Tuesday, December 15, 2009

Health IT Policy Committee: Rough Draft Transcript and Meeting Materials

The HIT Policy Committee met on Tuesday, December 15, 2009. The meeting materials from the ONC website and the rough draft transcript of the meeting are below. Also be sure to check out the FACA blog and the Health IT Buzz blog for the latest updates.


HIT Policy Committee

Transcript

December 15, 2009

Judy Sparrow – Office of the National Coordinator – Executive Director

Thank you. Good morning, everybody, and welcome to a new venue in the seventh meeting of the HIT Policy Committee. Again, this is a federal advisory committee. It’s being operated in the public, and the public will have an opportunity at the close of the meeting to make comments. Workgroup members, please remember to identify yourselves when speaking. We have an audience on the telephone line. With that, we’ll go around the room and introduce yourselves. I’ll begin on my right with Marc Probst.

Marc Probst – Intermountain Healthcare – CIO

Marc Probst with Intermountain Healthcare.

Deven McGraw - Center for Democracy & Technology – Director

Deven McGraw with the Center for Democracy and Technology. Thanks.

Jim Borland – SSA – Special Advisor for Health IT, Office of the Commissioner

Jim Borland with the Social Security Administration.

Art Davidson - Public Health Informatics at Denver Public Health – Director

Art Davidson, Denver Public Health.

Paul Egerman – eScription – CEO

Paul Egerman, software entrepreneur.

Connie Delaney – University of Minnesota School of Nursing – Dean
Connie Delaney, University of Minnesota School of Nursing.

David Lansky – Pacific Business Group on Health – President & CEO

David Lansky, Pacific Business Group on Health.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

Paul Tang, Palo Alto Medical Foundation.

David Blumenthal – Department of HHS – National Coordinator for Health IT

David Blumenthal, Office of the National Coordinator.

Charles Kennedy – WellPoint – VP for Health IT

Charles Kennedy, WellPoint.

Gayle Harrell – Florida – Former State Legislator

Gayle Harrell, former state representative for Florida.

Neil Calman - Institute for Family Health - President & Cofounder

Neil Calman, Institute for Family Health.

Christine Bechtel - National Partnership for Women & Families – VP

Christine Bechtel, National Partnership for Women and Families.

Rick Chapman – Kindred Healthcare – Chief Administrative Officer/CIO/EVP

Rick Chapman, Kindred Healthcare.

Roger Baker – Department of Veterans Affairs – CIO

Roger Baker, Veterans Affairs.

Tony Trenkle – CMS – Director of OESS

Tony Trenkle, Centers for Medicare and Medicaid Services.

Michael Weiner – Defense Health Information Management System – CMO

Michael Weiner, Department of Defense Healthcare.

Adam Clark – Lance Armstrong Foundation – Director for Health Policy

Adam Clark with the Lance Armstrong Foundation.

Latanya Sweeney – Laboratory for International Data Privacy – Director

Latanya Sweeney, Carnegie Mellon University.

Scott White – 1199 SEIU – Assistant Director & Technology Project Director

Scott White, 1199 SEIU.

Judy Sparrow – Office of the National Coordinator – Executive Director

Do we have any members on the telephone? Okay. With that, I’ll turn it over to Dr. Blumenthal.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Thank you, Judy. Thanks to all of you here today. This is a meeting where we will begin to look ahead to the first quarter, I guess, calendar year quarter of 2010. We’re already in the first fiscal year quarter of 2010. And think about the road ahead after, as will occur, I promise, our meaningful use and interim final rules see the light of day, which will occur, but I just can’t tell you exactly when. So we are already beginning to think about what follows those regulations and, I think, also beginning to think about the implementation of programs underway and some of the thorny issues that we’ll be dealing with in the implementation process, one of which we will hear an excellent report about today having to do with information exchange involving laboratory data.

We’ll also, I think, be broadening the discussion today to hear a perspective that we need to hear and hasn’t been as prominent as it should have been, and that’s the perspective of health plans, and Charles Kennedy has organized a panel on that, and we’ll be hearing from them later on today. And, in a few moments, I’m also going to be talking about just bringing the committee up-to-date on some of the work that the Office of the National Coordinator has been doing. We do actually work in between these meetings. I just want to show you evidence of that.

With that, I’m going to turn the microphone over to Paul to review the agenda.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

Thanks, David. This meeting is a bit of a holiday breather, and you only get the holidays to breathe in the sense of it’s largely informational, and once the NPRM and the IFRs come out, we’re going to be engaged in intense activity in the next few months. We’re going to start out with David’s update. The last time we talked about all the activities that are going on in ONC. It seems like there’s an announcement every other day. Who would imagine it’s so hard to give away $2 billion, so that’s going to, I think, inform us in terms of all the kinds of activities that we need to help bring together.

Then we’re going to have updates from the existing workgroups. As David mentioned, the HIE workgroup is going to talk about their recommendations for laboratory. Then, as you also know from the last meeting, we talked about three new groups, and those workgroups have been already formed and have met at least once. We’ll have a beginning update and a much more extensive one in our January meeting. Then we’ll have a brief break for lunch, and then the panel on the health plans perspective and an update from the HIT Standards Committee with Dixie Baker and conclude with some public comments.

With that, I’d like to start the first order of business, which is to approve the minutes from the last meeting. Is there any motion?

Christine Bechtel - National Partnership for Women & Families – VP

(Inaudible.)

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

Okay. So Christine Bechtel gave some changes to Judy. Any other additions or edits? Is there a motion to approve?

W

So moved.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

A second?

M

Second.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

Any objections? Okay. Thank you very much. Take it away, David.

David Blumenthal – Department of HHS – National Coordinator for Health IT

You all work so hard on the tasks that are assigned to you by the committee that you may not get a chance to put together the work that is flowing from the Office and that provides the context and, in some ways, represents the results of your recommendations to us, so we thought it would be useful to begin a process of updating you on what’s going on in the Office of the National Coordinator. It would take much more time than is appropriate to do this in a full and thorough way, so I would consider this a down payment on what might be a series of updates going forward, and it’s going to start at a high level, but it might be useful for you to at least hear and then perhaps react to and maybe even suggest modifications to some of the organizing principals that we have derived from your discussions here and that have added to from our own thinking.

There is, as Paul has said, a lot of activity. We hope that it has some coordination, and we are trying very hard to make sure that it is coordinated. But in the process of moving it through the federal government’s very careful spending and allocation processes, things don’t always come out in exactly the order that makes them more easy to understand. So let me just start here with the first slide, and I can’t read it here, but I hope you can read it. No, you probably can’t.

Well, let me start with the part you can read. If you start at the right-hand side here, what this is is a heuristic, which is not a complete model for how we are accomplishing our objectives, but is sort of a first order approximation of some of the things that we’re thinking about. Let’s start at the right-hand side, if you will, and on the right-hand side, what you’ll see is a series of goals that have been cited in your conversations, in our conversations about the purposes of the ARRA HITECH programs that we are involved in, and that are the purpose of meaningful use, that is, where we are heading, what kinds of changes we’re trying to create in our healthcare system. They’ll be familiar to you, nothing magical about them.

Paul just handed me a representation, but I can’t read it any better here than I can on the screen, but they involve improved clinical health outcomes, improved population outcomes, increased efficiency in the healthcare system, empower individuals, and the creation of a learning healthcare system. These are what information technology, our programs are intended to accomplish. The goals don’t stop with the installation with equipment. They progress through to changes on the ground in our healthcare system.

Meaningful use has become a sort of state of accomplishment in terms of the actual day-to-date implementation of health information technology, which we believe will support all these goals, these healthcare goals. The question then becomes how do we get to meaningful use. This, moving back to the left, there are two critical conditions that we need to try to accomplish. The first is the adoption of electronic health records and other health information technology, and the second is the exchange of information contained in electronic form in the various healthcare records and health information technologies that exist in the healthcare system, and the enhanced use of that information for learning purposes and for patient management.

To get to adoption and exchange, you still need other preconditions, so let’s move one more point to the left, and you’ll see that on the upper left, you need pathways for exchange. And on the lower down, you need trusted and effective electronic health records. This is the point at which some of our programs, which you can’t read here, but some of our programs come into play.

There’s a sweeping arrow in the middle that mostly speaks to efforts to change markets and incentives and community based organization of care. That, of course, includes the Medicare and Medicaid incentives. It includes our new … community program. It includes our workforce program, and it includes the empowerment of consumers with increased information. So these are a series of programs that are not so much about technology as they are about changing the healthcare system around technology so that the technology can be used. There’s demand for it, and the situation is such that it can be used effectively.

In terms of supporting the adoption of technology, creating trusted and effective electronic health records, there are a series of programs that we are undertaking to do that, and we are trying to, of course, certify electronic health records, so the creation of a certification process, the creation of standards that can be built into the data storage and the data use of those in those records is critical, and then to make the assurance that they are capable of being private and secure, the evaluation of efforts to accomplish the adoption of electronic health records so that we know where we’re succeeding and where we’re not succeeding.

And then research and development to improve the functioning of electronic health records, all contribute over time to the presence of a trusted and effective electronic health records. Our regional extension programs really belong both in the lower arrow and in the middle arrow. Regional extension centers are intended to promote adoption, but also to improve trust in electronic health records by allowing physicians and hospitals to pick records that are appropriate. With advice, to pick records that are appropriate to their needs.

To support pathways for exchange, the arrow on the top, we of course have our state health IE, health information exchange grants, which are intended to draw states into the business of creating electronic information exchange within their borders. We hope at some point to support public health infrastructure. That’s part of the HITECH mandate.

We are, again, also standards and certification and the development of the NHIN are critical to effective information exchange. Privacy and security work are critical. Coordination within the federal government is critical, and again, R&D and innovation are also important for that since we are constantly working on new ways of making exchange effective within the healthcare system. This is sort of a very high level way of trying to relate a lot of our mandates and our current programs to a model that leads, in a causal sense, to adoption exchange, meaningful use, and improvement in the healthcare system.

I don’t know what the problem is with our projection here. This slide will tell you something that you already know, but it does give me a chance to talk about how the Office of the National Coordinator is changing dramatically, even as we are trying to implement these programs, and because we are trying to implement these programs.

As you all know, some of you better than I because you’ve been around this office, many of you for many years, the Office of the National Coordinator was created in 2004, I believe, by executive order to provide policy advice within the Department of Health and Human Services, and to the Secretary about health information technology and the spread of electronic health records. It remained a relatively small office with a budget of ultimately about $60 million as of 2009. It was doing real world demonstration programs by creating a Nationwide Health Information Network, but that was mostly the extent to which it was involved in implementation of any electronic health record or HIT program.

This changed dramatically in February of 2009. The Office of the National Coordinator was created in law. The Office was granted authorities to not only advise the Secretary, but to lead the adoption of standards and requirements for interoperability, and it was given authority to spend $2 billion to create an infrastructure for the achievement of meaningful use, working with our colleagues at the Center for Medicare and Medicaid Services.

In fact, we now have three major goals. The first is to try to make electronic health records widely available in a short period of time. The second is to create a nationwide interoperable private and secure health information system. And the third, loosely interpreted, interpreting the law itself, is to lay the groundwork for learning in the healthcare system using improved information availability.

To do that, we have been changing the Office. We’re growing rapidly. We were about 33 or so FTEs when I arrived. We are now over 50 and probably on our way to considerably more. And we have pretty substantially reorganized within the Office itself to prepare for the new programs that we are having to administer.

This was the old; this was the structure as of February 2009. The Office of the National Coordinator consisted of an office of health information technology adoption, and office of interoperability and standards, an office of programs and coordination, and an office of policy and research.

This is our new organization, which became effective the first of December. We have an office of the chief scientist, Dr. Chuck Friedman. This represents, I think, an understanding that we work at the borderline of science and practice with informatics, but also many other sciences being very relevant to what we are trying to accomplish. We are not only trying to make informatics work within the healthcare system, but we are trying to change practice using health information systems, and that’s a complicated behavioral, social, psychological enterprise.

There’s an office, a deputy national coordinator for operations who has a number of subgroups reporting to that person. Some of these offices are not officially filled yet because of the requirements to a process the appointments within the federal government, but there will be a deputy national coordinator for operations with an office of communication, an office of mission support, an office of strategic initiatives, and an office of oversight. Many of these, the office of – and we also, I think, are going to be creating an office of grants management. These represent the need for us to support what is likely to be a considerably larger office than we’ve had in the past, and considerably larger operational responsibilities. The office of communication represents the fact that we have to find a way to make ourselves understood, as we go forward with our many programs, and not the least of which will be the new regulations that we’ll be issuing from the federal government very shortly.

We have an office of the chief privacy officer, which is mandated under the law, and which we hope to fill shortly. It has to be filled by February, and this is an individual who will take primary responsibility for thinking about privacy and security issues within the mandate of the Office of the National Coordinator. We have a deputy national coordinator for program and policy and, under that, an office of policy and planning, an office of standards and interoperability, an office of provider adoption support, and an office of state and community programs.

Policy and planning will be responsible for working on our strategic plan for our regulatory work, for a lot of the sort of policy work that will support our evolving grant programs. The office of standards and interoperability will be responsible for work on standards, work on the interoperability related to the nationwide health information network, our certification programs. The office of provider adoption support will be working on our workforce programs and our regional extension center programs, and the office of state and community support will be working on our health information exchange grants to states, and our new beacon community programs.

Finally, we have an office of economic modeling and analysis, which reflects the fact that an awful lot of what we’re trying to do is use finances to effect behavior, and we need to get more sophisticated on the intersection between economics, health IT, and provider responses and consumer responses to the availability of health information technology and information. Just the process of modeling adoption of health information technology is one that hasn’t, I think, received a lot of systematic attention up to this point, but becomes very important for informing policy as we go forward.

We’ve been doing a lot of stuff in the last eight months. We’ve been working on three major regulations. Meaningful use, of course, we’ve talked about at great length here. Our EHR standards and certification criteria, we’ve also talked about here. And the certification process, which you all advised us on, all those regulations are, I can assure you, have taken and will continue to take a lot of time within the Office. Each of them obviously fits very, very centrally into that model that I presented early on defining the pathway from our programs to the attainment of our healthcare goals.

Then we are working on probably more than a dozen new programs, some of which have seen the light of day, and some of which are still coming. The ones that we have announced and begun implementing are our regional extension center program, which will support adoption and information exchange, health information exchange program run through the states, workforce training, which also is critical, and if the one we’ve announced involves both curriculum development and also support for training and the community college level. And we’ve announced the beacon community program as well. As I indicated here, there’s more to come, and we will be continuing to make announcements over the next weeks and months of additional programs that fit into the scheme that I showed you before.

How do all these fit together? One of my colleagues put this slide together to help us out, and as I looked at it, I thought, hmm. It looks like a cell with organelles. The physicians and scientists among you will relate to that. Cells have these; biological cells have substructures: DNA, mitosomes and liposomes, and all these things. So this is sort of what occurred to me when I saw this. And we’d like it to work that well, by the way, as biologically integrated as our human anatomy is.

But we do think that these major programs we’ve announced to date relate to one another. We’d like to think that the relationships will be synergistic and that they will support one another. So we have regional extension centers, which are meant to promote adoption at the very local level. They could do so within beacon communities where beacon communities incorporate a regional extension center, as they very well may. They may also be separate physically from a beacon community, but support a beacon community from the outside.

We will have community college programs that could be physically located in beacon communities or in the same location where a regional extension center is, but may not be. But we hope that the community college programs will train people who will staff both our beacon communities and our regional extension centers. We hope that what we learn from beacon communities will inform the work of regional extension centers, and will inform the curricula of our community college and workforce training programs. And we hope that all of these will be supported by the infrastructure that states will facilitate to promote exchange, and that the NHIN will be one of the resources that the states make available to beacon communities and regional extension centers, and to providers and communities, and to training of new workforce within and across state boundaries.

We see all these programs as working together, not identical, but as working together. All of these programs are funded through something called cooperative agreements. Those are not grants, so those of you who are used to getting grants where a foundation or the federal government sends you money and then disappears for three years, and let’s you kind of do your thing, that’s not the conditions under which we’re giving these funds. We’re giving them as cooperative partnerships, if you will, and we will be in constant negotiation with our grantees over their performance and over the direction of their work, and trying to make sure that the regional extension centers, state HIE programs, beacon communities, and the training programs are mutually supportive. That the trainees are finding their way into beacon communities and to regional extension centers. That regional extension centers are supporting beacon community work. That beacon communities and their experiences are feeding into regional extension centers, and that states know what is going on with all of these programs.

Underlying all this, of course, are standards and certification, privacy and security, the NHIN work that we’re doing, the communications work that we’ll be doing, the hopefully public health work that we’ll be doing, and other things. So let me stop there, and see if there are any – I’m sure there are questions, but I hope that this at least gives you some sense that there’s more than random motion going on at the Office of the National Coordinator. Yes, Richard?

Rick Chapman – Kindred Healthcare – Chief Administrative Officer/CIO/EVP

I have two quick questions maybe just from lack of knowledge because of all the activity you’ve been doing. But could you tell me from a top down perspective, your perspective, as demonstrated by the last chart, A, the purpose of the National Health Information Network or the goals and then, two, the high level, once again, overview of the beacon community? I must have missed that when it came out.

David Blumenthal – Department of HHS – National Coordinator for Health IT

I’d be glad to, and we actually have a panel coming later today on the Nationwide Health Information Network, so I’ll just give a very brief capsule on that. The Nationwide Health Information Network is an effort to create a resource that is readily available and usable for individuals, well, for organizations and hopefully all providers who want to exchange information with one another. The analogy has been used of a highway system or a cable, a set of cable networks.

But it’s really much more a set of protocols and standards, and practices, and implementation practices that is followed, and trust relationships, by the way, privacy and security guarantees that, if adopted, will permit exchange of information conveniently, easily, using basically existing technology like the Internet. So it’s not an attempt to create a new, dedicated, separate way of exchanging information. It’s a way to facilitate the use of existing methods of information exchange, but to do so in ways that are private, secure, and reliable and adapted to health information.

Our colleagues at the VA, the Department of Defense, the Social Security Administration have already worked very hard for a number of years, along with Kaiser Permanente and a few other organizations, to build this Nationwide Health Information Network, and to bring it up to speed and make it usable, and that's a very, very powerful resource. We have a group working on it. Your committee has a group working on it, to think about where it should go as a next step. So we’re going to have an active discussion about it.

The beacon community program we announced December 2nd. It’s really a combination of a demonstration program, a pilot program, if you will, as well as an effort to push the state of the art of implementation of health information technology to a new level. It’s 15 communities around the country, diverse in terms of geography, rural/urban situation, underserved and well served, already well underway in terms of adoption, above average in terms of information exchange capabilities. We’re inviting them to come forward and apply to us for $225 million that we’ve put on the table of 15 communities to identify health goals that could be affected, health and efficiency goals that could be affected by information technology, and to use those additional funds to use their resources, their health information technology resources to improve health and efficiency in their communities over about a 36-month period. We hope that’ll both show the power of health information technology and also provide lessons for how to make health information technology implementation work better. Gayle?

Gayle Harrell – Florida – Former State Legislator

Yes. As I look at this model you’ve put forth here, can you explain what your vision is for HIE, state level HIEs to be involved within this? You haven’t specifically called that out.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Well, it’s in the context of sort of the surround, if you will, and I think that the states are going to have varying roles, and we don’t know all of the roles that they will play. We’ve given them a lot of discretion to come forward with their own plans, and we don’t know yet what all those plans consist of because we haven’t processed them completely. Now we are confident though that the states have a leading role to play in convening and guiding the creation of exchange mechanisms within their jurisdictions, and that although we could have decided to leave that the local level, that that would not have guaranteed or would have made less likely that the totality of a state’s jurisdiction would have available information exchange resources.

What we want the states to do, in effect, is to provide leadership within their jurisdictions for the creation of exchange, if you will, to share our agenda and bring to bear the capability of local government, state and local government. In addition, states do have to do a number of things that are absolutely critical to make information exchange work. We need directories of physicians and other licensed professions, and of organizations that are appropriate to receive and send private and secure health information. And the states license those people, and so have the information about who within their jurisdiction should be licensed and eligible to receive it.

States do public health, collect public health information and collect reportable disease information so making sure that they’re part of an exchange capability is critical. States, in some cases, have actually been leaders in creating health information exchange within their boundaries already, and we want them to continue doing that. States control Medicaid data, and they have to get working on making that Medicaid data available for local use. So we know that states have to be part of the process, and we think that many of them have the capability to lead it. We want them to take advantage of the NHIN where they think it’s useful, and we want them to think about their entire jurisdiction and understand and help us put together patterns of exchange that can encompass their jurisdictions.

Gayle Harrell – Florida – Former State Legislator

Do you view any conflicts between what you are doing and what is existing in states or where states, where you’re crossing the line over perhaps mandating to states various things. What do you think the role of the ONC is in directing and perhaps forcing states into doing things that perhaps are not on their agenda?

David Blumenthal – Department of HHS – National Coordinator for Health IT

Well, we view the states as partners. We have limited. The federal government is constantly in partnership with states, and so I think we view this as an evolving partnership, not as a command and control arrangement.

Latanya Sweeney – Laboratory for International Data Privacy – Director

I have a question. First of all, I think this is really great, and I’m really glad that you gave the overview. That was very helpful. On the revised org chart though, one thing I’d have you consider is an office of health information technology. I mean, I know Chuck Friedman. Obviously he’s incredibly qualified, but I think there really does need to be an office specifically devoted to the technology aspects of it. That’s all I have.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Thank you. Yes, Christine?

Christine Bechtel - National Partnership for Women & Families – VP

I have two questions. I will go on the org chart since we’re sort of on that topic, and I’m just wondering where or if you’ve built in a focus on consumer engagement and where that falls staff and resource wise.

David Blumenthal – Department of HHS – National Coordinator for Health IT

It’s in the office of policy and planning, and I don’t want to put him on the spot, but Josh Seiden, who is sitting in the front row here, has joined our group full time, and we are building a consumer capability.

Christine Bechtel - National Partnership for Women & Families – VP

I think the consumer focus probably flows across almost every one of these, so that would be terrific to see. On the second slide, the one that is way worse than an eye chart, I had a question about the five goals on the right. You have a line between three and four. What’s the line about? Did you say that?

David Blumenthal – Department of HHS – National Coordinator for Health IT

I guess they have to do with – I’m not sure that line has a lot of meaning, so why don’t we just assume that line doesn’t exist?

Christine Bechtel - National Partnership for Women & Families – VP

That would be helpful. Does this imply a rank order?

David Blumenthal – Department of HHS – National Coordinator for Health IT

No.

Christine Bechtel - National Partnership for Women & Families – VP

I mean, certainly the numbers do, so you may want to go to bullets. That makes my comments a lot shorter.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Yes, David?

David Lansky – Pacific Business Group on Health – President & CEO

Following up on Christine’s question, you mentioned that the small eye chart, the provider and consumer demand pull, and you mentioned the need for an office of communication. Can you talk a bit about both your corporate communication ideas? What do you need to do to communicate the activities of the office of various constituencies? But of greater interest to me, how are you envisioning affecting the public understanding and the public’s interest in using the technology or participating with their providers in the technology?

David Blumenthal – Department of HHS – National Coordinator for Health IT

I’d love to share with you a complete communication plan. We’re working on that. We do view it as extremely important to reach out much more effectively than we have in the past, and so we welcome suggestions along those lines, but I think I’d like to hold my comments on that until we have something more organized to present to you. Yes, Neil?

Neil Calman - Institute for Family Health - President & Cofounder

The slide that’s currently up implies that these grants are going to be given some functioning together sort of in the same regions, in the same communities, but there are separate RFP processes that are reviewed separately, and I’m wondering. You know, there are only 15 beacon communities, and there are a limited number of community college programs, so they’re described like they’re going to all be working together. But in fact it seems to me that they could actually be in different states and in different communities. And, in that case, that picture that you have may not exactly function in that way. I’m wondering what your thoughts are about that.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Actually, all the RFAs or FOAs, we call them, funding opportunity announcements, reference each other. So each application, though they’re separate, they have to the separate, by the way, because they are under different portions of the statute, and the law requires that they not be funded together. But we do, in every one of them, cross-reference others so that any applicant – each application is considered in part in terms of how well coordinated it is with other programs that we are funding, so we hope that the location – we hope and expect that the location of these programs is not going to be random, that they will be related to one another on the ground. But if you are asking whether 70 community college program and 70 regional extension center program and 15 beacon community programs will cover every nook and cranny of the United States, the answer is, it would be very difficult to do that.

Neil Calman - Institute for Family Health - President & Cofounder

…I guess I wasn’t really asking that. I was thinking that what you’re really describing is a model where the community colleges, the people who are proposing beacon community programs and the extension centers are all really going to be, in a sense, one network or a really well coordinated network. In fact, maybe even around the development of their responses to these proposals and everything is what your vision is.

David Blumenthal – Department of HHS – National Coordinator for Health IT

That would be – we certainly hope that develops in some areas. I think there’ll be some parts of the United States where geography makes it very hard to have physical proximity, and we’re hoping for creative solutions to the coordination problem in those areas. Yes, Marc?

Marc Probst – Intermountain Healthcare – CIO

I’m not sure if this is an organizational or process question, but for each of these programs, there’s obviously a subset of goals that are being developed. What’s going to be the process for tracking achievement of those goals and the level of achievement, and are they building on each other to some cumulative end, which probably is meaningful use?

David Blumenthal – Department of HHS – National Coordinator for Health IT

We have an evaluation program under development. Like our communication program, it’s not cooked yet, but we’ve been thinking hard about it. It will fall under the responsibilities of the office of chief scientist, so we’ll come back to you at some point with much more detail about that evaluation plan. Yes, Gayle?

Gayle Harrell – Florida – Former State Legislator

Can you … a little bit more for us the privacy and security responsibilities and tell us where you’re going on that?

