Minutes of the January 27-28, 2003 NCVHS Workgroup on National HealthInformation Infrastructure

Department of Health and Human Services

National Committee on Vital and Health Statistics

WORKGROUP ON THE NATIONAL HEALTH INFORMATION INFRASTRUCTURE

Hearings on Health and the National Information Infrastructure and the NHII Personal Health Dimension

January 27-28, 2003

Washington, D.C.

Meeting Minutes

---

A hearing hosted by the Workgroup on the NHII of the National Committee on Vital and Health Statistics was convened on January 27-28, 2003 at the Hubert H. Humphrey Building in Washington, D.C. The meeting was open to the public. Present:

Committee members

• John R. Lumpkin, M.D., M.P.H., Chair
• Jeffrey Blair, M.B.A.
• Richard Harding, M.D.
• Robert W. Hungate
• Edward M. Shortliffe, M.D., Ph.D.
• Kepa Zubeldia, M.D.

Absent:

• John Danaher, M.D.
• Clement McDonald, M.D.

Staff and liaisons

• James Scanlon, ASPE, Executive Staff Director
• Mary Jo Deering, Ph.D.
• J. Michael Fitzmaurice, Ph.D., AHRQ liaison
• Steve Steindel, CDC liaison
• Eduardo Ortiz, M.D.
• Trent Haywood, M.D., J.D.
• Michelle Williamson
• William A. Yasnoff, M.D., Ph.D.

Others

• Jackie Adler, NCHS
• Debbie Jackson, NCHS
• Geraldine Wade, CDC
• Jorge Ferrer, CMS
• Leslie Hsu
• Stan Edinger, AHRQ
• David Nelson
• Jennie Harvell, HHS
• Suzie Bebee, NCHS
• Marion Warwick, MITRE
• Carol Bickford, American Nurses Assn.
• Michael McDonald, Global Health Initiatives
• Ben Reis, Markle Foundation
• Vivian Auld, NLM
• David Kirk, Patient Safety Institute
• Joy Keeler, University of Illinois
• Joy Pritts, Georgetown University
• Michael Tate, ADA
• Carol Cronin, consultant
• Douglas Peddicord, Washington Health Advocates
• Arun Villivalam, Georgetown University Hospital
• David Brailer, CareScience
• Arthur Ciarkowski, FDA
• Molynda Cahall, NLM
• John Morgan, Inclubation, Inc.
• Dan Rode, AHIMA
• Brad Keller, SunTrust
• Lisa Sotto, Hunton & Williams
• Peter Waegemann, Medical Records Institute
• David Lansky, Markle Committee on the PHR

---

EXECUTIVE SUMMARY

Note: The complete (unedited) transcript of this hearing is posted on the NCVHS Web site, www.ncvhs.hhs.gov.

The NCVHS Workgroup on the NHII hosted a two-day hearing on the National Information Infrastructure (especially the Internet) and the NHII Personal Health Dimension. It heard from two panels on the NII and four panels on the Personal Health Dimension (Personal Health Records).

THE CURRENT AND FUTURE INTERNET

• Doug Van Houweling, University Consortium for Advanced Internet Development
• Vint Cerf, Worldcom
• Aubrey Bush, National Science Foundation

Mr. Van Houweling reported on Internet 2, an organization focused on the Internet’s potential for the future. It develops and deploys advance network technologies and applies them in research and higher education. It is a collaboration among about 300 organizations in government, industry, and education, with the goal of commercializing the capabilities of the Internet. Regarding the significance of Internet 2 for the NHII, he stressed the network’s high band width and low latency. The NRC report on health applications of the internet is the roadmap for much of the work on Internet 2.

Mr. Cerf described the rapid growth of internet use and where the internet is headed, noting major trends and their implications for health care uses. The major issues being faced include reliability, security, personal privacy, and authentication. Major policy issues are associated with intellectual property protection and competition. Challenges for the field include scaling, making the system more resilient and safer, and achieving cost savings.

Mr. Bush reported on an NSF high-performance network, a project that ends in April, 2003. He described several infrastructure programs in which the NSF Networking Division is involved and said NSF anticipates being in partnership with industry.

In the discussion period, NCVHS members and staff engaged panelists on the subjects of authentication, patient control of medical records, knowledge management, and cognitive perceptions.

EVOLVING INTERNET TECHNOLOGY AND POLICY

• Edward Shortliffe, Ph.D., M.D., Columbia University (NCVHS member)
• David Nelson, Networking and Information Technology R&D Program (NITRD), Executive Office
• George Strawn, NSF and NITRD
• Daniel Hitchcock, Department of Energy

Dr. Shortliffe set the scene for this segment by describing two activities in which he has been involved: deliberations and reports by the National Research Council (2000) and the President’s Information Technology Advisory Committee (2001). He outlined the objectives of each process and the recommendations in each report, noting that some progress had been made since their release.

Dr. Nelson said his main message was to invite HHS to “work with us.” NITRD is a mechanism whereby HHS can become more of a partner and participant. He stressed that “the intellectual involvement is arguably as important as the dollar involvement,” a point he especially directed at HHS, saying that without the “intellectual heavyweights at the table, who can speak authoritatively about these,” NITRD is relegated to address health issues “as amateurs.” After describing the organizational structure and activities of the $2 billion multi-agency NITRD program, he suggested that HHS could become involved as a consumer of research as well as a generator of it, and it could participate in test beds in standards development.

Mr. Strawn underlined Dr. Shortliffe’s observation that the original energy in this area (in the 1980s) came from DARPA, NSF, DOE and NASA, as well as Dr. Nelson’s encouragement of HHS to get more involved. He described the structure and activities of the 15-year-old Large-scale Networking Group and its plans for the future.

Mr. Hitchcock’s presentation addressed four topics: network issues; trust, privacy and security; data management and fusion; and large systems. He provided contact information on the IT R&D group working in each area.

In the discussion period, the group discussed the factors impeding and supporting greater participation in this arena by the health care world, and in particular HHS agencies, in terms of both financial and intellectual investments.

PERSONAL HEALTH RECORD DATA SET

• David Lansky, Chair, Markle Committee on the Personal Health Record; President, Foundation for Accountability
• Philip Marshall, Personal Health Record Working Group, Markel Foundation Connecting for Health Collaborative
• Joy Keeler, University of Illinois Chicago Medical Center
• Joy Pritts, Georgetown University Institute for Health Care Research and Policy

Mr. Lansky gave an overview of the personal health record and the work of the Personal Health Workgroup, which is part of the Markle Foundation Connecting for Health Initiative.

Mr. Marshall continued the report on the Markle Foundation’s Personal Health Record Working Group, focusing on the personal health information (PHI) data set. Its purpose is to facilitate patient-centered data management by recommending which data should be shared by organizations and systems, along with a mechanism for sharing the data. The Working Group has developed a starting list of information recommended for the data set. Mr. Marshall urged NCVHS to think about how to overcome providers’ skepticism about the validity of the information in the PHR.

Ms. Keeler said her medical center’s PHR initiative began with a necessary culture change in the way clinicians practice medicine. The medical center is already heavily electronic. The PHR is part of the center’s community strategy, which she described. She observed that the industry has “hit the wall” in terms of the ability to interface and compare data. She stressed the merits of prioritizing the elements of the minimum data set based on their value to the end users, of keeping it simple, and of using a phased approach to gradually add elements.

Ms. Pritts spoke on the privacy aspects of the PHR. What must be considered is both the person’s ability to keep information away from others and their ability to control how the information is used and shared by selected secondary users. Besides the question of patient control, there is the question of what legal restrictions or protections exist on authorized access. She discussed the limitations of privacy protections for the information in PHRs that are maintained both by commercial, proprietary vendors and by health care providers. In general, she said the legal setup is lacking to adequately protect the information in any of the structures currently under consideration. She suggested that defining a minimum data set could be useful in solving the problem of the amount of control patients have over their information.

In the discussion period, NCVHS members and staff raised issues related to standards and the need to define the structure of the PHR as well as its functions.

Dr. Lumpkin urged Ms. Pritts to advise the Committee on what changes are needed in the privacy regulations to tighten privacy protection for the PHR.

PERSONAL HEALTH RECORD: STANDARDS

• Ed Hammond, Duke University, Markle Committee on Data Standards
• Gary Christopherson, Veterans Health Administration

Dr. Hammond reported on the work of the Markle Committee’s Data Standards Working Group (DSWG), which he chairs. Its goals are to identify and cause the creation of necessary standards and definitions to enable the movement of data and knowledge for improving health care, and to accelerate the adoption of data standards. He reviewed the status of standards relevant to the PHR, stating that “most of the standards that we need to get started currently exist and are usable with a little bit of input from the consumer community.”

Mr. Christopherson described the Veterans Health Administration’s PHR initiative, HealthePeople, which has a strategy that involves multiple sites, high performance goals, and multiple overseers and partners. The system will also have health provider applications, among others. He stressed the critical importance of standards, noting that VHA is working with HHS and DOD to adopt a suite of standards and try to provide a tipping point for the private sector.

