July 9, 1997 Public Forum: Morning Session

12/12/2012

[UNEDITED TRANSCRIPT]

Welcome and Introductions

DR. MOORE: Good morning. We have a long agenda today, so I'd like to get started on time.

My name is Bob Moore. I'm with the Health Care Financing Administration. This is something that we -- this meeting we thought about back in the spring, and it serves a number of purposes. When we thought about it, we didn't put out special invitations to a lot of people, but we did spread the word to as many people as we could, because we wanted to use it, as I said, one, to get with the general public about what we were doing before we did it, and also to give ourselves some milestones or some targets to shoot for, and this seemed like a good one.

We made a presentation to the assistant secretaries in the department back in June, letting them know what we were thinking about, what the recommendations might be, what the rationale for where the teams had reached. At this time, we wanted to make the general public aware of where we were. It gave us targets to shoot for, some milestones to reach.

As we go through today, I'm going to go through an overview this morning of -- I know some of you, I have seen some of you, I have made presentations to some of you in the past. Some of the material that I will cover may be seen by some of you, like Frank or some of the others, but I am going to do it again to tell you how we arrived or what the structure was within the department to achieve where we are. Then we will bring up each of the teams that worked on these standards, and they will go over with you individually where they are, what they are likely to recommend, and I say likely because nothing is absolutely certain until it gets out the door, and it is not out the door yet. In fact, a lot of it isn't even written yet, but a lot of work has been done to lay the ground, to write the regs, to put it together to get out this fall.

Many of you know, I was tapped to be on this with Dr. Braithwaithe. Bill is not with us today, but we are co-chairing a group that is leading this effort. I will be moving on to another job within the agency, and someone is going to be picked to take my place, working with Bill on this. That is to be done later this month. I have been told that I will spend as much time as is necessary to make sure that my replacement is as successful as I have been.

The person that I work for that is in the agency on standards is Stuart Streimer. Stuart, would you stand up so that everyone can see who you are? He is here to make sure that I do it right today.

I want to cover the general provisions. This will be transcribed, and this transcription will be available to everyone, including the overheads that we use. So if you want to know all the detail as the day goes through, we can make it painfully available to you.

The teams will be taking about 20 minutes in each of their presentations, and then opening it up for questions, and we will spend the rest of the hour for questions. So let's get started.

Administrative Simplification Provisions and Implementation Plan

MR. MOORE: The purpose of the provisions, if you all didn't know, was to improve the efficiency and effectiveness of the health care system to our experiences, and HCFA and a number of people in the department have been working with the standard organizations, trying to achieve this for some time. We never expected the legislation; it was a surprise to us. It was a pleasant surprise in many ways, and it has become a burden in many ways.

It is to develop the transactions that are required to do electronic commerce, as I call it, between the principals, that is, the payers and providers in the health care business, and to protect the security and privacy of that information as it is transmitted and stored in different places along the way.

The Secretary was given the job. Prior to this, and one reason the Secretary got this mainly, back from the health care reform days, NIH was working on many aspects of this, including privacy and security. The Vice President back in March of '95 tapped the Secretary to be responsible for some of these things. When the legislation came out, it didn't surprise us to see that the Congress continued that with the standard transactions, the identifiers, and code sets, and security and privacy, which she was already being tapped for.

It will affect all health plans and clearinghouses, and the next statement is, and those providers who choose to conduct these transactions electronically. It will all be required, and I want to make sure that is clear. The standards are going to be required of all plans and clearinghouses, and only the providers who elect to do this business electronically. If the providers choose to do it still on paper, then the standards do not all apply to them. They will stay with the same standards that have been there, if there were any, in the past.

The standards will supersede most contrary provisions of state law. So these will be mandated to all. The legislation also expanded the scope and the membership of the National Committee on Vital and Health Statistics, which is an advisory body to the Secretary of health data issues.

The civil and criminal penalties that are prescribed in the law cover two areas. One, penalties for violating the standards and penalties for wrongful release of information concerning identifiable data.

In dealing with our Office of General Counsel, the penalties have been interpreted by many to be -- some have said that it is a $25,000 penalty. That is not necessarily true. It is $25,000 maximum per standard. Don't forget, there are ten transactions for identifiers, there are security standards as well, and code standards. So the violation could be mounted up to a sizeable amount, depending upon the organization and whether or not they used some or all of the standards.

For privacy within the law, the law is far more onerous on those who have been found not to comply with it, and you can see the penalty there being $50,000 to $250,000 and one to ten years in jail. One of the things that I have said is that this puts into the law a similar law that is imposed on federal employees for protection of privacy for health care information.

The transactions that were prescribed are going to be covered today. They will be covered in two different presentations. We tried to break them. These are the five here and five other ones here. We tried to break those into two groups, those that are related to claims and claims activity, and those that are related to individuals like enrollment, dis-enrollment, et cetera, and we will be covering the detail of where we are on that.

For unique identifiers, the four identified here, two are being worked on in HCFA. The individuals is yet to be worked on. That will be covered in greater detail, where we are. Employers' health plans and health care providers are two that we will go into in some depth today.

Code sets. There are two issues with the code sets. We are working with each of the teams. The code sets that are not medical or procedural are going to be worked with the teams as a separate group that is going to report today on the medical code set and where we are in coming up with a standard code set for procedures and diagnoses.

Security is one of the other supporting standards. It will include the confidentiality, privacy and electronic signatures. Low cost distribution mechanism. We are working to develop a mechanism that will allow you to pull the standards down off of a web, as low cost as possible. Our goal is to make it free, if possible, but that is yet to be decided, and it is not fully functional at this time in that method. The standards will be available at Washington Publishing on their website.

Time frame. The transaction sets, we are still shooting for February of '98 to have them adopted by the Secretary. Some of the barriers to getting that accomplished by this time is getting that through our Office of Management and Budget and back to the Secretary once it is released from the department. We feel confident that we can achieve that. The teams that have been established -- one that I will go into shortly -- has representatives from the Office of Management and Budget, which reviews all regs, and they have worked with us, so when the reg hits the Office of Management and Budget, they will not be totally surprised with what is there. They will understand the rationale and a lot of the thinking that went behind it within the department.

It says, HHS adopts claims standards. That is the claims attachment standard that we see out there in February of '99. That is one of the ten standards that we were given additional time to do. There is a special work group that has been created within X12 and HL7 to work on that standard, and trying to not be pressed like we are now in order to come up with a viable standard.

The goal is still February of the year 2000 that we will implement these standards. There is a lot of work that has to be done by you all, once the standards have been adopted between February of '98 and 2000, and we have gotten a lot of comments about the feasibility or the advisability of sticking with that date.

The process that we followed in general said that we looked at the SDOs and what was there in the marketplace and what had been developed, that was prescribed into law. We received from the health care informatics standards board back in February a compilation of all the work that was either accomplished, underway, or even being contemplated by the SDO for the future. This was a atomic bomb survivor document, about 250 pages. It is available to those who want to see it from ANSE. It served as our basis and our starting point as to what was available.

In doing the work, the law gave the Secretary the authority that she could not accept an SDO standard if she found that it was burdensome or it was expensive to process the data. If there were another way that was administratively cheaper and when compared to the other, we had the authority to go in that direction. Where we did that, the team will discuss how we went about making that decision, what the rationale for the choice was, and how we arrived at it.

If no SDO had adopted or was working or even contemplated the standard, the Secretary had the authority then to move into that area to do the groundwork that would become the basis for developing the standard, establishing it and explaining it and getting it into the community.

There were four organizations that were defined in the legislation that we are required to deal with. It so happens that the department and HCFA and others within the department were already dealing with many of these organizations prior to the legislation. The national uniform billing committee, the national uniform claims committee, the work group for electronic data interchange and the American Dental Association were those four.

All through this process, we have worked with them quite closely. We have representatives on all but the ADA. I don't believe that we have worked as closely with the ADA, but on the other three we have been working with them for at least -- on the NUBC and NUCC, since their existence, and on the WEDI we were part of the original work group that was created in '92 by Secretary Sullivan, and we have been on the board ever since.

We have also worked very closely with the National Committee on Vital and Health Statistics, keeping them aware of where we are and what we were doing and how we were accomplishing it, because that was part of the charge in the legislation. The Secretary will rely on their recommendation. The recommendation at the NCVHS is charged with making -- it is a separate independent decision from the teams that were working on this task.