David Blumenthal – Department of HHS – National Coordinator for Health IT

Well, we’re going to hear from the workgroup later, and we’re really expecting that workgroup to give us a lot of good advice about how to do that work.

Gayle Harrell – Florida – Former State Legislator

Being on that workgroup, I was wondering if you already had set some agenda, but I’m glad to hear that.

David Blumenthal – Department of HHS – National Coordinator for Health IT

I think, as chairman and presenter, I should probably move us along. As I said, this is the beginning, I think, of a continuing set of updates, and we welcome your questions and your suggestions, and we’re not finished rolling out these programs, and as soon as we can talk about them, we will do so. We’re running late, but that doesn’t mean that we are going to stay late, so Paul and George, bring us up to date on meaningful use.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

First slide, please.

George Hripcsak - Dept. of Biomedical Informatics Columbia University – Chair

Paul, I got it. Thank you. Thanks for the opportunity to do this quick update. I acknowledge my amazing colleagues. Two slides of major content: first, this is our timeline, which you’ve seen. The new item is the second bullet, first quarter 2010. We’ll be doing a lot of work in the next two months providing feedback, number one on the NPRMs, and number two on the public comments that they spur, and so we’re setting time aside for that, in fact, putting some slowing down on the panel discussions in order to work on that.

The last slide, we do plan on doing an informational hearing on patient and family engagement. The overriding goal is to engage patients and families, sharing data knowledge, performance data, in order to help patients make informed decisions and to produce high quality, high efficiency healthcare. One framework for how that interacts with ARRA and EHRs is, number one, sharing data; two, disseminating knowledge; and, three, making decisions. We’ll be asking our panelists questions like, well, first set the context of the future of information enabled patient and family engagement. When we do this, how do we measure success, especially outcomes, and most important, what are the policy barriers and enablers?

Then I have listed there are a range of speakers. These are not the speakers we’ve chosen, but just to give you a concrete feel for what the panel would look like, so patient reported outcomes, home monitoring and self care, telemedicine, and patient involved workflow, patient advocacy and disparities, portals and EHRs, futurists, things like patients like me, and facilitating patient engagement. How do doctors use EHRs to help patients get engaged in their own process?

With an idea of doing this in February, and the graphic on the upper right is a snippet from our final meaningful use matrix. The purpose is to remind us that there’s a lot of interesting and critical in patient and family engagement, but we’ll stay focused on specifically what does ARRA do. How is ARRA and policy involved in both improving and benefiting from patient engagement? We’ve discussed other panels in the workgroup, but in discussions with ONC, we’ll be dividing those topics among the other workgroups, and that’s it.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

It may seem a little strange to be continuing to work on the next iteration or starting to work on the next meaningful use iteration before we’ve actually finished on this one, but it’s amazing how fast we will be getting around, given time lags and regulatory processes to thinking about 2013. Yes, David?

David Lansky – Pacific Business Group on Health – President & CEO

Can I ask a question of you or George or the committee? The release of the regulations in the next month, or whenever it is, will probably trigger some level of interest on the part of the public and the effected providers. You mentioned, George, that our subcommittee might have some opportunity to look at that feedback. What’s the process by which we collectively will understand and response to input on the draft regulations? Or do we have any role in digesting, responding, updating, revising our initial recommendations for 2011 in light of the public feedback?

Tony Trenkle – CMS – Director of OESS

This is a federal advisory committee, so obviously the comments are going to be public, as will the NPRM, so you can certainly review and then provide us feedback and recommendations, which we will take under advisement. But once again, it is an advisory committee. It’s not the final say in terms of what gets in the final regulation.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

I think it’s fair to say that this group, as individuals, are free to comment.

Tony Trenkle – CMS – Director of OESS

…comment, depending on what organization you belong to as well.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

Right, and the committee can make recommendations, additional recommendations as well, and can submit them as comments. Is that correct, Tony?

Tony Trenkle – CMS – Director of OESS

Absolutely. In fact, we would like to have the committee take a look at what the comments are, and look at the NPRM, and give us recommendations. We would be certainly happy to receive that.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Thanks, George.

Tony Trenkle – CMS – Director of OESS

Recognizing that we will have a very limited time period to respond to the comments and to develop and put the final regulation into clearance, a 60-day comment period, and then a fairly short clearance period.

David Blumenthal – Department of HHS – National Coordinator for Health IT

All right, so next, the certification and adoption workgroup update.

Paul Egerman – eScription – CEO

I’m Paul Egerman with Marc Probst. We’re going to give you a very quick update on what we’ve been doing with certification adoption. We, in August, made a recommendation about certification, and that sort of, at least in the short term, wrapped up our certification work, and we’ve actually been waiting for ONC to complete their funding process and put together the various components of this cellular structure that was presented a few minutes ago, and so that as we said, we don’t have any slides to present.

I did want to tell you some of the impact of the work that we’ve done already, which is really very interesting. On the certification side, one of the issues that we were very concerned about was that the existing condition, that there was a single organization, CCHIT that did all the certification, and there were a number of reasons why we wanted to change that. And so we made a number of recommendations that would allow for multiple certification agencies, and we were very pleased to see that another organization, the Drummond Group, sort of threw their hat in the ring and decided to become a certification organization and issued a press release.

And we’ve had a number of discussions with the Drummond Group. They basically have taken the recommendations that we made, and are operating as if those will be accepted as being in the final rulemaking process. And they are putting together a second certification organization. They are emphasizing vendors who provide software to physician groups, specifically small physician groups, and also specifically small vendors. We are very pleased to see that also because that’s an area where we previously had some concern.

We’re also very pleased that CCHIT responded to our recommendations immediately and created their own process that they called, I think it’s, preliminary ARRA validation. Basically it’s the methodology for vendors to validate their software against the meaningful use recommendations and to do that now, in advance of rules being announced, so they can be in a position to be in the marketplace with certified systems as soon as possible, and the rules are completed. And certainly the people at CCHIT, Mark Levitt has been very helpful to the people at the Drummond Group to help them get started in what they’re doing, so that part of the process is going well.

Part of what we will be doing moving forward is also monitoring to see how the vendor community, the software vendors are reacting to all of this, and have some information about that. In reviewing the vendors who sell first to acute care institutions and hospitals, they are reporting basically risk demands, that things are going extremely well. I communicated a couple days ago with Howard Messing, the president of Meditech, which is one of the largest vendors. And he said, after a somewhat concerning first six months of this year, the most recent four or five months of this year, they’ve seen exceptional demand.

In fact, they are selling systems now at like a record-setting pace, and this is a similar kind of comment that is being made from vendors who sell to physician organizations. Some people call them ambulatory. That there is significant demand, and fundamentally what is happening is that there’s sort of enough known about meaningful use and certification that people think that that’s probably 95% of whatever the rulemaking process is gong to be, and it seems like a lot of the customers or consumers are assuming that the vendors, one way or another, will come up with the meaningful use software, and so they’re buying their systems now because they feel they need to get started on it now.

And so all this is very encouraging information, and certainly the people here on the policy committee, I would suggest we should all feel good about this information because we’ve had an impact on the industry that is actually fairly dramatic. People listen to every word that is said here. The vendors listen very carefully to every single word that is said here. And as I look at this, my sense of all of this is that fundamentally we will be able to produce the software. …the software vendors and the open source community will produce the software, and we’ll be able to get it certified.

But in some sense, compared to the other things that we have to do, we’re going to start to look at that like that’s the relatively easy part of the process because fundamentally we could produce the software … get people to buy it. But the hard part of the process is going to be workforce training, getting physicians to use it, and to get to meaningful use that George just talked about, and that's going to be the really hard part of the entire process, and that is something that our workgroup will be monitoring going forward into 2010.

Marc asked the question about goals for all these different areas. What we are hoping that we can do is work with ONC also to establish the metrics, so that we can look at the regional extension centers. We can look at some level of metrics to measure what is really happening with adoption because it’s clearly a daunting challenge.

One of the things the vendors do report that’s interesting is in relation to the physician groups. They report that there is purchasing occurring by all sized organizations, including small physician groups, but they also report a phenomenon that is relatively recent or perhaps accelerated is small groups of primary care physicians are being acquired by hospitals and by IDNs, and that is happening at a very rapid rate, which is also impacting significantly the entire implementation process.

The other thing the vendors are responding to is they feel they have a sense of what’s happening with meaningful use and with certification. They do not feel, however, they have a good sense of the direction for interoperability, and that interoperability is something that I mentioned the hard part was getting to meaningful use. But interoperability is the other hard part. We’ve got to conquer this interoperability process to get to meaningful use.

That’s a summary of what we’re doing, and looking forward to 2010. Because of our change in focus, we will also be changing the name of the workgroup. We will be changing from the certification adoption workgroup to the adoption and certification workgroup.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Progress is often measured in small steps.

Gayle Harrell – Florida – Former State Legislator

One quick question, Paul. Who is going to be the certifying body of the certifying body?

Paul Egerman – eScription – CEO

The answer is, I don’t know. I think that’ll be that ONC is to choose an accreditation organization, and so there will be somebody chosen, working with … but that’s up to ONC. Our recommendation was that there be somebody, but they have to choose that entity.

David Blumenthal – Department of HHS – National Coordinator for Health IT
We are going to have a regulation on this topic. It’s being drafted, and it is our responsibility to create. I forgot the exact legislative language, Jodi. It’s to recognize or to….

Jodi Daniel – ONC – Director Office of Policy & Research

Recognize … certification program.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Right, so we are working on recognizing and keeping a certification program. Yes, Neil?

Neil Calman - Institute for Family Health - President & Cofounder

A quick question for Paul: As you’re looking at this adoption stuff, I just wonder whether we have a process to pay attention to who is adopting and whether or not that that adoption is rolling out across safety net providers, both hospitals and outpatient providers at the same rate that it’s going to roll out around the rest of the country. And I think we need such a process to make sure that we’re not increasing disparities and access to health information technology.

Paul Egerman – eScription – CEO

That’s a great observation. I actually have to profess, that’s not been in our discussions before, but it will be now. That’s very important.

Latanya Sweeney – Laboratory for International Data Privacy – Director

…follow up on Neil’s comment that in fact I was going to ask, is that going to be a role that the adoption certification might take on is assessing how adoption is going.

David Blumenthal – Department of HHS – National Coordinator for Health IT

I think it certainly could be. Just as a point of information, the Office of the National Coordinator, before I arrived, created a monitoring system that actually has produced a fair amount of information on this topic, and it’s run through two large, national surveys: one, the National Ambulatory Medical Care Survey; and the second, the American Hospital Association annual survey of its members. In both cases, one can look at safety net providers defined in a variety of different ways, and try to distinguish who is adopting and at what level of functionality and so on. Our hope is to continue those programs, but also to augment them.

Thank you, Paul. I think we’d be delighted to have advice from the certification adoption, adoption certification group on how we could best monitor the development of meaningful use.

Now the information exchange workgroup has done a lot of really excellent work on laboratory exchange, so Deven.

Deven McGraw - Center for Democracy & Technology – Director

…short slide.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

We are now considering changing our workgroup name to the exchanging information workgroup.

David Blumenthal – Department of HHS – National Coordinator for Health IT

That’ll take an act of Congress, Micky.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Yes. Good morning, everyone, and thanks for the opportunity to talk to you today about the recommendations for the information exchange workgroup on laboratory exchange in particular. We have a lot of material to cover, and so what we’d like to do, and we did provide a lot of background material, I think, for the committee, so I’d like to flip very quickly through the background material just to make sure we’re all sort of on the same page with respect to what problem is it that we’re trying to address and how we think about possible solutions, and then move right to the recommendations because, as you’ll see, there’s a variety of different recommendations cut in different ways, and I think to be able to get to it quickly and have the opportunity for questions from the policy committee will require that we move speedily through the presentation.

Let me first thank the workgroup for a tremendous amount of work. Also, there have been a couple of members from the policy committee who technically aren’t members of the workgroup who have also helped us tremendously: Paul Egerman, Latanya Sweeney has participated. So we very much thank all the members of the workgroup for that. We’ve also had a lot of great input from the standards committee, who has been very helpful in helping us sort of align the work that came out of the standards committee in figuring out where the policy committee ought to be weighing in, given where the standards committee had already made recommendations.

The first slide, what we’d like to point out is, in many ways labs are the Achilles heel of meaningful use because – and when you think about that, the reason we say that is, as we think about 2011 and the interoperability exchanges that are required in 2011, many of them are relatively well behaved, but labs is one area that is incredibly ill behaved for a variety of reasons. Very, very decentralized, a lot of standards out there that are not used, or many standards that are used in a variety of ways. But labs are incredibly important not only to clinical care delivery and improvement of efficiency, but also for quality measurement and performance measurement. You think about the importance of laboratory results in a variety of quality measures related to meaningful use as well as beyond meaningful use, they become critically important, as we think about meaningful use at large.

One of the things that we sort of uncovered in this is that there are a number of barriers and, in particular, there are many standards out there and even nationally adopted standards that exist and are relatively crisp, but are not used for a variety of market and regulatory and technical reasons that we’ll talk about in a second. There are also a number of levers that we’ll talk about as well. It turns out that because lab results delivery in the lab market in particular is so decentralized, it really takes a variety of levers and orchestration of those levers to try to get our arms around how we’re going to standardize this. There aren’t one or two very specific sharp policy things that one can do. It really does require a lot of orchestration to have sort of a unified end goal in mind and be able to accomplish that unified end goal, so we’ll talk about that as well.

I’m going to skip over some of the slides, as I said. As we think about lab transactions, we’ve, for purposes of this discussion, just broken it down into five steps, really just to help us think through. Obviously there’s more complexity out there in the market, but we think it’s useful to think of it in terms of five steps. Starting from the right to the left, you have those ordering labs, the consumers of labs who go through a process of determining that they want to order a lab, putting in to some modality that lab order in whatever way, shape, or form it might be. We’ll talk about that. Then that turns into a lab requisition that then is received by a lab source through a variety of modalities, and then the lab is processed, and then it turns into a result that goes in the reverse order that I just described to you those five steps.

As you look at the market today, there are sort of a cacophony of ways in which lab transactions happen, both on the ordering side and the receiving side that many of them are sort of a small stream, are electronic, as we think about electronics now, but the vast majority of the orders and the results coming back are paper, phone, fax, auto print, letter mail, courier, what have you, sort of a variety of ways that it happens, a real sort of cacophony. And that cacophony is about customs. It reflects differences in customs, norms, standards, communication modalities, operating procedures in sort of a variety of settings, which creates that environment that we see today.

We talked about this at the last meeting. There are a variety … we had a meeting that uncovered a variety of issues that we’ve broadly bucketed into the set of business issues, a set of technical issues, and a set of regulatory issues. I won’t go over those again today. I’m happy to address them in the Q&A, but we did talk about them at the last meeting, so we just put this slide here for background.

As we think about where we’d like to head, in terms of having the sort of standards based electronic transactions, both on the ordering side and then resulting going backward, what we see is essentially sort of death by 1,000 cuts in terms of what are the issues that prevent that from happening. There isn’t a single issue or two issues. There are a variety of issues, in part because it is so decentralized. You can think about this, and I won’t go down every point here, but there are … relatively little in the way of incentives or requirements, either on those receiving labs or those who are responsible for producing labs and sending the results.

Now HITECH changes a little bit of that, which is terrific. But up until now, there have been relatively little on those entities that are responsible for either transmitting or receiving those. That means that there’s relatively little training on either side about how to accommodate electronic ordering or electronic results, and very, very customized approaches where they do exist.

The regulatory framework that we have today isn’t fully appropriate to the electronic work of lab results. It’s more geared toward the integrity of the way labs operate as labs, and less focused on how the results get communicated in a new electronic world that contemplates electronic health records and health information exchange. Then, finally, and this is a point that we’ll come back over-and –over, there is no built in way to monitor and enforce lab transactions today, in part because it is so decentralized. So when you think about the way that happens with respect to billing codes and even prescriptions that go through a relatively smaller set of pipes, as it were, lab transactions, because they are so decentralized, there is no single way that one can think of, of monitoring and enforcing those transactions.

Moving to the next slide, as we described, there’s a variety of policy levers that are available, and all of those would need to be used in our estimation to be able to get sort of the unified approach to solving the issues that we’ve uncovered here, and those being, and those need to be orchestrated really across these five steps in a judicious way to be able to attack these problems at every step of the way. Then, finally, one of the things that we’d like to point out and make sure that the committee is aware of is that, on the bottom of the slide here, we’ve represented how many systems and how many organizations are involved. Again, just reflecting how decentralized this is, but if you look at, for example, how many labs there are today, 8,500 hospital labs.

These are all labs that are recognized by CLIA: 8,500 hospital labs, 5,200 commercial labs, 400 public health labs, over 100,000 office based labs, which might just be a desktop in a lab, but again, recognized as a part of CLIA. You’ve got very, very decentralized systems with no sort of centralized authority or centralized monitoring mechanism over that. So any solution has got to be able to apply across all those systems in some way.

Then all the way at the other end, when you think about who is receiving the labs, who is the demander of the lab, 170,000 ambulatory practices, 150,000 of which are solo or two-physician practices. So, again, very, very decentralized on the other end, and then literally hundreds of IT systems, both on the lab side, as well as on the EHR side. So obviously a lot of orchestration required here.

As we think about possible solutions, one of the things to note is that HITECH has limits. There are a certain amount of things that we can accomplish with HITECH, and one of the things that we talk about in this slide, and again, I won’t go into the details. We cover this more systematically in the recommendations, so this is really for background a little bit. But HITECH has its limits, so we think about meaningful use, I think, is one of the levers that HITECH has brought to us. Certification is another lever that HITECH has brought to us. Standards is another lever, and the funding that comes from HIE funds, as well as regional extension center funds are all levers that are brought to us by HITECH.

We did, as a part of going through this, identify other levers that we think are outside of HITECH that we think need to be brought to bear as well. One is … government contracting that we’ll talk about, and the other is CLIA, which technically isn’t a part of HITECH, but we believe is a very important part of the levers here.

All of that leads us to sort of a set of recommendations that we think, at a high level, are very, very important as stakes in the ground, and those in turn lead to some critical issues that we think that need to be addressed in order for us to move forward with these recommendations. First is that we believe that lab results must be translated and incorporated into EHRs using national defined messaging and vocabulary standards by 2011. We believe that’s absolutely critical.

Lab orders must be translated and incorporated into hospital HIS and LIS systems using nationally defined messaging and vocabulary standards by 2013. Then, finally, patients must have prompt access to their laboratory results by 2011. As a working group, we identified those three as being recommended goals that we think are quite important and will help us achieve meaningful use, as we defined it at end of the day.

The critical issues that arise from that are, one, which vocabulary and messaging standards should be required for lab results and orders. Second, how will these be monitored and enforced. Then, third, how do we enhance the patient’s ability to get prompt communication of lab results? What follows is a set of recommendations addressing each of these critical issues.

First off, so we had a little bit of discussion and then the recommendations. By way of background for the vocabulary and messaging standards, the standards committee did, in September, approve specific messaging and vocabulary standards for results delivery, and what we would like to do is really reinforce what the standards committee approved at that time and bolster it.

An interesting thing that I think that the policy committee should be aware of is that we had almost a full day of hearings with a variety of stakeholders involved in lab transactions from the source system, the receiving system, physicians, technology vendors. Not a single one pointed to the standards that were approved by the standards committee, either talked about it or said, if we just enforced those standards, this would solve this problem. Didn’t mention it once through the entire process. Just a point of interest, I think, which leads to obviously communication being a part of this and being able to figure out how to communicate what has actually happened in a way that the market understands.

The other thing that we’d like to do is reinforce the current work that’s underway through the standards committee that is still open with regard to what did the standards committee approve and where do we need to be at the end of the day. So they approved messaging of vocabulary standards for results delivery. What they didn’t get to was electronic ordering. That is work that they have on their agenda for the first quarter of 2010, is our understanding. So I would like to reinforce that. Then identification of a nationally approved standard for updating of lab dictionaries, this is sort of quirky, seemingly quirky little thing, but it actually is a very big thing because right now even if you have electronic transactions, and even if you have electronic delivery of a lab dictionary, one of the things that occurs in the market today is that even in the best systems and the most electronic systems, those dictionaries get updated for a variety of reasons over time.

And even with the national labs, they are updated via a paper process, so you may be fully electronic in your practice, and then what you’ll get is a fax from Quest or LabCorp saying, oh, by the way. Go into your lab dictionary and add these three. And there are a variety of reasons for that to happen, but we believe that that’s critically important as well for that to be made electronic.

We’ve provided a little bit of background on these two slides that I won’t cover in detail, but moving to the recommendations, first and foremost, we believe that ONC should declare a national standard for messaging vocabulary and measure codes. We have HITSP and a number of ways that these are sort of nationally or validated through a national collaborative process, but we believe that it’s quite important to actually declare that we, as a country, have a standard and to articulate that standard. And also, to create the means for widespread availability of authorized implementation guides and code sets, so one could imagine being able to go to a Web site and download the standard, and download the national compendium, where right now that doesn’t really exist. And, right now, anyone who wanted to go and get the HL-7 2.5.1 implementation guide, for example, which has been approved by HITSP, I would challenge most people to go find that right now. It’s not easy to find. So being able to have a clearly identified way of make those widespread, widely available, I think, is critically important.

In terms of further recommendations related to critical issue number one, we believe it’s important to bolster the standards committee recommendations, as we said, and then address a couple of things that we think were left open. We believe that we should make mandatory the standards committee recommendations from September, but not allow what we saw as allowable alternatives for local HL-7 interfaces and local codes in 2011, so what they recommended was that HL-7 2.5.1, for example for results, be the standard, but they did allow in that LOINC be the vocabulary standard, but they did allow that local systems that had other systems could use those standards until 2013.

What we would recommend is that you actually set the standard as the standard, and then if CMS, as a part of setting the rules around this, decide on a compliance glide path, that’s fair enough. But let’s not say that the standard is different than the standard is. That we declare a standard, and then allow compliance to deal with that rather than that there are two, three, four levels of standards. Then we would certainly recommend there to be a more comprehensive approach going forward in 2013 to incorporate lab ordering, as well as a standard.

The other part that we wanted to note, as it relates to the recommendations, is that what came up in our hearing over and over again was about making the codes more clinically relevant and more usable, because when you think about the issues of creating a national lab dictionary, for example, or using them in a clinical setting, you have lab dictionaries that are 10,000, 20,000, 30,000, 40,000 terms that the vast majority of those are actually not used with great frequency, and there have been a number of organizations, the Regenstrief Institute, the National Library of Medicine, the California Healthcare Foundation, all of whom have done different sort of praedo analyses and have all come up with a number of something between 400 to 700 tests that constitute 95% to 99% of the most frequently ordered tests. So what we would recommend is that focus be given to those most frequently ordered tests and have that be the 2011 laboratory standards that get rolled out and are required. I think that that can make it more easy to accomplish than saying that it’s got to be all 40,000 or whatever it is. By the way, that is work that’s already underway with the standards groups and the National Library of Medicine, so this is already work that is underway, so we believe that it is imminently accomplishable in the timeframes we’re talking about.

The next set of things we’d like to talk about is monitoring and enforcement. As we’ve described before, there is no simple way to monitor and enforce lab transactions today. The reason that it is because the system, the laboratory market is so decentralized, so to give a very specific example, how would we know? If Lowell General Hospital in Lowell, Massachusetts, where I’m from, adopted the standards tomorrow, and we got them to adopt the messaging standard, we got them to adopt our national vocabulary.

How would we know that they were still using it the day after tomorrow, and the day after that and the day after that? The reasons that they may change it or tweak it is all for good reasons because the biggest practice in town adopted a particular EHR system that required a little tweak to the system, and that’s the biggest practice in town, and so they consider them very important, and so they make a little bit of a tweak. Then one tweak here, one tweak there, and all of a sudden you’ve got a completely new and customized interface on your hands.

As opposed to things like billing codes, or even e-prescribing, there is no sort of funnel effect here where you’ve got an organization, be it Medicare or Medicaid, as it relates to billing codes, or SureScripts, RxHub as it relates to electronic prescription transactions. Those organizations, as a part of their day-to-day work, provide a monitoring of the codes, which is a very valuable service, and it’s a part of their day-to-day workflow. There is no organization like that for lab transactions.

As was reported to us in our hearings, the national labs only account for roughly 25% of the lab transactions in the country today. That 75% are from hospitals, many of them community hospitals, and local labs and small labs. So we’ve got to figure out some way of how we would monitor and enforce this on an ongoing basis, if we could get that established.

The other wrinkle here is that commercial labs are not subject to meaningful use requirements. As we think about levers, we need to think about that as well. They are not the plurality of labs, but 25% is big and could be growing.

As we think about the recommendations, we have two levels here. One is that I would just characterize it essentially about creating symmetry in the application of incentives and certification across lab sources and lab consumers. The reason we characterize it that way is that if you think about, you have the physicians and then you have the lab source systems, and each of them has a technology.

Right now we’ve got meaningful use incentives that are focused on physicians being required to have those in place in order to get their incentives, and we believe that a certification of the EHRs ought to be strengthened to be aligned with the ability to adopt the messaging standards, as well as the vocabulary standards. But it’s asymmetric right now to the extent that we don’t have any parallel set of requirements on the source system side, so we’ve only done it on the receiver side. So the other recommendations that we were to make would create that symmetry.

On the one hand, we would recommend that hospital meaningful use requirements have, as a requirement, that they transmit according to the same set of standards that physicians are required to receive by, and that the EHR systems are certified by. And we have the meaningful use requirements hospitals receiving a lot money through meaningful use, so there may be a cost involved here. On the other hand, they are receiving millions of dollars in incentives to do things like this.

The other thing that we would recommend, again, in the interest of symmetry, is that certification of the source systems transmitting the data be required as a part of this transaction process. You have the source systems being certified according to the same standards that the receiving systems are being certified by. That way you’d close the entire chain.

