blood sample — I kind of had a different perspective of what they were surprised to learn about. It was not that it was being used, but that it was a breaking of the contract.
Are these their words? I guess that’s what I’m trying to get to in some of this. This is an instance where — would this be what this Native American group would say? You want to make sure that it’s kind of true to their words.
In one of them there is this issue of “hard to reach.” There’s a conference that’s called Hard to Reach Survey, something or other. They have been getting all kinds of criticisms about — because it’s predominantly minority groups that they are saying are hard to reach.
MS. KLOSS: You mean that phrase, using the phrase “hard to reach”?
DR. MAYS: Yes. Like here, the hard-to-reach group you’re talking about is Chinese adults. Some people would say they are not hard to reach at all. They’re hard to reach because we haven’t worked in the populations and we haven’t developed the same methods. So we give the Hard to Reach conference group a lot of grief about that phrase.
MS. KLOSS: So we should change that, from a sensitivity standpoint.
DR. MAYS: Yes.
MS. KLOSS: All right.
DR. MAYS: And then in the others, when you characterize something, I would run it by them and say, would you say this is what it is? Otherwise, you might get criticized about something where, by running it by them, they would change the language a little bit. In the repurposed blood samples, I think you would get some different perspectives.
DR. CORNELIUS: Just to follow on that item on page 11, without actually saying the name of the tribe, this is a very controversial ethical case. It’s actually in the public domain. I was wondering why — we should either name or not. I purposely have not said it on the microphone, but —
MS. BERNSTEIN: I also thought, actually — I mean, that’s a public case. It’s very well known. You can find that case. If you look up Arizona State and that issue, you will find all that stuff.
MS. KLOSS: So we should do a review of each of the case studies for sensitivity and make sure we have the necessary approvals.
Are we ready to move to page 12, continuing with community and individual engagement?
And page 15?
Purpose specification: Any comments on page 16, 17, or 18?
DR. COHEN: On 17, I guess the whole idea of repurposed data — and I sent Maureen some detailed comments, but I just wanted to reemphasize it. I’m going to venture my guess that 80 percent of the data that communities use are repurposed data. A lot of it is public health surveillance data that are obviously collected for other reasons or by government. That’s why I think this toolkit is not only valuable to communities who use repurposed data, but to raise the awareness of the data generators, who don’t really look upstream or downstream about how their data are being used.
I think it’s really important, from the perspective of this toolkit, to provide more examples of the use of repurposed public health data. I gave Maureen six or seven different examples. Opioid death data is really very current, teen birth data, infant mortality data, the investigations of cancer clusters. There are an enormous number of data items that aren’t clinical — STD data — that are really commonly used by communities to help them develop their sense of priorities that I think should be mentioned throughout some of these sections that focus on responsible use of information.
DR. FRANCIS: Those are very helpful examples. We’ll make sure that several of them get in at least.
DR. STEAD: In addition to purpose specification, you have what I think of as framing the question, which may be a step between purpose and your data quality and integrity piece. In the data quality and integrity piece, you say you need an expert if you are getting into the analysis. Framing the question by which I have sort of been taught is, how do you take a draft of the answer and test whether it would in fact meet your need, before you start trying to collect the data? Purpose specification could include that or not. I’m not sure. But it’s a very important part of analysis. It’s what Bob Dittus calls, write the abstract before you collect the data.
I don’t know where that fits. It could be in data quality and integrity or it could be here. But it worries me that it’s not either place.
MR. SCANLON: In repurposing data, it’s generally a one-way interaction. In other words, if you collect the data for administrative purposes, you can use it for research and statistics and aggregates. If you collect it for research or aggregate purposes, you shouldn’t be using it to make decisions about an individual — a community maybe. But — Maya knows this as well as I — to some extent, it’s one-directional. That which is collected for research or community assessment should not then be used against an individual.
That’s the only point.
DR. SUAREZ: One other comment on this point. I think there’s an important difference between primary collection of data, data collected by the community as a primary collection process for which the community has defined a purpose for that collection, that one thing — defining the specific purpose — another thing is, the community is doing a project and is going to use data collected and available in the public domain. That data that is available in the public domain seems to have a different character in terms of the expectations for what people might call repurposing of the use of that data. At the end of the day, the public-domain data is available, generally speaking, for use in any purpose — I mean, generally speaking again.