What we did within the department to accomplish this was to establish a three-tier approach, if you will. The first level of this happens to be a group that had been established at least two years ago by the Secretary. That was a department Data Council. This council is made up of the direct reports to the Secretary.

We have also added to this council the Department of Defense and any other federal agency who believe that these standards will affect their activities, and made that offer.

This is a decision making body for these standards. The work that is being done will be and has been presented, as I said earlier. We had a meeting with this Data Council back in June to tell them where we were, a similar presentation as to what you are going to get today. The Data Council provides the senior policy making, and if there are decisions that are a little more political than technical, it would be made by this body as the final decision.

There is a health data standards committee that resides under the Data Council, that reports to the Data Council. Bill Braithewaite and I co-chair that committee. That committee has representatives on it across the federal sector. All the direct reports, NIH, NLM, CDC, FDA, the VA, DoD, OPM, all have representatives on this committee, and the level below that would be the implementation teams.

The teams themselves are going to make the presentations today. Their recommendations have been submitted to the Data Council. We have looked at those decisions, made modifications if we thought it was necessary, and through a consensus process reached a determination as to where we think we should be.

There are six teams that we established in order to address the complexity and breadth of this task. We felt that we had to have a team to look at issues that were cutting across all teams. That is what is called the infrastructure and cross-cutting issues team. This team is responsible for looking at the decisions that are made by each of the teams below them, the dictionary, the data elements, are the data elements the same, similar, et cetera, and handling and coordinating the efforts of the other five teams that are working on the direct standards.

The health insurance claims and encounter team is a team that is working with those transactions that are directly related to the receipt and processing and information concerning the claim.

The other team that is concerned with the transactions is the health insurance enrollment and eligibility team. This would be transactions that are for enrollment, disenrollment, eligibility, first report of injury, authorization, certification.

The fourth team is for all of the identifiers. There were four of those. The 15 concerns, the code sets and classification, and I want to make sure that we understand that this team is looking solely at the medical, procedural and diagnostic coding issues that are used by these transactions. Any code set where there is a data element within a transaction that has the potential for having more than one entry, sex, place of service, type of service, those types of codes are handled by the specific team. We felt that they would be the most knowledgeable to work with that transaction and determine what were the codes that were being proposed and how do they fit in with what was already there. Security and safeguards would be the team covering those recommendations.

The teams were charged with, one, making sure they looked at all the available standards that we had been made aware of, looking at those for candidates, identifying what were their weaknesses or something wrong with the standard as it existed, or if it was in conflict with another standard that performed the same activity or task, and presenting the findings that we had both in the NCVHS and the department. We are making recommendations for the adoption and presentation of those, and we submitted draft regulations to the Secretary and OMB for review and adoption.

Once the process has gotten through OMB and through the department, we will publish the proposed rule in the Federal Register for public comment. These rules we expect to be available at the end of October, beginning of November this year.

The normal comment period of 60 days, we would expect you to have from November through the end of December to comment on these rules and to get back to us, and we would take the remaining part of January and February with which to analyze the rules and prepare a final rule, which would be released the end of February.

One of the things that we did working with X12 to accomplish that first bullet of getting -- I'm sorry, the second bullet, of analyzing the comments, we worked with the X12 work group to identify and establish a work group that will help us with comments for transactions and issues that we are not familiar with in the government, because no one in the government handles that kind of transaction or does that kind of work, in the federal government. We felt that we needed some help and some expertise outside in the community that was responsible for developing some of the standards. So we will be working with them when we get comments in, and they set up a team of the different co-chairs for some of the transactions that are there, to help us with those comments, because a lot of the transactions came from the X12.

We then will distributed the adopted standards, and we expect that to be in February, early March of next year, and implementation guides.

We have also worked with the X12 to develop -- and they have done a lot of work since last September. I would like to thank them for that, to develop implementation guides on all of the transactions that are spelled out in the legislation.

Privacy goals. This may be covered far more fully when Dr. Detmer from the national committee presents the findings of the NCVHS or where they are, gives you an update on that. But I just want to cover some of the overview highlights of the privacy.

One of the things that the legislation tries to do is provide a patient with certain rights, that is, that they have informed consent to release information, that they understand how that information is going to be used potentially, and that they are aware of it. They have access to their own health information and they have the ability to correct erroneous information if they are aware of it, or if it is made known to them.

It establishes a process for exceptions to use the information, for example, and we give some examples there: research, law enforcement, public health, and it limits the amount of information that might be available to any of those entities, and access that might be given to it. It establishes the deterrents and penalties, and I covered those earlier, that one might be subjected to if one were to violate those rules or requirements of the privacy.

The privacy time line has a different time line than the standards that we have gone over briefly before. The department has been working very vigorously on this. The person within the department, John Fanning, before the legislation, he was identified as the privacy advocate. He sits on the Data Council that reports to the Secretary. He serves as the conscience to some degree, making sure that when we talk about data and we talk about information in the department, how we are going to use it, what we are going to use it for, how we are going to acquire it, et cetera, that we are aware that we are dealing with individual information, that the potential for this is very severe. He plays that role at that level. He is also the lead for developing the recommendations that are going to go to the Secretary next month.

He has developed a draft that is circulating within the department for these requirements to go to Congress. We expect to meet that date August of '97. The NCVHS has done a great deal of work in this same area. I think that they will also be making recommendations to the Secretary.

We expect to make the date. Whether Congress will make the date in August of '99 to have legislation on privacy, I can't speak to. That is going to be a very controversial and difficult task for them if they don't and they are unable to reach an agreement or some up with the legislation that is required. I think many of you are aware of the attempts, and what is going on within Congress to do that to date, and where they are on the various pieces of legislation. The task will be kicked back to us, and we have six months with which to develop privacy regulations. those will be released in February of the year 2000, the same date that we are destined to implement the standards that we are going to talk about today.

I want to go over some of the areas that you all have for opportunities to tell us what we should be doing. One, we think that if you are not participating, you should at least be aware or should have some representation with standard development organizations and the work that they are doing. They will affect your business.

We the government, we HCFA and a number of the other payer, industry, provider, et cetera, have been working with this community for quite awhile, and we think that that is one way to have input. The NCVHS has held at least a half a dozen public hearings on these standards, either on privacy or the standards themselves, and that is another way that you can have input.

You can also write to the committee and have input into their determination. Many of you as you well know could write to the Secretary and many of you have written to the Secretary before we have even reached this point about what you think the standards should be or should not be.

Also, you will get an opportunity after all of that input to comment on what we think the standards should be when we put out the notice of proposed rulemaking. Remember, what we come out with in October is not the rule, it is only the proposed rule, and that rule can change, based upon your comment in the latter part of this year.

From my experiences working in the Health Care Financing Administration, when we put out proposed rules, we have changed them as a result of the comments that have come into us from the public.

You can invite the teams. The teams have been on a regular tour in some cases, or representatives from different parts of the team, to meet with the public, to explain what we are doing, to deliberate, and today is just another example of that effort.

Role of the National Committee on Vital and Health Statistics

MR. MOORE: I would like to have Don Detmer come up now. He is the chair of the National Committee on Vital and Health Statistics. If you have questions, Don and I will be glad to handle them before we go into the first presentation, which will be after Don.

DR. DETMER: Thank you, Bob, and good morning. As you can see, I have a very brief presentation here. That is a joke.

Actually, I am delighted to see so many of you here. I think the first thing I would like to acknowledge is the enormous help that we have had from Bob Moore, Bill Braithewaite, Jim Scanlon, Marjorie Greenberg, Lynette Oraki, John Fanning, I could go on and on. I think the committee can only be doing its work successfully with this kind of interaction that we have had, not only with the staff, but also I think with many of you in the audience and those of you that participate with us across the country.

HIPAA is the screening test way that the department typically talks about this legislation. The committee has preferred to call it K2, because of the size of the task that it represents to us, and the time that it gives us to scale this mountain. It is however safe to say that the committee has been both excited and cautiously optimistic. We vary, optimistic to cautiously optimistic, as we look at trying to meet the time lines in getting the tasks accomplished. But to date at least, I am happy to report that I think we have been largely on track.

The committee I think is known to many of you. It has been around for many years, approaching 50 years, as essentially the government's central advice to the Secretary on issues of vital and health statistics, in a sense mostly retrospective views and public purpose needs for health data. I think what this legislation did is really reshape the committee's charge.