In the discussion period, the group talked about the need for multiple modalities, the multiple potential users of the PHR, and the prospects for standards for a minimum data set. Mr. Christopherson argued that the field should not wait for standards to be in place before moving on the PHR; rather, it should get started, and the standards will come. He and Mr. Hammond agreed that “we have enough [agreement] to get started” on a PHR.

LINKING INDIVIDUALS TO THE PERSONAL HEALTH INFORMATION

• David Brailer, M.D., Ph.D., CareScience, Santa Barbara Project
• Pat Wise, Healthcare Information and Management Systems Society (HIMSS)
• Johnny Walker, Patient Safety Institute
• Barbara Selter, MAXIMUS Intelligent Technologies Division and Western Governors’ Association

Dr. Brailer described the Santa Barbara County Care Data Exchange, a public utility available to all physicians, caregivers and consumers, with the main focus being bringing information to decision makers for use in treatment decisions. The Data Exchange is sponsored by more than a dozen public and private institutions in the Santa Barbara region, taking “all comers” and promoting broad community ownership of the enterprise. He concluded by outlining six lessons learned through this initiative.

Ms. Wise described the activities and plans of HIMSS, which adopted the NHII as the Society’s top strategic policy issue in the summer of 2002 and chartered the formation of an NHII Task Force. She related the findings of HIMSS’ survey of its members with respect to personal health information, learning to its surprise that most health care in the U.S. is documented on paper and resides where the care is provided. She discussed integrated electronic health records in terms of the enterprise master patient index. A HIMSS initiative called Integrating the Healthcare Enterprise brings together stakeholders to implement existing standards for communicating information.

Mr. Walker discussed a national utility model developed by PSI, a non-profit national collaborative of physicians, hospitals and consumers focused on their common need for information. He likened PSI’s services to those provided to banking by Visa.

Ms. Selter described the Health Passport Project of the Western Governors’ Association, the purpose of which is to obtain and collect personal information from multiple providers. Its clients are the populations participating in several public benefit programs, and it uses a multi-application card given to both provider and patient, with different content for each. The first phase of the project was a card-centric pilot in Wyoming, Nevada, and North Dakota involving 30,000 mothers and children who are WIC beneficiaries. The second phase, which will be piloted in San Diego, uses the internet and an Aggregator which serves as “a switch or hub.”

In the discussion period, the group discussed ways to interconnect the various efforts underway in this arena. Ms. Selter said it was critical for the federal government to take the lead in ensuring a framework of business practices and technology standards so that the disparate local and regional projects can become interoperable and the scope can expand to a national scale.

AUTHENTICATION ISSUES

• Peter Waegemann, Medical Records Institute
• Brad Keller, Esq., Sun Trust Bank
• Healthcare PKI: Glen Marshall, Siemens
• Martin Abrams, Center for Information Policy Leadership, Hunton & Williams

Mr. Waegemann discussed problems with national health information infrastructures in other countries and with PHR services in the U.S. On the PHR, he advised starting with definitions, given the multiplicity of models. He discussed several key issues related to data integrity and authentication and urged the use of ASTM standards.

Mr. Keller offered insights from the banking industry on the issue of authentication. Regarding interoperability, he cautioned his audience to develop its authentication standards with an eye toward the need to talk to other systems and institutions, avoiding the pitfalls being encountered in the banking industry today.

Mr. Marshall focused on the public key infrastructure (PKI), defined as an electronically managed identity with security characteristics. He summarized what is desired in this area, what is available, what is needed, and next steps. He called for a mandate from the health care IT sector in the form of either regulatory action or “an emerging ‘killer app.’” Other next steps involve the availability of seed money and risk mitigation, the acceptance and implementation of healthcare PKI standards, and recruitment of healthcare IT participants.

Mr. Abrams discussed consumer expectations with respect to authentication, concluding that they make it “almost impossible.” As solutions, he called for acknowledgment of the scope of the societal problem so that affordable solutions, with cost-sharing, can be developed and so the tokens created are proportional to the need. He also recommended determining how much confidence is needed for the various types of health care transactions, using scoring systems to rate confidence in the various systems, comparing the levels of confidence, and building a layered system to achieve the level needed.

In the discussion period, Mr. Blair asked the panelists for suggestions to NCVHS on effective interventions. Mr. Keller encouraged the Committee not to “look for the killer app, [because] it doesn’t exist,” but rather to look for what applications can live together with a set of standards. Mr. Abrams called for attention to the concept of federated identity management (authentication by multiple parties) and the metrics around that. Mr. Marshall suggested focusing on regulatory action to introduce the technology for authentication into the health care sphere. To create value, as recommended by Mr. Abrams, he advised starting with attachments, for which a rule is forthcoming.

---

DETAILED SUMMARY

DAY ONE

WELCOME AND INTRODUCTIONS

Dr. Lumpkin called the meeting to order, noting that the Committee’s report on the NHII had generated a lot of discussion. This meeting, an attempt to move forward and expand the NCVHS vision for the NHII, has a dual focus: 1) health and the National Information Infrastructure, especially the internet, and 2) the NHII personal health dimension. He asked all present to introduce themselves.

PANEL 1: THE CURRENT AND FUTURE INTERNET

Doug Van Houweling, University Consortium for Advanced Internet Development

Mr. Van Houweling said usage of the internet had far exceeded the expectations of its developers, but it has proven able to accommodate explosive growth and the convergence of information work, mass media and human collaboration, all of which are important for health care. Internet 2 is an organization focused on the internet’s potential for the future. It develops and deploys advance network technologies and applies them in research and higher education. It is a collaboration among about 300 organizations in government, industry, and education, with the goal of commercializing the capabilities of the internet. 130 of the member universities have medical colleges. Governmental affiliates include the NIH and the FDA. The governmental affiliates, which also include NASA and DOE, develop research test beds and fund pioneering R&D efforts in universities.

Regarding the significance of Internet 2 for the NHII, he stressed the network’s high band width and low latency. Its applications include augmented virtual reality and human interaction through telepresence. A lot of work is being done on middleware, which will permit easy and secure access to information and computational resources. Middleware is the software between the network and its applications, supporting the kind of security required by HIPAA as well as authorization and credentialing activities in the field. Mr. Van Houweling noted the huge and growing amount of data involved in health care and health research, making these capabilities critical. The NRC report on health applications of the internet is the roadmap for much of the work on Internet 2.

He briefly described the activities in support of Internet 2 by groups including the Medical Middleware Workgroup, the Biomedical Informatics Research Network, and the Virtual Tumor Board. The Virtual Tumor Board is working on streamlining clinical trials and developing security and privacy guidelines. Mr. Van Houweling stressed the degree of collaboration in these and other multidisciplinary activities, involving multiple partnerships.

Vint Cerf, Worldcom

At Dr. Shortliffe’s request, Mr. Cerf began by explaining that most people who use Internet 2 don’t know they are doing so because traffic is automatically routed through that infrastructure if the institution supports it. Thus individuals do not have to do anything special to use it.

Noting that his job in this presentation is to describe where the internet is headed, he gave some background. Between 1997 and 2002, the internet grew from 22.5 million to 162 million servers. The numbers of countries and users have both increased, the latter by a factor of 12. Currently, North America represents less than a third of these users; Europe is now the largest, soon to be overtaken by Asia/ Pacific. Mr. Cerf predicts that 2.2 billion users will be on line by the end of the decade. Users will use 2.4 billion devices on the ‘Net by 2006 ¾ averaging more than 2 per person. The speed of the internet “backbone” is increasing dramatically, along with the speed of access to the ‘Net. Increasing band width is pushing usage toward optical switching rather than packet switching. One of the most visible trends is wireless access. Streaming audio (which Dr. Lumpkin noted broadcasts NCVHS meetings) is another development. All of these trends are feeding the growth of the internet.

The economics of the new technology are different from traditional circuit-switched technology because internet telephony permits billing at fixed prices rather than per minute ¾ a huge change for the industry that will require companies to learn a new paradigm for providing service and reducing costs. Mr. Cerf described another promising technique, called Enum], and predicted the emergence of large numbers of internet-enabled devices, some of which he described. He stressed that devices with internet addresses can interact to perform complex functions “and then go off to serve other people.”

Turning to the issues being faced in the internet world, he first mentioned reliability, noting the major worm attack that took place the previous weekend. Other issues are security, personal privacy, and authentication. Major policy issues are associated with intellectual property protection and competition. Concern over the information on the network and attempts to censor or block content are another issue; yet another concerns licensing (e.g., medical consultants practicing out of state). Challenges for the field include scaling, making the system more resilient and safer, and achieving cost savings.

Finally, Mr. Cerf described a futuristic view of the internet, involving interplanetary expansion, stating that new protocols have been developed that can work over interplanetary distances.

Aubrey Bush, National Science Foundation

NSF is currently involved in a high-performance network on which Mr. Cerf is the PI. The project ends in April, 2003. The community, through the Internet 2 Consortium, has created the Abilene Network (see below). Mr. Bush described several infrastructure programs in which the NSF Networking Division is involved.

Network middleware is software common to multiple applications. The program is designing a set of reusable and expandable middleware functions and services to benefit various applications, as an alternative to being invented “in a stovepipe sense” for each application. NSF is spending $10 million a year on this project, now entering its third year.