To me, it seems like emphasizing purpose specification when the data involves public-domain data — it’s important, of course, because it defines the purpose, but it’s a different reason of doing it from, I am going to collect as a primary source the data for this purpose.
DR. COHEN: Walter, I would agree that there is this distinction between primary and secondary data. At the same time, in the examples I gave about opioid or teen birth or cancer clusters, the data might be public, with a capital P, and at the same time, when you get down to really granular levels, because of information that the communities investigating these specific occurrences know, the data, in fact, might lead to some ideas around potential re-identification of individuals or special knowledge that might lead to specific privacy and confidentiality concerns.
So I think, although I agree with your general notion that there are different tracks for understanding the use of primary collected data and secondary data, sometimes secondary data —
MS. BERNSTEIN: But that level of data you’re talking about, at that granular level, would not be in the public domain. We scrub it in advance, right?
DR. COHEN: That’s not necessarily true. Some data sets will publish an occurrence of one individual if the denominator is large enough, but somebody — NCHS, for instance.
MS. BERNSTEIN: I’m just imagining what the examples are.
DR. COHEN: There might be special information that allows the identification of a small number. For instance, if all women who had inadequate prenatal care, all 40 of them in the neighborhood, also were receiving Medicaid — or some other factor, 100 percent of a large number — that identifies people as well.
DR. SUAREZ: I think it’s worth distinguishing between purpose of use and risk of re-identification. I think one thing is defining the purpose of use, which could be X, Y, or Z. Whatever the purpose of use, there could be or could not be risk for re-identification. So I would not link the purpose of use with re-identification risk. I think the re-identification risk by itself is the chapter, and it actually highlights a different concern from purpose of use.
DR. CORNELIUS: I hate to say this, but I will. Again, going back to what I said on page 9, these overlapping — when we are going through these slots, we’re overlapping across domains. Both of the situations are true. If we think about it as one cell, it’s different than when you think about this as overlapping. The complexity of these items needs to be interwoven, because they relate to each other.
MS. KLOSS: I have heard two things that need to be crystallized in this: the public-use data, distinguishing clearly between that and data collected for the purpose, and then the framing-the-question issue, which is relevant whether you are using public data or you are collecting new data.
DR. FRANCIS: On the public-domain data, a more general point of that is that there are different forms of repurposing. That brings in Jim’s point, including repurposing public-use data and so on.
MS. KLOSS: Anything else on purpose specification?
MS. BERNSTEIN: A quick way of thinking about what I think Walter was saying: If you are considering using, collecting, whatever, public-domain data, you are repurposing. You are not specifying a purpose. That is, the purpose was already specified before the public-domain data got created by somebody originally, and now you’re in a different place. So which of those we are in is also maybe a little bit fluid, as Lee was saying.
MS. KLOSS: But you still need to define the purpose of this.
MS. BERNSTEIN: Yes, that’s correct.
DR. STEAD: You have purpose of data collection and purpose of secondary use.
MS. KLOSS: Data quality and integrity.
DR. COHEN: The third line, the second word should be “are,” not “is.”
DR. GREEN: There must be a better definition of objective data than that.
DR. WALKER: That entire paragraph talking about objective data — it might be more useful to talk about data with low likelihood of bias and data with higher likelihood of bias. There are areas of philosophical tradition in which that reads coherently, but it’s interesting at least.
MS. KLOSS: Okay, good.
DR. GREEN: I think NCHS should take the position that all data are subject to error and bias.
DR. WALKER: Right, some very low likelihood, some much higher. But the question is, how unlikely is the bias to make it unusable or questionable.
MS. KLOSS: Thank you. Anything else on data quality and integrity, page 19 or 20?
DR. MAYS: Page 19, under Review of the Literature, it says, “Data users should consult the scientific literature to evaluate what has already been done.”
Some of the problem with that is, if this is really for the community, they don’t have access quite often to the things that are in PubMed, unless it has been put into — I forgot the public one. There’s a thing now that we have to put things in.
Also one of the struggles that we have is that when we say this, if you don’t have data about some of these hard-to-reach or racial/ethnic minority populations or people who haven’t been in that, then you’re kind of saying that if there’s nothing there, then there’s nothing scientific.
So you just have to be really careful here. I understand what you’re trying to do, but the community actually has less access to this than we realize.