Essentially, what it is really having us do is refocus, and having us be the government's principal advisory group on how to relate to health information policy generally, and how do we shape not only transaction standards, but such tradeoffs as well as the various public goods, privacy, confidentiality, security, but at the same time as Bob mentioned, the delivery of health care, the payment for that health care, law enforcement, health research, public health and a variety of things that are obviously key in a highly complex, modern technologically sophisticated society.

So essentially, I think that we have tried to reshape our committee to deal with that in a number of things. I came on new to the committee as the chair, and so have had a chance to make some of my own mistakes as chair, but also, work with a very new group.

We also have a good continuing group, about half the committee continuing forward. So we really have had to look at essentially our charge, our time lines, our structure, and we have done that, and essentially, that is complete.

The law mandated some changes as well. The membership increased from 16 to 18 with two members appointed by Congress. They are actively involved at this point. We are mandated to give an annual report to Congress on the implementation, and then serve as a public forum for all interested parties, and provide mechanisms for public input and so forth. I'll review how much we have been working to try to do that over the last few months.

We really have some mandates that are pretty explicit in the law, one relating to standards. We are interested in looking in our concept as a committee, being responsible to its charge to the country, not just standards, but are needs as well. So we really want to look at how should we as a nation be looking at this from the point of view of needs as well as standards and security to manage to those as one set of issues, and we make those recommendations, put those forward in the Federal Register. They are also up on the website.

We also have a set of responsibilities relative to privacy and confidentiality, and have been involved in a lot of hearings, but also interfacing with the Secretary herself as it relates to some of the tangents between privacy and research and such.

We are to report within four years on the standards for the computer-based patient records. So the first leading edge of this relates to the privacy/confidentiality/security standards for administration and those sorts of issues. But coming behind that is the clinical information itself.

Obviously, if you look at the need for more mature data dictionaries and the process by which we keep those updated and served out for use, as well as maintain their currency, that is quite a challenge as well, but it is one that again we are quite excited about, and really do think that ultimately it is going to have a major impact on quality of care and also the value that people get for health care, how much impact does it make on their health as a function of the resources that go into it.

We have full committee meetings quarterly. I almost chuckle, because this has almost become a career for most of the committee members, by the time you add all the subcommittee meetings as well.

But the executive committee has two subcommittees that we have concluded are critical, in addition to just doing the general work for tracking the committee's activities. The first of those is planning and implementation. We have a responsibility not just to make recommendations for standards; we are also mandated to track how those move forward, how they are implemented, what kinds of problems arise. So planning and implementation is one that we are talking about.

I made the comment about speaking to needs as well as standards. We see this issue of planning also one of how do we in a Gretsky kind of way skate to where the puck will be. How do we try to actually anticipate things as well, and move towards those as well as meet the letter of the day requirements that we are also mandated to come forward with.

The second subcommittee is one on patient and public education. It is astonishing to us, as many hearings as we have had. It is really true, if you are inside the Beltway, you have this illusion that you are an outsider, too. In actual fact, it is amazing how people are unaware of this, not only the general public, but even people in the states as well as a whole set of industrial and other players who in many instances have designated somebody to track this intensively, but otherwise have very little understanding about how critical it really is as an activity.

So that has been important. In fact, along that line we made a decision some weeks ago to have one set of hearings. We had it in San Francisco. We found it not only refreshing, but actually very useful. We get very useful information in our hearings here in town as well, but I think we tended to get a bit more candor, a little more relaxed perhaps an atmosphere, and it was very useful. There were also people who don't have the resources to come to Washington.

So I think we will try as we can to occasionally have other opportunities to visit other parts of the country as we move forward over time. I think we are mostly here, and it is probably most economical to do it here, but the money is actually very well spent also to get out and really try to get closer to where these issues really hit the lives of people.

Then we have subcommittees, a subcommittee on privacy and confidentiality, a subcommittee on health data needs, standards and security, and a subcommittee on population specific or special populations, basically.

There are a set of issues that essentially we do not want to get lost in the shuffle, whether you are talking about groups with disabilities, whether you are talking about certain minority groups, disadvantaged groups in different ways, economically and so forth. We really want to have a matrix concern on this, so that we don't get so concerned along our data needs, security and standards thinking of the main flow of things, that we overlook also very relevant social dimensions that just cannot afford to be overlooked in our society.

So that is fairly complex, and at times there is a little tension as it relates to that. We consider that a creative tension. It is something we are committed to managing, too. We have very good committee members working on all these. Bob Gelman chairs the privacy and confidentiality group. Dr. Barbara Starfield, the health data needs standards and security. John Lumpkin chairs a work group within that, that relates to the K2 mandates for data. Dr. Lisa Izioni from Boston, Harvard, chairs the subcommittee on population specific issues.

This is a place where you can find what we have been up to. I think the website really has been useful to all of us. Our recommendations have already started to come out. In fact, Bob mentioned the time line for August. We actually at our last meeting did put forth our first annual report, if you will, to the Secretary relative to privacy, and I'll talk a bit about that in a moment.

We don't like being late. I don't think anybody does. I don't know if you heard the story of the tour that was in England some years ago. It seemed like everywhere they went, they were about 15 minutes late. They had gone to the Tower of London, and got there about 10 minutes after it closed, and the group was grumbling some. Then the next day they wanted to see the changing of the guard at Buckingham Palace, they missed that. They had to head out to Runnymeade the next day, and they got out there and the guide, once they got there a little late, of course, was talking about Runnymeade, that this is where the Magna Carta was signed, and how important that was. One of the people in the tour piped up and said, when was that? The guide says, 1215. He said, doggone it, we missed it by another 45 minutes.

At any event, I think we have been working hard to try to stay on these time lines. Whether we will be able to always track on that, I don't know.

I do want to just mention briefly -- Bob mentioned that we have been trying to reach out and hear from folks. We have had on data standards alone eight total days of hearings, six specifically just to that, where we heard from 77 witnesses. We also had two additional days where we heard on data standards as well as privacy and security issues, confidentiality issues, another 40 witnesses. Then in our regular meetings, we have heard from an additional 17 witnesses.

So altogether, we heard from 134 witnesses on the data standards side alone. I think that that has been not only important in terms of getting us content, but also giving us a real sense of what is currently going on out there. It is very dynamic, but at the same time, we have an amazing spread of things going on still on handwritten three by five cards, up to fairly sophisticated data transfer. To try to deal with policy that can relate to those issues in an intelligent way is no small matter.

It has been very useful. We have had more focus on standards than we have on security. To that end, a meeting is scheduled for August 5 and 6 to get into security standards. There was a recent report. A number of our committee members were on that committee that the NRC recently put out from the Academy. You can get to their website at the NAS EDU, the National Academy Press, NAP, on shoring up confidentiality. We knew that report was coming, so we also had plenty on our plate the way it was.

Paul Clayton chaired that report. I think it is a good report, and the National Library actually requested that. I think they will be speaking to the security standards issues August 5 and 6. If you weren't aware of that, that may be helpful to you.

The subcommittee on privacy and confidentiality has had six full days of public hearings, where we heard from 43 witnesses. We also heard as I said from an additional 40 out in California. So we have really had quite an intensive interest in hearing from the research community, quality assurance community, industry, managed care, law enforcement, providers, claims processors, drug executives, drug industry, federal agencies, consumer and health privacy advocates. So quite an array of points of view within this great pluralistic society of ours.

So we had finally got a little white smoke out of the chimney. So of our recommendations -- I want to just hit a few of the high points about. Most of the day will be spent talking about the health data standards, the administrative transaction messages, and identifiers. So I am really not going to go into those. Less attention will be given, essentially little, to the privacy content. That is my task, and I want to try to cover that, and we can answer and respond to conversation or questions after this.

Just to hit the high points of our recommendations, first, almost all the witnesses and all of the committee agree that we really need federal health privacy legislation, going the route of the default regulatory approach. Regulatory approaches is seen as not the way to do this. I think if there is one absolute consensus, that I think is it.

Now, obviously, how do you then get that accomplished, and what does it look like. There, a lot of conversation starters going in. I think we also convinced that the country is in the midst of a crisis as it relates to the health privacy issues. The protection of health records has been eroded significantly in the last two decades.

We see that in addition, two major contributing factors have really played into this. One is the absence of federal privacy health legislation. The very fact that we have nothing on the books is pre-emptive and strong. It certainly doesn't help when you get a free-fall situation going there.