The last set of things that I’m going to talk about, and then I’m going to turn it over to Deven to talk about the stuff that I just don’t understand, is how will these standards be monitored and enforced. This is also talking about monitoring and enforcement as it relates to CLIA, so moving now outside of HITECH, as I pointed out, the commercial labs don’t come under HITECH or meaningful use in that way.

What we would recommend is that CMS do the CLIA office, issue a survey and certification letter for laboratories that would include a few things. One is interpretive guidance for presentation of lab information in user facing applications. What does that mean? Right now, one of the barriers to more widespread penetration of electronic lab transactions is that there is a lot of variation in the interpretation of what CLIA requires in terms of a lab source validating the lab transaction that appears in the electronic health record.

And different labs interpret that in different ways, so some labs interpret that to mean that every single interface, as well as every single instance of an electronic health record needs to be physically tested, meaning someone from that lab needs to see what that looks like on the physician’s screen before approving the interface. Thousands and thousands of times, that happens. There are many, many other labs who don’t interpret it that way at all, so there’s a little bit of, you know, there’s a lot of variation in the interpretation of that. And so what we would recommend is that interpretive guidance be given about how that should be presented and about the interface standards that are aligned with the interface standards that we’re recommending be adopted here.

That we also would recommend that CLIA accept, as a part of certification, EHR certification and as a part of an organizations’ adopting these standards, that they accept that as demonstration of the interpretive guidance, of the guidance and the rules that they have around presentation of this, so that if a physician office uses an EHR that meets these standards, that CLIA would accept that as rather than saying an individual lab has to go into every instance and check it. We heard from lab companies that that would be a great source of efficiency going forward.

Finally, we would require or we would recommend in the way of monitoring enforcement that a little bit of a gap be filled in terms of coordination of some of the things coming down from the federal government. As we look at the HIE program and the regional extension center program, all of them are terrific in the way that they try to align and make sure that Medicaid and all these other things are coordinated at the state level. One gap that we did sort of uncover as a part of this process is that there are CLIA administrators in every state, and there’s no sort of coordination that’s called out for there, and so we would strongly recommend that as part of the programs going forward, that we require the state HIT coordinator in thinking about health information exchange, regional extension centers, that they also reach out to the state CLIA administrators to align a state level lab approach with all of the other things going on. We would also, as a part of that request, that an NGA analysis be done of the variation that we see across the market because that is a source of, you know, there’s a lot of variation state-by-state in how this gets enforced.

I know I’m running over time here, so let me move quickly through the last recommendations. As we think about monitoring enforcement, the other part that we believe is very important is that ONC should develop an approach for insuring ongoing adherence to national standards. As we described, monitoring enforcement of this is very, very difficult. The workgroup didn’t feel comfortable specifying a particular way that this should happen, so what we have done is just highlight a few ways it could happen. Lay out as a recommendation that we believe that ONC should figure out how to do this, but not specify the way that it could happen because the market could develop. And as these programs develop, there could be different ways that seem sort of better adapted to the way it’s going than others right now.

For example, different ways that could happen is regular testing of source systems through the national test harnesses that we’re already talking about for certification programs. So you could have annual testing of lab source systems, for example, through that national test harness. Alternatively, we could require that state HIEs and HIOs, as a part of the state level HIE cooperative agreements, have some role in monitoring these standards, and you could imagine that happening in a variety of ways. Then, finally, the regional extension centers, having them play some role as a part of their implementation activities, requiring that implementations happen according to standards.

I believe I can now turn it over to you.

Deven McGraw - Center for Democracy & Technology – Director

Thanks, Micky. I’ll go through these last two slides really quickly since this is obviously a complex set of materials we put before you to digest. This is really the last recommendation on monitoring and enforcement, and this one is definitely going beyond the HITECH authorities and looking to what other components of the federal government could be harnessed to monitoring and enforcing use of these standards going forward. In some respects, we were thinking pretty big here, but we still think that, from an administration standpoint, this is such an important issue that it’s kind of worth mustering the resources and, at a minimum, we wanted to make a statement about it, even if ONC doesn’t necessarily have the authority to act on all of this.

What we set up in recommendation number five is essentially asking for CMS and then also FEHBP requirements to sort of use the authority that they have, the contracting authority that they have to get the plans that participate in those programs to enforce the laboratory standards through their payment authorities. Similarly under the enhancement category, Medicare conditions of participation for laboratories, which is a pretty big stick. But nevertheless, if we find that these other levers are not working as well, that is potentially another one to get these standards adopted and implemented in a consistent way. And the last one goes to the other agencies that contract in this space, which we have a few sitting at the table today. Again, we’re looking for widespread, nationwide adoption of these standards so that, and this is an area where standards and interoperability are very critical.

Then the last issue, which is last, but certainly not least, is making sure that patients get prompt access to their lab results. We did hear testimony, and many of us knew about an Archives of Internal Medicinearticle that came out this summer that showed that patients were not being informed of clinically significant lab results … percentage of time. We did receive some testimony recommending changes in federal law to allow patients uniformly across the nation to receive their lab results directly. The workgroup did not feel as though this was necessarily in their purview to recommend since it would require a change in statute in order to achieve, and also thought that with our existing policy levers, we might actually be able to influence more prompt delivery of lab results from the ordering physicians to the patients through, for example, the meaningful use criteria, and already the matrix includes providing patients with a copy of – well, it’s not as specific on lab results, quite frankly, as we would want it to be, so at least with respect to how the providers are measured with respect to that patient engagement objective of providing patients with copies of their lab result.

The last thing we’re suggesting is that when we take a look at what the meaningful use criteria and measures are for 2011, that one of the things that we might explore commenting on among probably many other would be whether patients are getting copies of their lab results and whether that’s both an objective, and also something that providers are measured against, and now questions.

David Blumenthal – Department of HHS – National Coordinator for Health IT

This is actually terrific work. It’s very rare, I think, for people to have looked this carefully at this morass and made such sense of it, so speaking as the chair and as the coordinator, I’m very grateful to the working group for the hard work that they’ve put into this. I’d like you to go back and revisit, Micky, where you think these recommendations go beyond, especially in the area of meaningful use and standards, where if at all they go beyond or differ from the recommendations that have been made to us already by this committee on the standards committee?

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Well, I think, speaking specifically about with the standards committee. What the standards committee recommended was that the HITSP approved standards, a standard implementation guide for lab results delivery, so just for lab results, the HITSP approved implementation guide for HL-7 2.5.1. And they approved LOINC as a vocabulary standard.

They allowed a temporary exception for preexisting HL-7 version 2 interfaces. That’s one of the things that we think ought to be eliminated, that in a way it may be semantic, but we think it’s actually important to say that the standard is the standard, as I said, and that the….

David Blumenthal – Department of HHS – National Coordinator for Health IT

…stop you there. What you’re saying in effect is they just postponed the adoption of the standard until 2013, and you would like that standard to be adopted now, even if it were not enforced.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Yes. Well, there’d be a glide path for enforcement, and they were addressing the same need that we all recognize, which is that the market can’t do this overnight, so it isn’t as if they were addressing something else, that they didn’t recognize the issue. We would just recommend that it be a little bit stronger than it is. And they didn’t cover ordering, which again, they’re going to take that on in 2010. I think some of that is related to going back go the AHIC use cases that drove HITSP that the AHIC use case didn’t, at the time, have ordering as a part of it. It was just results delivery, so that’s what HITSP made the recommendations on. In the first quarter, the standards committee is going to be looking at ordering.

Then the last piece that I think goes beyond is this issue of the most frequently used tests to make this more clinically relevant and more usable. Again, that wasn’t a part of the standards committee recommendation, but that work is underway, and the standards committee, I think, is aware of it, so it’s not as if any of this is a surprise or is in any way moving in a different direction than where they want to go anyway.

Deven McGraw - Center for Democracy & Technology – Director

Yes. In many respects, when we learned in fact that the direction we were heading in was in fact where standards was essentially going, but 98% of the way to where the recommendations we wanted to make, it was good news for us because, in fact, we wanted this to happen in 2011. Given sort of the pace of rulemaking, having that recommendation come out for the first time in December is far less effective than having it be passed up the chain in September.

Having said that, it really did disserve us that not a single person testifying at our hearing said standards did this already, and therefore you just need to endorse what they did. And so I think that speaks not to the hard work that they did because clearly it was largely there, but instead to the need to communicate this and opportunity on our part to put a rubber stamp on that and say, yes. This is what we need to do.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Tony?

Tony Trenkle – CMS – Director of OESS

…excellent job that you have done, and appreciate all the hard work that was put into this. I just wanted to recommend to David that this is probably something that ONC and CMS need to take a look at and work on a timeline and look at these different levers and how we can put them together. I know that a number of CMS staff had worked closely with the workgroup on this, and I think this is a good report with recommendations that we need to take a look at and follow through with.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Thank you, Tony. Roger?

Roger Baker – Department of Veterans Affairs – CIO

A question, and then maybe a comment. Are there dollars available for labs and hospitals from the lab side of adoption, the same way for EHR adoption? So if a lab is adopting an electronic system, are they funded for doing that?

David Blumenthal – Department of HHS – National Coordinator for Health IT

You mean under the meaningful use incentive payments/

Roger Baker – Department of Veterans Affairs – CIO

Yes.


David Blumenthal – Department of HHS – National Coordinator for Health IT

No.

Roger Baker – Department of Veterans Affairs – CIO

My comment really goes to the latter recommendations relative to certification, and it really is around a market standard. If we can agree to a standard, if it’s HL-7 2.5.1, and to your point, make that a real standard instead of kind of coming to it. My belief from watching past standards adoption is that the market will force the certification, and that it may not be necessary for the government to do its typical thing of standing up a certification piece in here. The reason I ask about the dollars is that clearly if you’re going to put dollars on the table having something that verifies you have a product that could interface later, it is important.

But as I look at organizations looking to select the lab, if the organization has implemented a standard EHR that wants to interface with a standard lab package, they’re going to make that part of the selection process for which labs are able to interface with. I would hope that insurance organizations who do the same thing for which labs they would pay, as to whether or not they can provide the piece. So I’m thinking there might be a market enforcement piece to certification to allow us to not have to stand up yet another bureaucratic entity on the certification side.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

I guess my immediate response is that that kind of demand pull through hasn’t shown itself today. The implementation guide that was approved by the standards committee just this past September was actually approved and published in 2007, and we still don’t see very much use of it today. That’s why we’re recommending that we believe this symmetry is actually important on the receiving side and on the source system side.

Latanya Sweeney – Laboratory for International Data Privacy – Director

…comment. I would just follow up with what Roger said. That’s really an important point because one of the concerns could be that because we’re not paying for new lab systems, and we’re expecting the provider system to pull the labs into compliance, you could also imagine that if the provider systems support alternative mechanisms to communicate with their labs, those are the mechanisms they’ll just continue to use, and there’s no incentive to force the labs. There has to be some kind of restriction on the provider system to force that communication of labs to be under that protocol. Then that will in fact force the labs to change. But without it, just the provider systems could have the new standard, but not use it. They use another standard because that’s the one that labs have.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Another important point, I think, in terms of the market dynamics here is that in many cases providers don’t have a choice of which labs. Increasingly, a health plan will say you have to use Quest, for example, so there isn’t as much choice as we might see in the market in terms of which labs they choose to work with.

Roger Baker – Department of Veterans Affairs – CIO

I guess my comment would be that I’ve seen dollars be a much better enforcement mechanism than the certification or a requirement, and I’m not sure what kind of teeth the government could behind those things. To the point, if a major medical system has an existing electronic exchange with a major lab, and they don’t want to change it, I’m not sure that anything we do relative to certification is going to drive them there until the business case makes them get there.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Right. We did also recommend that, as a part of the hospital’s meaningful use requirement, that transmission according to these standards be a part of the criteria for the meaningful use payment to them. They’re getting a minimum of $2 million per hospital and more in most cases, so even though there isn’t money specifically attached to this, it seems that they’re getting a lot of resources to help all society accomplish meaningful use. If we incorporate that, I think that’ll deal with creating the market imperative for them to do it now because there’s real incentive there, and the certification will make that easier than there might be otherwise.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Paul Tang had wanted to ask a question. There’s another Paul. Paul, you’ll be the next Paul.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

Great. Thank you. And I also want to add my thanks to the workgroup on such a thoughtful deliberation and set of recommendations. Going to your compelling case about the monitoring an enforcement piece, and you recommended the use of CLIA as one of your vehicles, can I clarify the relationship between the CMS CLIA administration and the state administrators? You implied that there can be differences. Is it one set of rules, and there are different interpretations, or are there different ways of enforcing the one set of rules?

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Yes. We weren’t able to get a clear answer to that, and that’s why we’re recommending an NG analysis of this because we believe that both things are at play here because, in some cases, I mean, CLIA has a single set of rules. The question is state rules that may preempt some of that.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

Thank you.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Paul?

Paul Egerman – eScription – CEO

Great. I’m the other Paul. I want to make a comment about … Roger’s concerns about this process and also, Dr. Blumenthal, your comments about the changes that we’re making to the standards committee document. When we sat through the hearings and listened to people, what we found was almost like a heartbreaking description of people saying it takes like six to nine months to implement these interfaces. Six to nine months, think about that, the length of time and the amount of dollars that is wasted in our society.

And so, why are we wasting so much time doing a laboratory results interface? One of the reasons is the current specifications, you have people using various versions of HL-7 and current specifications simply have too much variability, or a better way of saying there’s too much wiggle room. And so everybody is implementing a little bit differently, and then it takes forever to implement one of these things.

It’s a simple thing. We need to get rid of the variability. We don’t need two or three or ten different ways to do a laboratory results interface. We only need one of them. If we say this is the one we’re going to use, it really doesn’t even matter which one. If we describe it with sufficient specificity, that could make a huge difference. And, fundamentally, this is critical.

It speaks to the issue I mentioned earlier. We have this big problem of interoperability. We can’t succeed with meaningful use without interoperability. An electronic health record without laboratory results, and I don’t see any … electronic health record. You’ve got to have the laboratory results in it.

To me, this is very clear, and it’s very essential that we implement this. We should be implementing the standards, new recommendation, but without the variability. With a single, defined vocabulary for laboratory results, and it’s buried in the detail, but also the use of the national provider identifier. It’s a simple thing. We’ve got these things, and it’s time to use them.

Deven McGraw - Center for Democracy & Technology – Director

We didn’t make a recommendation on that, Paul. Oh, provider identifier. Sorry.

Paul Egerman – eScription – CEO

Yes, provider, the provider. I know what you’re thinking. I said provider. Calm down. National provider identifier, those are the critical components, and if we do that, we’ll make a difference.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Yes. Jodi and then Christine and then Latanya.

Jodi Daniel – ONC – Director Office of Policy & Research

I just had one quick point that I wanted to make that aligns with one of the recommendations from the workgroup about the request for an NGA analysis on state variation of CLIA. We actually have had some work done in that area. We’ve had somebody who has been looking at state CLIA laws. We have a draft report, and hopefully we will get that finalized and get that available soon. And then that could help hopefully at least the first step in the direction of what you were suggesting. So just so you know, we’re one step ahead on that one already, and hopefully we’ll release that soon.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Christine?

Christine Bechtel - National Partnership for Women & Families – VP

I wanted to start by saying thank you, guys, for another terrific presentation. Over the last several months, you have both done a fabulous job really boiling down a very complex field with very difficult issues into very clear terms, so I really appreciate that. All of these recommendations are very thoughtful. I think it will come as no surprise that I will say that I’m disappointed that there are no recommendations around patient access to information, to their lab results.

Deven McGraw - Center for Democracy & Technology – Director

No recommendations?

Christine Bechtel - National Partnership for Women & Families – VP

Right, you have a discussion slide. You don’t have a recommendation slide, right? So the workgroup has clearly considered this issue, and I was pretty excited about getting to a point where we could move these recommendations forward, but that’s a big hole for me. So I think yesterday the national partnership and our consumer coalition held a terrific forum. You were on the phone, Deven, and Neil presented, and it was really a terrific discussion.

The most heated part of the debate was really around patient access to lab results. What I would say is that there was absolutely no disagreement that we need to move forward with ways to give patients more access and more timely access. The question was whether you do it in real time or not.

And so given that there’s no debate, I think there are three things that I would ask you to consider as recommendations here in this area. The first is that we would strengthen the meaningful use requirements. Deven, you pointed out accurately that we probably weren’t as clear as we should have been around timely access to lab information in particular. Then the second piece is that I’d recommend that ONC take a look at the experience of Kaiser, who we talked with yesterday, who actually does open lab results to patients in real time before doctors even have a chance to review them, and they make it very easy for you to contact your healthcare provider if you have questions.

I know Neil, his system has a great way of linking information to MedlinePlus so that it’s actionable and meaningful for consumers. So I think it’s worth having ONC take a look. You know, David, going back to your original slides around studies and evaluations, add that experience. I would say that because not everybody has a closed system like Kaiser, we also would include in that analysis what the privacy and security implications are for consumers who designate a PHR as a place that they want to receive their lab information and how those PHRs then use that information on an aggregated basis for other purposes. I think that’s a critical area we have to look at. Those are my first two.

Then I think the third that I would suggest would be that CMS should consider the implications of changing CLIA to allow consumers to be designated as an entity that can receive their lab results.

Deven McGraw - Center for Democracy & Technology – Director

Those are really helpful, Christine, and I wished that I could have been there in person, but I’m really looking for more of the work that you’re doing on this issue. I think, just so that – it’s not that we didn’t take this issue very seriously. It’s that, you know, at this point without – you know the 2011 meaningful use rule is going to come out, and … all we had in front of us was that matrix, so if it looks like a less certain discussion about whether or not we might need to strengthen that, and it was only reflective of the fact that we know that there’s likely something, maybe not enough on this, and we ought to revisit it. But I don’t want this to be conveyed as less than serious attention today.

Christine Bechtel - National Partnership for Women & Families – VP

Absolutely. Absolutely, and I did not characterize it that way because I know that there was a lot of energy and discussion around this in the workgroup. The idea around making the, having this workgroup or probably now this committee make a recommendation around strengthening the meaningful use requirements, changing the results of the recommendations you guys have earlier in this deck where you do actually recommend some immediate improvements, even to the 2011 definition, and so I thought that was fair game.

But I absolutely recognize that this is not an easy issue, and expressing my own disappointment is not reflective of the fact that I know that you took this seriously, both you and Micky and the group. But it is still disappointing nonetheless, so if we can think about these three particular recommendations, I’d be delighted.

David Blumenthal – Department of HHS – National Coordinator for Health IT

We have Latanya and then Gayle.

Latanya Sweeney – Laboratory for International Data Privacy – Director

Not to take away from the importance of what Christine just said, I want to go back to Paul and Roger’s comments mainly because that is a change in meaningful use also that I would put out on the table. The issue that’s being discussed between Roger and underscored by Paul is the issue of, yes, a provider system can offer a standard for lab exchange of information, but that doesn’t mean that that’s the vehicle that they’re using. And there’s an economic interest in large labs to have their own variation, as Paul so nicely put it, of the standard so that it’s inoperable with other systems. And if they already have that exchange happening, what’s the mechanism to force them to change?

That would be important if you wanted to extend it to PHRs or provide more competition, if that were our goal. The proposal I just wanted to stick out there for meaningful use is not to say how many labs are exchanged, but to actually say, and are they using the standard. How many labs are being reported electronically using the standard versus just how many labs are being reported electronically.

David Blumenthal – Department of HHS – National Coordinator for Health IT

We have Gayle and then Marc, and then we’ll come back to you, Roger.

Gayle Harrell – Florida – Former State Legislator

I would like to go back to the point that Christine just made concerning consumer access to their lab information. One of the points that we did discuss at length in our committee, and that I want to make everybody aware of, was that there would actually require statutory change because you have various states who already have regulations dealing with patient access, so you would have to have some preemptive federal legislation in order to make significant changes in what is available to patients and when it’s available. Most states, or a significant number, I think the NGA has done some research on this, Jodi, as you know, as to what states require and states allow, especially on various rather personal information on HIV status, on STDs, on a lot of issues that have limited access to patients without going through their physician. And you really have to understand the whole aspect, so it’s a difficult issue to really get into and to make a definite recommendation because it takes much more action than this committee is able to recommend on.

Deven McGraw - Center for Democracy & Technology – Director

Can I just add quickly that I think you’re referring to the second piece or maybe the third piece about CMS might consider the implications of changing CLIA, so it gets exactly to your point. The strengthening the meaningful use requirements though, I’m not suggesting that through meaningful use would give patients direct access to their lab information, directly from the labs, although I’d love that. But I think that’s not what we’re talking about here, so it is from the provider, and that obviates the state law changes.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Marc?

Marc Probst – Intermountain Healthcare – CIO

I’m a big advocate of standards, and I really liked what Paul Egerman said about standards. But I was also told yesterday in a meeting that to be effective in Washington, you have to become a whiner, so I’m going whine just for a second. Micky, I’m sympathetic to the $2 million per hospital that’s out there and that this is something we should get to the standard.

I’m concerned about just everything that has to be done by 2011. And there are organizations. Kaiser was brought up as one. There are other organizations that are being very effective in transmitting these lab results, getting them out, getting them into systems. I think maybe it’s proverbial camel’s back, but if we continue to add things to 2011, it’s going to be very difficult for hospitals and provider organizations to accomplish all this work.

I don’t know if it’s a suggestion, recommendation, but it generally comes back to pacing of the requirements for meaningful use to make sure that we’re realistic that they can get done in that period of time because, if I understand it, we don’t even have a standard yet that’s then commanded is the word that comes to mind. But if ONC is going to create that standard or say this is the standard, we don’t even have that yet to begin the work to get done by 2011.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

I think, for results, the standards committee would say that we do have a standard, but as I said, we did recognize the need for a glide path, which we think ought to be on the compliance side more. And another alternative to ease some of this is the HIEs, that there’s $600 million of HIE funding that’s going to be out there, and from the workgroup’s perspective, one permissible way of transmitting would be for any hospital or lab to keep whatever standards they have, but have the HIE perform the function of translation so that the ultimate delivery happens according to those standards. That could be an effective way out.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Roger…?

Roger Baker – Department of Veterans Affairs – CIO

I think Micky may have just answered the question that I was going to ask, which is, just being specific on what we’re talking about HL-7 2.5.1 as the standard for the interactions.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Yes, and I think my standards committee colleagues would say that it’s in fact the implementation guide that is the relevant sort of document here.

Roger Baker – Department of Veterans Affairs – CIO

Right.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

It is 2.5.1 though.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Okay. Neil?

Neil Calman - Institute for Family Health - President & Cofounder

Emphasize my congratulations to you guys for taking this on. This is by far the biggest nightmare of maintaining an electronic health record for an ambulatory care provider. We operate five lab interfaces. Seven years into this, we still have between a half a day and a day every single day spent of a full-time person just dealing with failures in the transmission of results. It’s a huge quality issue when those lab results don’t come back in the right way, to the right patient record, so I think it’s an enormous issue.

And I think it’s also, as Paul pointed out before, I think it’s also a huge issue in terms of the ease of adoption of systems. I mean, if we can smooth this over, people will be able to put systems in and become meaningful users of systems at a much more rapid rate than they currently can. And especially since providers in an outpatient setting have to use multiple labs, this just becomes an expanding nightmare, so this is just hugely important.

I just wanted to speak to what Marc said. It seems to me on the inpatient side though that the hospitals that are not providing services to community providers, that really if the hospital has a system that’s functioning between their own internal laboratory and their own hospital based system, that becomes less of a priority to have to interfere with right now and to say that they have to meet some particular standard. If it’s working within the hospital system, and that’s integrated, that’s not really as big an issue. It doesn’t really affect me. It only affects me if I’m using that hospital laboratory to provide services to the outpatient setting. So I’m wondering if you’ve separated those two things so that maybe those huge, expenses that the hospitals would have to go through aren’t really necessary to happen on the same timeline as everything else that we’re talking about.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Yes, we were thinking about the ambulatory side.

David Blumenthal – Department of HHS – National Coordinator for Health IT

I want to give us a time check here. You have given us such a robust, full set of recommendations that I had the feeling that we need a little more time to digest them than we have right now. I don’t know if that is true of my colleagues here on the committee. Some of them are directed at the Office of the National Coordinator, some at CMS, some at other committees, and some may or may not be actually within our authority, even though they may be good ideas.

I’d be interested in any suggestions about how to proceed. Also, we have some amendments from Christine at a minimum. I don’t know if there were other, and I think Latanya had and Marc. I’d like to make a proposal that we neither accept nor reject these at the current time, but that we table them, and that we consult, the workgroup consult with ONC, CMS, our counsel to get some information about what is within our jurisdiction, assuming that you want to make recommendations that are within the legal jurisdiction. We are free to make recommendations….

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

If we have to.

David Blumenthal – Department of HHS – National Coordinator for Health IT

And that we incorporate new recommendations, suggestions from committee members, and bring them up at the next meeting, which I think is in January. Correct? We weren’t scheduling this in January, but we will make it possible, and that we do the direct consideration of the recommendations at that time. Does that seem reasonable to people? Yes, Paul?

Paul Egerman – eScription – CEO

Yes. I just have a concern as it relates to the December rulemaking for certification. I would encourage this group to accept the recommendation that for the certification criteria or for the lab results standards that we do the standards committee approach without the variability. That we establish at least that component because we’re going to miss an opportunity otherwise because whatever is in that December rulemaking is what all the software is going to get certified … that’s a powerful thing, a powerful lever.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Yes, Roger?

Roger Baker – Department of Veterans Affairs – CIO

I don’t sense any disagreement in the room relative to the standard for this saying that there is a standard and the implementation guide is the standard for that. I think there’s more discussion around how firmly do you enforce that, and where do you go from there. So what I would suggest is potentially this group determine that, yes, we’re in favor of a standard, and that that’s the one that we recognize. Then maybe move it forward from there about how you then implement that and enforce it.

Paul Egerman – eScription – CEO

It’s going to be the standard without the variability that’s recommended.