MS. KLOSS: That’s one of those links to experts that we should probably call out.
DR. MAYS: Yes.
MS. KLOSS: Page 20?
MR. DE CARLO: My group had a question about the references in that section to merging data sets. The question was, is this referencing all data sets or just de-identified data sets?
MS. KLOSS: “For additional detail,” is that the area, Mike?
MR. DE CARLO: Just in general, if the merging of data sets is referring to the merging of de-identified data sets.
MS. BERNSTEIN: In the two examples, the first one is an example, I think, of de-identified statistical data getting merged and the second example is administrative data which is identifiable, claims data linking.
MR. DE CARLO: Okay.
PARTICIPANT: It’s not a universe.
MS. KLOSS: Sallie?
MS. MILAM: My comments are on security.
MS. KLOSS: Walter?
DR. SUAREZ: I hate to go back to the “objective” comment and bring in the connection to this validity of merged data sets. And I don’t know what the resolution was on the objective part of it. But I think data quality certainly refers to and relates to relevant, timely, accurate, and complete. I have not seen it associated with “objective.” There are subjective data that are very good, valuable data and that are quality data as well, such as in the surveys. Surveys are opinions, and we say objective data are facts, not opinions. In reality, many of the surveys reflect opinions.
My suggestion is, data quality refers to relevant, timely, accurate, complete, and valid, and drop all the things about “objective.” To connect it back to page 20, there is actually a reference to evaluate the validity and integrity of data. So I think the validity element is critical to quality and integrity here. So that’s what I would suggest.
MS. KLOSS: Okay, we’re going to rework those sentences on “objective.”
DR. MAYS: This section, to me, is hard, if it’s for the community group. I really think you have to keep going back and asking them or suggesting that they work with someone or get someone. For example, just the idea of putting together Medicare claims and the Health and Retirement Study — oh, my god, that’s months of really working at this.
I think they will think, oh, just ask somebody — this example — it’s like, pick an easier one, even the mortality data in NHIS, something where it’s a lot easier. This is really — you need high-level skills to do this.
In this section, a lot of this is very hard, if we are talking about the community, for them to do without an expert. I might start out with, there are some wonderful things that you can do which really require time, resources, and people with expertise that can help you. Then I would launch into it. But I don’t want them to think they can do it.
MS. BERNSTEIN: Could you send us an example of a simpler one?
DR. MAYS: Yes. It’s a little simpler if you use the mortality data and the NHIS. They link them already for you. This is like — the linkages are harder to do. You have to do some of the standardization of the variables and all that.
MS. BERNSTEIN: I understand your point. I was asking if you would write us two sentences that describe that.
DR. MAYS: All right.
MS. KLOSS: If there are no other questions on that, we’ll move to Sallie on security.
MS. MILAM: I think I’m most troubled about this section. We call out the three components of security, the three kinds of controls: physical, administrative, and technical. But I really have no idea how we selected those controls under each of them. We didn’t have any testimony. We didn’t have any discussion. When I look at it from a privacy standpoint, from working with security, they are not categorized correctly.
I think this is an area where we should really have somebody with security expertise on the committee if we’re going to talk about security.
For example, looking at it, for physical security, when you think about physical security, you’re talking about your facility. You’re talking about placement of video cameras. You’re talking about locking file cabinets. Our example is deleting information. When you’re thinking about administrative controls, these listed, like the first one, requiring a robust password — to list that as an administrative control — what that control would mean would be to have a policy that requires you to have a robust password. What’s more powerful for this group, if you are only going to list a few, is to give that as a technical control, that they actually have a rule in their system that forces robust passwords.
The kinds of administrative controls that are important to me from watching our security teams work would be something like having training. The people who are responsible for security and securing information need to be adequately trained. Having an incident response, that’s an example of an administrative control. Doing a risk analysis, that’s really critical.
So I don’t really know how these were chosen. There’s nothing that says that these were a choice. There’s a huge variety under each of these. I think we need a reference to overall standards so that people can know where to go to find out, what is everything I’m supposed to have in a security program? Then I think we need, for this population, if it’s the community, which are the most important for them.
I’m not a security expert. Who are we going to rely on for this information?
MS. KLOSS: Thank you.
MR. RICHARDSON: Victor Richardson, public health law fellow at the West Virginia Health Care Authority.