But we also have with the failure of some form of universal access to health care as a society, we have gotten into a situation as well where at times, personal health data is used against people, either relating to their insurability or work place or jobs, and that is a major issue. I think our own feeling is that we need not just privacy health legislation, but also anti-discriminatory legislation relative to insurability and also related to the work place. K2 did a piece of this, but there is still a chunk of that that needs to be done.

So these two things are really needed. I think short of that, it is going to be really tough. The committee believes that this should get done during this legislative session for a variety of reasons. One, obviously technology continues to move, but we are setting some of these standards for administration, security systems and such. It is going to be much easier if we try to do those things in concert than if we try to back fit or side slip those things in when they are not something that we have just said, okay, we are into this new era, let's go ahead and try to get this done at this point, and do it well.

I think that we really do believe that that is as important for the implementation side of this, as well as obviously the fact that if we do not do it, states will continue to do their own approach to this. We are seeing this in different parts of the country. I think the committee members have somewhat differing views on that, but generally speaking I think there is a sense that there is enough experience in Europe and other places in how to deal with these issues, and that in fact, to have a thousand or 50 different experiments going on in the country really is not necessarily in the best interests. First of all, people cross state lines a lot for health care and employment and such. A lot of the population, about 50 percent, is near a state border, so that becomes very problematic if people have different policies in all these jurisdictions.

So I won't go further into that at this point. But I think the point is, we want a very high level, the highest possible level of privacy for the American public as it relates to their personal health data. We urge the Secretary and the Administration to move this as a very high priority for the executive branch during this legislative session.

We have to have a situation that meets some of the criteria mentioned up above, ability of people to amend the record, get access to the record, know what their data is being used for. The committee also supports the idea that data should be limited to the uses for that, in other words, that you don't just send out a lot of information when a little will do.

In our current situation with paper records, that is a very expensive proposition and very tough to do. I think we move increasingly to computer based records, we not only can have audit trails, and more security and privacy, but you also will be much more able to limit how widely the information could go and how much needs to go anywhere.

We also know that the issue of privacy doesn't stand alone. It is in competition with a variety of other social goods, and this is what makes this such a rick area for debate and conversation as well, as far as that goes. At the same time you do need and want to have privacy so that people can trust the interaction that they have with their doctor or other health care provider and feel like they can tell them what is happening in their life that is important to their care and their disease and problem, at the same time we do have legitimate concerns relating to public health, relating to law enforcement and such. So how do we manage to those tensions is a really critical issue.

So what we call for is a law that requires the creators and users of identifiable health information to insure a full range of fair information practices, as I mentioned, including the patient's right to access a record, to amend the records, to be informed about the uses for the health information. That both industry as well as health care providers accept reasonable restrictions and conditions on access to and use of identifiable health information. That you have protections for health information as it passes into the hands of secondary and tertiary users, so there are no loopholes that allow health information to escape from privacy controls. That you provide adequate security for health data, no matter what media are used to create, transmit or store the data. That you accept accountability for actions that affect the privacy interests of patients. That you use non-identifiable coded or encrypted information when a function can be fully or substantially accomplished without more specific identifiers. So in other words, you don't use personal specific data except where it is absolutely critical as well.

The law must also impose restrictions on disclosure and use of the information, require adequate security and impose sanctions for violation, and increase reliance on non-identifiable information whenever possible.

The committee strongly supports the use of health records for health research, subject to independent review of research protocols and other procedural protections for patients. If modern health care was not effective, this would not strike us as being important, but the fact is, we all know that we have improved the quality of life through care, and that has only come actually through our capacity to do research, and at times person specific information is critical to that.

The committee strongly supports limiting disclosure of identifiable information for more than just the minimum amount necessary to accomplish this. It also believes that when identifiable health information is available for non-health uses, patients deserve strong assurances that the data will not be used to harm them.

The committee calls on everyone to work together on this in good faith. This is not an easy challenge for us. The probability candidly that we can pass a law that will be perfect is very unlikely. I think the issue is, can we in fact pass solid legislation that will at least get us benchmarked and on the right track. Clearly, we are one of the nation's few industrially developed countries that does not have anything like this. We clearly are lagging, and it is not a matter of competition; we ought to do it because it is the right thing to do.

The point is though, health information becomes available for other uses. So unless we get this in place, and get it in fairly soon, we see both risk to patients as well as risks to the record keepers themselves will grow.

We believe that everyone will benefit by a well-crafted set of fair information practices. It will impose constraints and restrictions on industry, but I think those are just part of what it is going to appropriately take to be right by this, to the society at large and individual patients. Patients will have new rights and greater protection for sensitive information, that is a given. Providers and insurers will have clearer responsibilities and roles and rules. The will needs policies as well as procedures and the technology. Secondary users will know when they can have information, when they can't, what their obligations are, and what penalties will result if these obligations are ignored.

None of these benefits will be achieved unless everyone approaches the legislative process with a spirit of compromise. I think actually, there is a lot of good will, but these are issues of tension, and as you understand, people obviously see their position as one that they came to sensibly. So I think there is no question that it will be also hard work.

In closing, I think just speaking for the committee, we are eager to continue working with HHS. It has been a very productive interface, as well as all of you folks, state and local governments, public health agencies and such. We really do want not only to respond to the HIPAA requirements and such, but also as we say, improve the health of all of our citizens and all the people visiting our country as well. We benefit very much from the continuing input and advice.

This law has given all of us really a tremendous opportunity. The time frames are tight, but so far, I think there is confidence that we can meet them. And certainly, the mobilization that I think we have seen in the department to relate to this is certainly quite impressive.

I think as a result of passage of this legislation, the national framework for the widespread adoption of health data standards and health information privacy will become a reality for our country. Adopting and implementing the kinds of standards and privacy protections to realize those benefits will take a coordinated, cooperative effort, and also I will say a continuing one over time certainly.

In any event, I am pleased, just speaking for the committee as well, that we could be on a program with this today, and have a public forum for these deliberations. So, thank you.

DR. MOORE: Are there any questions for either myself or Don? What we propose to do is take a 10-minute break before we get into the infrastructure team and the claims teams' presentations, which will occur prior to lunch. After lunch, we will go into the other four teams. We plan to take as long as we need. We are going to use about 20 minutes for the presentations and 40 minutes for your questions for each team. We are here for your benefit, not ours. Ours would be what information you can feed back to us that helps us make a better decision or change our mind about where we are, because what we intend to do today is tell you where we hope to be, come October of this year, or where that reg will take us.

We are not holding anything back. It is your business that we are going to be affecting, and we need to know how you feel about it.

We are going to take an hour and a half for lunch at noon. If it takes until five, we will be here until five. If we can finish earlier, we will finish earlier, and you will let me go back to Baltimore earlier.

But do you have any questions for either Don or myself? Yes, sir. Would you go to the mike, because this is being recorded, and any speakers, I would rather you go to the mike rather than speak from the general floor.

DR. TRACY: The question is for Don. Don is in the private sector, so I feel I can ask him a more controversial question than Bob's earlier response to the mandate being proposed in your response to the Secretary, which I finished reading.

Basically, it suggests that Congress should write all this stuff, and it should be enacted into law. I am aware that you personally were involved in trying to do mark-ups of S.1360, and efforts with H.R.52, and Congress has an abysmal track record of dealing with controversial issues that might cost the representatives' votes.

So I am wondering how you believe that Congress is going to take care of some of the questions that your own report suggests remain somewhat controversial. The absence of action tends to hurt the public. I think those are all fair characterizations of the content of your document.

So my question is, on what basis do you believe Congress will make progress?

DR. DETMER: I actually just got back from my high school reunion in Kansas. If you choose to live out there where these two tornadoes come through, and whether it wipes you out every few years, you either become a pessimist, or you are a die-hard optimist. I guess I still have some of that spirit in my blood.

But at any event, I think that the issue is not one of naivete as to the nature of this challenge. This country has tried to get this kind of legislation for quite a long time. Actually, in the '70s we had some privacy protections for the federal data, and led the world at that point and since then it has had a terrible time trying to move forward on the health side.

I think the point is not so much that -- I don't think we can afford not to get the legislation. I'm not saying -- it is like I say, watching law made is like watching sausage made; it is not for the weak of heart.

On the other hand, it is the best form of government on earth, as we have so far discovered. I think our alternative, of trying to essentially do this strictly through regulation from the Secretary's side, at least, on the basis of the committee's discussion and the experts and such, we see as less desirable.