The Small Connections Program evolved from an effort to connect research universities to the vBNS and to Abilene. The R&D community formed a bottom-up development, the Internet 2 Consortium, headed by Mr. Van Houweling, and the Abilene Network. A $2 million/year program enables smaller schools and institutions to take advantage of the high-performance backbone. New participants are added on a regular basis.

Strategic Technologies of the Internet has been a $10 million/year research program (now reduced to $6 million) focusing on things with a potential to impact the internet infrastructure in 3-5 years.

Internationally, there is connectivity through StarTap facility. There are special programs for connections into Asia and into Europe, all supported by NSF. NSF is moving into a three-tiered network model. The top level, an operational research network, is the Abilene Network, supported by the community. Mr. Bush noted that the research and education community could not function in today’s environment without the Abilene Network.

Finally, he said NSF anticipates being in partnership with industry.

Discussion

Mr. Blair asked for comments on activities related to authentication and public key infrastructure technologies. The group went on to discuss various aspects and issues related to certification, credentialing, authentication, and authorization.

Mr. Van Houweling said his organization and the NSF middleware initiative are working to create a secure and standard way to authenticate and share authentication across organizational boundaries. Software is currently being beta-tested. He predicted that research will be able to routinely use the software within two years. The technology is independent but parallel to those used to ensure that people are who they say they are on the network. He cautioned that the ability to share authentication information does not mean all the problems of securely identifying people have been solved.

Mr. Cerf noted that public key cryptography has not taken hold, although it has been around since 1977. He recommended that if biometrics are used as a primary source of identification, they be combined with another device. Regarding digital signatures, he said the barrier to their use is validating the individual’s credentials and assuring he is who he says he is. He predicted it may be necessary to have more than one identity.

Dr. Shortliffe asked the speakers to what extent their organizations are thinking about health care issues and applications in their planning, and the extent to which health care needs are influencing day-to-day decisions on technology.

Mr. Bush replied that his field is not driven in day-to-day activities by the needs of the medical community, but there is an overlap ¾ e.g., telecollaboration, a key element for medicine. Some special needs in health care, such as those related to authorization, access, and privacy, are not high priorities for the field in general. To a follow-up question, he added that the primary vehicle for interagency coordination involving health agencies is the National Coordinating Office, which Mr. Nelson will discuss (see below). NLM and NIH are part of the Large Scale Networking Committee.

Mr. Van Houweling said one of the application-focused activities of Internet 2 is in the medical area. He stressed the limited resources of this effort. One of the barriers is that many medical centers and research centers lack good infrastructure to connect to the high performance network.

Dr. Zubeldia raised the idea put forward in the NCVHS NHII report of having individuals control their medical records, at least partially. He asked about the naming infrastructure that would make this possible. Mr. Cerf replied that he did not recommend using the domain name system for this purpose, because of issues around protecting the information and making it accessible, which would require every person to become a system operator. He described other systems, using object identifiers, that are potentially more applicable to medical record keeping. He noted the relevance of the work on the semantic web, especially once content is standardized. He recommended putting medical records into multiple 24-hour-a-day data centers that are backed up with power and always accessible.

Observing that the “last leap” in these developments is “between the screen and the brain,” Dr. Deering noted that for medical care, knowledge management is the barrier. She asked about developments related to knowledge synthesis and presentation that are relevant to health. Mr. Bush described discussions about “cyber infrastructure” that will involve data storage, management and availability. Mr. Bush commented on the semantic context, noting the work of Don Lindbergh. He said controlled vocabularies are the only way to make progress, together with carefully constructed ontologies to bridge the gap between common usage and medical terminology. The AI community is wrestling with the problem.

Dr. Shortliffe commented on the issue of users’ cognitive perceptions and the mismatch between those of patients and the way information is presented. He agreed with Mr. Cerf that patients are better informed than ever before, but said they are also more misinformed than ever.

EVOLVING INTERNET TECHNOLOGY AND POLICY

Edward Shortliffe, Ph.D., M.D., Columbia University

Dr. Shortliffe, an NCVHS member, set the scene for this segment of the meeting by describing two activities in which he has been involved: deliberations and reports by the National Research Council (2000) and the President’s Information Technology Advisory Committee (2001). He said he already sees changes in HHS and the mindset of the health care community that are consonant with the recommendations in those reports. He focused on the recommendations related to the internet.

The NRC report was commissioned by the National Library of Medicine with these objectives: to assess technical capabilities to meet the needs of the health care community, to determine the right strategy to assure that the health care field capitalizes on the capabilities, and to identify the internet capabilities uniquely required by health.

The report concluded that while there is no area in which the needs for health are totally unique, there are complexities that cause particular concerns in this area, such as the rapid changes in organization and the security requirements. The report focused on six areas: consumer health, clinical care, administering financial transactions, public health, professional education, and use in the biomedical research community. It made recommendations on organizational, technical, policy, and other issues.

The Committee became aware that in funding and intellectual participation, the main focus has been on four agencies¾NASA, DARPA, NSF and DOE¾and HHS, NIH, NLM have had much more limited roles. The Committee wanted to know why that is the case.

In the technical area, it recommended that the health community make sure its needs are understood and reflected in the design process, that it work with the networking community to develop improved networking technologies. In the policy area, the thrust of the recommendations was that HHS should more aggressively address policy issues, provide strategic leadership, and convene public and private bodies on the internet and health. These recommendations were developed in discussion with HHS staff.

The PITAC report findings were that the U.S. lacks an accepted vision for the role of IT in health care, in contrast with other countries; that a critical and enabling investment in biomedical computing infrastructure and enabling technologies has not yet occurred; that the biomedical community relies on IT innovations produced by other parts of government, with possible adverse effects; that more researchers and practitioners are needed who understand both health and computing and communications (here Dr. Shortliffe said there have been changes in the last year, e.g., CHI); and that there is a lack of central leadership and a centralized budget in HHS.

David Nelson, Networking and Information Technology R&D Program (NITRD), Executive Office

Dr. Nelson said his main message was inviting HHS to “work with us.” NITRD is a mechanism whereby HHS can become more of a partner and participant. He also stressed that “it is about more than just networks.”

The federal government has played a critical role in supporting fundamental research in networking and IT. This research creates the basis on which the private sector can build. There are synergies from agencies working together, enabling them to achieve things they could not alone. Dr. Nelson stressed that “the intellectual involvement is arguably as important as the dollar involvement,” a point he especially directed at HHS.

He then described the organizational structure of the $2 billion multi-agency NITRD program, which is assessed and advised by PITAC. He referred to “the blue book,” Strengthening National, Homeland, and Economic Security: Networking and Information Technology Research and Development¾Supplement to the President’s Budget FY2003. He named the sub-organizations in NITRD (for which the Interagency Working Group on Information Technology R&D serves as the “board of directors”), noting that health care fits into each component area. The National Coordination Office coordinates the teams.

Dr. Nelson added that “health care is always in our minds; we always try to think of health care issues”; however, without the “intellectual heavyweights at the table, who can speak authoritatively about these,” they are relegated to address the issues “as amateurs.” He appealed for help from the experts.

In the 2003 budget, NSF funds the majority of the activity in this area with $679 million, followed by NIH ($327 million) and nine other agencies, including AHRQ with $9 million. Large-scale networking is a large component of the work.

The Interagency Working Group (IWG) member agencies participate in program component areas (PCAs) to coordinate on specific R&D goals, to ensure adequate investments, and to maintain necessary budget visibility. They collaborate with outside groups such as Internet 2 and PITAC. Among other things, the members develop research plans, trade reviewers back and forth, and plan workshops. Other federal agencies, such as FAA and USGS, participate in the IWG and PCAs primarily as users of research. Dr. Nelson suggested that HHS could become involved as a consumer of research as well as a generator of it, and it can participate in test beds in standards development.

George Strawn, NSF and NITRD

Mr. Strawn underlined Dr. Shortliffe’s observation that the original energy in this area (in the 1980s) came from DARPA, NSF, DOE and NASA. This early collaboration among federal agencies “really worked.” The Large-Scale Networking (LSN) Group (previously the Federal Networking Council) has a 15-year track record; now “we would love to see more HHS participation.”

The LSN forms teams of special interest ¾ the Joint Engineering Team, the Network Research Team, and Middleware and Grid Infrastructure Coordination (MAGIC). The latter group has attracted interest from the private sector. Mr. Strawn pointed out that the internet came into being through the efforts of “the government/university complex as opposed to the industrial/military complex”; then the private sector recognized the potential to make money, and an industry was created. Regarding participation by health agencies, he noted that NIH and NLM levels have increased in recent years.

The Next Generation Internet project lasted from 1998 to 2002 and involved multiple agencies in networking research and other activities. The test beds were a visible part of the activity. The initiative exceeded its goals of connecting at least a hundred sites, operating a hundred times faster than previously. Mr. Strawn stressed the desire for more participation from the health care community. He noted that NIH has benefited from being connected to the NSF-supported vBNS network, along with most university-based medical colleges. When vBNS was commercialized, NIH and the universities migrated to the Abilene network.