I think physical, administrative, and technical controls are definitely the three key pieces of any information or data security program. But even further back than that, this section really seems to focus on confidentiality. The acronym CIA is used a lot in the security community. That’s confidentiality, integrity, and availability. That’s used in the NIST standard documents as well.
I think that’s an issue that rally needs to be addressed here, because, actually, it’s availability and integrity that get missed the most by untrained and smaller organizations, having all their survey data lost to a virus or having a flood destroy all their computers, and then all the work that they have tried to do is gone. So I think that’s something that needs to be addressed in this section.
MS. GOSS: Isn’t there also a NIST security checklist that everyone is supposed to be doing?
MR. SOONTHORNSIMA: That’s a very good point. To your point, I don’t think this is meant to be exhaustive. I think what we can say, from physical, administrative, and technical — give sub-bullet points of examples, and these are examples and not meant to be exhaustive. Then we should refer to NIST or some other. If you’re going to include anything, include cybersecurity in there as well as an example for technical.
DR. MAYS: I think some of it is — again, it depends on the community. Having done some of this, let me tell you what some of the biggest problems are. They don’t have space. So what happens is, you go in and everybody is in the same room and they are working on some data, talking about it and stuff. They forget when they go home that they can’t leave the data, because they are in the middle of it.
It’s really a very basic and small community.
MS. KLOSS: I just want to do a little time check here. It’s 5:20, so I’m going to move us along.
Openness, transparency, and choice, page 22.
We’ll both beef up and simplify data security.
Openness, transparency, and choice?
Hearing none, I’m on page 25. This is a lengthy section.
DR. WALKER: A quick, overarching theme that someone just sort of suggested, at least to me — there are all kinds of heuristics and rules of thumb that experts in this area know that could be very useful to this audience. When it really comes down to it, the four biggest causes of loss of data are this, this, this, and this. I think that’s one way to look at this. If we’re going to help people, what would a pretty decent and much better than average security and confidentiality regimen look like for a community with a limited budget? What six things should it do first? And if you have a little more than that, what are the next three things you would do?
It seems to me that if we could try to think of it in terms of those tips and tricks, heuristics, that are in this group’s heads, but may not be on the paper yet.
MS. MILAM: That’s exactly what we need, an input like from Vicki, on what the biggest risks are for our target audience.
I do have some feedback on page 23. We’re talking about notice. We’re looking at the sentence, “If no legal mandates exist, data users should always evaluate the risks that” — and I’m not sure we have really framed these risks correctly. I think the risk that we are concerned about is whether the community will react strongly. Will they be surprised? Will they become adversarial? I think it’s slightly different — I think our risks are around the community reaction as opposed to the impact on the data.
MS. BERNSTEIN: You’re talking about a concept of unwelcome surprise.
MS. MILAM: Yes, and we heard testimony about that. We heard that people shut down when these things happen. But the risk is really about the community. That’s the purpose of the notice.
DR. FRANCIS: I actually think it’s both. Sometimes communities may react. Sometimes they don’t when they should. We should at least call out the latter possibility as well.
MS. MILAM: Right. I guess my point is — like, for “data run the risk of disclosing confidential or private information” and “results may reveal information about the individuals that they have chosen not to know,” I would just flip those and make them more personal — the impacts on the human, not the data.
MS. KLOSS: Page 24?
MS. MILAM: In the dialogue box on the bottom describing the situation with the Michigan BioTrust, it needs to be determined whether they are using an opt-in or an opt-out system. They are surely not collecting consent with both mechanisms.
MS. HENRY: In this case they are, because it was different depending on when the child was born. So that’s the complicating factor for this one.
MS. MILAM: Okay. Maybe we need to provide a little more information, then, because that’s really unusual.
MS. KLOSS: Page 25?
MS. KLOSS: Page 26?
DR. MAYS: The only thing is, I thought it needed just a little more explanation —
MS. KLOSS: Where are you, Vicki?
DR. MAYS: The whole of 25, like an intro to it. I thought people might think that every time we have data, we’re supposed to notify them. They are the individuals who participate. That was one of those where, if I tried to read it from what I think community people might think, I didn’t want them later to think that they are notified about all of their data. So just a little intro to it. Not all data you are going to get this on.