When I said that would we in fact come forward with perfect legislation that passed? No, I doubt it. On the other hand, I think that this is something that we do need to, as I say, see as something that needs to happen, that we will all have to try to work together and do some compromising. I still think that the greater good has a better chance of being served through aggressive, hard-working, well thought out but good debated legislative process than essentially doing it through inheriting regulation.

But that is my view. Again, I think all the people on the committee had their personal views. The Secretary appointed me to this position; I try to do the bet job I can as chair, and really give that responsibility its overriding attention and respect. But I think that this is something all of us need to weigh in on.

I don't know how responsive that is, but that at least is my own response. I see it as a public obligation: we really need to get this done. It only will be better law if people really do work on it.

DR. MOORE: Any other questions? Yes.

PARTICIPANT: Mr. Moore, in your comments you made a brief reference to health care providers who are still using or still wish to use paper records, not having the kind of reporting requirements, computerized reporting requirements that the act contemplates. But isn't it correct that all patients will be receiving a unique health identifier, and under the act, all physicians, even if they don't presently use computerized capabilities, will be required to use a type of health care data clearinghouse to generate electronic records, in other words, all patients will have their medical records put on a database, regardless of whether their doctors presently use paper records or not.

DR. MOORE: The identifiers are required for the electronic record. The law is specific to the electronic record. I don't see how the health care community can support different identifiers for paper. But if a provider tried to do that, I think the payer would resist it. Identifiers will be issued for all payers, employers, plans, and eventually individuals.

PARTICIPANT: What opportunities do you understand there to be under the act for private pay patients, in other words, people who do not wish and can afford to exercise that right not to have their private medical information be computerized and generally available? Will that be provided for?

DR. MOORE: I don't think the law prohibits a person from going in and being a self-pay and says, I don't want any information submitted. I want to pay you, you will treat me. That is an agreement between the provider and the patient. If they choose not to divulge that they have insurance of any type and they are going to self pay, I would assume that the provider would accept that payment.

Don, as a physician, do you see a problem?

DR. DETMER: Yes, I think so. I think the only problem that could arise -- and it really doesn't relate to HIPAA -- is if the person has something that is already law because of public health requirements that would require somebody to report information simply because of the nature of the information that came forward. But as far as -- if it weren't that, it is strictly between the clinician and the patient.

PARTICIPANT: Mr. Detmer, just one question for you. A large part of your presentation spoke about educating the public about all the work that is to be done in the future. Could you address how the administrative simplification section of this bill itself was passed with literally no public debate and no public comment, given particularly that the act affects such private details of persons' lives? I think it is fair to understand that the vast majority of U.S. population frankly has no idea even of the existence of the bill as it now stands, let alone the work to be done in the future. Can you address that?

DR. DETMER: That relates to the earlier question and comment. Our legislative process is a wondrous thing. I think everybody was pretty surprised that that came forward. So that is our country.

I think on the other hand, the bill did mandate an awfully lot of activity to look at this, and tried to engage the issue. So we will have to judge I guess how good that progress and process is as it moves forward. But clearly, it is quite nonlinear. That is certainly the case.

Actually, the issue of trying to get the public education piece of this out is a really challenging one for us. In fact, if some of you have some advice for it, because we really have not had that as part of our mandate and function in the past; we just see it as important. So your advice on that could be quite useful.

I will not be here throughout the whole day, but I will be here through the break. So if you do have some other specific questions for me that go into our break time, please come forward. Thanks.

DR. MOORE: Any other questions before the break? One other, two.

DR. BUCCAFURNO: I noticed in your slides that you had a --

DR. MOORE: Can you speak up?

DR. BUCCAFURNO: Sure. That you were going to be reporting to the Secretary within four years on legislation and recommendations for computerized patient records. My question was, there are so many health care providers today implementing such systems, and so many vendors out there supplying them, within four years time, won't everybody already be on some kind of a computerized patient record system? And how do you foresee them changing over or complying in the future?

DR. DETMER: I'm smiling. I chaired the 1991 study that the Institute of Medicine did on the computer-based patient record. The computer-based records have been in some form or other around for a very long time, and it is like a unicorn: everybody has heard of them, but no one has seen a lot of them.

The thing is fascinating. We have a new report coming out, by the way, an update on where these are. The answer is both yes and no. I think the thing that is really fascinating is, absolutely, computers are involved in some regard and some pieces of most every setting. You go to Holland, and 90 percent of their primary care is delivered -- all the record keeping, by computer system.

Part of our problem in my view is that we don't have incentives, actually, enough incentives to see this happen. But in any event, I do see it as inevitable, however disquieting that may be to some folks.

Whether those time lines will be too short or too long, goodness gracious, I don't know. I have been tracking computer-based records and medical records generally for 25 years, and it is an interesting kind of thing, how it both happens and doesn't.

PARTICIPANT: There is a large industry out there that is involved in health information and acts as agents of providers and managed care organizations and insurers. In your statements, you have suggested that insurers are going to have roles and responsibilities on the information that they can pass on to secondary organizations.

I am wondering what kind of thought and deliberation has been given to allowing that kind of agency relationship to continue, or is it going to hamper that whole industry, which is enormous?

DR. DETMER: Well, clearly it is going to put another variable into the equation that many would just as soon ignore and not want to think about. But the fact of the matter is, I don't think there is any avoiding this. There is going to have to be more acceptance of responsibility and a spirit of trying to work through some of this from all player sites.

So yes, I think that if I hear you, and I think I do, it is not going to be simple, but it is going to be something that cannot be ignored. I just think that is the way it is. But I think it is going to be important. That is why these kinds of efforts at dialogue and maintaining that spirit of rolling up the sleeves and just staying working at it is going to be -- but it is amazing; most of the people that came to testify thought that, for example, a lot of the privacy and confidentiality things were really good, but just don't change the way I do my work, because I've got real problems that arise if I try to change that. Well, that just isn't going to quite do it. I'm not saying you are expressing that, but that kind of came through. But that is just not going to get it done. We will in fact need to stand up to this, realize that it needs to happen, must happen, will happen, and how can we have the best set of tradeoffs at the end of the day.

But it will have cost implications. That is what is interesting as well. This legislation was -- one of the key reasons it did pass was a real concern that we are spending 25 to 26 cents of the health care dollar on administrative costs. If you look around the world, you may be able to do that for seven or eight cents, 10 cents. That seems like a lot of wasted money, when we have 37, 45 million people who don't have access to health care services. Maybe we can try to deal with that.

So this is what was driving this, was an issue to simplify the thing. But I think if we simplify it but don't also then put in pretty strong attention to the safeguards of security and confidentiality, it won't come out right.

Now, I don't think that -- the cost equations are so complex that you can't sort out in my view how all that is going to shake out. But there will be costs and there will be a lot of logistic issues, and a lot of technology issues involved.

PARTICIPANT: Do you really see that those kinds of agency relationships are going to be legislated or regulated?

DR. DETMER: Obviously, there is both the disposition in Congress not to in fact have the federal government tell everybody what to do. That is very clearly a strong issue. On the other hand, you also have this issue that if you let a thousand flowers bloom, you don't necessarily get a bouquet. So that is the other issue. You've got 26 cents on the dollar administrative costs, because we are not coordinating. So yes, there will be regulation. The question is, will it be regulation that is so verdant that it really is strangulating, or can you have the right kind of tension in that. I don't think there is a clean answer to that. It is a matter of tensions and how this will play out.

But clearly, this law did not just speak to federal programs. It spoke to it all. So that is clearly there in the mandate.

PARTICIPANT: Thank you.

DR. DETMER: Is that how you see that?

DR. MOORE: Yes. One of the things -- just to relate to the costs, one of the problems that we wrestle with in producing the first reg that we have tried to get out on the national provider identifier has to be the cost and the savings. Our approach that you will see in the reg is that we are going to look at the administrative simplification act as its entirety, that is, all of the standards, the transactions, the security, the code sets, all parts of the identifiers, and estimate the cost to the public to do this, and the savings that are going to be achieved by doing this as its entirety. We are not going to be looking at what does it save and cost to do a claim or something else of that nature.

So when you get the first reg, which will be -- I won't make another prediction, I've predicted it about a dozen times now, but we still have a few issues that we are resolving to get out. But that will be in there.

If there are no other questions, we want to take a break. It is 10:15. Can we get back at 10:25, because we want to start promptly on the infrastructure team?

Infrastructure/Cross-Cutting Issues

DR. MOORE: The next team to be presenting is the cross-cutting team. As I said, we wanted to move along. I will try to gather the others as the team starts, so I'll be taking off. Bob Mayes and Mike Fitzmaurice.