Now people are looking beyond the NGI. There were workshops in August 2002 and March 2003, an annual retreat, and other activities. STARLight is an optical network connecting the agencies and university networks with international partners. The work on security, which had already begun, was galvanized by September 11. The key activities across the LSN agencies include the longstanding ones of basic research and optical networking and new activity around the Grid, security, and wireless communication. LSN agencies are also concerned about the bursting of the dotCom bubble, the “melt-down” of the telecommunications industry, and the failure of the Telecommunications Act of 1996 to introduce competition into “the last mile.”

Daniel Hitchcock, Department of Energy

Mr. Hitchcock said the DOE does a lot of research in advanced network to support science. He pointed out that health care is different from scientific research in terms of the number of locations, the consequences of errors, the different legal and regulatory requirements, and the number, variety and variable quality of data sources. His presentation addressed four topics, and he provided contact information on the IT R&D group working in each area.

Starting with network issues, he discussed the reasons why the field does not yet know how to affordably deliver gigabytes to hundreds of thousands of sites. The LSN coordination group is working on this (www.itrd.gov/iwg/lsn.html).

Regarding trust, privacy and security, Mr. Hitchcock said that the most important thing in this area, and not an easy task, is to figure out who can be trusted to define the security infrastructure. He suggested that a simple model in which everyone is trusted to see everything is unlikely to be successful. Medical care has a complex trust model in which people trust others for limited periods of time for limited purposes. Groups working on this area:

• http://www.itrd.gov/iwg/hcss.html
• http://www.itrd.gov/iwg/lsn.html

Turning to data management and fusion, he noted that with more than 800 million doctor visits in the U.S. per year and some data coming in large chunks, it is a challenge to figure out how to put it all together into usable information for decision making. The human interface must be intuitive, easy, and fast, and data must include quality metrics. Finding where data are located is a significant challenge. He noted that both good and bad information propagates very rapidly. The MAGIC group and the human computer interface and information management group work on these issues:

• http://www.itrd.gov/iwg/hciim.html
• http://www.itrd.gov/iwg/lsn/magic.html

On the manageability of large systems, he stated that standards for interfaces and data are crucial to success, and standards processes must be agile. Other requirements are that the architecture must be layered, the system must be manageable by humans, and development and maintenance costs must be affordable. It is prudent to pilot, test, break, and redesign manageable pieces instead of trying to design “one architecture for everything.” He noted that another reason for this piecemeal approach is that people don’t know their requirements until they begin to experience the system. The groups working in this area include:

• http://www.itrd.gov/wg/hciim.html
• http://www.itrd.gov/iwg/lsn/magic.html

In conclusion, Mr. Hitchcock commented that it is unlikely that IT improvements will save money; it is more likely that they will improve quality without increasing cost. The group working on this area is at http://www.itrd.gov/iwg/sew.html.

Discussion

Dr. Shortliffe commented on the budget numbers presented by Dr. Nelson and the fact that they were derived through a “cross-cut.” This could create the mistaken impression that NIH is investing that amount in dedicated IT research when in fact these funds are in applied areas with some relation to IT. Dr. Zubeldia added that using this approach, expenditures actually could be double-counted.

Dr. Nelson responded that in his view, the issue with NIH is not the dollar investment but the intellectual involvement.

Dr. Deering pointed out that Congressional budgets are often earmarked and it is hard to get R&D into agency budgets. The issue, then, is not so much leadership as the political process. Shifting the focus, she commented on the need to reframe, or translate, the discussion of IT when talking to people in the health field in order to take into account their vocabulary, cognitive perceptions and missions.

Mr. Scanlon called attention to the existence of the CIO Council, in which HHS chairs the security and public key encryption task force. He noted that in health care the focus is on IT applications, not basic research. HHS has put its efforts into HIPAA and standardization, which he asserted is a significant accomplishment even though “the view has to be broadened.”

Dr. Nelson acknowledged these points, and commented on the link between research and applications. He noted that in the last decade, some “communities of applications” didn’t realize that IT and/or networking could help them. As examples, he cited the high energy physics and chemistry communities, as well as medicine, noting the need for a discussion between those developing the IT tool and those who will apply it. He added that today’s discussion has pointed out opportunities for doing so.

Mr. Strawn noted that the PITAC deliberations resulted in a major program called Information Technology Research (ITR), which led to improvements in appropriations, especially for large research projects. The interest is in bringing together researchers from IT and other disciplines. A common challenge is finding reviewers conversant with both areas.

Mr. Hungate asked what work was taking place on organizational impacts, given that the industry does not see the benefits of IT and networking. Mr. Hitchcock described some activities in this area, noting the difficult transition between research and clinical practice. Mr. Hungate observed that organizational knowledge management needs to be addressed.

Dr. Nelson challenged the Committee to help encourage the industry and HHS to “manage that disruptive technology” and develop the applications for the benefit of all Americans. He cited three models that bridge the gap between research and practice¾FAA, SPIR, and DARPA¾and said this must be done in an entrepreneurial way without regard for “annoying the established interests.” In response to a question from Dr. Steindel about what would appeal to CDC, with its applied-science orientation, he cited the FAA] experience, which over time moved from just taking advantage of existing research to investing their own research funds. Dr. Fitzmaurice commented that AHRQ is a member of NITRD in order to work in a framework with relevance to its own specializations but that it would not create on its own. “It lets us participate in the future.”

Dr. Shortliffe asserted that HHS should not have to choose between the short-term, applied requirements of HIPAA legislation and more a forward-looking engagement in the kinds of activities being discussed at this meeting. He suggested that the chief constraints are the culture and mindset of the biomedical world, which needs to be convinced that “this is biomedicine, too.” Changing the mindset must precede getting the appropriations. He added that in reality, “what is happening at the bench can no longer survive without IT.”

PERSONAL HEALTH RECORD DATA SET

David Lansky, Chair, Markle Committee on the Personal Health Record; President, Foundation for Accountability

(Mr. Lansky spoke to the group by telephone, presenting an overview of the personal health record and the work of the Personal Health Workgroup. Because of the poor quality of the sound in the tape recording of the presentation, it could not be transcribed. In lieu of a summary of the transcription, the following is the text of Mr. Lansky’s slides.)

1. Personal Health Workgroup

• Part of Markle Foundation Connecting for Health Initiative
• Sept. 2002 to June 2003
• ~25 developers, health systems, advocates
• Staffed by FACCT
• Purpose: to define high-level attributes of personal health record
• Users and other stakeholders
• User requirements
• Attributes of desirable PHR
• Core data set
• Implementation architecture models
• Dissemination to developers, policymakers

2. Working Description
The personal health record (PHR) is an electronic application through which individuals can access, manage and share their health information, and that of others for whom they are authorized, in a private, secure, and confidential environment. A well-designed PHR enables individuals or their authorized representatives to control personal health information, supports them in managing their health and well being, and enhances their interactions with health care professionals. As a key component in a “personal health system,” the PHR provides an integrated view encompassing such information as the individual’s health status, medical/treatment history, and communications with health care providers. The information should include data auto-populated by clinical systems, data received from monitoring devices, and information entered by providers and the individual himself or herself.

3. Users of PHR:
The only user of PHR is the patient or consumer who should be referred to as the person. PHR is expected to be available to and support the needs of people both when well and when ill.

All other potential users are referred to as stakeholders.

4. Stakeholders:

• Care providers
• Health care administrators
• Researchers and advocates
• Public health officials
• Vendors and developers
• Employers
• Government agencies

5. PHR Functions:

Managing an accessible record

• View and share personal longitudinal health information across multiple institutions
• Review and verification of record by person and provider for purposes of assuring accuracy, completeness and continuity of information
• Provide access to others authorized by patient, including family, informal caregivers
• Self management

Care management

• Permits access to patient information for emergency care
• Consolidates pertinent patient information including services delivered, prescriptions, medications from all institutions, lab tests, immunizations, allergies, health history to prevent duplication of services, assessments, diagnoses, etc.
• Alerts people to potentially dangerous drug interactions, allergies, an other risks associated with treatment for the purpose of reducing errors and inappropriate care
• Allows providers to access historical record
• Permits multiple providers to share common patient information
• Allows patient to manage and document self-care activities
• Clarified instructions post office visit
• Permits people to manage their own care from home

Communications & Transactions

• Allows for transactions between patient and providers, including scheduling, prescription refill, results reporting
• Provides electronic communication channel with health care providers including primary care physicians and specialists
• Documents all personal information, services delivered, expenses incurred and payments for purposes of streamlining claims
• Receive personalized patient education

Research and Surveillance

• Enable personal data to be collected for health services research
• Allow medical error, quality, and outcomes data to be collected for quality evaluation and advocacy activities
• Permits electronic collection and transfer of public health data from hospitals, physician offices, clinics and other facilities
• Permits electronic collection and transfer of data for biomedical and clinical research
• Receive public health alerts
• Receive information about clinical trials and national guidelines

6. Consumer Attitudes toward PHR

Overall, consumers seem to be unsure about the general concept of PHR:

• 63% of health seekers and 60% of all internet users think that putting medical records online is a “bad idea” even if records are on a secure password protected site (CHCF)
• 38% of internet users said they would access their PHR online; 40% would not because of privacy and security concerns (CHCF)

However, when asked about specific aspects of a PHR, consumers react favorably:

• 83% of healthcare consumers want lab tests available online (Harris)
• 69% want online charts for managing chronic conditions (Harris)
• 80% want to receive personalized medical information online from their doctor after an office visit (Harris)

Some studies have examined conditions that may influence consumer attitudes toward PHR:

• 78% of internet users say it is important that a PHR site allow you to see who has access to your profile; another 78% want the user to be able to make choices about the use of their information
• about 70% of those aged 25-34 want online access to their medical records; only 35% of those over 65 do (Institute for the Future)
• Consumers are eager to obtain health information online and facilitate transactions
• Consumer concerns about internet privacy are strong and well-documented
• Users will want to be able to control their PHR as much as possible
• The more educated about PHR, and the more experience consumers have with it, the more open they are to the concept

7. Desired Attributes of PHR

Tier A (inherent in the definition of PHR)

• Patient, family, caregiver controlled
  • Ownership
  • Permission to access PHR
  • Changing and modifying content of PHR
• Structured to store a lifetime of comprehensive records across multiple providers
  • Accepts as many media formats as necessary
  • Stores any kind of visual image
• Accessible electronically or by print out at point of care (point of care=interaction with any provider)
• Wellness and sickness care information
• Private and secure concordant with federal and state legislation
• Each data point is attributable to its source and can be annotated by the user
  • How is the integrity of the information verified
• Users can see who has accessed their record and when
  • User controls who has access to the record

Tier B (important but not essential)

• Enables data exchange between PHR and electronic records of various health care delivery systems
• Substitution for network, user as the go between

Tier C (potential additions to a PHR)

• User can permit linkage to and synchronization with payor, institutional and other provider records
• PHR data elements are consistent with available clinical data standards

9. Challenges

• PHR appears to require EMR platform (i.e., consumers will not self-populate PHR)
• Emerging “patient gateway to EMR” approaches may not lead to PHR
• Investment & design decisions for EMR remain idiosyncratic, proprietary, based on health system business models
• EMR optimization not now influenced by consumer/patient requirements
• No clear business reason for health care organizations to facilitate PHR
• Public not aware of, demanding PHR functionality; concepts, language will be important

10. Implications for Core Data Set

• EMR specifications must anticipate PHR requirements
• PHR designers must anticipate provider uses of PHR that will benefit and are desired by consumers
• Initial data set specs and their evolution should be keyed to public opinion, values, concerns
• PHR designers must anticipate implications of patient, caregiver, consumer “control”:
• Selective release of information
• Release to selected providers
• Possibility of inconsistency, error across sources
• Mechanism for user correction of data
• Mechanism for user annotation of data
• People will use PHR as they choose!!

11. PHR Research Agenda

• Qualitative research (March 2003):
• With PHR users, PHR “non”-users, PHR innocents
• Understand consumer requirements for medical record and health information
• Understand consumer concerns
• Quantitative research (April 2003):
• Understand relative importance of various PHR features and perceived risks
• Understand user segments with more or less interest and concern

Philip Marshall, Personal Health Record Working Group, Markel Foundation Connecting for Health Collaborative

Mr. Marshall continued the report on the Markle Foundation’s Personal Health Record Working Group, focusing on the personal health information (PHI) data set. Its purpose is to facilitate patient-centered data management by recommending which data should be shared by organizations and systems, along with a mechanism for sharing the data. He noted that the beneficiaries would include not only patients but individual and organizational providers as well as employers.

The Working Group has developed a starting list of information recommended for the data set, including demographic information, insurance and provider information, contact information, current conditions and medications, and test results. The idea is to enable patients to aggregate, integrate and share data across multiple providers and systems, permitting greater “consumerism” and resulting in cost management and health self-management as well as the availability of higher quality information at the point of care.

Dr. Marshall said the Working Group believes it is critical to do the following: define the PHI data set, thereby facilitating interoperability; define a simple way for sharing the data set between systems; ensure privacy safeguards; address the challenges of system authentication and individual authentication; and incent/encourage organizations to share the data with consumer-driven systems.

He stressed that this is “a very patient/person-centric perspective.” Noting that providers are skeptical about the validity of the information in the PHR, he urged NCVHS to think about how to overcome this skepticism, bearing in mind that the information in an electronic medium is no different from what patients are already supplying to their providers in other forms. He concluded by showing the group a sample PHI data set in XML.

Joy Keeler, University of Illinois Chicago Medical Center

The University of Illinois Chicago Medical Center is the largest medical school in the U.S., with multiple ambulatory clinics and sites. The PHR is part of its plan to transform the medical center and its services across the university and the region. Ms. Keeler said their initiative began with a necessary culture change in the way clinicians practice medicine. The medical center is already “heavily electronic”: 97% of attending physicians and 98% of nurses use the EHR in ambulatory care.

Part of the process is the center’s “community strategy,” using a version of a PHR. She later noted that this feeds into other initiatives, such as bioterrorism surveillance and research. The medical center is working to get patients to realize the benefits of the EHR and to use the record as an education tool when they are with their clinicians. Components of the health record are used to connect them to the internet or external sources. The process begins with giving patients electronic access to the organization for registration and submitting clinical information from other providers. To build usage and trust, the strategy is to start by delivering something that brings immediate value to patients. A new information service will be offered to a targeted patient population, with the aim of “whetting their technology appetites.” Functionality, participants and knowledge will be added, and eventually information will be supplied to patients to help them improve their health, with the idea of fostering collaboration among the participants.

Turning to the minimum data set, Ms. Keeler observed that the industry has “hit the wall” in terms of the ability to interface and compare data. She stressed the merits of prioritizing the elements of the minimum data set and keeping it simple, using a phased approach to gradually add elements. Further, the priorities should be based on the value to the end users, “not to us technos.” She suggested positive patient identification, lab, radiology, medications, payer information, and narrative notes as parts of the first phase.

Joy Pritts, Georgetown University Institute for Health Care Research and Policy

Ms. Pritts spoke on the privacy aspects of the PHR. She began by observing that the PHR “means a whole lot of different things to different people,” making it rather “like wrestling with jello.” Nevertheless, the various formats and structures have issues in common from a privacy perspective.

What must be considered is both the person’s ability to keep information away from others and also their ability to control how the information is used and shared by selected secondary users. Besides the question of patient control, there is the question of what legal restrictions or protections exist on authorized access.

The two main sources, or facilitators, of the PHR are commercial vendors and health care providers. The first group of facilitators present the PHR as very patient-centered and patient-controlled, but “once you open the door, the patient largely loses control.” As the medical system becomes increasingly centralized, this could be an even greater concern. A major issue is that for commercial or proprietary vendors, there is almost a total lack of legal protections for the information that patients voluntary store at the sites. Most are not covered by the HIPAA privacy regulations. Except for California, state health privacy laws also do not cover information in this context. The FTC Act offers some protection, but very limited. The economic volatility of such vendors makes the information particularly vulnerable. Ms. Pritts noted that a recent study found that in on year, the number of PHR sites fell from 66 to 16. Thus this is “a potential disaster waiting to happen” because of the lack of legal protections. She urged that commercial vendors not be regarded as a viable component of a national health information infrastructure, at least under current protections.

The other entity maintaining PHRs is health care providers, such as the VA, which use PHRs as what Dr. Lansky called “gateways to EMRs.” In this model, the data are primarily entered by the provider, the patient has some access, but the provider controls what patients have access to. HIPAA regulations are not clear about how the PHR fits in with HIPAA, how providers would convey the information to patients, and so on. PHRs that are maintained on a health care provider site are subject to the privacy regs, but this allows for the free flow of the information for treatment, payment and health care operations.

A third structure for PHRs, one discussed today, is a decentralized one in which patients pull information from various sites, possibly not storing it in a single place. Ms. Pritts said it cannot be assumed that HIPAA will protect that information.

In general, she said the legal setup is lacking to adequately protect the information in any of the structures currently under consideration. She suggested that defining a minimum data set could be useful in solving the problem of the amount of control patients have over their information. It amounts to “an agreement to a restricted EMR” and fits in the system that already exists, with existing protections. She proposed a restricted list of who should have access to the PHR.

Discussion

To questions from Dr. Fitzmaurice, Ms. Keeler said the University of Illinois Chicago EMR project was initially largely physician-driven, followed by the involvement of nurses and ancillary health people. On avoiding pitfalls and sharing the lessons they have learned, she said they went with a vendor-based solution in order to “have something recreatable.” She plans to write an article on their experience by the end of 2003. An unpublished book on the process, The Transformation of Health Care at the University of Illinois, will be made available to the Workgroup.

Dr. Zubeldia remarked on the presenters’ silence about standards, giving the appearance of “the creation of multiple islands.” He stressed that anything that will work nationally as part of the NHII will have to have standards for connectivity. Mr. Marshall said the PHR Working Group takes the position that PHR data should adhere to standards where possible. Regarding data exchange, HL7 would be a way for systems to communicate. Ms. Keeler noted that thanks to HL7, this is one area in which health information technology may be ahead of that in other industries. She said “everybody uses it” and it is “a good place to start.” However, prior to that is the task of transforming health care to “get those physicians to use the computer.” She suggested that physicians be given latitude in how they do narrative reports.