Roger Baker – Department of Veterans Affairs – CIO

Yes. That’s the reason I said the implementation guide deal with it.

Paul Egerman – eScription – CEO

…suggest that we accept that component of the recommendation.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Just to clarify what that means, as I heard Micky said it. It would take our standards committee recommendations and say that the policy committee would amend the standard recommendation to say that we should adopt a single standard for lab results reporting?

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Right now it would be confirming essentially the standards committee recommendations around results delivery.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Right, but that we would wish that the standard be adopted now with a glide path to implementation.

Deven McGraw - Center for Democracy & Technology – Director

But the glide path applicable on the compliance side versus expressing in standard as temporarily allowing alternatives in 2011 and 2012.

David Blumenthal – Department of HHS – National Coordinator for Health IT

That’s what I’m not clear on what that means in fact, what we are actually asking as of January 1, 2011 would be different from what the standards committee recommended.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

I guess, as a practical matter, it may not be different, but I think that what it does is it sends an important market signal that there is a single standard from the get go, and allow CMS the ability to have a compliance guide path that accommodates the same issue that I think the standards committee wanted to accommodate, but in a slightly stronger form.

Deven McGraw - Center for Democracy & Technology – Director

One could think of it as a difference in the meaningful use matrix between what gets stated as the objectives to be met versus what’s the measure of whether you’ve met that objective. I guess we sort of see the measure as the sort of compliance glide path lever. So if you say we want lab results transmitted according to this standard, this is the standard beginning in 2011. But yet, in terms of how providers report that in fact that’s occurring, it’s done in the same way as with some of the other measures: self attestation, percentage of test results reported where there’s no specific requirement set, and where maybe in the early years some gliding from zero to 100 is acceptable. Versus saying that the standard in 2011 allows local alternatives for two years, and then in 2013 becomes the standard.

Paul Egerman – eScription – CEO

I think the meaningful use criteria said that an objective was to incorporate lab results in the structured format. Then I think that’s the policy recommendation. Then the standards committee then says, well, what are the standards in which you would transmit that in the structured format? I think your modification is to say we should set that standard and it be unwavering. On the compliance side, there can be some glide path, but not allow the exception, the local exceptions to occur as it’s implemented. I think we would, in a sense, modify and perhaps a little overrule the allow the local variation to occur, so to say not to allow the local variation to occur.

David Blumenthal – Department of HHS – National Coordinator for Health IT

But the practical effect would be that there would be a standard, but non-standard transmission would not disqualify someone from being a meaningful user until 2013. Is that the matter of fact?

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

If that’s how compliance ends up looking at it.

David Blumenthal – Department of HHS – National Coordinator for Health IT
Paul?

Paul Egerman – eScription – CEO

That’s correct. The fundamental goal here is we’ve got … 70%, 80% of the community that is not transmitting lab results at all. And if we can simply nail down a single standard without the variability, we can get them started doing it right away according to that standard, and that would actually be a huge step forward. What I’m recommending is simple is that the standard and the certification criteria be without the variability.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Roger?

Roger Baker – Department of Veterans Affairs – CIO

Just to comment as an implementer, naming the standard then makes it much easier to build the business case inside. You know, there is a standard. Let’s go implement to it. If there are choices to be made, you then make the choice to implement to the standard instead of the variable piece of things. Just speaking as somebody who is probably going to spend some money in this area over the next few years, I would prefer to have a named standard to target.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Okay. Yes, Art?

Art Davidson - Public Health Informatics at Denver Public Health – Director

Yes. I too want to thank you for a wonderful presentation. I just want to get clear about this local standard issue. If an HIE, as you suggested during the question and answer period, might be able to do some of the translation, would that be from 2.3.1 to 2.5.1, or from some local vocabulary that then becomes LOINC, or it’s something else? Is that not a local standard that’s acceptable? Isn’t that still a local standard or coding that is being used, but translated in a way that allows an environment to continue, but still have exchange, and even as Paul suggests, interoperability? I just want to understand what that means, changing the glide path if that’s the way that an HIE decides to, and its environment decides to address this?

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Yes. I think the workgroup felt comfortable that that would be one way that a lab source system could meet this requirement. That if instead of trying to go in and have to make all the changes in their own source system, that if there is an HIO organization or HIE function in their state or that applies to the customers that they’re delivering to, that that could be one way that they could solve this problem. It basically left it open to the market or to that being an alternative way for them to accommodate this.

Art Davidson - Public Health Informatics at Denver Public Health – Director

Thank you.

David Blumenthal – Department of HHS – National Coordinator for Health IT

What I would like to do is have, Micky, perhaps you could move. I think it’s the first recommendation. Is that correct? Actually, it should be a member of the committee who should probably move it. Jodi?

Jodi Daniel – ONC – Director Office of Policy & Research

I would move it.

Deven McGraw - Center for Democracy & Technology – Director

I had just one more question, if I may.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Sure.

Deven McGraw - Center for Democracy & Technology – Director

I didn’t hear any real controversy or concerns about recommendation two about, which really it seemed like it focused on guidance. I’m just wondering if there were issues there, if that might be something the committee might want to consider moving rather than tabling.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Recommendation two of issue two?

Deven McGraw - Center for Democracy & Technology – Director

Yes.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

The CLIA ones?

Deven McGraw - Center for Democracy & Technology – Director

The one that talks about guidance, basically a cert letter that provided guidance, slide 19.

W

Yes, I agree with that.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Okay, so we’re really talking here about the recommendation on slide 15 and the recommendation on slide 19, as two recommendations that the committee would like to move at this time, reserving, tabling the other recommendations without rejecting them for reconsideration and refinement at our next meeting.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Can I add one? It looks like the one on 20 is a partner with the one on 19. In other words, it says, align the state CLIA with the CMS clarification, so it seems….

David Blumenthal – Department of HHS – National Coordinator for Health IT

I’m a little less clear on, for example, the requirement of the state HIT coordinator to work with the CLIA administrators. I think that the question of what are authorities to require that needs a little bit of examination. So I would like to consider that further.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

And is it just slide 15 or 16 as well, for clarification?

Deven McGraw - Center for Democracy & Technology – Director

Fifteen only has the one line, 16 has the good stuff.

Roger Baker – Department of Veterans Affairs – CIO

I guess my suggestion would be … 15, but specify the standard as part of that. Fifteen says there should be a standard, you know, adding something that says, and it should be … HL-7.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

I think that’s what 16 does.

Roger Baker – Department of Veterans Affairs – CIO

There are a lot of words on 16. I feel like a senator. I can’t read all 2,000 pages.

Deven McGraw - Center for Democracy & Technology – Director

What about the first sentence on page 16?

Roger Baker – Department of Veterans Affairs – CIO

The first bullet with the three sub-bullets?

Deven McGraw - Center for Democracy & Technology – Director

So the first bullet, yes.

W

…second bullet….

Deven McGraw - Center for Democracy & Technology – Director

I’m sorry?

Roger Baker – Department of Veterans Affairs – CIO

This says the recommended in 2009.

David Blumenthal – Department of HHS – National Coordinator for Health IT

So I would like a … in effect, what this committee does is it creates an agenda for the standards committee.

Deven McGraw - Center for Democracy & Technology – Director

Right.

David Blumenthal – Department of HHS – National Coordinator for Health IT

We are not in a habit of adopting standards here.

Deven McGraw - Center for Democracy & Technology – Director

Right.

David Blumenthal – Department of HHS – National Coordinator for Health IT

So I think I we direct the standards committee to do this, then the standards committee can make the next step.

Deven McGraw - Center for Democracy & Technology – Director

Right, although I think we have to be careful about that because they think they’ve already done this, so we don’t want to suggest that they have more work to do.

Latanya Sweeney – Laboratory for International Data Privacy – Director

But also the concern was that the meaningful use, as Paul pointed out, is this says it requires some structured communication. And as the other Paul pointed out, he said, yes, so it’s implying that the meaningful use needs to explicitly provide the HL-7 version 2.5-whatever standard. So it’s congruent with what the standards passed, but I think what I heard was people saying, but the meaningful use, it should be at that level for certification.

M

Certification happens as a result of implementing the policy recommendations. The only thing I’ve heard different is that this group, the HIEs group is recommending that a modification to the standards ruling that 2.5.1 is the standard, but without exception. Is that correct?

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Except on the issue of the compliance issue that we talked about.

M

Right.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Part of the reason that we laid out those three sub-bullets is because the standards committee, I think, believes that through the Tiger Team process, though HITSP, that then make the recommendations for the … with the approval of the implementation guide, that they actually did address this issue of the wiggle room and all that. So we’re just reflecting that they believe that they have done that, but that we wanted to be clearer that that’s what we wanted to have done without being able to go in and verify point by point by point.


To Deven’s point, we’re a little bit – one of the challenges here is that we’re a little bit out of order. They approved this in September. Now….

David Blumenthal – Department of HHS – National Coordinator for Health IT

But there are other issues such as make mandatory. All the secretary does is adopt standards. She does not make them mandatory. She simply adopts them, and then they become the standards against which records are certified for meaningful use. I think there are some other issues here that need to be clarified just in terms of the applicability of the language. And even though I think we have a sense of what we want to do, I would feel – I’m comfortable with number 15. I’m not sure I’m comfortable with the first bullet in number 16.

Just to give us a chance to kind of scrub these from a legal standpoint and just to make sure that we’re all comfortable. So I’m comfortable with 15 and then with, if Tony is comfortable with the slide that recommendation 19, I think we could move those at this time. Do I hear a motion to that effect? Okay. Second? Why don’t I just ask if there are any objections? Okay. So moved, so we’ve adopted it. And then I’d also like to move that we table the remaining recommendations for additional discussion or consultation with the working group and with the standards committee, and that we bring them back for reconsideration and further discussion at the January meeting. Do I hear a second of that? Any objections? Okay. Great. Thank you very much.

Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

Thank you.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Great work. We’re now only 19 minutes late, but we’ve done a lot of excellent work.

M

We’re almost … minutes late.

David Blumenthal – Department of HHS – National Coordinator for Health IT

I have a different schedule, so I prefer mine. Now we’re going to hear from the new NHIN workgroup. And for that, we’re going to hear from David Lansky, and I guess Danny Weitzner is not here. Farzad was here.

David Lansky – Pacific Business Group on Health – President & CEO

Thank you all. This is a new workgroup, just recently formed, that’s had one in-person meeting, and I hope we’ll be in a couple months with the same level of discussion we just had about the lab results exchange. We are not there yet. We have begun to conceptualize the path ahead of us. Tomorrow afternoon, we’ll be in a better position to tell you a little bit more about our subject, but let me walk you through where we are up to this point.

It’s a new work. Danny Weitzner, as many of you know, is a very expert and well-established leader in Internet policy and standards setting, so we’re very lucky to have him join us as a cochair. I’m sorry he couldn’t be here today, but Danny has been a great leader in the workgroup getting formed and beginning to focus on a topic.

The next slide lists who’s been participating in the workgroup in our first couple of meetings. You’ll see a number of people from this committee, as well as several from the standards committee, and several who are new to our discussions, but bring a lot of expertise, both from the vendor community, and from some of the consumer facing services as well, so we’re very fortunate to have this group assembled. We also have one of the states represented, California, so the state IT coordinator there is with us. And we’ve had very good support early on from the staff to help us get some shape to what we’re about.

The next slide summarizes the charge of the workgroup, and we are essentially looking at the Nationwide Health Information Network as a whole and trying to see what are the critical enablers that we can accelerate so that those parties interested in achieving meaningful use can have the connectivity necessary to do so to achieve meaningful use. The first thing we did was take a look at the objectives for 2011 and 2013 and say what is it that we can do at the nationwide level to make sure that the connectivity is in place. So we’re looking at that both from a policy and technical standpoint, as this slide says. And we are assuming that we will achieve secure and standards based exchange using the Internet as the platform.

The next slide, and you may have seen at the bottom of that last slide that we have a very aggressive timeline. We expect to have a first set of recommendations essentially a month from now, so we need to move very quickly to understand the landscape and where we can add some value.

Therefore, we have really focused our attention on prioritizing. In a sense, as you may recall when Deven and Micky presented the HIE workgroup a few months ago, there was a very broad view of what the challenges would be to achieve connectivity there. As we just heard in the last hour, they identified really high leverage issues that need to be tackled quickly and focusing on the lab. I think we had the same challenge as a workgroup.

What we’ve done is to say yes, the Nationwide Health Information Network is a very wide landscape. What can we do to quickly find a high leverage point of intervention that we can do something appropriate. So the next slide says that what we’ve done is looked quickly at the 2011 criteria. We identified a set of meaningful use criteria from the matrix, which seemed to require information exchange across the larger network.

Within that domain, we have again zoomed down one more level and looked at the issue of pushing data from an electronic health record or another system to another know user, so this is a very focused subset of tasks that are part of the overall agenda of the Nationwide Health Information Network. This slide says we are looking at those areas where we push data from one provider to another or one healthcare organization to another, where the sender may not have an existing electronic relationship to the recipient.

We understand that there are a half a dozen categories of foundational services and definitions that are needed for the Nationwide Health Information Network to function. There’s been a lot of very good work done in the last three, four years to elaborate each of these areas and to develop software interfaces in some standards and others, and we are not going to replicate or spend our time critiquing that work. What instead we’ve done is acknowledge that there are all these areas in play that are foundational. These are the pipes and wires underneath the surface of the applications that all of us are familiar with, so this is relatively low-level engineering. But one of the areas highlighted here that we think there’s a gap that could be remedied fairly quickly in the area of directories and certificates.

Essentially what we’ve noted is that if we want to push information, if the doctor wants to push information from his or her EHR to another user, they need to know how to locate that user across the network, so they can push that information across. That phonebook function, if you like, is broadly missing now, or at least it’s not well standardized, and it’s not easily accessible. We also realize that we have, of course, 80% or 90% of the providers now to whom you might want to push some of this information that may not be on electronic health records, so the ability to finding this phonebook, and then within that phonebook knowing if I can push the message to them electronically or need to do it with a fax or other technology is another layer of this challenge.

We don’t know. We have not surveyed the full landscape by any means, so we are going to have a hearing tomorrow where we will hear from a number of organizations, which are involved in this directory functionality today. And we will have a second hearing in early January to deal with the issue of authenticating users who are sending traffic across this network. So these are two informational hearings for us to understand the landscape better, and then hopefully within a few weeks after that, we’ll have at least some preliminary recommendations on how this larger problem can be solved.

Our next slide, Dr. Mostashari’s slide, he’s fortunately available to help us walk through.

Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

I just want to provide a little bit of added color, commentary to this. ONC’s requirement, responsibility is to foster a nationwide health information technology infrastructure that allows for the electronic use and exchange of information, and that promotes a more effective marketplace, greater competition, and increased consumer choice, among other goals. But really key to this, implicit in the requirements that are going to come out with meaningful use and the health IT payments for Medicare and Medicaid, we also have a responsibility, I think, to a credible option for all motivated providers who want to use the Nationwide Health Information Network to be able to do so to achieve meaningful use requirements.

The Nationwide Health Information Network has been a lot of terrific work that’s been done. We really are asking people very broadly to engage with the work that’s already been done with NHIN and to see what is there because I think there are a lot of misconceptions potentially in terms of what it is and what it isn’t. And, in fact, it’s a set of tools and services and standards that enable the exchange of patient data, and it’s relatively streamlined.

In terms of – let’s see if this works, these slides work. I’ll say click … I can do it myself. Fantastic. Control.

To exchange patient data simplistically, and under the NHIN model, these two different agents here are organizations, can be health information organizations that do this. But the first step is that they should agree on what information is to be transmitted and how it is going to be packaged up. Someone said – I think it was Neil Calman said, if a lab is communicating within its walls, do they need to speak English within the walls? No, within the walls of the house, they can speak probably whatever. I think it’s German in that diagram. But when it goes outside the house, it needs to be packaged in a consistent way.

You may need phone pages to look up. I’m looking for a doctor who is a cardiologist. To be able to find that person the yellow pages, and also … in the yellow pages is their phone number, so how do we route that message? Whatever is … as David said, there may be multiple ways about finding the person. It may be Dr. Jones at, you know, my favorite health information organization, or it could be a fax number if someone is not so enabled.

There is authentication. I think that's a John Hancock there, which is basically a signature that currently in the paper world that’s what we use to insure that that is the person who they say they are. But in the NHIN context, there are some fancier tools with certificates for doing that authentication. There are delivery protocols, and there is security, which in the example of what happens today using paper, the delivery protocols is the mailman, and the security is not just the U.S. Postal Service mailbox, but it’s also the laws that surround that make it a felony to interfere with the U.S. post, so there’s security.


Then there’s one more thing, which happens in today’s paper world, and I think is sometimes implicit is the trust relationships. When I receive a request from another provider for information on a patient, it matters a great deal whether I know who that provider is, whether I have a relationship with that other provider or not. So this is, I think, the chain of things that we need in the paper world to … for example, a referral or a consult from one provider or provider organization to another. It’s the standards. It’s authentication. It’s directories. It’s delivery protocols. It’s security and the trust relationships.

Essentially, the Nationwide Health Information Network provides the same. There are documented messaging and vocabulary standards. There are directories and services. There are delivery protocols and security and trust relationships that are made explicit in the electronic context.

Of these, I think it is, many of these are pushed out to the edges in terms of what the health information organizations need to do, and there are others that are required within the network itself. I think we are focusing on directories and certificates, particularly because it is a critical element that helps not just the traffic. It’s externally required services, external to the health information organizations or to the … organizations. And if we think about supporting meaningful use and recommended meaningful use requirements from the HIT Policy Committee for 2011 and 2012, if we think about even the simple use cases for the provider to provider, provider to pharmacy, the lab to provider or provider to health plan, if we think about even those simpler user cases, and we’re not talking about being able to query for patients data wherever that information may be, those all essentially—

Let’s take the provider to pharmacy example, which is currently done through the SureScripts network, and we’ll hear about e-prescribing, I believe, with the health information exchange workgroup next month, more detail about that. But among the services that the SureScripts network offers are, I look up a pharmacy. I want to send a prescription to somebody. They provide an authoritative directory of pharmacies with multiple means of contacting that pharmacy, including fax, as well as electronic. They provide a secure routing mechanism. They provide an assurance to the pharmacy that the person who sent this prescription is in fact licensed to send prescriptions, and that is really a partnership between the SureScripts network and the EHR vendors who jointly provide that trust that the person is who they say they are, and they’re a licensed physician. And that’s kind of the key elements there.

If we think about in the NHIN context, in order to send that message from provider to provider, surely you need the secure messaging, the secure routing, but you also need the ability to find from one provider to the other provider, and to have authentication mutually on both sides. And among the NHIN services, the directories and certificates provide that mutual authentication encryption, as well as the discovery service. And we can go through. They are all essentially variants of the same. You have A, and you have B, and you want to get securely a message from A to B with trust on both sides.

So we recognize that we need to meet the needs of today and tomorrow, and I think this is one of the key challenges that we have. Probably the key challenge that we have is that while we build something today that can support the 2011 recommended meaningful use requirements, we also don’t take ourselves into a situation where what we do today hinders our ability to meet the needs of tomorrow. That, I think, is the essential challenge here is how do we build – do what we can do today so that this is part of an evolutionary path with incremental growth and, just to be clear, those are the, I think, policy committee recommendations that involve information exchange in 2011, 2013, and 2015.

Other key considerations that are going to be discussed by the NHIN workgroup include the need for the trust fabric. What is that? Is it a DURSA, a reciprocal use agreement? I think, for sending prescriptions, that may not be necessary. There are other forms of trust. There are other forms of business arrangements, memorandum of understanding, and also human relationships, but in all cases, we do need to have a solid trust fabric that’s appropriate to the context within which the exchange happens.

There’s the challenge, as David said, of authentication, and this is a bigger challenge than just our workgroup faces. This is a broader challenge in the Internet age, and we’re going to be drawing on the expertise of groups who have been working on this in our January hearings on identity management and authentication. As we said … consideration is what can we do today to accelerate the exchange of health information. There’s a real sense of urgency around doing what we can do today to enable motivated providers to achieve meaningful use in 2011 and 2012.

The committee is also going to consider the role of the appropriate role of government. Government doesn’t need to do everything here. What is the irreducible core of how government can be most effective and most – acting as a catalyst or as an accelerant to information exchange? Finally, to enable broad participation across the widest possible spectrum of potential participants in both large and small organizations. Thank you. Sorry, this is our agenda for tomorrow’s meeting, and all of you are invited. A public meeting, all of you are invited to join us.

David Blumenthal – Department of HHS – National Coordinator for Health IT

I have to apologize. Paul had the correct calendar. I should always know that Paul is correct. I was working from an out of date one that someone slipped me, so we are a little later than I thought, so I apologize for the fact that we are probably only going to be able to take a couple of questions on each of these. Latanya?

Latanya Sweeney – Laboratory for International Data Privacy – Director

First of all, I’m absolutely ecstatic about having this working group, and I think I’ve told you earlier, and I’ll say it again. I’m just – I think this is a wonderful move, absolutely wonderful because it will definitely affect what the privacy workgroup – it’ll help solve a lot of issues because it gives us a concrete thing to focus on.

But I do have some questions about considerations. The model that you described is a push model, moved a lot following the e-prescribing, but a lot of the issues are also pull models. And so I’m hoping that you’ll address that because that’s really where a lot of the thornier things come from.

Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

Exactly, and we absolutely agree. That’s why we really, I think, the workgroup as a whole is acutely aware of the need to meet the needs, the simpler needs, but also what we put in place must be what can support more advanced forms of exchange as well, and that’s, I think, partly why we started with some very basic services like a directory. It’s not sexy, but it’s basic and it’s used in a variety of feature states, in a variety of scenarios, in a variety of architectures. It’s going to be useful to have, so move forward on what we can move forward, and what we have knowledge of. David?

David Lansky – Pacific Business Group on Health – President & CEO

I just want to emphasize that the group as a whole did a hooray when they focused on something fairly simple, short-term, that we think we can actually tackle quickly, and then we’ll have to move on to quite an array of other issues too.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Richard had a question, and then I think we’re going tro have to move on.

Rick Chapman – Kindred Healthcare – Chief Administrative Officer/CIO/EVP

Yes. Maybe just the one thing I would ask the group to do is something that’s been a big question in my mind about health information exchange all along has been the continual viability economically of such a proposition, and most have failed because after the grant runs out in one form or another, they don’t work. So I’m connecting the dots to what you’re talking about back to that. As you clarify the role of government, I would just like to have it clarified is the government the owner, operator, in perpetuity of this network and it’s basically knowing nothing is really free, but free to the people who choose to avail themselves of its services in the activity of health information exchange, either as a verb or a noun. That actually is the issue because one of the things I’m most concerned about is the viability of the business model around health information exchange, and I think it’s the elephant in the room. So is that clear yet about the government’s role long-term, or is that something you seek to?

Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

I think it’s a very important issue for me, and I think, for us to articulate an answer to that question, I don’t think we have it yet. I do think most of the elements we’re talking about in this foundational layer are things like in the lab example we just discussed where standard setting and these core services need to be identified first. And whether some of them can be satisfied through market activity or through other units of government like states, as David said at the outset in terms of the licensing boards, we need to assess for each of these categories of service where is the most efficient locus of execution. I think we’re going to favor those, which are subject to market forces and dynamism. That has to mean that the business models … so I think we have to work through each of these cases in order to answer that question properly.

Rick Chapman – Kindred Healthcare – Chief Administrative Officer/CIO/EVP

Thank you.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Thank you, both, and now we’re going to hear from the privacy and security workgroup. Deven, we never cease to draw on you. And Rachel Block, who has probably had to adjust her schedule a little bit.

Rachel Block – New York eHealth Collaborative – Executive Director

I’m on the phone.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Thank you, Rachel.

Deven McGraw - Center for Democracy & Technology – Director

Given that … for time, we’ll try to be very parsimonious here. We had our first workgroup call last week, and unlike the NHIN workgroup, it was two hours long, not luminous, so we don’t have many slides other than to sort of introduce you to the group and give you a snapshot of sort of where we’re going to be going in the future.

Here are the members. You’ll see that we have a number of folks from the policy committee, but we also are well bolstered by folks from the outside who bring significant expertise on one or more of the many issues that we’re likely to take on. We have strong, I think, consumer representation. We have health plans at the table. We have folks who deal with administering the legal requirements at the institutional level. We have NIH at the table. Again, I think it’s a really good group. It’s a very strong group. We had a very robust discussion … workgroup call that I thought was only going to take about an hour since we didn’t have a specific agenda, ate up the entire two hours, so I think our work is cut out for us, but I think we have a group that is very interested in making some significant progress on this issue.

This is our charge. It’s presented in draft. I think we’re close to being done, but there were a few additional wordsmithing that we may take maybe the first 15 minutes of our next meeting to deal with, but I think the essence here is to, again, making recommendations on privacy and security policies and practices that build public trust, and aiming really for addressing the challenges in a way that enhance privacy and security, but also facilitate the appropriate access, use, and exchange of health information to improve health outcomes. So acknowledging that what we’re dealing with here is privacy and security as an enabler to getting done what we are trying to get done in this entire effort versus privacy and security necessarily as an end in and of itself.

What we did do was start to discuss, number one, a policy framework for guiding our own actions going forward, if not recommending the framework for adoption by the larger stakeholder community that is impacted by these recommendations. Similarly, we started to discuss what issues we would be likely to tackle, and I think our ongoing challenge here will be to, again, leverage the expertise we have on the group with the enormous number of issues that really either are squarely put on our plate or could potentially be put on our plate.

And I think Latanya is right that the NHIN workgroup deliberations are very central to some of the recommendations that we would make here, and so, in part, we discussed how we would stage the taking on of some of these issues so that we are picking up on and enhancing the decisions that get made at that workgroup level versus attempting to sort of deliberate these in two silos and hope that they connect up at the end. And there is some workgroup overlap, which will hopefully keep us from, worst-case scenario, stepping on each other’s toes, but best-case scenario, actually having this work be kind of organically coordinated as it occurs.