The cross-cutting team. As I said before, this was a team that was put together to look across all of the different standards to make sure that we were coordinating our efforts, that we were doing things in sync, that we didn't have one team off on a similar issue, going in a different direction than another. It was a team that was pulling together how we were going to write the regs, how the regs would be similar, so when these regulations come out to you all, they don't look so different that it takes a complete read to know what was happening. So we are trying to make that effort look like one.

Bob Mayes and Mike Fitzmaurice from the -- Bob is from the Health Care Financing Administration. He works in their health standards quality area. Mike Fitzmaurice is from the Agency for Health Care Policy and Research. Mike, I'm not sure what department you're in there. But they were the co-chairs of this particular team, and they are going to cover what the cross-cutting issues are, what is the status, et cetera.

Bob, do you want to lead off?

DR. MAYES: Well, good morning, everybody. I'm going to try to get us a little bit closer back on to our agenda. I think a lot of the questions and issues, even the cross-cutting types of issues, will come up again in the other implementation team's presentations, and there they will be discussing them as they apply to specific proposed standards. So I think many of you will have an opportunity to ask those questions later on during the day.

Also, I would like to point out that the rest of the presentations -- structurally, HIPAA requires both the adoption of standards for electronic transactions, as well as the privacy legislation and standards. The whole approach has been structured in such a way that all of us have been dealing on the technical standards side. The privacy issues have been dealt with by both the National Committee on Vital and Health Statistics and another group within HHS. So we will not be presenting any further presentations on privacy. We will be covering technical security issues with the security teams.

The recommendations from the Secretary to Congress are due August 21. At that point, there will be the official recommendations, as I said, on privacy from the Secretary. So when we talk about security issues here, it is really from a more technical perspective.

The overall purpose and charge from the implementation team that handled infrastructure and cross-cutting issues was to provide as Bob Moore had said, overall guidance and coordination to the standards activities, specifically to the other five teams, and to monitor the activity, to track it, to act as a focal point for discrimination of information, provide outreach, as well as some specific areas in terms of dealing with implementation issues.

A big one is to develop and maintain a master data dictionary, and look at data structures for all the standards, to develop time lines for the entire project, and as well to monitor progress of the various teams.

We have been working on developing and coordinating issues such as the regulation development. We also do report directly to the Data Council and the NCVHS.

We have had a number of activities that we have been involved in on the team. These five are ones that have taken a lot of our time. The first was developing guiding principles, that is, when we looked at all the standards, what kind of criteria were we putting to the various candidates to decide which one might be the most appropriate standard to adopt.

As I mentioned, we have been working on developing a master data dictionary that really is not only going to support this initial activity in the transaction standards, but that we hope will form a groundwork for the broader issues of some of the computer-based health record standards that will be coming out later.

We have been working on drafting boilerplate regulation language. There are quite a number of regulations that will come out of this legislation. For those of you familiar with that process, it in and of itself is a complex process, regardless of what it is that you are actually trying to regulate. So given the number that we have to put out, we have been trying to standardize the language to smooth the review process and to smooth the administrative path that is required for regulation.

There are a wide variety of cross-cutting implementation issues, and I'll mention just a few of those, and more will come out as we begin to talk about the specific standards themselves. Then as Dr. Detmer and Bob have both mentioned, outreach and educational activities have taken up a very large part of our time and effort of the team members.

Just to in a little more detail on those activities, the guiding principles. What sort of things did we look at when the various teams looked at the standards that were either out there already or under development, or if new standards had to be developed, what sort of criteria would be put to them.

Obviously, it needed to improve the efficiency and effectiveness of the system. It is possible to have standards that actually make things more complicated than they already are, and those were ones that we were not particularly interested in. Equally important, it must meet the needs of the users.

We did want to have a consistency to the extent possible across the various standards. We felt that that would also then help us lower the implementation costs, that that is an important criteria.

We did not want to see the government getting in the position of developing and maintaining national standards. We felt that that was much more appropriately handled by the range of organizations that are already involved in doing that.

In addition, given the very aggressive time lines that the legislation handed us, it was felt that the standards should be able to be adopted in a timely fashion. Also, we have to address with these standards current business process needs. In business today, as all of you are well aware, the business of delivery of health care services in this country is undergoing dramatic and extremely rapid change. One of the things that we were very concerned with and continue to be concerned with in the adoption process of the standards is the fact that these standards, while meeting today's needs, need to be as flexible as possible to meet both tomorrow's business needs and to take advantage of new technologies as they become available. So to the extent possible, we would hope that the standard would be independent of any particular specific technological platform.

We would like it to be simple, but at the same time, precise and unambiguous. We are mandated to keep data and paperwork burdens as low as possible. As I have mentioned, the standard needs to be flexible in order to accommodate what will definitely be changes in the health care system in the years to come.

The next activity that we have been involved in heavily is the building of a data dictionary. To date, we have put in 27 other data dictionaries into ours, including 15 X12 transaction standards for a total of about 4300 data elements.

Now, this is just a beginning process, as I said. The early needs for a data dictionary really revolve around element definition, normalization, identifying gaps and that sort of thing.

As we move to the broader world of clinical computer-based health information, it will be very useful to develop a more sophisticated model and structure within which to develop a more sophisticated model and structure within which to examine the kind of content that we hope to have in these kind of records. We hope that this activity will lay the groundwork for that.

In the regulation development process, we have been able to move forward and expedite several things about that process. One of the things -- and we will talk to the specific standard in just a moment, but we have now been able to reach a point where we think we will be able to cover all of the transactions themselves within a single regulation, versus having to have a separate regulation for every single transaction.

We will however probably have to have separate regulations for each of the various supporting standards, that is, a regulation for each of the identifiers separately, the medical code sets issues and the security issues. But being able to take it from the range of 15 or 16 regulations down to the range of six or seven should help us in keeping up with the mandated time lines for adoption of these regulations.

Now, there are a number of cross-cutting issues that have begun to come up. Initially, the focus of much of our activity was trying to identify appropriate candidates to be recommended for adoption. So a lot of our early work was just looking at the standards themselves and looking at them in conjunction with the criteria that was listed earlier.

Now that we have pretty much made up our minds as to which standards we feel are most appropriate to recommend, we are beginning to turn our attentions more and more to the not-trivial issues of, well, now that you've got the standard, how do you actually implement it and make it real.

As we look at that broad topic, quite a number of issues come up. I'm just going to throw a few up on the screen. Others will be discussed in more detail, and I'm sure will come up in questions as we get into the specific transaction standards and other standards themselves.

One issue which -- and by the way, we have not resolved any of these; these are still issues, and this is one of the reasons that we come before groups, is to try to get their opinions and ideas on how we might solve these. But certainly one issue is a conformance testing issue.

You've got a standard, you have put an implementation guide out. I say that my implementation of that standard is a legitimate one; who is to say if it is or isn't. So who does conformance testing, who is going to pay for it, who will monitor the testers. There is a variety of testers around that.

Data dictionary implementation guides. As I said, we have begun work on master data dictionaries. However, data dictionaries and guides are dynamic entities. So the question arises again, who maintains them, who pays for that maintenance and upkeep?

The legislation allows modification of standards to be made on an annual basis. The process for that needs to be spelled out. As I said earlier, while we want to have standards, we need to recognize that standards change over time in response to changes in both the business needs and the technology available to meet those needs.

So we need to develop explicitly a process which not only recognizes that there may be change, but in fact, encourages that change to take place as responsively as possible.

There are some specific issues. Some of these standards, it depends upon whether you are an employer, a plan or a provider. As many of you know, there are organizations that are all three of these at the same time. That is going to cause some issues. How do you actually draw the line? When is the organization an employer, when is it a provider, when is it a plan?

Finally, the issue of timing is one which comes up over and over again. Is two years a sufficient amount of time for organizations to actually implement the standard and make the necessary process and systems changes that will be required?

Also, one might question, is February the year 2000 the safest time to say that everyone has to comply, given the other issues around the year 2000 that are receiving a lot of popular press?

Finally, are the teeth big enough, if you will? In other words, a standard is really only useful if everyone uses the standard. If there are ways not to use the standard, then you really haven't accomplished much. Some have indicated, maybe it would be cheaper to pay the fines, at least in the short run, than it is to try and meet the time line.

Others question whether or not large programs such as Medicare or Medicaid, if they implement it, is that enough to tip the balance, so that others will follow suit and implement as well.