MS. GOSS: And I think there’s a discussion about the fact that sometimes you just can’t afford to notify, to send out the notice. As much as that goes against my grain, it is a reality of cost and dynamics and all that stuff. It’s clearly addressed in here.
PARTICIPANT: It’s an earlier page. It’s actually 23, three paragraphs above the box at the bottom.
MS. KLOSS: So maybe just bring it back in to that next page, if individual notice is warranted.
DR. MAYS: But I think they are still written a little —
PARTICIPANT: I’m agreeing with you. I just think the whole discussion needs —
DR. MAYS: Yes, it’s a little too formal. I would say it a little differently.
MS. KLOSS: Page 26?
MS. JACKSON: Before you leave that, now that you have gone through all your sections, going back to Walter’s query about —
MS. KLOSS: But I haven’t yet.
DR. FRANCIS: We have the de-identification.
MS. JACKSON: His point was to move this up to after accountability. I’m just wondering if, after you have gone through the first six of these, that is the actual place to put it. There’s so much detail in this openness and transparency — if it needs to be ratcheted down just a little bit under where accountability was, just considering the flow of your information as you go through it.
MS. KLOSS: I think we just have to read it once more and see.
Okay, de-identification, 27.
DR. FRANCIS: We have a point about the importance of de-identification in itself as a strategy. Were there other things people wanted to raise about this?
DR. STEAD: In the third line of individual-level de-identification, I thought “removal of these data elements may bring the risk of re-identification to an acceptable level.”
MR. RICHARDSON: I have a comment on that same line. It calls out some personal identifiers, such as name, address, telephone number, date of birth. To me, it feels like that sort of implies that that’s what individual-level de-ID is, when it really is much more than that, and you will get removing indirect identifiers, like dates. So I think to list those, it would need to be really clear that that’s not an exclusive list.
MS. KLOSS: It says “such as,” but that’s not strong enough.
MR. RICHARDSON: And it specifies personal identifiers. When you are de-identifying, you are looking at more than personal identifiers. You’re looking at indirect identifiers or data which in combination may identify somebody.
MS. KLOSS: Okay.
MR. DE CARLO: We have a comment on the opening of that. It looks like you jump right into the process of data de-identification as a utility, as opposed to a statement of why it should be a principle, why it’s a good thing to do. A suggestion for an opening line would be, “Good de-identification practices should make re-identification extremely difficult, and use of de-identification, whenever possible, is a good privacy practice, as it reduces risks of breach and violations of personal privacy.”
DR. CHANDERRAJ: Why do you want to get identifiers — name and Social Security — when you want it de-identified? Why do you want to collect it in the first place?
DR. FRANCIS: Well, you start out with data that have it in there. Then you want to repurpose the data, and you might want to de-identify it to repurpose it.
DR. CHANDERRAJ: My question is, why do you want us to get the identifying features when your ultimate aim is to de-identify? Why do you want to collect the names, Social Security number, telephone number — anything at all?
DR. COHEN: These data might be collected for — like the birth certificate collects all these details. But a community might only want to know the total number of teen births. So the original database to provide to the community needs to be scrubbed of information that might identify a teen birth. The source information has the detailed level, but the community doesn’t necessarily need it.
MS. BERNSTEIN: Right. Another example would be a longitudinal survey. In order to go back to the same respondent over and over for years at a time, I need to know who they are and how to get hold of them. But in the data I’m going to be releasing, I’m not going to disclose that information.
DR. MAYS: My thing was, most of the time when we give communities the data, that’s not their issue. It’s the data steward’s issue. It’s almost like they shouldn’t get this. It’s more like writing about it in a way to say that in good data stewardship, these things, even though you answered it the first time, are probably not going to be made available to them, because we want them to stay de-identified, and then to say the procedures that people use. I want it to be harder to collect data, so I’m trying to put it in a more —
MS. BERNSTEIN: As a community, you could be collecting this data originally. They could be doing a longitudinal survey of their neighborhood. They might be. We imagine, I think, that they would be in different roles at different times.
MS. KLOSS: And we’re trying to introduce some concepts that they need to be cognizant of as they move to different levels of sophistication.
DR. MAYS: This is just one of those where I would almost like a focus group or something, because I want people more flipped-out about participating in research, so when they see this list, then they think it means something that’s more problems and hassles. We are having a hard time getting the data. So if it could be put in a more positive way — this is what we try to do, and if you’re collecting original data, you should do it as well. I think the way it is, it would make me worry that people will — it will be another no on a survey.