To another question, she confirmed that her medical center’s PHR system is essentially a gateway to the EMR¾a common server whereby the patient and other sources can contribute data to the EMR. Patients are not allowed to amend or append the record; only a physician or nurse may do so. Ms. Pritts challenged her statement that the patient “owns” the record, explaining that legally the patient has a right to access the information but the provider owns the medical record.

Dr. Deering noted the differing views in the field regarding the importance of defining the “it” of the PHR, versus just talking about the functionality without resolving that question. She also noted the issues surrounding “version control,” with their implications for both privacy and accuracy when different iterations of a PHR travel among those with access to it.

Ms. Pritt said the structure of the record is what controls the degree of its privacy, and therefore it is important to define the structure. Dr. Lumpkin urged her to advise the Committee on what changes are needed in the privacy regulations to tighten privacy protection for the PHR, so its recommendations to the Secretary and Congress can be informed by her expertise. Asked to comment on individual identifiers, she said this is “still a very hot-button issue” and it should be approached with care.

PERSONAL HEALTH RECORD: STANDARDS

Ed Hammond, Duke University, Markle Committee on Data Standards

Dr. Hammond noted his affiliations with the American Informatics Association and HL7. He expressed surprise and pleasure that the PHR is being explored. The Markle Connecting for Health project has three goals: accelerating the rate of adoption of clinical data standards; sharing best practices for secure and private transmission of medical information; and understanding what consumers will need and expect in this area and identifying key steps for meeting their needs.

Dr. Hammond chairs the Data Standards Working Group (DSWG), which, along with Working Groups on Privacy/Security and Personal Health, is coordinated by the Steering Group. The DSWG’s goals are to identify and cause the creation of necessary standards and definitions to enable the movement of data and knowledge for improving health care, and to accelerate the adoption of data standards. The DSWG has committees on consensus, implementation, and policy. It has not focused on the standards for the PHR.

The DSWG believes the HL7 reference information model (RIN) has achieved acceptance and stability in the industry, and it recommends this standard. Dr. Hammond discussed 17 other categories that are part of a standards assessment matrix developed by/for Connecting for Health, describing the status of each one with respect to balloting, vendors, and users. In addition to the RIN, the categories include terminology, clinical documents, clinical templates, business rules, tool sets, guidelines, and security, among others. Many of the categories show progress toward national standards, most of it made by HL7. Regarding data elements, he said the aim is to create a well-defined master set of data elements, associated with defined definitions, terminologies and data types.

Turning to the PHR, he supported the principle of designing it to meet consumer needs, to support their taking responsibility for their own care. The PHR exists not just for data but also for scheduling, test results, knowledge management, and more. Some content will be clinical, others will be financial or come through information subscription services. In terms of where the PHR should reside, Dr. Hammond noted that many people say they trust the clinic to be more secure than their home computer; there might also be other location options, including commercial services.

Regarding data flow from the PHR to the rest of the system, he stressed the importance of structuring this carefully and ensuring personal control and ability to monitor data access by a list of permitted persons, groups or facilities and an access log. He recommended a mechanism for person guidelines¾e.g., on new drugs, how to make a choice, how often to be tested, and “what it means to me.”

He also recommends using the same clinical terminology for providers and consumers. In conclusion, he stated that “most of the standards that we need to get started currently exist and are usable with a little bit of input from the consumer community.”

Gary Christopherson, Veterans Health Administration

Mr. Christopherson stressed that PHRs should not be done in isolation, but rather with reference to the goals for a paperless record, data and communication standards, and model health information systems. He outlined the complexity involved in changing “how we do health in the U.S.,” noting among other things the size of the patient population, the multitude of sites, and the amount of money and data involved. The Veterans Health Administration (VHA) PHR initiative is HealthePeople, which has a strategy that involves multiple sites, high performance goals, and multiple overseers and partners. The system will also have health provider applications. Its connections will include financial systems, registration, and ancillary systems encompassing the health experience of the individual, in each case governed by standards. HealthePeople is a portal between the health care organization and “what is happening outside.”

Mr. Christopherson showed a schematic of the PHR and its links to other systems, noting that there are multiple models for how the person controls the system. Systems owned by the individual can be controlled on their PC, via a “community” service provider, via non-health service provider, or via government provider; or the system can be co-owned and co-controlled with the primary health care provider. Noting that it will not just be used for self-entered information, he enumerated the multiple types of content and services possible through this system. (Examples: access to health provider records, access to trusted experts for health decision support, health self-assessments, input from medical devices, messaging with providers, diagnostic and therapeutic tools, safety-related information.)

In conclusion, he reiterated the critical importance of standards, adding that VHA is working with HHS and DOD to adopt a suite of standards and try to provide a tipping point for the private sector.

Discussion

Mr. Hungate observed that from a quality improvement perspective, the data requirements for the PHR and the EMR seem the same; only the process manager differs. He commented on the potential for the PHR to provide patient-based input into the quality improvement process. Mr. Hammond supported the idea of getting patient feedback into the system, for example, on adverse drug reactions, to improve patient safety. Mr. Hungate added knowledge-based support for patient decision-making to the list of potential benefits. Mr. Christopherson commented that the key is figuring out how to put the information in a form that everyone can understand.

Dr. Harding noted the variations in people’s cognitive capacities, interests, and willingness to make an effort, and asked what percentage of people will take advantage of the resource. Mr. Christopherson observed that the latter two are affected by people’s experiences and needs. Mr. Hammond said that research with low-income clinic patients in the 1980s showed that having voice input as an alternative to the written word was very successful. He noted the need for multiple modalities. Mr. Chistopherson added that these resources will also be helpful to others besides patients, such as public health nurses, family members, and friends. The question in that case is how to protect privacy and protect people against scams.

Dr. Zubeldia observed that people may separate their record into pieces in order to protect privacy, making inconsistencies and gaps more likely. He asked if any work is being done on this. Mr. Christopherson said the VA is wrestling with this issue, especially with regard to the mental health record. Its current position is that patients have a right to withhold information from a facility, but not to break their record into pieces.

In response to a question from Dr. Deering on the status of a standard for a minimum data set (with reference to the list offered by Phil Marshall), Mr. Hammond said no one has started standardizing the definition of data elements, and the standards world does not regard terminology as standards. Several organizations including Duke have defined the data elements within their systems, but there is no national repository for this. Connecting for Health is talking about establishing such a master repository to standardize content. He reiterated that

there is no uniform national minimal data set but there are several minimum data sets for fixed purposes, later asserting that a national minimum data set will never be resolved without having a business agreement for one.

Mr. Christopherson identified several elements that are close to standardization. He argued that the field should not wait for standards to be in place before moving on the PHR; rather, it should get started, and the standards will come. He and Mr. Hammond agreed that “we have enough [agreement] to get started” on a PHR.

The meeting then recessed until the following day.

---

DAY TWO

LINKING INDIVIDUALS TO THE PERSONAL HEALTH INFORMATION

David Brailer, M.D., Ph.D., CareScience, Santa Barbara Project

Dr. Brailer used two case studies to illustrate the importance of access to wide-ranging information for both patients and providers. He cited a Harris Interactive poll showing that consumers have a strong desire for electronic access to their health information and their providers. The issue is that consumer health information is widely dispersed; for example, Santa Barbara consumers see an average of 2.7 providers a year. These factors led to creation of the Santa Barbara County Care Data Exchange (SSCCDE). It is a public utility available to all physicians, caregivers and consumers, with the main focus being bringing information to decision makers for use in treatment decisions.

This is in part an attempt to remedy information fragmentation, as represented in findings in the following areas: physicians sharing the same patient ordered duplicate tests and therapies; physicians didn’t know what other physicians were doing; uncertainty and hassle reduction drove decisions; and information was often missed. The Data Exchange is sponsored by more than a dozen public and private institutions in the Santa Barbara region, meeting an important objective of taking “all comers” and having broad community ownership of the enterprise. The SBCCDE is organized with a hub-and-spoke relationship among the sponsors, governed by the SBCCDE Council, which is connected to legal, financial, consumer, technical, and clinical councils. Each organization, large or small, has one vote. The Data Exchange is being deployed sequentially, starting with connectivity between institutions (corporations/enterprises) and clinicians, consumers, and public health (these connections are completed). The phase now underway is connecting clinicians to the other entities.

The technology has no central architecture, both for economic reasons and to protect security and confidentiality. Dr. Brailer noted that the secret to making this beneficial is “to make the up-front hurdle as low as possible,” which is accomplished with distributed peer-to-peer technology. The SBCCDE believes in having providers and ancillary care entities control access to the data, because it is they who are obligated to do so. (Dr. Brailer later explained that California law requires that physicians review results before consumers have access to the information, thus giving them de facto control.) Organizations in SBCCDE have put large amounts of data online, including lab results, radiology reports, images, clinical dictations, admission and discharge reports, pharmacy data, and social service data. Additional data sources wishing to join the Exchange are admitted on a first-come, first-served basis.