Similarly, NCVHS has done a tremendous amount of work in recent history on some of the issues that are likely to come before us, and has on its sort of draft work plan, some of the issues that ordinarily would come to us, so we’ve got; Rachel and I have a call scheduled with the two privacy cochairs to try to think about ways to, again, leverage the synergies between the groups and make sure that we’re sort of moving a number of issues forward simultaneously if we can, but again, worse-case scenario, avoiding the worst-case scenario, which would be that we’re actually stepping on each other’s feet.

We do have both Paul Tang, who is on NCVHS, as well as John Houston, who is one of the cochairs of the privacy workgroup, on our workgroup. Similarly with respect to a number of sort of security issues that arise that require some policy considerations, we have Dixie Baker, the cochair of standards who is on our workgroup as well. Again, the hope is that some of this sort of cross-fertilization, cross-pollination of groups will enable us to be better coordinated going forward.

Just one of the things I hope to do very early on is to have a work plan come out of this group that identifies what the specific issues are that we’re going to take on and the order in which we will take them on. Again, some of that – staging all of this is going to be highly dependent on making sure we are leveraging what’s coming out of the NHIN workgroup, for example, and other relevant workgroups in order to allow this process to actually evolve in a way that makes sense.

But, for example, policies about for what purposes can the NHIN be used, and is it just treatment? Is it also payment? Is it a range of other administrative tasks? Is it research? What then do you do about the issue of consent? A kind of shorthanded way of referring to it as opt in or opt out. Again, staging this in a way that incorporates what’s going on with the NHIN workgroup is going to be critical.

Security policies that Dixie has already begun to do some work on, but has said, and I think she will say again today about how there need to be policy recommendations that drives some of this stuff forward. Deidentification, personal health records, the accounting of disclosure rule, how is that going to be implemented, patient identification issues, we will take those on, perhaps in concert with NCVHS. We’re working off of their previous recommendations. Potential state law barriers, again, this conversation will be continued. What I hope to do, again, is to work plan with staging and taking on some of this stuff in a realistic way so that we can actually make progress on it.

As I was looking at this issue, there’s so much here that we could do. But even with a group as large as ours, even if we were to divide ourselves up into some subgroups in order to try to work more effectively and more quickly, they are not easy, and they’re going to take a significant amount of deliberation to ideally reach consensus on. But I’m going to stop there, Rachel, and see if you want to add anything.

Rachel Block – New York eHealth Collaborative – Executive Director

No, I think you did it exceptionally well, as usual.

David Blumenthal – Department of HHS – National Coordinator for Health IT

I want to thank all the members of the workgroup for taking on this responsibility, which is considerable. And based on the very efficient way we have processed, in this committee, the recommendations of various workgroups, I still think that one of the things we have to plan for is enough time for us together to talk about these. As part of your work plan, therefore, I would encourage you to work with Judy and Jodi to think about introducing your recommendations in traunches so that we have enough time to discuss them fully and don’t have a problem of having to cut the discussion short when we actually get them. This, of course, we have to do without delaying unduly getting to these issues, which we can’t allow to drift. So this is another nut to crack in terms of scheduling, but I think we’ll find a way to get it done.

Any other questions or comments? Great. Thank you, Deven and Rachel.

We’re now going to hear from the strategic planning workgroup.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

We’ll be brief as well, and Jodi and I will share this presentation. I have the pleasure of working with Jodi on this workgroup. As you know, updating the strategic plan is a statutory requirement for David and the ONC, so this is heavily staffed and driven by the Office.


The next slide, you’ll see that the workgroup members include a sampling from both the HIT Policy Committee, as well as the HIT Standards Committee, as well as others, so it’s a fairly large group.

You’ll recall that the last time David talked about with the hectic pace we had in trying to meet all of the statutory milestones, we had to do a lot of activities in parallel, both in this group, as well as the HIT Standards Committee. And we wanted to now take a moment to step back and look at the overall principals and objectives for both policy and technology, and so that’s why this group was set up in order to fit in with also the update to the strategic plan, as we talked about earlier.

The end result is, by May, that we would have, the policy committee would then have a set of recommendations. It would feed into David and the Office, as part of their updating the strategic plan work. And so, working backwards then, we’ve divided ourselves into a couple of other smaller groups that’ll work on some themes that Jodi is going to be talking about. For each of these themes, we’ll be talking about sort of principals and guiding themes, move on to goals, the strategic objectives, and strategy.

There’ll be four themes and these will be written out. We’ll go through a process of vetting each of those with this full committee, and then once we have a draft that we feel comfortable with, we will then have a listening session that we’ll be exposing this to the public and get additional feedback. A lot of this is to gather and collect and provide additional assimilated advice to the National Coordinator, as he develops the updated strategic plan.

This is where Jodi will talk about the process.

Jodi Daniel – ONC – Director Office of Policy & Research

Great. Thank you, Paul. As Paul had mentioned, the HITECH Act requires the National Coordinator to update our federal health IT strategic plan. This is something that is quite an undertaking based on our prior experience, and we really wanted to do it in collaboration with our federal partners, as well as with broad stakeholder input so that we really have a well thought through plan that incorporates all of our new responsibilities under HITECH, all of the new responsibilities that may not be quite as specifically articulated in HITECH, but that we hear about and that folks believe are important that we need to incorporate into this plan.

Just to give an outline of how we see this all working and the timeline, this committee created the strategic plan workgroup, so you try to get that public/private collaboration and provide advice to ONC to help influence our planning process. What we’re looking for from the – what our expectations of the workgroup are is to have a draft of a strategic framework paper, as Paul had described, with the themes, strategies, objectives, and goals by March. Hold a listening session in April where we can get broader public input beyond just our workgroup and those that may listen in and pay close attention, but really have a broad listening session to get as much public input as we can, and then the workgroup will take that input and finalize a strategic framework paper and present that as recommendations to the full committee for presentation to ONC.

What our timeline is at ONC is that we hope to have, then take that and have a draft plan in the June timeframe. We have a lot of ONC staff that will be working very closely with this workgroup so that they’ll be following along, helping to provide the support and also incorporate some of the thinking into our thinking, and then we would have a clearance process, which we always have in the federal government to get these documents out to make sure that we’ve appropriately reflected various federal agencies and that it’s met all of the other requirements, including our legal requirements. And our goal is to publish in about October. This is not hard and fast deadlines. This is just a work plan at this point, so that’s what we’re hoping to accomplish.

What we discussed in our initial call were four themes, and we did get a lot of really great feedback from the folks who participated, and so these themes, the next time you’ll see these, these will probably look a little bit differently, but I think there was some support generally for the concepts that were put forward. The first was promoting meaningful use of health information technology. The second was leveraging information and technology to support a learning healthcare system to have the system actually learn from the information that’s available to provide better support and decision-making using the technology and the information that’s available. The third was to establish privacy and security policies, supporting public trust and participation in health information exchange, and the fourth was to establish policies for a technical infrastructure, supporting electronic health information capture and exchange, so making sure that we have the policies that we need and the technical infrastructure that build off of those policies to support our electronic health information capture and exchange.

What we’re hoping to do, as Paul had mentioned, is to look at principals for each of these goals, objectives, and strategies for each of theme, and then have the strategic plan workgroup talk through those. We have some smaller groups of folks who have volunteered to take a first stab at thinking those through and bringing them back to the workgroup for greater deliberation in January, and then we hope to have some thoughtful discussion that we’ll bring back to the full committee.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Any questions, thoughts? It sounds like people are hungry, so we’ve almost gotten back on track her. Why don’t we take – if we take a half-hour lunch break instead of a 45-minute lunch break, we’ll be back on schedule. So the Marriott is looking forward to your business, and….

Paul Egerman – eScription – CEO

…recommendations for…?

David Blumenthal – Department of HHS – National Coordinator for Health IT

There are lots of places outside, but if you just go outside. I don’t know the neighborhood, but maybe someone else does. Anyway. Thank you all. See you in a half-hour.

Judy Sparrow – Office of the National Coordinator – Executive Director

We’re ready to resume if you could take your seats, please, and I’ll turn it over to Dr. Tang.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

Dr. Blumenthal had to attend to another meeting, so he’ll be back after his call, so we’re going to resume with the panel on health plans. Charles Kennedy was so kind of organize it and provide us with the information for this panel.

Charles Kennedy – WellPoint – VP for Health IT

Thank you, Paul. Good afternoon, everyone, and thanks to Dr. Blumenthal for the opportunity to put together a payer panel. What I’ll do is frame the discussion with a few introductory comments and then go ahead and introduce our first speaker.

One question, I think, we as payers get quite a bit is why haven’t health plans and other payers invested in health information technology more aggressively? I think one of the fundamental reasons is summarized on this slide, which is, when we look at the projections of what the anticipated savings could or should be, and we match that up with what we’ve seen in real world results, there’s been a bit of a disconnect, and I think, over the next 60 minutes or so, we hope to kind of fill in some of the reasons we think there are for that disconnect and hopefully offer some interesting ideas on a path forward.

But I think the fundamental thing that I’ve learned is that healthcare is about what happens to individuals, not institutions. We’ve seen frequently where health information technology deployments have been focused more on the operations of the institution than necessarily the care that happens to the individual. That can be summarized in this slide. This is meant to represent a typical cancer patient’s journey through the care process, starting with the visit to their primary care doctor, maybe a referral to a specialist, some MRI or other advanced imaging, a surgical procedure, a follow up with their primary care doctor.

The key point is this. This is a very complicated path, and in order to effectively manage it, you have to have systems that are truly patient centric. One of the leaders in putting together these kinds of solutions happens to be with us today, Dr. Andy Wiesenthal from Kaiser, and Kaiser is, in some ways, advantaged here because they represent the entire box, a tightly integrated system where all of the care is being delivered within the vast majority of it within their organizational boundaries. I don’t have a bio. Dr. Wiesenthal is the associate executive director for the Permanente Federation, and we welcome you with your comment.

Andy Wiesenthal – Kaiser Permanente – Exec. Dir. CIS

Good afternoon, and thank you. I will say that I’m a firm believer in standards, and the standards I was given was note slides and five to seven minutes, so strap on your safety belts. Here we go. Thanks for the invitation to be here. I’m Dr. Andy Wiesenthal, Associate Executive Director of the Permanente Federation. I appear today on behalf of the National Kaiser Permanente and Medical Care Program, the largest private, integrated, healthcare delivery system in the United States. In addition to the Permanente medical groups, it includes the Kaiser Foundation Health Plan and the Kaiser Foundation hospitals and their subsidiaries.

Kaiser Permanente is somewhat different for the other payers represented here today. We are really an integrated healthcare delivery system that performs insurance functions for its members. Given that, it was natural for us to want to implement health information technology. Our intent in so doing was to promote the transformation of healthcare from our members’ perspectives, improving their health outcomes, improving their experience of care, and improving the efficiency and effectiveness with which their premium dollars are spent on their care.

Building on decades of experience, in 2003, we began the deployment of Kaiser Permanente Health Connect, our integrated, electronic health record and health information system. That deployment is largely complete. Our 432 medical offices were integrated by April 2008, and only small pieces remain for 3 of our more than 30 owned and operated hospitals. We have trained more than 14,000 physicians and 150,000 other staff, all of whom use the system all of the time for all of their work.

Health Connect represents the sole medical record for all of our 8.6 million members, more than 3.2 million of whom are active users of our patient portal, personal health record. They regularly exchange more than 750,000 secure messages with their physicians per month. They have received tens of millions of their laboratory results, more than 60 million to date and counting, refilled millions of prescriptions, made millions of appointments, and reviewed post encounter advice and instructions from their clinicians stored for them on the Web site.

We’re putting information and transactions formally reserved for healthcare workers into the hands of our members. They’re better at it than we are. And they prefer being a locus of control for their own healthcare, as it relates to these functions. Beyond that, we’re using the data we collect and aggregate to promote standardization around best evidence and more coordinated care of members with chronic diseases. There are may examples of success. Combining KP Health Connect registry tools and a followup team comprising pharmacists and nurses, we have reduced post AMI all caused ten-year mortality by more than 70%.

Let me repeat that, death rates down by more than 70%. Nothing fancy. Just identifying the at risk members and aggressively supporting them as they attempt to reduce their lipids, lower their blood pressure, get more exercise, and lose weight. Using similar techniques, we have also shown that we can slow the progression and even prevent the progression of insulin dependent diabetics to end stage renal disease, requiring dialysis, again, less people on dialysis than before.

Our oncologists, oncology nurses, and clinical oncology pharmacists have designed evidence based treatment plans for more than 400 of the common adult malignancies. These, again with the already standardized pediatric treatment plans, are instantiated into KP Health Connect, and are being used with all members with cancer. We expect to dramatically increase the safety of care, as well as the efficacy of care for these members.

All members may take an online health risk assessment using a standard tool. The results are incorporated into their medical record after being brought to the attention of their primary care physician. The member may then, on the basis of their results, be assisted in taking advantage of online self-management tools for a range of issues identified by the HRA. These tools are available to all members, whether they take the HRA or not. They receive periodic online reminders about their self-developed plan, and they are offered opportunities to retake the HRA to gauge their progress against goals.

Beyond having access to all medical records from wherever they are, physicians have on the desktop, real time access to data about their member panels, including both summary data and data identifying primary preventive care gaps for every member, and they are shown secondary preventive and treatment gaps for members with an array of chronic medical problems. Virtually everyone else in the organization also has role-based access to KP Health Connect. Whenever they encounter a member, be it in person, on the phone, or on the Web, they are presented with alerts related to preventive health and chronic disease management for that particular member. They have the authority to urge the member to have recommended tests and interventions, which are ordered under protocol from the member’s physician. Thus, receptionists, pharmacists, call center nurses, and specialty physicians are all part of an expanded primary care team, taking accountability for assisting members and adhering to recommended treatment and prevention plans.

As a result, our rates of primary and secondary prevention interventions are consistently now among the best in the nation. One need look no further than our HEDIS measures in mammography and chlamydia screening for proof of that assertion, where most of our operating … rank in the top ten in the country. None of this was necessarily easy. We have learned as much about what not to do in deploying health information technology to end-users as we have learned about best deployment practices. Stated in a positive sense, budgets need to be protected over several years. Projects must be managed by clinicians, not by information technology professionals. I may offend a few people here. My apologies.

Care transformation goals must be identified and targeted from the outset. Customize commercial software at your peril, and automation exacerbates the problems associated with workflows that are already cumbersome. As we design our successful interventions, members are at the center of our thinking and are often part of the design process itself. It is critical to understand how they want to view and use data and clinical advice. The platform we have built in KP Health Connect was configured and deployed with those ends in mind, and our early results are more than encouraging.

I’m grateful for this opportunity to share some of our successes and to describe the lessons learned from our experiences. Thank you for the chance to be here today. And I’ll just conclude by saying that listening to the testimony and the deliberation this morning, the future is here now. It’s just not uniformly distributed. If you want to see it, come to one of our offices. Thanks.

Charles Kennedy – WellPoint – VP for Health IT

Thank you. Moving from an environment of an integrated delivery system into the types of solo and small group practice that are typical throughout the nation offers a new set of challenges. When we look at the types of challenges that a physician in a solo or small group practice will face when it comes to deploying a system that would match up to this patient flow through the delivery system, I’m immediately struck by the fact that even if a physician buys an electronic medical record, in this particular example, he’ll only get 3 nodes out of the 12 or so care nodes in this particular patient’s path through the delivery system.

Health information exchanges will certainly help that issue. However, in order for health information exchanges to work, quite a bit of infrastructure needs to be deployed. Our next speaker is going to address some of the infrastructure that is already there that solo and small group physicians use, and potentially could be leveraged in health information exchanges. Julie Klapstein is the CEO of Availity. Availity is a joint venture between various BlueCross and BlueShield plans, including Florida, Minnesota, WellPoint, as well as Humana and HCSV. Julie has more than 30 years in the health information technology industry, and we welcome her here today.

Julie Klapstein – Availity – CEO

Thank you, Charles, and thanks to the committee for the invitation to be here today. As Charles said, I’m Julie Klapstein. I’m CEO of Availity. Availity is a health information exchange, not a payer, and we’re connecting today more than 150 health plans directly and over 1,150 indirectly to over 60,000 doctors offices’ throughout the country. We currently have more than 600 million transactions on our network, and we’re growing very rapidly throughout the U.S.

We provide administrative, financial, and clinical transactions between health plans, physicians, and hospitals on the same network. We’re an independent company with a sustainable business model supported almost entirely from administrative and financial transactions paid for by the health plans. Our transactions are offered at no cost to providers, hospitals or physicians.

Availity is unique in the industry. We’re a true, multi-payer solution for providers. We have a common look and feel across multiple health plans and transaction types. We obtain mass provider adoption region-by-region. The best example of our ability to gain mass adoption was in our founding region, which is the state of Florida. All hospitals and 95+% of physicians’ offices in the state of Florida utilize our portal and our clearinghouse to exchange information with health plans and each other.

In the past three years, we’ve implemented the Availity Care Profile. It’s a provider facing health record in more than 8,000 doctors’ offices in Florida alone and hospitals. We don’t replace the EMR or the electronic record in the hospital. We supplement it with additional information principally from claims data, as well as lab results. We’re used in the smallest solo practitioner to the largest multi-physician office.

In November 2009, we implemented Care Profile for Florida Medicaid, the agency for healthcare administration, so we have multiple private and a public health plan information on the same patient, even if they have changed plans. When the patient moves from one plan to another plan, we may still have their data for up to two years. We’re doing the same thing in other states, all financed by administrative transactions from the health plans.

The primary source of our health data is obtained today from claims. The clinically oriented administrative data includes critical information about the patient. It does include diagnosis, but also tests ordered and performed, medications history, medications prescribed, ambulatory visits, as well as hospital visits. We supplement that data from other sources, not just the health plan, such as lab results. We support, again, the electronic medical records that sit in the office or whatever other clinical module that’s accessible by the provider in their own office, and allow the information to be downloaded right into the EMR if they so choose.

They also, alternatively, can just go online, any Web browser, and just review the information online. It’s readily accessible on a Web browser. The information is valuable because it’s current, it supplements the information that the patients report themselves, and gives the provider a much broader history and knowledge base to support meaningful use. The providers know not just what happened to their patient in their own office from their own notes, but also what happened to the patient across town with other caregivers or the hospital if there was a claim filed. Sharing information across caregivers in unrelated organizations is one of the unique things about the model. Providers can avoid duplicate orders, and they have a medication history readily available and current.

There are three key messages I wanted to leave you today. Number one, the infrastructure that you’re building on the clinical side doesn’t have to be set up from scratch and built from scratch. Deployment and adoption efforts on a new network are time consuming and costly. We’ve been through it. I’d recommend that the existing administrative networks used today for claims transactions be used for clinical exchange as well. The new standards for clinical exchange that you’re developing will be utilized, as well as, of course, the existing HIPAA standards, which we use today. It will easier later when you want to combine clinical, financial, and administrative data on the same patient on the same record if the same infrastructure was used.

Number two, let me comment on one thing. There were some discussions this morning on architecture, so although it’s not in my notes, I wanted to comment on a few of the decisions you’re making because we’ve not only made them, but are also in the middle of making some new ones related to what you’re going through. On the vocabulary side, when we think about exchanging patient data, we of course today are principally claims driven. We use procedure codes and ICD-9 going to 10. We also, of course, encode all data that we can, such as lab results.

We’re looking now at a concept dictionary and medical lexicon obviously to translate medical data in EMRs, as they move across our network from provider to provider. We’re using the CCR protocol today. However, any health plan that wanted to send data with CDA, we’re ready to use that as well.

On authentication, we use single factor today. We use name and password, but we’re looking at two-factor identification, and the big thing for us, because we really focus on mass adoption, is make sure whatever you pick, that it’s useable for your normal physician, or no one will adopt your network.

On encryption, we do everything over the Internet, all of our data exchange. We use HTTPS, the standard … for the Internet, file transfer, also a virtual private network for some of the larger users, all on the Internet. We are wrestling with provider data management. Each of the health plans does their own, and we are a federated model, so they’re storing the data and dealing with the provider directories. I think, in the future, a centralized directory so that everybody doesn’t have to keep all the information up to date makes a lot of sense.

Finally, of course, we’re very careful with the HIPAA laws about chain of trust. We have BAAs from every vendor, every provider. All 60,000 offices must have a contract with us and, of course, following the HIPAA rules. So infrastructure, again, doesn’t need to be built from scratch. There are things we’ve learned on the administrative side and its existing networks that can exchange clinical data.

Secondly, build a sustainable business model. We don’t charge payers, and we don’t charge providers right now for our care profile because we don’t have to. The financial and administrative transactions pay for the clinical transactions. Claims data is just one source of valuable data and shouldn’t be left out of the definition of meaningful use.

Number three, build it for scale. Our network has unlimited growth and moves transactions between 60,000 provider offices and hundreds of thousands of providers in seconds, real time, roundtrip. New payers like WellPoint and BlueCross and BlueShield of Minnesota just joined in 2009 and are migrating their transactions to Availity without a performance impact due to our scaleable architecture.

In summary, we believe the evolving standards for information exchange under the meaningful use definition are invaluable to the industry, and they’re actually invaluable to us as well at Availity. We recommend the definition to be expanded to include claims data as a necessary and valuable source of information as well. Thank you.

Charles Kennedy – WellPoint – VP for Health IT

Thank you, Julie. Assuming we get health information exchanges constructed, we will run into a new problem, and that new problem is making sense out of the information that we will have, very efficiently hopefully, connected. Here is an example of an actual state HIE architectural diagram that we were asked to review in one of our states. One of the first things we did was ask ourselves where is the patient in all of this.

As you can see, the patient is actually distributed across multiple data sources where the data in these multiple repositories may be duplicative or, at times, conflicting. The output you get from an HIE can be represented here. This is an actual HIE, and you get stacks of data. You get reams and reams of data, and that can be helpful. It can help you identify a duplicate test. If you’re a specialist seeing a patient as a referral, it’ll allow you to see things that you otherwise would not be able to see.

But as we begin, as health plans begin to look at, but how do you assemble this information into an understanding of the patient, their diseases, as the care management strategies that are being used? Health plans have, for years, tried to take that information and make progress in that way because we are a point of aggregation. In this particular example, all of this information does come together at the health plan. Now, granted, it is claim data, but it does represent a path. It does offer a representation of the patient’s path through the delivery system.

One of the leading organizations in taking this data and turning it into information is Ingenix, and I’m very pleased to be able to introduce Andy Slavitt. Andy Slavitt is the CEO of Ingenix. Ingenix is the world’s leading health information technology and one of the world’s leading health information technology and consulting companies. Ingenix helps clients improve quality, reduce cost, and make the healthcare system work better, leveraging data assets. Andy was named CEO of Ingenix in 2006.

Andy Slavitt – Ingenix – CEO

That’ll be fine, Charles.

Charles Kennedy – WellPoint – VP for Health IT

Okay.

Andy Slavitt – Ingenix – CEO

And I appreciate the opportunity to address you today on this important topic. As Charles said, I am Andy Slavitt, CEO of Ingenix. Ingenix is a leading health information technology and consulting company with more than 10,000 team members in 50 countries.

Our innovation in the use of health information is probably what we’re known for the best. Our longitudinal databases cover more than 90 million patients and span over 15 years. We have over 200 decision support software products, have created and maintained the leading methodology for measuring cost and quality of episodes of care, providing information for 730 million online consumer searches annually, operate the Lewen Center for Comparative Effectiveness Research to investigate new treatments and identify what therapies are most effective, and are a leading provider of real time decision support to physicians in the United Kingdom.

Our workforce, which we’ve carefully built over the last 15 years, includes the largest collection of healthcare scientists, epidemiologists, economists, bio statisticians, clinicians, policy analysts, and actuaries, giving us a distinct perspective on how health information can be used more effectively. Over the past decade, we’ve gained a unique perspective on how health information can be used to support physicians at the point of care. We provide information directly to over 240,000 direct physician clients in 6,000 hospitals. Ingenix also brings information solutions focused on improving outcomes and productivity to the world’s leading payers, life scientist companies, governments, and employers.

Now the challenge we face in creating and promoting health IT begins not with technology or with information, but simply with the opportunity to remove defects from the system through improved consistency, productivity, and efficiency. According to a study by our subsidiary, the Lewen Group, the three largest categories of waste, inconsistent care delivery, unhealthy behaviors, and inefficient administration total $850 billion annually because better use of information providers the underpinning necessary to address each of these inefficiencies.

This brings us to the challenge of getting technology adopted properly, one of the many challenges this committee is set out to address. These challenges are unlikely to be solved with financial incentives alone. This year, Ingenix conducted research regarding physician attitudes toward the ARRA and the adoption of EHRs, which we’ve attached to the testimony. The research uncovered two concerns that need to be addressed, particularly in the small physician office environment.

First, we found that many doctors believe that adopting EHRs will introduce significant new costs that will encumber their practice. Second, many doctors believe the disruptions to their workflow will offset or outweigh the potential for clinical gains from deploying an EHR. To make health IT work well, we need to put usable information into the physician’s workflow. While common estimates show that compliance with evidence based treatment guidelines is less than 50%, our analysis shows that a large majority of the time the proper information in the proper hands at the proper time will in fact improve outcomes. Only a small percentage of the time are significant variations a matter of insufficient physician expertise.

Better information in the workflow creates better care. Here’s an example. Ingenix has worked with the state of Michigan since 1994. With the state, we worked to integrate data from 15 separate state systems to form a single data warehouse and link this information into the care setting. During the 2006, 2007 flu season, we worked with the state to identify children on Medicaid who were at risk of flu complications that were not getting treated. When any of these children presented to the physician’s office, a message popped up on the screen alerting the physician to administer the flu vaccine. Fifty-nine thousand children were treated under this program. In addition, we helped the state reduce lead poisoning among children by 35%. As a result of these initiatives, the state removed approximately $200 million in annual costs from its healthcare programs.