MS. KLOSS: Any other questions on the de-identification section?
DR. GREEN: It seems to me that, starting on page 27, in the middle, De-Identification through Aggregation, that paragraph, those two tables, and the last paragraph that starts with, “There are a number of strategies used to avoid releasing aggregate data” — these paragraphs I’ve read through about seven times now, and they just read differently from the rest of the document. They sort of fall back on pretty technical information that I think most community users would view as jargon. I think they would have a hard time understanding them.
They also sort of blend what the issues are with the strategies to mitigate the issues. They are both in there together, and they are hard to sort out.
I decline the opportunity to rewrite them.
MS. KLOSS: Good thing you jumped on that, because I was just about to ask you.
DR. GREEN: I just wonder if anyone else shares that view. They almost leap out, here at the end, as being different from all the rest. They are not as user-friendly as the others are.
MS. KLOSS: And we have this appendix on de-identification, so we could shift things —
DR. SUAREZ: Is it an appendix or is it a misplaced — page 30 looks like a continuation of page 27. It’s out of place.
MS. BERNSTEIN: Can we talk one at a time? Maureen is going to have trouble understanding what you are saying, and she’s the one who is going to have to fix it. So one at a time would be great.
DR. SUAREZ: So what I was saying is that pages 27, 28, 29, and 30 are one chapter. Pages 29 and 30, at the top, say Appendix A, both pages, and I think that’s incorrect.
Thirdly, I think page 30 is really page 28 instead of page 30, because it follows the sequence. When you are reading it, page 27 has some sections — Individual-Level De-Identification, De-Identification through Aggregation — then you jump from page 27 to page 30, and you get Quantifying and Evaluating the Risk of Re-Identification.
I think there’s a mis-order there of the pages.
MS. BERNSTEIN: We’ll take a close look at the order of that and how it flows, and get it right.
MS. KLOSS: Okay, appendices. We’ll do them as a group. Sallie.
MS. MILAM: On page 38, Appendix B, I’m recommending again that we take another look at that block on the right, titled “What notice does HIPAA require?” and perhaps just track the headings and the notice section of the regs. The kinds of things that are important to be there that are not there at all would be — we duplicate it, notice of privacy practices. There’s one type of individual rights listed, the accounting of disclosures. Then we mention a limited data set, which may or may not be implicated. I would suggest something like, description of Uses and Disclosures, all of the individual rights, because that’s what HIPAA requires, the covered entities’ duties, where an individual files a complaint, contact information, and the effective date of the notice.
If you look at the HIPAA privacy rules’ notice section, those are the headings, and somehow our boxes don’t match.
MS. KLOSS: Okay. Anything else on appendices?
MS. MILAM: Actually, aren’t we missing a few? There’s a section called Data Use Agreements, and there’s no content.
MS. KLOSS: Those were to be samples.
MS. MILAM: But for action tomorrow. Is that right?
MS. KLOSS: We’re not ready to go for action, do you think? We thought if there were editorial changes, we could present for action and allow us to do editorial offline. But the recommendations are beyond editorial. I was looking ahead with my co-chair here. In the 30 minutes that we have tomorrow, we could take up dissemination and where the subcommittee might go next. I would think that we might be able to do this by e-vote.
DR. COHEN: Yes, I was going to suggest another draft for review and then a conference call.
DR. SUAREZ: Conference call rather than e-vote.
MS. KLOSS: That’s fine.
DR. FRANCIS: I think we’re close enough to be able to do that.
MS. KLOSS: I agree. But I do think these are too substantive not to —
MS. JACKSON: If you do an e-vote, that means you’re taking an action. So are you looking at having a call in lieu of an action and we would set that up?
DR. SUAREZ: We’re talking about an actual conference call, not an e-vote.
MS. BERNSTEIN: It has to be public.
MS. KLOSS: We haven’t discussed having another conference call, but I think we would be willing to press forward and get this done.
DR. FRANCIS: I think what would be enormously helpful would be if we thought about some date parameters. I was sitting here thinking if we could get the rewriting done in the next couple of weeks and ask Debbie to schedule, then we would have maybe two weeks for people to send us back comments —
MS. JACKSON: When you have a full committee meeting, whether it’s on a call or face-to-face, we need to have that posted in the Federal Register. We just have a short amount of time between this and the December meeting. It can be done. We’re looking at sometime in November, if we can get some dates together.