The key application is physician access to comprehensive patient data, provided the patient has given consent, the data holders allow access to the data, and the physician is authorized and authenticated. There are also public health applications, including disaster recovery and reporting, and consumer applications as discussed in other presentations.

The SBCCDE used a consumer council to determine what consumers want, what rules they would and would not follow, their technical savvy, and so on. This group of 12 people became the first pilot users.

Dr. Brailer showed sample screens and described the enrollment process. He concluded by outline six lessons learned through this initiative:

• Getting information to physicians is the key.
• Loosely coupled technology (forgiving to a variety of data formats) is necessary. The field should not wait for complete interoperability and standards.
• Community sharing is not contingent on each enterprise having a fully deployed infrastructure. Data-sharing across enterprises and internal IT development should be pursued as parallel activities.
• There is a two-tiered ROI: reduction of data-handling costs, and longer-term clinical benefits.
• Clinical data sharing is a public good that over time addresses a market failure, but only with a policy intervention at the outset to overcome the “first-mover disadvantage.”
• Clarification of unintended legal barriers such as antitrust and Stark will sharply advance community data sharing.

Pat Wise, Healthcare Information and Management Systems Society (HIMSS)

Ms. Wise directs the EHR and NHII Initiatives for her organization. HIMSS adopted the NHII as the Society’s top strategic policy issue in the summer of 2002 and chartered the formation of the NHII Task Force. Several federal agencies and NCVHS are represented on the Task Force, which works collaboratively with other organizations.

An early project was production of a comprehensive audio education program in which NCVHS member Jeff Blair gives an overview and tutorial on the NCVHS vision for the NHII. HIMSS also inventoried existing technologies and practices and conducted a gap analysis of developmental needs, and it actively supports state initiatives that may serve as test beds as well as the NHII Workgroup’s current exploration of the PHR.

HIMSS queried its members with respect to personal health information and learned, to its surprise, that most health care in the U.S. is documented on paper and resides where the care is provided. Ms. Wise enumerated the potential benefits from integrated electronic health records, which she called the enterprise master patient index (EMPI). She said HIMSS found that the large health care organizations have done the most work with the EMPI models but most have no provision for consumer access. No advanced models were identified.

The Health Care Commission in the State of Delaware has approved development of a utility that can provide an index of the community providers with information on a patient. The utility would establish standards for patient identification, secure electronic data transfer and data content. The standards would enable patient-authorized providers to use the utility to electronically request information from other data contributors. Studies (e.g., one in Wisconsin) indicate that implementing electronic information sharing can reduce health care administrative costs by 50 to 80 percent.

HIMSS has an initiative called Integrating the Healthcare Enterprise (IHE) that brings together stakeholders to implement standards for communicating information. It is not an effort to develop new standards but to help participants implement widely accepted ones.

To support efforts such as those of the NHII Workgroup, HIMSS has developed a 10-point work plan that includes the following:

• Roll out a robust EHR Initiative program
• Promote health care standards development that supports EHR
• Create an EHR demonstration project
• Schedule demonstrations at key industry meetings
• Advocate public policy that provides incentives
• Establish HIMSS as a clearinghouse of information and research on EHR

Johnny Walker, Patient Safety Institute

Mr. Walker said he would move the frame of reference from an enterprise model or community model to a national utility model. He noted that the intractable problems in state and national models are in governance and policy, not technology.

PSI is a non-profit national collaborative of physicians, hospitals and consumers focused on their common need for information to improve quality, reduce error, lower cost, strengthen privacy and security, and enhance relationships. Mr. Walker said they enlisted a PR firm to find appropriate patient advocates for the coalition. PSI’s governance model maintains a balance between the three constituencies. There are parallels between what they are doing in health care and what Visa did in the banking industry.

PSI does not have a central data base. Data are available real-time, in a flexible format which Mr. Walker briefly described. It operates at national and state levels, with a national hub that makes data available to states. There are public and private users and sources. The data-sharing system allows savings through error reduction and quality improvement.

Mr. Walker described what he called “one of the most intractable challenges” PSI has confronted, relating to the consent process and privacy issues when patients opt-in. He noted that if patients are required to give up their privacy through consents, they need to get something in return.

Barbara Selter, MAXIMUS Intelligent Technologies Division and Western Governors’ Association

Ms. Selter described the Health Passport Project (HPP) of the Western Governors’ Association. Its purpose is to obtain and collect personal information from multiple providers. She noted the multiple options today for obtaining and sharing data, including fax, EMRs, smart cards, the internet, and combinations of technology. The HPP is a pioneer in using card-centric data sharing. It started as a payment system related to the delivery of medical benefits to the population participating in several public benefit programs. The project vision is a multi-application card given to both provider and patient, with different content for each.

The first phase of the project was a card-centric pilot in Wyoming, Nevada, and North Dakota involving 30,000 mothers and children who are WIC beneficiaries. This was the first attempt at cooperation among the three levels of government and the private sector. Federal agencies included PHS, MCH, Head Start, NLM, and Medicaid. The beneficiaries were enrolled in WIC, local maternal and child health programs, EPSDT Medicaid, Head Start, and various food benefits. A key issue was using the card as an integrating device among disparate systems. The cards afforded consumers access to kiosks in supermarkets, community health centers, libraries, and elsewhere, where they could download electronic benefits, balances, printouts of appointments, and child immunization records.

The second phase is moving into combining technologies, after the project determined that the card was good for “certain static data” but not as good for constantly-changing data. The idea is to share medical records on the internet, through a web-based patient account using digital signature technology to integrate systems from multiple providers. The exchange is HIPAA-compliant and is supported by the Federal PKI Steering Committee Health Care Work Group. There are common operating rules, agreements and procedures. Ms. Selter compared it to the Visa/MasterCard model, in which participants adhere to a common set of principles.

With this approach, there is no need for a single universal patient identifier. She described the single access protocol which uses a set of uniform operating rules, with all provider organizations and requester organizations conducting data exchange through the HPP Aggregator. The aggregator validates and authorizes requests, generates disclosure requests, aggregates medical disclosures, presents medical disclosures, and records transaction data. (If the requested data do not exist in electronic format; as is often the case, they are scanned or entered.) No data are maintained by the aggregator, which is “only a switch or hub”; it only maintains a record of the transaction. It is easy to add participants, who only have to agree to abide by the common operating procedures and to build an interface. The project is being piloted in San Diego and will be scaled from there.

Ms. Selter outlined a vision of future patient access to information with these facets: a convergence of multiple technologies, making access more convenient for patients; identity authentication as the core application; generic platforms customized for target audiences; public/private partnerships to share the costs and generate revenue; jurisdictional and geographic boundaries overcome by interoperability and inter-entity cooperation; platform management and cost allocation becoming more complex as more providers participate. And as the patient base increases, the system will have greater usefulness to providers, while increased provider participation will make the system more useful to patients.

Discussion

In response to questions from Mr. Scanlon, Ms. Selter said that patients were not compelled to participate, but nearly all of the target population in phase one chose to do so. Surveys found that they trusted the security of the system. The project is in the requirements-gathering stage at present. Most San Diego partners are private providers, including Scripps Howard and several private physician groups.

Dr. Ortiz expressed interest in the idea of a national hub for information exchange. He asked Mr. Walker and Dr. Brailer if any other entities are trying to do the same thing, and if so, whether this would lead to competition or collaboration. Mr. Walker reiterated that PSI is a non-profit and it is interested in working with others. He said he did not know of anyone else working on a national basis. Dr. Brailer said his company is a technology supplier to 12 data exchanges in nine states, including the SBCCDE, which is owned by Santa Barbara county. He stressed that everyone should want to collaborate as part of “a nested federal, state, and community-level effort.”

Ms. Selter said it was critical for the federal government to take the lead in ensuring a framework of business practices and technology standards so that the disparate local and regional projects can become interoperable and the scope can expand to a national scale.

Dr. Zubeldia asked about progress toward an integrated EHR in the environments described above, using standards for data interchange and EHR interchange. Mr. Walker said PSI is very interested in this, adding that HL7 is “a great start.”

Dr. Brailer said user participation in his project “exploded” when they created “polling access” in which, rather than going to a browser and looking up someone’s data, the physician could subscribe to a patient’s data and tell the application where to send it. He urged a “very ecumenical view” of how to get access to data.

Asked about finding patient representatives, Mr. Walker praised those who were identified for PSI ¾ representatives of the National Consumer’s League, the National Alliance for Hispanic Health, and the Citizen’s Council of Health Care.

To a question from Dr. Fitzmaurice, Dr. Brailer said his data on information fragmentation came from a six-month feasibility study in Santa Barbara. It was reported to the California Health Care Foundation but has not been published.

AUTHENTICATION ISSUES

Peter Waegemann, Medical Records Institute

Mr. Waegemann began by cataloguing problems other countries have encountered in their NHII initiatives, stemming from the rapid rate of technological change and their projects’ lack of flexibility and lack of goals. He put forward six goals that he urged the Committee to look at.