How do we get this information technology imbedded in healthcare? In our experience, people, and physicians are no exception, rarely adopt technology. Rather, they use services that improve their lives. Rarely do they seek to transform the way they do things without good reason, even with third party incentives. People do, however, very frequently adopt new services that solve real problems for them, often through applied technology. When this happens successfully, the technology platform itself is in the background, and the service is in the foreground, as is the case with so much of the commonly used technology applications that are used today in the doctor’s office, online banking, and online travel.

The killer applications that emerge out of the EHR infrastructure will gain mass adoption by attacking common physician problems and creating obvious benefits. So while payers and quality organizations may be focused on metrics, harnessing the power of health information starts with meeting the need of doctors. Physicians need help in a number of ways from managing their patients to managing their overburdened offices. Solving these problems is the key to physician adoption of technology. As physicians adopt technology to solve these problems, they not only improve their own practices, but they improve consistency, productivity, and outcomes across the entire health system.

By focusing on physicians this way, we believe we can impact the most precious 15 minutes a patient has with her physician. So in partnership with the AMA, Ingenix has launched the Ingenix model physician office to focus on modernizing those very 15 minutes. These model offices are pilots where Ingenix is digitizing the office’s optimal workflow and inserting critical information to improve the patient/physician experience. Essentially, we want to scale the benefits that we saw in Michigan.

The world of the model office is designed to provide a different experience from the one most of us live in today as doctors and patients. Picture your father or your grandfather in a strange town feeling ill, and very concerned, and seeing a new doctor for the first time. Now rather than prescribe him a medication that he’s rejected three times, the physician can ask why the drug has not been tolerated. Rather than simply follow hunches, the physician can see how physicians around the country are treating similar symptoms for people his age. Rather than looking only at the experience of her practice or provide a step-by-step view to the patient, the doctor can see how the treatment decisions have unfolded for thousands of patients in his situation longitudinally. And rather than make a referral to simply the best known or most convenient specialist or medical center, she can confidently provide a recommendation as to who has treated the most patients in his situation successfully.

The good news is that the information exists today inside Ingenix to make the simple transformation described above. It also exists, however, inside many places: in payers, labs, and PBMs across the system, and it’s there to be harnessed. The challenge is that providing this connect cannot simply be an exercise in dumping information from a payer to a provider’s office in either paper or a portal. Past experience has proven that layer multiple new processes on physicians for accessing and reporting data, particularly when those processes are different across multiple payers, does not help. In fact, it introduces new burdens and new costs. It also exacerbates the sense among physicians that government and commercial payers are out of touch with the realities of everyday healthcare practices.

Workflow solutions cannot cost tens of thousands of dollars up front, require ongoing maintenance and upgrades, and introduce significant time requirements for implementation and training, particularly with the 70+% physicians who are in practices of fewer than 10 doctors. Office technology should ultimately be seen as an access point to a great Web of information. Ingenix Care Tracker is one example. With simply Internet access, physicians can manage their populations, treat patients, connect and coordinate care, view current data on evidence based medicine, manage compliance, and manage their back office processes. While the challenge shouldn’t be underestimated, it should also not be overcomplicated. There is good evidence that once physicians adopt new technologies, the practice can be transformed, and the results are real and long lasting.

Finally, in our experience, information and analytics have been used successfully, primarily by government and commercial payers who work closely with the physician community to improve results at the point of care. But we are only at the beginning. As the policy committee sets a framework for enabling the health IT to improve outcomes and reduce costs, both Ingenix and our sister, UnitedHealth Group affiliate companies, offer ourselves as a resource to assist in assuring success. My written submission to you provides a number of policy considerations on matters ranging from information analytics development, connectivity, privacy, access, standards, and measurement. Thank you.

Charles Kennedy – WellPoint – VP for Health IT

Thank you, Andy. A payer panel wouldn’t be complete without a discussion of, well, pay, so we have two speakers who are going to talk about the intersection of health information technology and pay, specifically pay for performance programs. One of the most important intersections, of course, is the potential data and the potential new data, specifically clinical information that health information technology can provide.

Our first speaker is Catherine MacLean, and she will talk about data considerations and performance measurement. Catherine is staff vice president, clinical quality at WellPoint where she leads the center for quality measures and improvements.

Catherine MacLean – WellPoint – Staff VP for Performance Measurement

Good afternoon. Thank you, Charles and committee members. It’s a pleasure to be with you this afternoon and to have this opportunity to speak with you regarding the meaningful use of health information data, in this case for performance measurement and assessment of healthcare quality.

Before I make my comments, I’d just like you to know where I’m coming at this from. As Charles mentioned, I am a staff vice president for performance measurement at WellPoint. In that capacity, I am responsible for monitoring performance measurement programs, seeking out appropriate performance measures that we can use, and interface a lot with various clinical organizations, quality standards organizations, and physician specialty societies.

Before coming to WellPoint three years ago, I was in academic medicine for about 15 years at UCLA and Rand and the West LA VA where my focus was on performance measurement. How do you measure performance? How do you define it, and what data sets can actually work for us? What’s the validity and feasibility of using different types of data for performance measurement?

My comments today will focus on the interface between health plans and health providers, between data that are produced in the course of providing health benefits, and data that are produced in the course of delivering healthcare. …that the administrative and clinical data sets that are developed by health plans and health providers respectively are complementary, and that when linked or otherwise combined, provides significantly more useful information to providers and health plans than either data set alone.

The utility of the combined data stems from the filling in of gaps that are inherent in each data set. To be sure, the size of the gaps and, hence, the added utility of a linked or combined data set will vary depending on the particular administrative or clinical data set. It is my view, however, that there is added value, even when combing robust data sets. This value stems from the increasing data completeness and accuracy, as well as from reducing the burdens of data collection and organization for different parties, which can be very substantial.

Healthcare quality can be defined and measured by the structures, processes, and outcomes of healthcare delivered. The last five years have witnessed an explosion in the development of performance measurements and endorsement of those measures. My area tracks publicly available performance metrics, including those developed by NCQA, the Joint Commission, medical specialty societies, and others. There are currently well over 2,000 measures in our database, including the 545 that have been endorsed by NQF as of today.

Despite these seemingly large numbers, however, there are still significant gaps in the areas for which performance metrics exist, both in terms of the depth of measurement within a specific disease or condition, and the breadth of types of conditions that are actually covered by the metrics. However, even with these gaps, and focusing only on those available metrics, the largest challenge that we face in performance measurement today is in obtaining the data elements that are specified in the performance measurement that we actually already have.

In the U.S. today, the collected administrative data of health plans represents probably the largest and most likely the most commonly used source of data to assess healthcare quality. The main advantages of administrative data are that they are readily available. They include large amounts of data across large numbers of physicians and large numbers of patients, and the administrative burden is zero for providers, so data have already been collected for another purpose. However, these data do not contain the detailed clinical information that is specified in many performance measures. We estimate that only about 600 of the 2,000+ measures that we have tracked can reasonably be applied to administrative data, including about 100 that are NQF endorsed.

More important than the total number of measures that can be obtained by a given data set, however, is the number of important measures for which the required data elements are available. Many of the most meaningful measures of healthcare quality require specific, detailed, clinical information. Broadly speaking, these most meaningful measures include outcome measures such as mortality, the occurrence of specific morbidities, and health status and pain function, but also include process measures that require clinical parameters to have meaning. Very specific elements are defined in some performance measures such as the ejection fraction of a patient’s heart output or very other specific clinical data that are not available in claims data and, in fact, are very difficult to get even out of many clinical data sources.

For the most part, the most meaningful clinical measures currently cannot be applied to administrative data. In fact, there are few existing data sets to which these measures can be applied in such a way as to provide uniform measurement across large numbers of patients or providers. Barriers to measurement include irregular reporting of some data elements at the point of service and, more importantly, the absence of a mechanism or an infrastructure to capture, organize, pool, and analyze those data.

Organizations that have overcome these barriers include some integrated health systems such as Kaiser or the Veterans Administration, and a few medical specialty societies, including the Society for Thoracic Surgeons and the American College of Cardiology, each of which maintain detailed clinical registries for cardiovascular disease. The goals of any efforts to measure healthcare quality should be to improve the quality for the individual patient at the point of service, to provide feedback on performance to the individual providers or groups in order to facilitate population management and quality improvement, and to make available to the public meaningful assessments of healthcare quality by provider or group, as appropriate.

I am unaware of any organization in the U.S. that does all three of these things well today. I think that the reason for this is that performance measurement is hard. It’s resource intensive work, and few individual organizations have the capacity or, quite frankly, the interest to do that today. Collectively, however, I think the U.S. healthcare system or U.S. health community has the skills and the resources to overcome these limitations. It boils down to a very basic level. The challenge we face in measuring quality is one of missing data, and data sets that are not appropriately organized to measure quality. In some instances, the data elements are truly missing, and methods to collect them need to be developed. In many other cases, however, the data exists somewhere, though not in the data set being used to measure quality.

Collaborations between health plans and healthcare providers could facilitate the development of complete and appropriately organized data sets, while reducing the administrative burden of either party going it along. Over the next few minutes, I will explain how. In so doing, I will address the committee’s interest in understanding how health plans can provide physicians with the real time information that can be used by providers for clinical decision support and about individuals patients and, in addition, to population management and quality improvement by the practice.

For the purposes of the discussion, I will define real time information as information that’s available at the point of service, recognizing that there are lag times associated with both clinical and claims data and that the period of lag time impacts the usefulness of the data to varying degrees in different scenarios. Further, I will point out that certain data elements, which have long lag times, may provide value in the long run, even though they may have little immediate value. Hence, these elements that have long lag times can provide real time value.

Data for individual patients can be characterized by length with longitudinal aspects of the data, depth, or the degree of detail included in the data, and breadth or the completeness of the data across providers in care settings. Data for a population can additionally be characterized by inclusiveness or the degree to which all members of the population are represented in the data. Data length, depth, breadth, and inclusiveness are each critical for some aspects of patient and population management and irrelevant for others.

Additionally, each of these characteristics is associated with acquisition costs, which can be substantial. Consequently, data sets are typically built so that they can facilitate the specific management tasks for which the owner is developing them with the lowest possible cost. This approach has led to the development of a myriad of different data sets within the U.S., which may fulfill their independent purposes or the intended individual functions well, but collectively they fail to serve the overall management needs of individuals and populations in the U.S. because they were not designed to do this.

The data included in the health records maintained by clinicians, clinical registries, and health administrative data differ in their length, depth, breadth and inclusiveness. While the clinical records generally provide great length and depth, the records of virtually all healthcare providers will contain gaps regarding the care provided by other healthcare providers. This problem exists even in relatively self-contained systems with robust data. For example, CPRS, the electronic health record system used in the VA healthcare system, is very complete in terms of length and depth and breadth for veterans who obtain all their healthcare within that system, but has huge gaps for those veterans who receive healthcare or parts of their healthcare in other systems.

Data included in clinical registries are generally focused on the care rendered by a single provider at a single facility and often for a single episode of care. Hence, these data sets are generally very deep, but lack either the length or breadth. Health plans administrative data lack clinical depth and length, and the length depends on the enrollment period of individual beneficiaries. These data, however, have great breadth, capturing encounters across all healthcare providers over a given period of time, and have the potential to serve as the link to bring together data from different providers, and hence develop linked data sets with the length, depth, and breadth to measure healthcare quality well.

To this end, WellPoint is collaborating with the Society of Thoracic Surgeons on a project that is linking data from the STS registry with WellPoint’s administrative data. This project is being done in collaboration with the Brookings Institute through the Robert Wood Johnson Foundation high value healthcare initiative. Our hypothesis is that the quality that either data sets, that the measures that we will be able to look at … either data set alone will be less than what we’re able to do with the combined data set.

Beyond assessing what we can achieve with the successful link, we will also explore the utility, both in terms of quality and output and administrative simplification. One area where linkage could provide simplification is in the prepopulation of registry data with data from a health plan, for example, using pharmacy data.

Charles Kennedy – WellPoint – VP for Health IT

Cathy, I’m going to have to ask you to wrap up.

Catherine MacLean – WellPoint – Staff VP for Performance Measurement

In summary, there are a number of different ways that administrative data and clinical data can be combined, and I’m going to hand off to Rick Miller, who is going to take it away.

Charles Kennedy – WellPoint – VP for Health IT

Okay. Our last speaker is Dr. Rick Miller. Rick is from Wellmark, and he is the medical director and is responsible for collaborations on quality, a program, which has over 1,500 primary care physicians currently enrolled.

Rick Miller – Wellmark – Medical Director

First of all, I’d like to thank the committee for the opportunity to talk to you. I get pretty excited about this topic, so I will try to keep it short. That’s a challenge. We’ve got a lot of experience that I think is useful to all of you because I’m going to give you a little different view of the world.

You’ve heard a lot operationally about how programs work. I’m going to give you a view of how you work with clinicians to make this work. And I would suggest to you that it’s as much a cultural journey as it is an operational journey, and the amount of change that you’re proposing, while essential, is going to significantly change their world and how they practice medicine.

Having been through medical training, it’s pretty rigorous, and you learn a certain way of thinking, and it’s about repetition and stability and making sure you do the right thing for patients. It’s not necessarily about disruptive change to improve care, so this is not a skill set that comes naturally to clinicians, so as I go through this, I think you’ll see what this involves. I understand, from earlier comments, that you have an office of provider adoption support. I think this is going to be a very busy office, and you should consider adding a behavioral health specialist to the staff there.

Well, I’m Rick Miller, as was stated. I’m a family physician. I practiced for 11 years, and then I got the bug to get involved with quality improvement. I had some frustrations about how the health system was structured and thought I might be able to do something about that. I spent the last 14 years working on quality in various settings, clinics, hospitals, hospital systems, payers, and quality improvement organization. No matter where you go in the healthcare system or which aspect you’re coming at this from, payer, provider, or quality improvement organization, you run into the same barriers with quality improvement. And that is that it’s hard to create a good business case for providers for quality improvement, especially in the clinic setting.

I’ll give you an example. Let’s say you have a hospital system who becomes the best at managing congestive failure and diabetes and asthma. Well, what you may have in effect done is reduced the need for emergency room visits, hospitalizations, outpatient diagnostics, all the things that are the bread and butter for these organizations. One of the things that I think we have to overcome is we need to find a way to make good quality care profitable, but make it what we do and not an extra activity on the side.

I’m an old enough physician to remember when the quality improvement organization was a nurse in the basement of the hospital. She was not necessarily a popular person, so that has changed significantly. I’m happy to say they’re on the first floor now. They generally have a staff, and it reflects the evolution, but we need to take it a lot farther. It needs to be what it done.

Pay for performance, I would suggest to you is not a new thing. I think it’s been around for over 50 years. We’ve had a system that basically rewards productivity in terms of number of clinic visits, number of examinations, number of hospitalizations. The measurement system is called CPT and ICD-9, and the rewards come in the form of fees. That system, like any other reward system, has pros and cons. It’s had some desirable effects in terms of creating a lot more hospitals and clinics in access than there was before, but it’s not a very well balanced system because we don’t have good incentives in there for quality and for coordination of care.

In our program in Iowa and South Dakota, Wellmark didn’t really know the best way to do this. There were a lot of theories out there about how you would engage providers and how you might incent and reward them to practice higher quality care. Most of those were measurement systems that measured annually and then gave money based on the data that was collected. What we wanted to do was we wanted a system that the providers felt ownership in that was used to improve care management such that improved outcomes were the byproduct of that activity. It was the focus of that activity, and the rewards were there to recognize the hard work and to create a business case for quality, overcome some of the problems I mentioned earlier.

From 2004 to 2005, we had, I would call it, our chaos phase. We went out and experimented with a number of groups. We said you pick the measures. You pick the disease state. You pick how you collect that data and how you manage the patients, and let us know what works for you.

I would say that in this time period, we learned all the things you do not want to do in a pay for performance program, so what we did learn though was we needed a better, more efficient way to collect the data. From that, we ended up selecting an online registry for people to use so that they could enter data, track their patient, and use it at least ideally as close to the point of care as possible.

We needed to have standard measures, and we decided on NQF measures. We needed to all work on the same disease state so that we could learn from each other, so we selected diabetes and, later, hypertension. We currently also have asthma, immunizations under two, and cancer screenings. We have plans to add others, but they involve specialists, so that’s our next adventure.

From 2006 to ’07, that’s when we standardized everything, and I would very much support the activities of your committee. Standardization makes all the difference in the world, especially if the providers see the need for it and they want it.

Our outcomes improved during this time period in a way that was surprising to all of us involved in the program. Diabetes process measures, these are the tests like blood sugar and micro albumin and retinal eye exam, things like this that you’re doing a test. Those improved from 40% to 80%, so roughly a doubling in a number of patients that got necessary services. But more importantly, the outcomes improved from 35% to 73%. That’s on average if we average them all together. That’s the percentage of patients who are well controlled with their blood sugar, their blood pressure, their cholesterol. We knew that things would get better. We didn’t expect that they’d get better that much.

Here’s the bottom line. Providers do a good job for the patients in front of them. It’s the ones that aren’t in front of them that make their data look bad. By reaching out to those patients and getting them to come in, you have the opportunity to improve their care. That’s where those improvements come from.

We have good providers. We have good clinics. We have good hospitals. We don’t have a good way to track and support patients, and that’s what the registry allows us to do.

In 2009, this has been a year of analysis and learning. We wanted to kind of sit back and say, well, what did we learn from this adventure? What we saw was that clinic visits and drug utilization went up, so we actually spent more money on these things. What also happened though was emergency room visits started tailing off, and hospitalizations have been somewhat variable. We think they’re starting to drop, but that’s a longer-term proposition, so that's a story that we’ll have to stay tuned to get the final answer.

The bottom line, though, if you look at total cost, there’s no difference between the cost in the two groups. You have a group that’s well managed and has outcomes that are roughly twice what the other group is, but their cost is the same. So you can improve the quality of healthcare without spending a lot more money, and it may turn out that through the health improvements that are gained, if the hospitalizations do drop off, which we expect them to do, there’s probably a return on investment from this that will be reflected to health plans and premiums. And if you’re in the business of primary care, it’ll be a bump in revenue. There are always winners and losers in the quality improvement. I think what we’ve done is we’ve shifted the money from rescue therapies like emergency and hospital to primary care and kept people healthier.

One thing I will point out here, and this speaks to meaningful use and is probably instructed to this group is we saw bimodal results. We had some clinics that enter data regulatory, look at the analysis of that data. They share it with their providers. They have clinical champions. They do outreach to patients. They have health coaches to do this. They do soup to nuts, and they really use the data. They have meaningful use of the data. Their outcomes are way better than the ones who don’t. The ones who don’t, who haven’t quite made the leap, their outcomes look pretty much the same as people that aren’t in our program. So I again support your activities towards meaningful use because, at least from our experience, it makes a very significant difference.

M

Rick, this is the longest I’ve seen this committee be quiet, so I’m going to have to ask you to wrap it up fairly soon.

Rick Miller, D.O. – Wellmark Blue Cross and Blue Shield

Okay. In short, getting to the issue of a cultural adventure, doctors go through something that’s very similar to the stages of change. First, they hope you go away. It’s denial. Then, when you don’t go away, they get kind of upset at what you’re doing to them with the data. Ultimately, they start bargaining over whether the measures are fair or not. Then when they get to acceptance that’s where these kinds of improvements really start happening. This can only occur in an environment where there’s sharing of clinical data. It can only happen where there’s a focus on outcomes and this only exists in the clinical record. If we focus on both of those I think we’ll accomplish some very important things. We will re-establish trust between providers and payers. We will re-establish trust between the healthcare system and patients and we can make differences, both in quality and the cost of healthcare. I think these are essential things for our society. I thank you for your attention and time.

M

Thank you, Dr. Miller. Just to wrap up, to highlight on that issue of trust that Dr. Miller talked about, one of the questions I was asked to address was how can health plans be helpful in supporting real-time decision support. I’d just like to point out an experience we had in Dayton, Ohio, where we deployed a tool that took in both, claim data, as well as 150 different clinical data sources, put it into a single repository and made it available to both, the patient and the doctor, as a single record that they both used. In essence, trying to mimic much of what Kaiser did in a solo and small group practice.

Linked into this infrastructure was a rule of engines that ran real-time, so provided you real-time feedback as you were delivering the care. I’ll skip the screen shots just to say that the results were interesting. We actually did see a reduction in trend for users versus non-users and saw the same kinds of dramatic improvements in HITA scores, 10% to 40% year-over-year improvements that many of the speakers have provided. So I would say in closing, before we take questions, that I think there is a path where we can take advantage of many of the things that integrated delivery systems have done and replicate them in the solo and small group setting.

So, Policy Committee members, questions?

M

Thank you, all, for coming and talking with us. This is a really interesting and important problem for me, partly because I work with employers largely and you all serve our members and they rely on you as essentially the data integrators and the incentive integrators for driving some of these changes through the delivery system. So I’m wondering; there are 50 complicated issues here; if you could each just step up to some level of policy altitude and give us your sense of what, as a matter of national policy, how we should be thinking about the role of the health plan as a partner in achieving broader adoption of meaningful use and broader adoption of interoperable health information exchange. A couple of areas I’m really interested in: One is do you entertain payment strategies, which would more closely align with the meaningful use incentive program and how do we see private payers supporting or converging or not with what’s happening in Medicaid and in Medicare payment so that the incentives to providers are hopefully driving towards the same ends. That could pertain to performance measurements, P-for-P issues and those incentives could pertain to this payment policy itself.

A related question is integration across the continuum. As Charles has said and many of you have said, today the plans are typically the longitudinal integrators of data and typically the individual providers are not. We have a number of meaningful use categories that we’ve entertained, which had to do with care coordination and some kind of a longitudinal dimension. How should we be thinking about the plans as agents of data integration for meaningful use?

M

Well, I have this theory that doctors are smart people and that if you give them the right environment, the right tools and the right goals that they will figure out how to achieve those goals. The tools that you need to give them are basically information technology at the point of care and something that doesn’t require a lot of extra work for them. I would suggest that you need incentives not just for physicians, but for the health teams they work with. Nurses are the ones that make it go and so finding ways to create incentives around teams that provide care in the primary care environment.

I’ll give you an example. If you asked them to reduce the number of drug errors and you say, “Here is access to drug data on your patients across all sites of care and here are the outcomes we want and outcomes are really important,” they’ll figure out how to get there. Hopefully you’ll have the kind of standardized tools that you’ve been talking about during the day, but I think that one of the things we have to be careful of is being overly prescriptive, because what works in one setting doesn’t necessarily work in the next.

W

With regard to what health plans can and are doing in this regard, a couple of mechanisms health plans are using is to actually provide incentives for the use of HIT and so, for example, many of the WellPoint plans do include in their pay-for-performance programs an incentive for the use of various types of health information technology. Kind of taking it a step beyond that, we are participating in a number of Advanced Medical Home pilots, which, as you know, incorporate into the Advanced Medical Home HIT systems, but I think that how we, as a society, and how health plans can kind of really move, move the bar forward depends on whether we’re going to kind of use the sticker for that carrot approach. I think the carrot is much more efficient, but this is a very complicated area, as we know. I think that if the appropriate tools and resources were made available to providers that they would use them, but I think that in the absence of making them readily available there are a number of challenges, which we currently face and have faced for a number of years with adoption of health IT. It needs to be useful to the doctor in the practice setting and once we get to that point I think that we will see large scale adoptions.

M

I think it’s a great question. I would be cautious about creating more payment structures that reward for getting to a mean as opposed to getting to an end. I don’t think doctors like it and I think health plans are willing to try anything to see if it works to some degree, but to a larger extent I think they’d rather that this committee and all of the people focused on this issue help create reliable information to allow them to effectively reward primary care physicians for keeping people well and healthy. So I would focus on getting the information to support the pay for performance.

The other things that I think you well know and talked about, David, are important goals. Rather than looking at the payers and a way to egg this on, because I think we’ve got to stop getting doctors to respond to people dangling different kinds of pieces of cheese in front of their nose and saying, “This is the direction you ought to go.”

M

I can answer this from my context. I’m not quite sure how to answer it more broadly for the country, David, but our incentives are already aligned and we’re vertically integrated and we put a system in and almost none of these results happen automatically, so I actually disagree with my colleagues here on the panel. None of this is automatic. You have to target. You have to challenge; and, to this extent, Rick, I think I agree with you; you have to challenge doctors and nurses and pharmacists to work together to do X. We want to have no catheter associated infections in intensive care units, so what’s the evidence that you’re going to use and how are you going to use the system to help you do that. We want to make sure that every woman who is eligible, and we won’t talk about the new rules, has a mammogram. And we want to make sure that we don’t disadvantage women by doing too many mammograms and causing them to have complications from the investigations. So our experience is very powerful. You have to have explicit transformational care targets, because what happens when people get health information technology is that they do all of the old things using the new stuff. That’s going to just add cost and if you don’t stop people from doing all of the old things and say, “Do this in a different way,” you really run into trouble. You add cost and don’t reduce, don’t create efficiencies and don’t change outcomes.

Probably the single most transformational thing we’ve done, other than unleashing our own internal talents on some of these issues when we’ve targeted them is, in light of what you said earlier, Christine, we turn the members loose on this. The transformational stuff that’s come from that direction, it’s absolutely remarkable to me. I mean I thought I understood what was going to happen here ten years ago when we got started on this, but giving people information about their laboratory findings, giving them the access to their doctors, but by secure messaging, giving them direct access to instructions that people have given them, this has changed the whole game for all of us and you know what? All of our nurses and doctors were real worried about what was going to happen when we turned all of this information and put it into the hands of the members right away, real worried.