DR. FRANCIS: I was hoping that we could try to schedule it for the first week in November.
MS. KLOSS: I think we can wait until we see what other business —
MS. BERNSTEIN: Victor had a comment, and I don’t want to lose it, a substantive comment. I don’t want to lose that before we launch into process.
MR. RICHARDSON: I was just going to ask about the two sections at the end that didn’t have content. But Sallie stole that one.
DR. FRANCIS: It’s open for public comment.
DR. VAUGHAN: Very brief. The hour is late. I just want to reference a group of data that you have not really explicitly addressed and yet is emerging, for your consideration. There is a great volume, and growing volume, of health-related data about individual patients and communities that kind of falls through the cracks, because it is generated as, quote, commerce. Yet in some cases it’s being used for policy. Sometimes it’s being used in ways that both positively and negatively impact patients and communities. Some of that is explicitly donated data, yet has impacts beyond the individual. Some of it is things within medical devices, where, while the device transaction itself is subject to certain controls, the part that becomes then commercial may or may not be even available to the individual patient or is, in turn, repurposed in a way that falls through the cracks because it is, quote, a product.
I just want to put that out there.
There is also an emerging community which tends to be non-geographic, but which is more vocal, and that is e-patients. For example, at Stanford recently there was a conference with patients and providers called Med X. Yet they have been very thoughtful and purposeful, and I would encourage their inclusion in terms of, when you define communities, bringing them to the table, because they have a lot of great inputs.
MS. BERNSTEIN: Can I just interrupt real quickly? When you say commercial data, are you mostly talking about consumer-generated data or not only that?
DR. VAUGHAN: Not only that.
MS. BERNSTEIN: For example, FTC did a recent workshop on consumer-generated data.
DR. VAUGHAN: There’s quantified self-data. There’s data that is being generated out of pharmacies. There’s data being generated out of, quote, wearables —
MS. BERNSTEIN: Well, those aren’t —
DR. VAUGHAN: No, no, physical — they’re different. We can go into another time.
MS. BERNSTEIN: I just want a couple examples so that people understand what you’re talking about.
DR. VAUGHAN: For now, that’s enough. Yet it’s a huge volume and it has impacts and is being used for policy. Some of it is generated for social media.
MS. BERNSTEIN: The other question about communities that are non-geographic. We have had some testimony in front of this group from PatientsLikeMe and other groups like that.
DR. VAUGHAN: A lot of them tend to be organized around a disease entity. Some of them are organized around being patients who are empowered.
MS. KLOSS: The community definition takes that into account, yes. Thank you.
DR. FRANCIS: Thank you, everybody, for this enormously helpful stuff.
DR. GREEN: Hold on just for a second. We’re going to make plans for tomorrow. It’s an 8:00 start tomorrow morning. Come equipped tomorrow morning. That discussion from 8:10 to 9:30 is a pretty substantial discussion. It’s ripe and ready for full committee deliberation. That’s important, and it will play a determining role in what happens at the end of October, which plays a determining role in what we’re able to produce. So that’s important.
We’re going to have a hard stop at 9:30. We have to go back to the standards letters for action. We really want to wrap those up.
DR. SUAREZ: In addition to the standards letter, we want to bring forth, since the discussion today, the Review Committee charter. I think that is ready to be moved, with the caveats that we talked about.
DR. GREEN: Yes. We can readdress the charter, too. All the more reason why we need to stop at 9:30 and get going on that.
Leslie, if I heard you and Linda correctly, you want to preserve the 11:00 time, not for action on the stewardship toolkit, but for a discussion of — I heard two things. One was dissemination strategy and another was next steps.
DR. FRANCIS: Right.
DR. GREEN: Everyone is agreeable about that modification? Then Vicki and Damon will set up the working group — Vicki, you’re going to be ready to report at 11:30 about what the working group is up to, just briefly?
DR. MAYS: Yes. I think Damon is not going to be here for that.
DR. GREEN: But you will be. All right. Then we will quickly conclude. Everyone is invited to the working group meeting.
So we will see you at 8:00.
(Whereupon, at 5:48 p.m., the meeting was recessed, to reconvene the following day at 8:00 a.m.)