On personal health records, he advised starting with definitions, given the multiplicity of models. He discussed the following “key issues” of data integrity and authentication:

• who created the information
• how to ensure that only authorized persons have access to it
• who takes responsibility for it (relating to the question of whether providers trust patients)
• has it changed since it was created
• is it linked to the right person

Commercial vendors of PHRs in the U.S. have shrunk from 112 to 30, and the number of patients putting their health information on the Web has shrunk from 13 million to 7 million. Mr. Waegemann asserted that token-based systems do not work; he cited the fact that all the funded projects in Europe have been discontinued because of patient mobility, questions about the validity of the information, identification issues, and other legal and practical obstacles. With web-based systems, he raised the question of what revenue model will be used.

Returning to definitions, he noted that the PHR is very different from a provider’s EHR. The PHR has three parts: what the patient takes from the provider, patients’ records on alternative medicine, and personal health information, e.g., women’s menstruation data. He added that Israel, South Africa, and Switzerland are now looking at a combined PHR and national EHR.

Regarding identification and authentication issues, he stressed that the ASTM standard is a validated national standard that defines the minimum data set. He urged the Committee to make sure that everyone who is concerned with PHRs follows that standard, which specifies “what needs to be done.”

Brad Keller, Esq., Sun Trust Bank

After noting that he would be expressing his opinions alone, Mr. Keller offered insights from the banking industry on the issue of authentication. He pointed out the changes in banking and additional challenges, throughout which banks have retained their status as trusted intermediaries. The original authentication challenges stemmed from the lack of central guidance, resulting in a complex environment and a cumbersome customer experience. There were conflicting ownership, specialized solutions, and disparate business and technical controls.

By assessing these challenges, the industry learned that authentication is a process (involving enrollment, verification, and revocation) as well as a component of another critical customer process (involving security, authentication, authorization, and privacy). Regarding the authentication process, it determined that customers need to take an active role in preserving and protecting their access, and that revocation must work simultaneously with verification to be effective. Risk factors are used to determine the appropriate method of identification, relating to the nature of the information being exchanged, the channel used for the interaction, and the customer’s risk tolerance.

Regarding the broader process of which authentication is a part, Mr. Keller said this process begins with security, which determines who should be allowed access. The steps are authentication, which determines who the individuals is; authorization, which determines what the person should be allowed to do; and privacy, which concerns who has access to the person’s information.

Banks are developing a single sign-on strategy that would allow authenticated users access to a variety of systems, with risk factors as a guide. Another approach under development is role-based access, based on people’s roles in an organization.

Two areas in which authentication has important impact are identity theft and authentication with and to third parties. In the latter instance, authentication must be provided on an interoperable basis across disparate autonomous systems. The authentication process itself must be protected from disclosure, to restrict access to those who need the information to perform their jobs.

Regarding interoperability, Mr. Keller cautioned his audience to develop its authentication standards with an eye toward the need to talk to other systems and institutions, avoiding the pitfalls being encountered in the banking industry today.

He outlined a vision for the future of authentication, with the capabilities of authentication and authorization mapped against business capabilities and business drivers, pointing out that the more advanced the approach to authentication, the more costly and complicated the implementation is. He concluded his presentation with an information flow-chart for multi-channel user access. It shows how an individual would move through authentication to applications and to the data. Sun Bank uses the chart to track information flow and make sure no steps are missed.

Healthcare PKI: Glen Marshall, Siemens

Mr. Marshall’s presentation was organized around four questions:

• What do we want?
• What do we have?
• What do we need?
• What do we do next?

He focused on the public key infrastructure, defined as an electronically managed identity with security characteristics. What is wanted is a ubiquitous, common, portable and simple means to identify and authenticate health care participants. Specifically, this means having a single credential, support for multiple health care settings and roles, support for multilateral authentication, interoperability, security, an administrative infrastructure for the above, reasonable operating costs, and rapid positive ROI. (On the last, he said this means being able to at least break even at the end of the first year.)

Turning to what already exists to help meet these objectives, he cited the “plethora of standards” as well as a ubiquitously-implemented digital signature technology and a definition of digital signature use cases. These he summarized as “almost more than enough critical mass to do the job.”

What is needed, first, is harmonized healthcare PKI standards. Healthcare roles and attributes must be added to the ASTM standard, and a way must be provided to support one identity per user entity. A regime for mutual trust among healthcare PKIs is needed. A standard for long-term nonrepudiation (i.e., retaining the authenticity of data after a clinician’s credential is expired) is also needed, as is consensus among ANSI and non-ANSI SDOs.

Also needed are enabling mechanisms, at least one PKI implementer, and implementation. The enabling mechanisms include funding to encourage implementation and insurance or a liability cap to mitigate risk. Once a viable PKI implementer has come forward, a pilot test should be defined, leading to “real implementation.” This involves a structure or network of trust among existing health care PKIs.

Turning to next steps, Mr. Marshall called first for a mandate from the health care IT sector in the form of either regulatory action or “an emerging ‘killer app.’” Other next steps involve the availability of seed money and risk mitigation, the acceptance and implementation of healthcare PKI standards, and recruitment of healthcare IT participants.

Martin Abrams, Center for Information Policy Leadership, Hunton & Williams

Mr. Abrams focused on consumer expectations with respect to authentication. His company did a 6-month-long authentication workshop in 2002. He pointed out that authentication involves verifying that people are who they say they are, and “this [i.e., issues with the process] isn’t a health care problem, it is a societal problem.” Further, the problem is with people, not technologies. He depicted the transition from an industrial-based society to an information-based one as two tectonic plates grating against each other. In the present context, there is friction between the societal drive to “use information to solve all problems” and the consumer determination that it must be easy, requiring neither memory nor other forms of effort in order to participate, as well as failsafe.

Regarding authentication, Mr. Abrams pointed to the objective of trust, brought about through a combination of value, security, and privacy protection. Part of value for consumers is the absence of cost. Security means never being harmed by a security failure, inappropriate access or inappropriate changes. Privacy means limiting the information to appropriate uses. The point, Mr. Abrams said, is that “individual expectations make authentication almost impossible.” The key failure point is enrollment. The best systems rely on linking an identity with a history; instead, generally this process relies on a combination of “who you are, what you have and what you know,” which in turn rely on prior linkages and enrollments and other fallible factors. The next stage after enrollment is verification, which often requires people to remember their passwords or to keep track of and be able to read their tokens.

Cost is an issue; neither providers nor consumers are not willing to pay for authentication process and technologies, and “the states are broke and the feds are in deficit.” In addition, proxy solutions are not the answer¾e.g., credit cards and driver’s licenses, which are stolen and/or used inappropriately for establishing identity.

Turning to the solutions, Mr. Abrams called for acknowledging the scope of the societal problem so that affordable solutions, with cost-sharing, can be developed and so the tokens created are proportional to the need. He also recommended determining how much confidence is needed for the various types of transactions in the health care environment, using scoring systems to rate confidence in the various systems, comparing the levels of confidence, and building a layered system to achieve the level needed.

Discussion

Dr. Steindel raised the issue of people wanting to assume false identities or remain anonymous. Mr. Keller said there are regulations in the banking world requiring that people must reveal their identity. He noted parallels between banking and health care when people want to do banking on behalf of others, such as disabled relatives.

Asked to elaborate on other countries’ failed investments in an NHII, Mr. Waegemann said Sweden was dealing with outdated technology; Germany focused on the wrong technology; and the Netherlands needed to clarify and reorganize its goals. Dr. Lumpkin commented that in ways, the U.S. has an advantage in its fragmented health care system, compared to countries with centralized health delivery systems, because the former necessitates an incremental and piecemeal approach to building the information infrastructure. Mr. Marshall commented that it is arguable that the international projects failed because they were done too slowly and were underfunded and understaffed. Mr. Abrams noted the high cost of the best technologies, and he urged attention to “the real cost implications” of technology. Mr. Hungate observed that the deliberative process of reaching a decision is often longer than the technological product life cycle.

Mr. Blair asked the panelists for suggestions to NCVHS on effective interventions. Mr. Keller encouraged the Committee not to “look for the killer app, [because] it doesn’t exist,” but rather to look for what applications can live together with a set of standards. Mr. Abrams called for attention to the concept of federated identity management (authentication by multiple parties) and the metrics around that.

Mr. Marshall suggested focusing on regulatory action to introduce the technology for authentication into the health care sphere. To create value, as recommended by Mr. Abrams, he advised starting with attachments, for which a rule is forthcoming.

Dr. Zubeldia commented on the contextual factors influencing what information is relevant in defining an individual, and he asked if there were consensus on the key pieces of information for establishing identity in a new health care situation. Mr. Abrams said “that’s the essential problem,” and he again recommended a federated identity system. Mr. Keller said that in the banking industry, it is possible to rely on collateral sources (e.g., school registration for student loans). Mr. Marshall said that until there is a ubiquitous solution, this is the individual’s problem.

Dr. Lumpkin thanked all the panelists, and said the next NHII Workgroup hearing would be in Atlanta on March 18.

---

I hereby certify that, to the best of my knowledge, the foregoing summary of minutes is accurate and complete.

/s/ John R. Lumpkin 5/6/2003

_____________________________________________________________________

Chair Date