I ask each of you to think about yourselves. Would you like to have that information? Would you like it? Because our members sure do and do you know what? The doctors are not having any heartburn about it at all, so my plea to all of you is to figure out a way to tell the country to just get over it. Really. I mean I am growing increasingly impatient. Yes, we’re a different model and yes, there are ways in which we can do things that are perhaps more efficient. I’m glad I’m there, but the fact is that our doctors are just like all of the other doctors and they didn’t like the idea of releasing lab results and didn’t like the idea of e-mailing, didn’t like the idea of exposing their schedule to the members and they didn’t want to do quality improvement and they didn’t want to do all of the things that all of the doctors and nurses don’t want to do. Now that they’ve done them they’re actually happier and it’s better. So if we can’t be an example, because there are tens of thousands of us, then I’m not sure what else we can do for you here.

Thank you for letting me have a soapbox.

M

Deven.

M

I’d like to add one thing, kind of a quick thing.

M

Sure.

M

I would challenge you to think about health information exchanges and registries as public utilities. The reason for that is every health plan has lots of systems to deal with. All of them have their own technologies. Every health system has multiple payers to deal with. All of them have their own technologies. If there was a shared infrastructure where it would simplify it for both parties that was on neutral turf, so nobody owned it, I think it would take us a long way towards adoption.

M

... alternating current, huh? Exactly. Okay.

M

Deven.

Deven McGraw - Center for Democracy & Technology – Director

This question is for the Andrew from Ingenix. I want to specifically ask Julie, in her testimony, was a bit more specific on the privacy issue with respect to what they do with data and the chain of trust agreements. I want to understand if you all are independent of health plans and providers and yet have large databases where is the data coming from? What’s the legal authority for the data? What kind of data is it? What’s the authority by which that data is then shared with others?

Andrew Slavitt – Ingenix – CEO

Sure. Thank you for the question. It really depends. We manage a lot of information for clients, which is walled off and managed exclusively for clients. Some of those clients want access to benchmarks and want to share access to benchmarks and many of them do not.

The database that I referred to is our peer research database. It’s a database of research information that’s a set of information we own. You ask an important question, because I think how we think about privacy and how we think about security, I think, will to some degree be what allows us either to be successful or unsuccessful in this mission. We have a program that we launched called It’s Personal, which is an ongoing training program for all of our employees. It reminds them that ultimately, at the end of the day, as much as we think that this might be useful information that we get to work with, even in our best research, at the end of the day the way it got there was someone got a lab result or a diagnosis that went into some spreadsheet somewhere. By the time it shows up on one of my people’s desks it could easy to forget that. So we created this program in large part because we think that the jury came in and said we don’t trust the healthcare system to manage our information. I think the case has not yet been made, so I would strongly suggest that we have firm, uniform, consistently applied rules around privacy. I would strongly suggest that we try to minimize frequent rule changes or at least be transparent about them or it will be too complicated for people to follow.

I might give you two other things, because I know this is an issue very important to you. One is I would propose rigorous certification of privacy programs to establish good practices and, I think, allow people to be innovative and forceful in pushing that envelope.

Secondly, I would add pure health data research as a healthcare operation under HIPAA, because I think that’s an area that has researchers on they’re not sure which way that plays. I think there is good research that can clearly be defined and what ought to be in my view.

Deven McGraw - Center for Democracy & Technology – Director

If I can just follow up on that, I think I’m going to ask if you would submit yourself to more as we sort of really get started on our Privacy and Security Workgroup to me your answer rates more questions, some interesting, some that make my brow furrow a little bit, but we are going to be exploring those issues in more detail and I would love to ask you to speak with us separately and in more detail when we get to that, Andrew.

Andrew Slavitt – Ingenix – CEO

That would be great. Yes. We’d be glad to.

Deven McGraw - Center for Democracy & Technology – Director

Okay.

Andrew Slavitt – Ingenix – CEO

Thank you.

M

Paul.

Paul

Yes. I have a question for Dr. Wiesenthal. You made the statement that these IT projects should be led by clinicians and not healthcare IT professionals. I was wondering if you could tell us a little bit more about that. I assume because you said clinicians you didn’t mean just physicians ...

Andy Wiesenthal – Kaiser Permanente – Exec. Dir. CIS

No. Nurses, pharmacists, the broad definition of clinicians. That’s right. The reason I say that is because it changes, as Rick pointed out very effectively; this is a cultural change, not a technological problem. What you want is to have the physicians and nurses and pharmacists to own re-making their own environment and lead their colleagues through change rather than being the victims of something that they view as an information technology coup. Whenever that happens, whenever the latter happens, it leads to failure invariably. Not to offend Paul, but I don’t mean people who are very technologically adept either. There are plenty of physicians, who are trained informaticists, who are crucially important to this, but the people who matter are actually the dunces like me, who aren’t viewed as; well, Andy, he always gets confused because he plays with computers all of the time; it’s rather Andy is a clinical that I respect. He has said that this is an important way to move into the future, so I’m prepared to follow him. The nurses are exactly the same. The nursing leadership has to lead nurses through this in hospitals. If IT tries to do it it fails.

Paul

Did you give any special training to these clinician leaders to do this role?

Andy Wiesenthal – Kaiser Permanente – Exec. Dir. CIS

The answer is yes, both specifically for health information technology, but more broadly; and that’s another special thing about Kaiser Permanente; we do a lot of leadership training for people like me. I still see patients, by the way, but I have extensive leadership training, so we know how to manage large projects and we know how to help out colleagues through change.

I see the extension centers, by the way, as I look at them, hopefully, as the place where that kind of expertise can be concentrated for the small practices, who can’t afford to invest in themselves or in each other in the way that the Permanente medical groups invest in people like me.

Paul

Let me make sure I heard your last comments correctly. You’re suggesting that the extension centers should provide leadership training for clinicians to help with ...

Andy Wiesenthal – Kaiser Permanente – Exec. Dir. CIS

And physician leaders.

Paul

Physician leaders.

Andy Wiesenthal – Kaiser Permanente – Exec. Dir. CIS

In other words, in a community of extension centers or community focus if I’m understanding the model correctly, so they can identify opinion leader doctors from the community, from practice and actually pay them to take time away from their practices for a period of time to help everybody in that community get over the hump, because that’s what’s really necessary. If you look at our budget for implementation less than half of it, well, less than one-third of it was for software licensure and less than half of it was for anything that you might say was technical. More than half of it was change management, training and loss of productivity while people were learning. The more you can do to help doctors and nurses and pharmacists get through the learning period efficiently with their colleagues supporting them the less expensive the whole implementation process for the country is going to be.

So what we do is we put at their elbow another pharmacist, who knows how to do what pharmacists have to do. We pay that pharmacist not to count pills, but to help other pharmacists learn how to use the system. We can afford to do that because of our size and leveraging our scale. The extension centers have to be the place, I hope, where that’s going to happen for smaller practices and smaller units of care.

M

That’s very helpful. Thank you.

Andy Wiesenthal – Kaiser Permanente – Exec. Dir. CIS

You’re welcome.

W

I’d like to thank the panel for an outstanding presentation and triggering of many questions. As I listened to the breadth of what you shared I took home four key threads that went across. One was the importance of clinical data to actually arrive at the meaningful use outcome safety and true health transformation that we’re all seeking. The second is the engagement of the full healthcare team or the data derived from the full healthcare team. The importance of a culture of change and then the empowerment of both, the consumer and the clinician. I want to thank you for exposing, again, those threads that I think reinforce a chunk of the ONC programming that we saw reviewed early this morning.

I have a specific question for Kaiser and this relates back to Deven’s comments and questions. How did you deal with the people you serve within Kaiser in terms of the privacy, confidentiality, sharing of the data? One can only extrapolate that you have a marvelous knowledge discovery engine within your overall ...

Andy Wiesenthal – Kaiser Permanente – Exec. Dir. CIS

Let me ask you, so I can make sure I understand your question, are you asking how we approached our members about sharing data back to them themselves?

W

No. How do you approach them in terms of use and reuse of their personal data?

Andy Wiesenthal – Kaiser Permanente – Exec. Dir. CIS

Well, it’s an interesting story. We’ve been reusing their data for 60 years.

W

Right.

Andy Wiesenthal – Kaiser Permanente – Exec. Dir. CIS

In the beginning I’m certain that nobody asked them their permission. So what’s happened, you talk about a trust relationship; I think that implicitly Kaiser members understand or many of them do that we intend and have always used data in the aggregate to improve what we do for them. So there is the implicit understanding; there are certain explicit things that they sign when they become members, but I think that’s more important. Because we have a track record of protecting it I don’t think that people are that worried about it. We don’t use it. We are in a better position and a peculiar way to use it, to prejudice their healthcare than anybody else, because we are both, the insurer and the provider. If we were going to misuse the data and not provide care or exclude people because they had pre-existing conditions we would be aces at that and we’ve not done it.

So it gets at one of the core problems: If you don’t fear loss of care because somebody knows what you have then you’re actually glad that they know what you have, because they can do better at it. Yes, we try very hard to learn. We beat up on ourselves a lot and David helps to beat us up too. We don’t learn as much as we should or as fast as we should from the data that we have, but we’re doing pretty well I think. I don’t know if that addressed the questions the way you’d like, but I’m not sure I have a better answer.

W

It definitely does. Thank you.

M

Latanya.

Latanya Sweeney – Laboratory for International Data Privacy – Director

Yes. First of all, thank you very much for putting the panel together. It was really informative and very helpful. You said something that I had also heard recently Vanderbilt say, that when they’ve been able to deploy systems and they’ve been effective to get provider buy in or clinician buy in it’s been because it’s been very well focused on a particular problem that the clinician shared and had a benefit to. So we sort of went through this interesting process where those on the panel who know a lot more about medicine than I do came up with this set of meaningful uses. The question is are there also some opportunity uses that may resonate better with the provider and, therefore, lead to better provider adoption that if they were included aren’t something that necessarily increase the cost, but those would be the magic points that they would focus on? Because I notice a lot of times there are kind of these magic sufficiencies or opportunities that you could focus on and given your experience, could you articulate ...?

M

We could have a very long conversation about that. The short answer is that there are a number of work paths; we call them workflows; in clinical practice that doctors already find painful. So the win/win situation is when you can target improvement in care because doctors and nurses fundamentally want that. They’ll actually make their own work more painful if it’s obvious to them that care is getting better and we’ve seen that. But if you can couple that with an improvement in their workflow then you’ve got a real winner. So one of the simplest examples is not to have a standalone order entry system, but to have order entry that’s integrated into the actual way the care is documented. I don’t want to get too detailed, but you start out what does the patient tell you. That’s the history. What does your examination show you? What are the vital signs? What are your diagnoses? Then what is your plan? If the plan, which you have to write anyway in some form in an electronic record, as well as you would have on paper, actually generates the orders you’ve saved time for everybody and you’ve made the plan a little clearer.

Further than that, if the plan generates something that the patient can have so that it’s an aid, it’s a secondary communication tool for the patient so they can have it right then and they can have it later when they have a little time to think about what they’re supposed to do and what did the doctor really tell me, now you have a win/win/win. You’ve got better data. You’re targeting certain problems. You’re making a smoother workflow. Doctors like it. Patients like it. There aren’t a lot of those, but if you do them first you get a lot of acceptance.

M

First of all, I think Judith probably knows as much about that question as anybody you’re going to talk to, I think your question is worthy of the whole panel and I would suggest that the panel be filled with single physician practices. I think the first thing you’re going to hear is don’t do anything for me. Take a lot of the stuff away from me. All of the administrative processes that we threw at physicians pale in comparison now to all of the pay-for-performance-compliance programs that we’ve thrown at them that are uncoordinated.

We’ve done a lot of these follow-me-homes with physicians. I would say that there are six basic things they need help with. The good news is they will tell you they need help and if you talk to the physicians they’ll give you the clues, but number one, managing their population of patients as a population has been talked about.

Secondly, assisting with treatment decisions at the point of care has been talked about.

Third, coordinating care among multiple providers.

Fourth, streamlining practice workflow.

Fifth, simplify reporting and compliance processes, which is becoming a bigger burden.

Sixth, managing claim and reimbursement functions so they can be paid correctly upon first submission of claim information.

If you can help with those processes and technology can be used to help them with those processes I think it becomes an easier, easier adoption path. I would just look at all of the adoption charts and behavioral economics charts over the years. It’s typically one thing that becomes the killer app, the killer driver. It’s really around solving one of those. It will be around solving one of those problems. I’m not sure which one.

M

Great. We have time, I think, for one last question. Christine.

Christine Bechtel - National Partnership for Women & Families – VP

I just want to make a very quick comment on something that Dr. Wiesenthal said, which is you talked about, and I wrote it down somewhere here, that you have to have explicit transformational health targets and I couldn’t agree more. I just wanted to very quickly say that I think that takes us back to the achieval revision for 2015 as ... first laid out and really picking that up again. We keep sort of coming around to it and there is a need for it and I think we need pick that up and do the hard work at getting there. So my question is actually for Mr. Slavitt. I’m not a privacy expert in the sense that Deven is, but I certainly care deeply about it. If you answered her question I think I missed it, so let me ask the question in a different way, which is thinking about this database of 90 million patients, that’s huge. Where is the data coming from? What is the privacy policy or laws that govern it?

Andrew Slavitt – Ingenix – CEO

Let me try to do a better job of explaining. This is a research database, patient data identified, that has been accumulated over a long period of time, so it’s for people that have been in and out of various clients of ours, who have access to managed data and in fact, have allowed us to use it for research purposes completely de-identified. So that’s the data that we do research on. We occasionally ... compliance and several other really extensive steps and processes, but this is not, when we go to connect it to, say, a clinical record and so forth. If you were imagining a whole bunch of data from 90 million current, existing people that’s identified and so on and so forth, that’s not really what it is.

Christine Bechtel - National Partnership for Women & Families – VP

Do you keep identifiable data?

Andrew Slavitt – Ingenix – CEO

We will manage that on behalf of clients, so a client, like the state of Michigan in the example that I gave you, we manage all of their Medicaid data from all of their programs. That’s their data. They own it. We don’t own any of it. We don’t own any benchmarks. We’ll manage it for them in their location and we’ll do all of the technology and the analytics and all of that for them. We’ll build, of course, the compliance programs around that information for them.

Christine Bechtel - National Partnership for Women & Families – VP

Okay. I just want to say thank you very much for your willingness to work with Deven and her committee and Rachel Block’s committee, because I think there are just a lot of questions and I need to understand more fully the work that you do, so I appreciate it.

Andrew Slavitt – Ingenix – CEO

Yes. No. I think this is a complicated area. It’s an important area. I hope that we address it in ways that are proactive, because if we don’t I think the ability to get any of the positive out of working with health information will not outweigh, in many people’s minds, the very real concern that their information is not being treated in a way that they would treat it themselves.

M

I want to thank all of the panel members for all of your testimony. We put this together in short order, so thank you so much for your flexibility as well.

M

... thank you to the panel and thank you very much, Charles, for putting it together in two weeks’ notice. I appreciate it. A lot of good information.

We’ll have our final two panelists, Dixie Baker and then Aneesh Chopra is coming a little bit later. Dixie, do you want to step up, please? Thank you, Dixie. This panel is going to be an update on the work of the HIT Standards Committee, or at least a couple of the workgroups.

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

Yes. This is an update on our Privacy and Security Workgroup of the Standards Committee. To start off, as Dr. Blumenthal mentioned this morning, communications is always a challenge. I’ve gotten many, many comments from this group, from the Standards Committee and from other people outside both committees, that our privacy and security standards recommendations are not clear. “We don’t understand them.” After 436 people told me that I thought maybe I better clarify what they’re all about. The first part of this presentation I’d like to really try to demystify our standards recommendations. I’m going to keep my eye out and I want to see a nod from everybody during this discussion.

First of all, the standards and the certification criteria and the implementation guidance are used to certify EHR products. They’re not to certify that somebody is meaningfully using those products. It’s just to certify, get a stamp of approval on the product itself. How exactly those capabilities are used within an enterprise, within an organization is up to that organization. The standards and certification criteria help assure that that product, that certified EHR product provides the technical capabilities that are needed to do two things: Number one, to comply with ARRA and HIPAA; and number two, to demonstrate the meaningful use, to help them do the exchanges that are specified in the meaningful use measures that you guys defined.

Next slide. So I have three charts here that I’m going to show you and in each of them the left-hand column are all HIPAA and ARRA requirements, because if you’ll recall, the basic chart that you guys created for meaningful use, the number one, the overriding measure for meaningful use was HIPAA compliance. So everything that we recommended is all related to HIPAA compliance. There are no recommendations out there that just dangle on their own or are great ideas that we thought of. They all directly relate to helping an organization comply with HIPAA once it gets this EHR product in its organization.

On the left-hand side you see the HIPAA and ARRA requirements. The first is to authenticate the identity of people and the identity of systems. To support that we’ve recommended exactly what every Web based company uses to do that, which is called the Transport Layer Security, TLS. It’s no magic. It’s that little, tiny lock, the little yellow lock on the lower right side of your browser. That means TLS. When it’s locked TLS is there. Transport Layer Security is a protocol that authenticates the two sides, two ends of the exchange, sets up an encrypted link and a data integrity protected link. That’s what we recommended. If you have to authenticate two ends on a network use TLS.

The second one was to control access and the HIPAA security rule itself contains implementation specifications that say what are required there and so we didn’t specify anything else.

The third HIPAA requirement is to provide the capability to encrypt and decrypt data, so we went out to NIST and we looked at what does NIST recommend to encrypt and decrypt data. Well, NIST recommends something called Advanced Encryption System standard, AES, as an algorithm to encrypt data. They say, “This is the best thing going right now.”

We said, “Okay. NIST says that’s good. That’s good enough for us.” That’s what’s recommended.

Fourth is the creation of an audit trail. Now, those of you who work in provider organizations you know that one of the critical attributes of an audit trail is the time stamp. So the HITSP standards recommended integrating Healthcare Enterprise Consistent Time Integration Profile, which, coincidentally, uses the two Internet standards for synchronizing systems. That’s the Network Time Protocol and the Simple Network Time Protocol, so we said, “Okay. We’re going to recommend the same standards that everybody else uses on the Internet,” and that’s what’s recommended for audits.

The other recommendation there is for the audit trail and node authentication IHE profile that really is to allow one to send an audit message from one system to another. That’s really all it does.

I also wanted to mention too that the supporting standards, all of the supporting standards that we recommended were constrained to be those that had already been endorsed by the Office of the National Coordinator, so we weren’t free to just go out and select any standard that we could find. In fact, there are other ways to meet these HIPAA standards, but those standards that we recommended are all of the standards that are referenced in the HITSP constructs that exist today, so they’ve already gone through the national coordinator and been endorsed.

This next one, the HIPAA requirement is to detect unauthorized changes to content. Now, the common way to do that is to use something called a Cryptographic Hash Function. All this is - it’s an algorithm, a mathematical algorithm that takes a body of data and it generates a number from that. This number then is such that if anything in that block of data changes the number is going to change. Now, the number doesn’t tell you what changed. It just says, “Oh, something happened to this data either in transmission or some hacker came in and changed things.” It says, “Something has changed.” So that’s what we recommended is the Secure Hash Algorithm.

Now, the algorithms that are used for these secure hashes are recommended by NIST, so we recommended the standards that NIST is recommending at this time, which is the secure hash algorithm set. There are about five algorithms in there.

The other thing we recommended here was the American Standards in Testing – ASTM – I don’t remember. The standard is used as guidance for implementing electronic signatures, not to be confused with digital signatures. These are electronic signatures, which include the transducer, signature transducer, as well as PKI based signatures.

The next HIPAA requirement is to protect the confidentiality and integrity of information transmitted over networks, so we looked at we’ve already specified Transport Layer Security, the Web based means of securing your session over the Web. So we recommended the two NIST requirements for encrypting the data once they’re authenticated at each end. AES is for encrypting and the secure hash functions are just to protect the integrity, so there’s nothing new there at all. It’s already been recommended in other standards.

The other one I wanted to point out was you remember that David and Farzad this morning mentioned the need; David Lansky mentioned the need for a phone book for the NHIN. We need a phone book to look up people. Well, the two standards that are used by the Internet globally to do that are the Domain Name Service, DNS, and the Lightweight Data Access Protocol, LDAP. These are widely, widely used. Everybody uses them. Nothing new, so that’s what we recommended there.

The third one there is the HITSP Service Collaboration 12, which is just a guidance document we recommended.

This third one, this is the last slide I have, to electronically record individual consumer consents and authorization. We recommended here the Privacy Rule implementation specifications that are already in the Privacy Rule. The Privacy Rule already tells you how to do that, so we didn’t recommend anything in addition.

ARRA says that we have to provide an electronic copy of health information to consumers and so we recommended here there is a HITSP capability, 120, that does nothing but tell you how to record unstructured data, a file, on removable media. So it tells you how to record it on a USB drive, on a CD, whatever you choose to record it on. That’s what’s recommended there.

The requirement to de-identify information: There are plenty of details in the HIPAA Privacy Rule on how to do that, so there is nothing additional recommended.

Finally, the HIPAA Privacy Rule also said you need to re-identify information. What this is really for is, for example, in public health if you send de-identified information to public health, which you will. You’ll de-identify the information, send it to public health and they discover an outbreak in your community and they want to get back to you you don’t want to send the names to public health, but you want to provide the provider organization a tag so that they can go, “I know exactly who that is. That’s Deven. I’m going to go out and give her the immunization,” or something, treatment. So that’s what that’s for. That’s called pseudonymization, putting this tag on the information. That’s the last one that we recommended.

So these are the security recommendations for 2011. I hope this has made it a little bit clearer to you. Deven, did it?

Deven McGraw - Center for Democracy & Technology – Director

Yes.

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

Okay. I do apologize that the standards are confusing from time to time and I hope this has helped.

Now let’s go to on November 19th we held a security hearing where we invited a number of people. It was an all day hearing and we invited participants to give testimony about security. As all of us know; we’ve heard it many times today; security is foundation to the trust that’s needed by providers, payers and consumers in order for them to use electronic health records. So this hearing sought inputs from domain experts in security, as well as health practitioners on issues and challenges and threats and emerging topics that we should be addressing.

We defined four different panels. The first was on system stability and reliability. What are you doing to make sure that if the system crashes you can still get to the information that you need? What are you doing to prevent your system from crashing to begin with? Those kinds of issues.

Cyber security addressed the traditional topics of security, the traditional threats like spyware and viruses and access control, that kind of thing. Hackers.

The third addressed data theft, loss and misuse.

Then finally, the topic of building trust. To tell you the truth, throughout all four of these panels what they were really addressing was building trust and how you build trust that the system is reliable and stable and that your information is going to be there when you need it; that the hackers won’t break in and steal your information; that your information won’t be misused. It all really kind of culminated in that final panel.

So I’ve extracted some testimony, some key messages that we got that I thought were most relevant to the Policy Committee. If you’d like to hear all of them you dial in to our Standards Committee meeting on Friday and you’ll hear also the standards recommendations, but I chose these because I thought that they were most relevant to what you guys are charged to do.

The first was a jaw dropper for a lot of people there. That is that security awareness among healthcare organizations today is extremely low and many organizations do not comply with HIPAA, in fact, fewer than half of the organizations. This is based on a HIMSS survey, a HIMSS 2009 survey, a very recent survey. They surveyed primarily large healthcare organizations, not your individual clinician organizations. These are large organizations and fewer than half of them conduct annual risk assessments. As those of us in security know, the risk assessment is foundational to everything else you do. Your security measures should count as risks you identify and they aren’t even doing the risk assessment, which is, as you know, a HIPAA requirement.

Fifty-eight percent reported that they have no security personnel on board. These are, if you look on-line on the ONC Web site, you can see the full report from HIMSS. I just picked those three that I personally found and a lot of our committee members found the most astounding.

The third one was that 50% reported that they didn’t spend over 3% of their budget on information security. That’s pretty low. So these were really surprising findings to us.

I think you probably already know that the days of tightly controlled perimeters are long gone when we talk about firewalls or the edge because organizations have distributed systems. They have mobile communications. Wireless is everywhere and now, in the days of cloud computing, you even have virtual resources that you don’t even know where they are. They’re in the cloud.

Then the other area along the same line is that there are so many, an increasing number, of FDA controlled devices that have embedded computer systems, embedded PCs in them. Because they’re FDA regulated you can’t modify them. Vendors support them instead of the organization. You can’t run Microsoft Updates periodically on them. You can’t do updates to the virus signatures on them, so the individual who really brought this up said this is a huge issue. Another said, “Yes, that’s a huge issue,” which we really had not thought about. Cyber threats are real and healthcare is targeted.

Security plays a major role in protecting the privacy of patients. We already know that, but security also plays a major role in protecting patient safety and the quality of care. Data integrity protection to ensure the accuracy of patient records and also the protection of safety critical information; it’s not just PHI. It’s also protecting clinical guidelines, for example, that our doctors rely upon to provide care.

A number of testifiers talked about the need for defense in depth, layered policy and layered protection, not just at your desktop, but at the network, in the clouds. It’s layered protection so that you have a failsafe; if one fails there’s something else to protect you.

The need to continually monitor and measure security outcomes: Just like we measure clinical outcomes we should be measuring security outcomes, outcomes that are related to both our policies and the mechanisms that we’ve implemented. They talked about using evidence based policies and practices. One individual talked about many of today’s security mechanisms that we all accept are just there traditionally rather than for measurable protection. For example, the passwords rules that we use; you know the at least eight characters and both upper and lower case, special characters, numbers, etc.; that was put in place when computers were way slower than they are today. Those rules don’t provide much protection today, so that was interesting and certainly something that the Privacy and Security Policy Workgroup will need to address.

The third was that there were needs for baseline policies and standards in a number of areas. By baseline what I mean is something that a level of protection that can be assumed, whether it be across the NHIN, across HIEs, but this is a level of protection that if I’m going to exchange information with Gayle I can assume that your system provides. We need baseline policies and standards in authorization, how you authorize people to access information, authentication, which is foundational to everything else, because access control is dependent on authentication. Auditing is dependent and even encryption. Everything is dependent on the strength of your authentication.