So these are just a few. I'm sure all of you are sitting out there thinking, what about this or what about that. This is the area that we are currently beginning to spend a lot of our time and effort.

As I mentioned as well, one of our major activities has been in outreach and education. I would like Mike Fitzmaurice to come up and talk a little bit about the kind of issues or questions that have come up, as well as some of the barriers to the successful implementation of this legislation that we seem to have perceived. Mike?

DR. FITZMAURICE: Thank you, Bob. I think the most important questions you're going to have are going to be of the specific implementation teams working with the standards.

I will say that it is important for us to understand the business process of these standards, and how they are going to be used. There has been a lot of discussion and a lot of outreach on that.

We have built a network for dissemination, feedback and rapid responses. But actually, we are part of your network for getting this information and disseminating it to your constituents. It is easy for us to forget in the midst of all this hard work that there is a good sense of accomplishment, but you always think of what is the bad news around the corner, rather than what is the good news of the day.

It kind of reminds me of the lawyer who come in to see his client. He says, I have just come from the district attorney's office, and I've got good news and bad news. What is the bad news, says the client. From the blood at the crime scene, they have definitely matched your DNA. They are 100 percent sure. Oh my gosh, what is the good news? Well, your cholesterol count is down to 140.

Frequently asked questions. Is Big Brother forcing this on the industry? The answer is, we sure hope not. It is not intended to be that way, and it didn't start out that way. The industry asked Congress to provide uniformity of health care transaction standards. The Secretary must develop standards developed by NCA accredited standards setting organizations, and the Secretary must consult with the industry with NCVHS, with standard developing organizations. So it has been very directed to the health. There is not a lot of leeway on how to do this.

Will only providers benefit from the HIPAA standards? No, providers, clearinghouses and payers will benefit. Providers will benefit from reduced claims hassle, dealing with formats of different insurance companies. They will benefit from mandated acceptability of electronic transactions by payers and clearinghouses, and by greater opportunity for direct electronic transactions with payers or their designated clearinghouse representatives.

Clearinghouses will benefit from a simplification of a reduced set of acceptable formats for electronic transactions, leading to less frequent format changes by payers. At some point, you can say, will this drive the clearinghouses out of business? No, because they are still needed to consolidate the claims, provide a batching service and provide efficient transportation of the claim from the provider to the payer.

Will the payers benefit? Yes, from reduced clerical work and expertise needed to check on the format of the submitted claim. This work should be much easier, and they will either have to do less of it themselves or pay a smaller amount to the clearinghouse. But that is going to be left for the market to work out. This is like paving the roads, and we will see what the size of the trucks are that drive down it and how fast they go and how efficient the delivery of the information is.

Is DHHS doing this alone? Nope, other federal agencies are participating. You heard Bob Moore earlier talk about participation through the DHHS Data Council on the implementation teams as well. The Department of Defense, Veteran Affairs, the Office of Personnel Management, Department of Commerce's National Institute for Standards and Technology are all participating as members of the implementation teams. NCHS advised the Data Council and provides input to the implementation teams. So there is broad input from the public through these sources.

We have had public hearings. Don Detmer talked about six days of hearings on privacy and confidentiality, six days on health care data standards, including clinical codes, and two days on both of them out in San Francisco. DHHS staff participate broadly in outreach to get people to know what is going on at the time it is going on.

Will DHHS merely adopt Medicare standards? The fear has been that the Medicare program is the largest payer, and therefore there is the incentive for the government to take the Medicare standards, therefore Medicare won't have to change, and everyone else will have t conform to the Medicare standards.

Not so. Standards from accredited SDOs, standard developing organizations, must be considered first, says the law. HIPAA strongly encourages the use of existing standards approved by SDOs, such as the X12N standards. No adoption decision has been made by the health yet. You are seeing the works in progress of our implementation teams. The Medicare program will be bound by HIPAA just as the other payers are bound by HIPAA.

Will all the standards be adopted in 18 months? Nobody wants to face that question, because it is hard to give a definite answer for all the standards taken together. The intention of course is for DHHS to meet the Congressional target. The industry acceptance and the lack of controversy over many of the standards will propel this adoption. But Congress appropriated no additional resources for this mandate, so we are all taking from existing resources and away from other projects. The public notice and proper administrative procedures will take time.

So where does that leave you? It leaves you with a sense from today's meeting that you should know when you walk out of the door which standards to expect to be published in October and adopted in February, which standards may be problematic. I'll have a little bit more to say on that in the next set of frequently-asked questions.

Will the private sector standards be adapted with no change? Changes may be made during the adoption process; there is no prohibition against that. But any changes should improve the uniformity, cost effectiveness and acceptability of the standards. Any changes will be publicly announced and public comments solicited.

Which standards will be adopted first? Well, some standards will be completed first and published in 1997. These are likely to be the national identifier codes for providers and payers, likely to be the code sets and the claims standards.

What is the other side of that? The unique personal identifier will most certainly take a little bit longer, because it raises questions about the privacy of information that may be linked to it.

What about testing of HIPAA standards? We all agree that standards should be tested in use. It can be done in either the public or the private sector. Testing would require resources however that currently aren't available in the public sector.

There will be two years from the announcement of the Secretary's adoption of the standards before they are mandated. So that is going to give two years of time to do testing, to do practice runs and to decide how best to implement them. I think two years is a long time, but others have said, could we have another year or two. Those decisions and your input on those decisions are most welcome.

Some of the barriers we see to adapting national standards is that, right now we have conflicting standards. We have ANTSE standards, we have industry de facto standards, and we have government standards. We have conflicting implementations, ways of using the standards and using the data within the standards. There is a proprietary collection of unique or differently defined data. And we have incomplete standards. Some of them have no implementation guides, but for the X12N standards, that is being worked on very rapidly.

There are proprietary code sets. Professional associations and others make dollars selling code sets. Will it interrupt their flow of normal commerce?

There is a cost of change, even of changing the cost of an idea. If we move to a unique health identifier or we modify the social security number, it is very likely to mean more digits. Yet many programs are written with just a specific number of digits in mind.

Bob raised the question of, is the year 2000 the best time to do all this stuff. It may be a very good time, because as you are going through looking for how do we change the date, you might also look through the lines of code for how do we make the size of the variables variable. How do we expend them, so that we can be prepared for all of these identifier changes.

Another barrier and perhaps the biggest one is privacy. It faces us when we look at the use of the social security number and when we look at security as well. The question that gets raised is, how can you do security standards if you don't know what privacy you're trying to safeguard. The answer is that you can look at the components of security, but you may not be able to know where to set the bar, high, low, low cost, high cost. A lot of barriers ever getting out, very few barriers against the data ever getting out.

The privacy legislation is expected to tell us what is wrongful disclosure, what information is covered perhaps beyond the transactions data, and what the penalties are if you violate the privacy laws. The security standards are to let you know, are the data being held securely, do you know who is getting at the data both internally and externally, do you know to whom it is being disclosed and/or redisclosed, and for what purpose.

I want to open it up now with Bob for questions from the audience on the infrastructure and cross-cutting team. if you have questions, I would ask you to go to the microphones.

PARTICIPANT: I have a question in general about the bill and implementation of it. Won't the federal government now by virtue of this bill have electronic medical dossiers on each citizen in this country?

DR. FITZMAURICE: The bill doesn't require that information to go to the federal government. So the answer is no.

PARTICIPANT: Well, it does state in the conference committee notes, and I read the bill quite thoroughly, apparently all health care providers will be required to use these standard code sets. And basically, what the bill does is lay the groundwork for a cooperative federal, state, local statistics system. That is in the bill itself.

The question that I have is, since this information will obviously be linked together, the government, by virtue of these different governmental agencies, will be regulating how this information is going to be used. From my understanding and from what I have read, health insurance companies in addition to your own insurance company, law enforcement potentially will have access to it, other physicians, so it will be very difficult to get an objective second opinion.

Let's suppose you have a very bad terminal situation, and you need to go and get an objective second opinion. If there is a national patient database, how will you be able to get that objective second opinion when doctor number two can go and see what doctor number one had to say? You are taking away the right of privacy from the patient, and the autonomy from the patient. I don't have anyone that has been able to answer that question for me, as a practical matter.

DR. FITZMAURICE: I don't agree with your assumptions, and I don't rush to the same conclusion that you do.

PARTICIPANT: I'm certainly not rushing to it. I have been looking into it for a number of months now.