Access control and the audit trail: They also pointed out the audit trails from vendor systems today may be insufficient to detect misuse, because they don’t really record the kinds of information you need to detect misuse.

I think that’s the end of my report.

M

Thank you very much, Dixie. I now want to introduce Aneesh Chopra, who is the; thank you very much for being here; CTO for the administration and in the Office of Science and Technology Policy and also the Chair of the Workgroup on Implementation with the HIT Standards Committee. Thank you.

Aneesh Chopra – White House – CTO

Thank you very much for the opportunity to appear before this robust body, my first time, I believe, coming to you, so I will say an introduction and look forward to a dialogue so that you get as much information as you would like about the experience we’ve seen in the implementation, our evaluation of the implementation process thus far on the adoption of these proposed standards.

First I want to suggest to you that this remains a very high priority for the president, which is why he’s asked me to put the time on making sure that we support David’s vision for where we’re going and that we do whatever we can to deliver the best in class, intersection of technology data standards and the policy objectives that you all will provide recommendations on. So that’s the nexus that we’re hoping to strive for.

We came to the issue of conducting implementation hearing and workgroup around the notion that a lot of the work that we’re doing in Washington we had folks come into the meetings and dial into the audio portion, but we weren’t satisfied that we were gathering on the ground information and so what we thought we would do is sort of take a moment, engage a broader set of voices on this issue and then pull up, for our future activities what the lessons are that we were learning. We had three basic objectives. First, we wanted to understand what was the adoption experience thus far. As David often said, “I, as a clinician, wouldn’t necessarily know the particular data standards that my capability set was making available to me,” but we did want to have an opportunity to hear from clinicians and then extrapolate what the implications were for the work we were doing, so understanding the adoption experience was critical.

Second, we wanted to surface any barriers or opportunities so that we could make course corrections along the way. As you all know, we have a roadmap that we’ve been recommending to the administration that looks at rules around 2011, 2013, 2015 and as we move forward there is a lot of work to be done and we wanted to do whatever we could to surface any barriers or opportunities that came out.

Then last, but not least, the overall theme: How do we accelerate adoption? How do we ensure that we have as many providers in a position to engage in standards based data exchange as quickly as possible? How do we incorporate that feedback, that continuous feedback loop, into our work so that we are serving as best we possibly can with the input that was available?

We had a great cross section of the Standards Committee engage on these issues. The way we decided to tackle this was we applied innovation to the process itself. First we held a hearing. We borrowed a page from the Policy Committee where you sort of spent all day running deep; we took an all day running deep on the topic of this adoption experience. I’ll describe the panel structure.

We also had decided to create an on-line forum that basically took us from launch from the day we engaged the hearing, allowed folks to interact in a way on very specific topics that we surfaced as particularly sort of worthy of further debate and allowed the American people, if you will, to not only present comments, but vote comments up or down so we could sort of see where the passion was and what the experiences were and to incorporate a three-week, I like to think of it as a structured dialogue and incorporate both, what we heard in testimony and what we learned from the on-line experience to give us a kind of 360-degree view, which we presented at the last Standards Committee hearing.

Now, I will provide to you in summary form the key lessons, but to organize those lessons we asked testimony from four stakeholders out of industry experiences for standards adoption. We heard from the automotive suppliers. We heard from the life insurance or the claims from the automotive, the clearinghouses, but also the claims, so if you’re filing; my car got dinged by the way last weekend, so I have to go through a process. There’s a standards based approach to reporting claims. So we heard from these stakeholders, as well as those who were involved in standards setting in the Internet as the first panel.

We then asked providers from the solo practitioner all of the way through the large, integrated delivery systems. We then asked for vendors to come in, providing support and then last, but not least, we did a deep dive, as I’m imagining you will continue to do, of quality. We think of that as a very important terrain and one clearly from the testimony, worthy of further review.

The bottom-line, the next slide: We came up with top ten themes that will basically serve as guiding principles for the committee’s work moving forward. Those themes basically are as follows: One is to think of our work as keeping it simple, doing what we can to address the big vision that you all are laying out from a policy standpoint, but to have standards that can be readily and more easily adopted by a larger body of individuals.

Second, perhaps a little bit more of an area of debate, don’t let perfect be the enemy of good enough. There was a great deal of desire that we have to have every particular aspect of a data center clearly articulated and only at that moment then do we release the tablets and say, “Thou shall now adopt.” This recommendation spoke more to the issue of focusing on the good enough to get going and build and iterate so that the architecture can support ongoing development work.

Clearly, there was a focus on cost. How do we minimize the implementation burden and that spoke in our environment to a great deal of the legacy world we live in. There is a set of royalty fees, licensing fees and other expenses. We have this beautiful chart, which I didn’t want to bring to you; it took up half the wall; that looked at every data standard in minutia and all of the other standards it pointed to in order to do the standard. Some of them you’d have to have access to some information. You’d have to pay for it or kind of pull back the onion to know what that standard actually was. That was sort of visually on the wall as we went through this hearing.

Design for the little guy or gal. I’ll have a friendly amendment to the report, but make sure that this is engineered. We had a story of a physician who literally said, “Look, I have a patient who’s moving to Arizona. She asked if I could send an electronic copy of her record to the physician in Arizona, who is on the exact same software package that I’m on, but we didn’t have a Click Here to Send to Your Colleague button,” and so literally he had to send an e-mail with an attachment of continuity of care record. That was kind of the best workaround. We can do better than this as an industry. That was what that was all about.

Don’t try to create one size fits all standards. Again, acknowledging that there are going to be iterations in a number of these areas as we go, probably the most obvious one in the area was on quality. A great deal of the testimony we heard was that the data elements you’d want to measure quality have yet to be fully defined and, therefore, it’s unclear if we know whether those data elements could be produced in a standards like format, because we haven’t quite articulated it. We had the American College of Cardiology and others say our stuff doesn’t equally match up with what you’ve done data wise.

The last few: This was probably the most technically sort of insightful moment; separate the content and transmission standards. This gets, perhaps, a little bit more in the technical weeds than you wish to go, but this was sort of an insight that got a great deal of discussion going and will be, I think, an area of further evaluation as we move forward.

Creating publicly available vocabularies and code sets. Again, one clear recommendation that came out of this is we’ve got a working group just on vocabulary. I think I would imagine your team would love to weigh in on that topic.

Leveraging the Web for transport as much as we possibly can, sort of an implicit assumption in all of this, but we use that as an opportunity to kind of make that statement.

Then positioning quality measures so they motivate standards adoption: Here the question was as we get to quality measures they should essentially be as easy to produce as the technology can. It would be silly if we had an infrastructure that was capable of achieving all of these desires, but could not, when we built a measure for quality, be in a position to accommodate that measure without a lot of custom work. I know we’re never going to be exactly where we need to be on this, but the spirit was do what we can to strive for that, being as easy and low cost, frictionalist, if you will, with pause for the delivery.

Then obviously, on the implementation support side there is a great deal. Rather than just on the tablets from on high these are standards and then good luck. How much could we do to provide support? Are there implementation guides? Test beds? Working tools and so forth that can be ubiquitous so that a wide swathe of the industry can rapidly adopt.

In the interest of time I’ll just do a couple of more points. Insight number one on the blog; we actually birthed an ecosystem of blogs unintentionally. That is, we had an official blog on the Federal Advisory Committee site. By the way, in the spirit of the president’s Open Government directive, which was released last Thursday, I want to commend the health IT ecosystem as being one of the first to adopt these principles as to how we run some of these rules. Perhaps the Policy committee might consider this moving forward, but it birthed a set of conversations that took place on a whole range of blogs that in the IT world for healthcare these folks are very active. Some of them are involved in the Standards Committee. Others are just sort of members of the community at large. All had very fascinating conversations. Some reported that this generated the highest amount of traffic to their sites in their conversations as they’d seen.

The bottom-line is this: There were genuinely on the blog a great deal of concern about the state of the electronic health record and the degree to which the product quality and the economics were where we wanted them to be. We didn’t take any positions on these comments. These are simply summaries of what we heard in the field.

We heard a great deal of this notion of thinking big, starting small and moving fast. We also, as I said earlier, this notion of separating content from transmission came up in the blog a great deal.

This final comment was that there appeared to have been this notion that there were those who had been focused on the Internet as the methodology or the organizing frame around how we promote standards and those who felt that there may be a bit more of an informatics approach. This notion that they had to have an either/or became silly. On-line the community spoke very loudly and clearly. There’s got to be a path forward for all. The bottom-line, do we need complex solutions to answer complex problems. That became a fodder for discussion.

This is our concluding sentiment from the Vice-Chair of our committee, John Halamka, who I will try to evoke his spirit here today; perhaps I’ll change my attire for a moment. Imagine my look. I’m a little more hip. Now I’m not as hip as I am. One, our work for the committee: We will be far more focused on vocabularies and to get them as easily accessible as possible. Two, we had made recommendations earlier in the process to promote both a SOAP and REST full approach to data standards, adoption, the degree to which we could do more to promote or build out, if you will, REST based transport methods, that was a recommendation set that came out.

For you folks, you heard it from Dixie: We need to have as much as possible, joined at the hip strategies for a privacy framework, because at the end of the day we could engineer lots of complex technical approaches to protect security. They will largely fail unless we have a thoughtful framework upon which to build. We really, I think you said that before I walked in the room, Dixie, you are the heroes we’re looking for in setting that framework so that we can get to work on the engineering.

Obviously, we want to do our best to focus on simple and few to achieve the goals. Our immediate next step is when the regulations are issued we will immediately convene, gather feedback on the process and then get going immediately on how we incorporate this learning for 2013.

That took a lot longer. I am done. Any thoughts, Mr. Chairman?

David Blumenthal – Department of HHS – National Coordinator for Health IT

Perfect. Thank you very much. Let me open it up to the committee, please. Latanya.

Aneesh Chopra – White House – CTO

Am I adjourning your meeting here?

David Blumenthal – Department of HHS – National Coordinator for Health IT

Not quite.

Latanya Sweeney – Laboratory for International Data Privacy – Director

First of all, I wanted to thank you. The Standards Committee always does a lot of work. They’re always working ahead of the Policy Committee, which is not a bad thing I’ve learned. It saves a lot of time. But I am concerned a little bit about the demystification of the 2011 recommendations because like some of the things I think the interpretation may not be the same interpretation. For example, obtaining the proof that users and systems, you said that HIPAA and ARRA both talk about they want to obtain proof that users and systems are whom they claim to be. Your recommendation is to use the transport layer.

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

No. It should have had two things on that right. The Transport Layer supplements what’s in HIPAA. HIPAA itself on the left, in the left column, already has implementation specifications for these various standards that are in HIPAA. So in addition, for individual authentication it’s HIPAA. For network authentication it’s TLS.

Latanya Sweeney – Laboratory for International Data Privacy – Director

So I actually think though that you can’t answer that question until you know more about NHIN, because if you just think about it from a technical standpoint, Deven is a provider and Adam is a provider and they want to exchange data, the data can go over the little ... you so described, but how do I really know who ...

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

That’s ....

Latanya Sweeney – Laboratory for International Data Privacy – Director

What we saw this morning in David’s presentation was supposedly we have this registry and they’re going to look at authentication mechanism and so forth. I think those things are going to replace this kind of content as the recommendation.

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

No, I don’t think so. I think HIPAA has two requirements, not one. They’re embedded in one segment. HIPAA requires that we have authentication of individuals before they’re allowed to access any resources on a system you have to authenticate the individuals.

Secondly, you have to authenticate entities, systems that are exchanging information. Those are two different requirements.

Latanya Sweeney – Laboratory for International Data Privacy – Director

Right.

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

TLS doesn’t really address the authentication of individuals.

Latanya Sweeney – Laboratory for International Data Privacy – Director

Right. That’s why I think it shouldn’t be associated with the wording that does have to do with authenticating individuals and systems.

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

And systems. Yes ...

Latanya Sweeney – Laboratory for International Data Privacy – Director

Right. Because you have another one later, on page five; I think it’s page five; which is about just authenticating the systems or the transport of the information, which I think the supporting standards is appropriate ...

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

We don’t have a standard for authenticating individuals other than HIPAA. We haven’t recommended one other than HIPAA is a standard, right? So the HIPAA Security Rule is a standard. The HIPAA Privacy Rule is a standard. The only recommendation we’ve made with respect to authenticating individuals is HIPAA.

Latanya Sweeney – Laboratory for International Data Privacy – Director

The way you just articulated that creates a mismatch that’s even ... to the mismatch that I see here. Maybe it’s something I should take off-line, but I think it’s a pretty serious thing and it shows up in four or five points, the same kind of issue.

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

I think I didn’t explain carefully that the column on the left, both columns are recommendations, recommended standards. Both columns are recommended standards. I don’t have it here. It’s not that the left side is topics. The HIPAA are standards. In fact, the HIPAA Security Rule and the HIPAA Privacy Rule are standards. They have standards specified within them and they have implementation guidelines specified within them, so both sides are the standards that we recommended, but what I was attempting to show; I guess I didn’t quite demystify it as much as I thought; the left side is standards. The right side is supplementary in addition to the HIPAA Privacy Rule. In addition to the HIPAA Security Rule as standards we’ve specified these others, but they’re not standalone. They all relate to the HIPAA standards as well. There is a dependency there.

Latanya Sweeney – Laboratory for International Data Privacy – Director

Let me just say, and I do think may have to get off-line, but that creates an operational mismatch. The ones on the right are at a different level of operation and the kind of things that we’ve been getting from the Standards Committee ... I mean the HIPAA Privacy Rule here.

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

No. No. Yes, we should take it off-line.

David Blumenthal – Department of HHS – National Coordinator for Health IT

So I think you traded a bit of Deven’s mystery for Latanya, but we can take care of it. We’ll get it ...

Dixie Baker – Science Applications Intl. Corp. – CTO, Health & Life Sciences

Darn. Stay tuned next month.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Yes. Next month. Stay tuned. Other questions from the committee?

W

... I didn’t get ... most of the implementation hearing because I had to travel on that day, but I was there in the beginning and I also went to the Standards Committee meeting where you rolled out these ten sort of over arching principles, which I think are going to be really informative to some work that we’re doing on a strategic planning, policy framework paper working group where, again, these provide some really helpful benchmarks. Guideposts maybe is a better term for when you get to the sort of more specific decisions that have to be made and you can go back and look at them and say, “Well, this really worked for the little gal, the little guy.” At any rate, thank you so much for that work. I hope that we take it and do more with it.

Aneesh Chopra – White House – CTO

Thank you for that kind feedback.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Gayle.

Gayle Harrell – Florida – Former State Legislator

Thank you very much. ... in tune with a comment as opposed to a question for either one of you. First of all, I want to thank you for everything you’re doing and I’m wondering if perhaps your implementation group and Paul’s adoption and certification group are pretty much on the same line. Perhaps I’m working on some coordination between the two of you and kinds of things to help with the adoption, as well as implementation. I think those things need to work hand in hand, but moving to the security issues, being on the security workgroup I’m very pleased to hear; I think we need really specific clarification. We need to work very closely together on where we’re going on this, but I do like the idea that Aneesh has presented on the on-line dialogue.

I think in order to build public trust and this entire endeavor that we are all on to make sure that every person in this country has electronic health record by 2015 really takes that public trust and we have got to make sure that our discussions and things that we are recommending, that we get that input back from the public. So I would like to see, perhaps as we come out with our workgroup on security and on privacy and security, that perhaps we implement the same type of blog and dialogue ...

M

She’s the expert.

Gayle Harrell – Florida – Former State Legislator

That is absolutely essential so that the more input and the more public comment and that two-way comment, we’re able to really inform people and we demystify what we are doing in our security and privacy workgroups.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Okay. Paul.

Paul

First, I want to reiterate what everybody else has said. This is great work. We really appreciate what the Standards Committee is doing, but to pick up on Gayle’s last comment, I do feel that there’s a need for better coordination between the Standards Committee and Policy Committee, because some of what you’ve done in your implementation hearings actually was also done in the certification hearings and also was done in the information exchange hearings. It would be very helpful for you to know that information and vice-versa, for us to know what it is that you’re doing. I’m not sure I know what the right mechanism is, but it seems that we have some duplication.

Aneesh Chopra – White House – CTO

We explicitly tried to pull the learnings from the hearings that you held to inform the nature and more narrowly skilled questions that we went after. It would be worth going through that to see if we achieved that objective, but I believe that had been the design all along, because you had done a phenomenal job on that work earlier in the year. We basically borrowed heavily from that methodology, so if we had not lived up to that I would love to circle back and confirm.

Paul

Okay. Thank you.

M

Dixie and Aneesh, I want to thank you both for really kind of opening up what is very, very mystical to many of us in terms of the standards process. I’ve always said about the standards process that what sounds good in the conference room doesn’t always work well in the examining room. I think your efforts to reach out to the broader, clinical community will make that less true, but I want to offer a piece of advice as you proceed and that is not to ignore the lessons learned by early adopters. I think that we’re learning some very, very valuable lessons and I think we’re learning what works well. I guess what we’re suggesting is start to look at early adopters and their experiences and their successes as possibilities for de facto standards while, frankly, rejecting or refining what’s not working well. I think that that’s something that we’re starting to do around information exchange in transitioning from maybe the old NHIN model to a new one. I would suggest that there are other places where that can be done as well, especially around some of the content specifications. Thank you.

David Lansky – Pacific Business Group on Health – President & CEO

I really appreciate both of you communicating to us the evolution of the standards work and making it understandable to people like me. The one place I hope will get more attention is one of the top ten points you raise, Aneesh, number nine. It was on the quality measurement harmonization standardization and efficiency. If I think back we’ve seen the point about remembering our vision for transformation. The quality agenda in particular is about improving health and in transforming the health system to improve health. There’s a risk and we’ve been guilty in the past of letting the technical standards process create the guardrails within which we talk about quality, measure it, incentivize it, pay for performance and so on. The caution I want to raise is that as part of your work goes forward in that domain we need a lot of integration of the work of the Policy Committee and the strategic plan and the standards work and not let the standards work get out in front and create those guardrails.

Aneesh Chopra – White House – CTO

That’s exactly what the quality panel helped elucidate in the hearing, precisely that point. I do not believe on our respective watches that will happen.

David Blumenthal – Department of HHS – National Coordinator for Health IT

I want to thank you both very much ...

Aneesh Chopra – White House – CTO

Thank you. You’re in overtime, man. That’s longer than the agenda.

David Blumenthal – Department of HHS – National Coordinator for Health IT

That’s right.

Aneesh Chopra – White House – CTO

Good luck, everyone. Thank you.

David Blumenthal – Department of HHS – National Coordinator for Health IT

Thank you. We’ll finish with open for public comment if there’s anyone who wants to.

W

Yes. We’ll have a microphone put up here in the center aisle. If you want to make a public comment please queue up and also remember you have a three-minute time limit. Those of you on the telephone, if you’re already connected, just press *1 to speak. If you wish to dial in the number is 1-877-705-6006. We’ll begin with the gentleman at the microphone. If you’d please state your name and your organization?

Bob Hall – American Academy of Pediatrics

Sure. My name is Bob Hall. I’m with the American Academy of Pediatrics. I want to thank you all. ... that I could talk to you today on behalf of children and pediatricians. Children are repeatedly forgotten in many of the structures that we’re setting up, certainly Medicaid and its importance and health reform. One of the reasons I was late is I handle health reform for the academy, so a few things are going on. But recognizing that Medicaid is going to become the backbone of the U.S. healthcare system as a result of the expansion of it would be hopefully helpful to moving this process forward. If you look at the e-prescribing incentives that leaped up first those were only in Medicare. Those certainly didn’t exist in Medicaid, but understanding how this rolls out for kids and pediatricians, we would very much appreciate your attention to that.

Medicaid and CHIP incentives are very different within the program than in Medicare. There is a threshold requirement that’s there for pediatricians and other child health providers to receive incentive funding and so, as a result of that, only about 50% of pediatric practices are going to receive the incentives, so we’re setting up a structure that’s, at some level beyond your control, but really does exclude a significant population of providers from receiving incentives.

In terms of meaningful use, the structure of the ARRA also sets up an opportunity for every state to define meaningful use differently, which makes it much harder for pediatric practices to deal with adolescent privacy issues and other questions that are raised by interoperability. We’d love your attention to that in the meaningful use discussions that you’re having.

Also including the issues of guardianship that children go through at the adolescent stage. Who gets to know what is very important as you go forward and having some flexibility and understanding the meaningful use for that should be very helpful.

Pediatrics requires very different data that is not often thought of in most health systems. Certainly, milligram per kilogram weight based dosing for the youngest babies and then minute of birth is also very important. Growth charts, visual growth charts, etc. are also very important, including that in some way in a meaningful way the meaningful use definitions will be helpful.

Also, as the group that came up with the idea of the Medical Home in the 60s and has been talking about it since that time, we would very much appreciate the opportunity to include some allowance of meaningful use functionality to include Medical Home functionality within that definition.

Also, interaction with immunization registries and certainly, the need to transfer and be able to transfer basic immunization, growth and screening test data would also be helpful to the peds’ perspective.

Finally, I’d just end this three-minute data dump with essentially a recognition that ARRA was not the only bill that passed earlier this year. There was also CHIPRA. CHIPRA included in Title Four a real recognition of the fact that we’re behind in quality measurements for Pete. We’re hopeful to move that forward. It also includes a specific pediatric and age, child-specific EHR format that we hope might be able to be plugged in in some way to the meaningful use discussions as you go forward.

We want to make sure that folks are thinking about kids. Certainly, even in the ... program there’s not a recognition that the threshold requirements are so different for peds and for children, certainly on the movement forward we need more help in order to adopt. We have the lowest rate of adoption of any primary care group. That’s pretty understandable, because we get paid Medicaid rates, not Medicare. If we got paid Medicare rates we’d be very happy. So anyway, moving forward we’d really appreciate your attention to children and certainly how we can build a stronger future by focusing on them. Your work here is very important to that and we really think you have an opportunity to do some great things. Thank you so much for the time.

W

Thank you. Next in the queue, please.

Corrine Rubin – American Academy of Ophthalmology

Corrine Rubin. I’m here on behalf of the American Academy of Ophthalmology. The Academy continues to have concerns with the lab requirements and meaningful use. Currently we are unaware of ophthalmology specific EHRs being able to electronically interface with labs. The reason for this is ophthalmologists do not order a high number of tests; therefore, labs do not find it cost beneficial to interface with ophthalmology EHRs.

I would also like to echo the comments of Andrew Wiesenthal of Kaiser; that if you do not have physician buy in then implementing HIT and meaningful use across the provider and healthcare settings will be used .... The Academy has information of best practices for HIT implementation across the ophthalmology setting, solo practice to multi-specialty group practice. Physicians must feel like they are involved in setting standards in order to believe and implement requirements successfully. Thank you for providing me the opportunity to comment. I welcome the opportunity to discuss our comments and concerns further.

W

Thank you. Next in line, please.

Michael McGraff – Gemalto

Good afternoon. My name is Michael McGraff. I’m with Gemalto and I’m also Secretary of the Smart Card Alliance Healthcare Counsel. I wanted to talk about the trust issues that were mentioned earlier and as it relates to the NHIN and authentication.

We’ve all seen the NHIN map. On the right are all of the federal agencies. During Dixie’s comments she spoke about the standards that have been in place and that there really aren’t standards that have been put forth by the Standards Committee for individual identification. The federal government, the Office of Management and Budget, released a memo, 0404 a few years ago. That led to a standard e-Authentication Guidance that was developed by NIST. I’m just going to read a couple of things out of that that are very applicable to this committee.

The NIST memo defines four levels of authentication that were presented in the OMB memo, levels one through four with one being very low assurance, basically just registering on a site and getting a password, to the highest level, level four, which would involve use of cryptographic keys and tokens for very sensitive information. Level two assurance, which has been put forth by the Standards Committee, provides some confidence in the assured identity the individual gaining access to the network, some confidence.

Level four is appropriate for transactions needing very high confidence in the asserted identities’ accuracy. Users may present level four credentials to assert identity and gain access to highly restricted Web resources

Now, a couple of examples that are mentioned in the NIST document: A law enforcement official accesses a law enforcement database containing criminal records. Unauthorized access could raise privacy issues. Replace law enforcement with healthcare. I’m going to re-read it. A healthcare provider accesses a healthcare database containing healthcare records. Unauthorized access could raise privacy issues. This is level four authentication.

The next example: A Department of Veterans Affairs pharmacist dispenses a controlled drug. Sore subject I know, but this is where the DEA got their rules. She would need full assurance that a qualified doctor prescribed it. She is criminally liable for any failure to validate the prescription and dispense the correct drug in the prescribed amount. This is the news talking. This isn’t me. It also goes on to say an agency investigator uses a remote system, giving her access to potentially sensitive, personal client information using her laptop at client work sites, personal residences, businesses. She accesses information over the Internet via various connections. I know that providers work from home, work all over their geographic area. This is level four authentication. This is privacy and security developed by the federal government for federal agencies, the data that’s going to be connected to NHIN, a lot of that is federal data. That was my comment. Thank you.

W

Thank you. There are no comments on the telephone. I’ll turn it back to Dr. Tang.

Paul Tang - Palo Alto Medical Foundation - Internist, VP & CMIO

Very good. Well, I want to thank everyone again for another vigorous meeting. I wish you all Happy Holidays. See you in the near year. Thank you.

Public Comments

In regards to data back-up and meaningful use: I would like to hear more about how once all of this data is placed into all the new EMR implementations in private practice and hospitals that it will be protected from loss. Currently HIPAA requires covered entities to back-up data but most do this in house, ergo if the office is lost due to disaster so is the backed up data. Others use cold storage for tape and optical disk, but this does not seem dovetail well with the intended use and spirit of the NHIN; specifically exchanging data over the Internet, and Time-sensitive access to medical data during a disaster.