DR. FITZMAURICE: But when you talk about a national federal database that has the intimate details of people's medical encounters, I find that nowhere in the bill.

PARTICIPANT: Well, it seems to me that when you talk about equivalent encounter information and claims attachments, you're talking about diagnosis, are you not?

DR. MOORE: I would like to point out that actually, the legislation merely discusses the standardization of information that is currently already been transmitted. Claims are being transmitted every day. Enrollment and eligibility information is transmitted every day. The legislation calls for no new information to be standardized. It also doesn't call for the information to be transmitted to any particular point. It simply calls for a standard transmission format and content between current business partners. So there is really not -- it is not building a national database.

PARTICIPANT: In the bill itself, it refers to a federal, local and state cooperative statistics system. If you want me to, I can point out the exact clause in the bill for you. No one has been able to answer for me what that is referring to, and what is the reason for having these data sets if not to link up and have health research, have access to it.

DR. MOORE: These aren't specific data sets. These are simply to say, if you send a claim, the claim should contain this information.

PARTICIPANT: But you are all going to be speaking the same computer language. So inevitably it will all be connected up.

DR. MAYES: Let me say that a lot of the concerns you raise are concerns that we also face, and we face them in privacy and security, on how to implement whatever the privacy law will tell us. Bob, would you like to make a comment that addresses your comment, or do you have a different comment?

PARTICIPANT: It is on the same issue.

PARTICIPANT: Basically, what I feel is that the right of privacy is actually being eroded, because the patient will now have law enforcement, health researchers, statisticians, health insurance companies, and according to the chairman of the subcommittee on privacy, most probably your employer will have access to your medical records without your consent.

In a recent House subcommittee on technology meeting, computer experts from all over the U.S. testified how easy it is to break into computers. What I find illogical is, it is illogical to require patient medical records on a national database. It would be as if every citizen in the country had their money in a central bank. Where do you think hackers will go for this medical information?

As it stands now, doctors and hospitals have paper files, they have internal computers. It seems to me, if you want to insure better privacy, the way to do it is not make a national database, but rather make more stringent requirements of these separate institutions. I just don't understand how a broader level of dissemination is going to -- by opening up a national database, is going to insure privacy. To me, that is completely illogical.

DR. FITZMAURICE: I think your comments are better suited for a privacy law than for HIPAA, because this does not create a national database on people.

PARTICIPANT: Then let me just get the cite from the Kennedy-Kassebaum bill, the health insurance bill itself, and perhaps you can tell me what it is referring to.

DR. MOORE: I would just like to address that last comment. As Mike said, this in no way establishes a national database for all people in the country's health records. Health plans, health payers are still going to be in charge of those records, as they are today. Medicare is in charge of Medicare beneficiary records. State agencies are in charge of Medicaid beneficiaries' records. Blue Cross, Travelers, other plans, are in charge of those records. In today's world, the last statistic I saw was something approaching 70 percent of the private citizens, outside of Medicare and Medicaid, are in managed care plans, and they sure as hell move information from one provider to another in order to treat that patient appropriately for whatever disease or illness they have.

DR. FITZMAURICE: Are there other questions?

PARTICIPANT: In referring to the bill itself, 104 PL 191, Section 263, and I am quoting, the committee shall assist and advise the Secretary to determine, approve and advise the terms, definitions, classifications guidelines for assessing health status and health services.

Now I'm going to go down, by all programs administered and funded by the Secretary, including the federal, state, local, cooperative health statistics system referred to in Subsection E and 3.

Now, I have asked numerous people, where is Subsection E and 3. Where is that section in the bill itself?

DR. FITZMAURICE: I'm afraid without taking some time to look through the bill and look through any supporting law, I can't answer that question.

But what you are referring to there is the charge given to the National Committee on Vital and Health Statistics, is that right?

PARTICIPANT: Yes.

DR. FITZMAURICE: And the kind of assistance they are to give to the Secretary? I don't see that it directs the Secretary to do anything. It tells what kind of advice the national committee should be giving to the Secretary.

PARTICIPANT: Well, I think that you are evading what I am raising to you, which is, it is not something that you can deny, that once the computers are speaking the same computer language, and you are saying that health research will have access to our medical records and we are all going to get unique health identifiers which are patient I.D. numbers, to me you are not being responsive. How will health research access our medical information? How will it have the access to that?

DR. FITZMAURICE: But if you look through the bill, that has to be discussed broadly in Congress, and they plan to come up with the law in the next three years. We are not directed to do that. Congress is saying that it wants to take on that for itself, and then only if they can't reach a conclusion at the end of three years and pass a law do they give any power to the Secretary.

PARTICIPANT: But you are directed to look into the privacy and confidentiality aspects, and that is what I am speaking toward.

The other thing is that in this bill itself, it also talks about the fact that past, present and future medical information will be required to be reported in these code sets.

DR. FITZMAURICE: The Secretary is directed to report to Congress on her recommendations on privacy. That report is due August 21st.

DR. MAYES: Let me just clarify, as I did in the beginning of the talk. Whether or not in fact the law states this, we are not the appropriate group to be answering that. In the implementation of this legislation, as I said before, it was structured two separate groups or entities. We were concerned with developing -- well, identifying and adopting technical standards for the ten transactions, for the four unique identifiers, for code sets used within the ten transactions, not any broader than that, with security for the transmission of that data.

There is a separate group under John Fanning, whose name was mentioned earlier, in the department who is dealing specifically with the privacy issues. They are right now finishing up the draft recommendations for the Secretary, and those will be available the 21st.

Now, obviously there is some linkage. It is difficult as Mike pointed out to discuss some of the details of security without understanding where whatever privacy legislation comes up with where it sets.

So I don't want you to get the impression that we are not concerned with these issues and that we are not trying to answer it. It is just, that really wasn't the people that are going to be talking today's specific charge. We are much more concerned with just the technical issues of adopting the standards.

So just to clarify, if it seems like we don't have the answers and know the sections, it is because we haven't had any mandate to do so under our group.

DR. FRAWLEY: The Public Law 104-191 not only designates responsibilities to the Department of Health and Human Services, but also the National Committee on Vital and Health Statistics. Section 263 is clearly the charge to the National Committee on Vital and Health Statistics, in terms of the cooperative health statistics system.

As Dr. Detmer pointed out this morning, that committee has been in existence for 46 years, and has been responsible for evaluating the public health infrastructure in this country, particularly a lot of the reporting that is taking place at local, county and state level, and also with federal, in terms of a lot of the surveys that go on, that many of you are familiar with.

Some of those are done with non-identifiable data, some with identifiable. I think the important point for everyone in the audience is that most of the transactions that we will be hearing about today are ongoing transactions. There are no privacy protections as they exist today. I think the law does at least start the ball rolling, in terms of saying to Congress, you wanted to enact privacy legislation, you gave yourselves the opportunity for three years, and if you don't do it, the Secretary has the final authority.

So I think it is very important, when you read the final legislation, to make sure you understand what the responsibilities of HHS are, what the responsibilities of the national committee are, and what the responsibilities of the private sector are.

DR. FITZMAURICE: Thank you, Kathleen, for clearing that up. I have time for one more question. Let's take the question, and then we'll bring up the claims and encounter implementation team.

DR. KORNETSKY: I just wonder if you would briefly comment on the type of feedback you received in some of the public hearing stop date on the time frames. I know for -- I speak here primarily for multi-employer plans. I know there is a great deal of concern about the aggressiveness of the time frame. A number of these plans are still heavily manually handled in their administration, and they deal particularly with very complex eligibility and enrollment issues. I know they are terribly concerned that the costs will be absolutely prohibitive and the time frame, impossible for them to come up to speed. It might really have a serious impact on how that industry works, and whether they will be forced into using national clearinghouses and so forth.

So I wonder if you would comment just generally on the kind of concerns that have been raised by other industry groups or payers about whether it is really feasible for them to implement these standards within two years of their adoption.

DR. FITZMAURICE: Let me just give you a general answer, and say that that question is really best directed toward the specific implementation team that has to deal with those particular standards.

My general response is that while we think that two years is a long time to do the implementation of the standards, we are aware that other standards are firmly embedded in different organizations. We have been listening to different comments about transitions about how long it would take. Even the National Committee on Vital and Health Statistics has addressed that issue.

There is some feeling that we should take a look at a longer time period. Whether we will go with that feeling, we certainly have to listen to the industry that says, we can do it, we can't do it. We have to listen to other parts of the industry that say, we can help them do it. It is not a matter of forcing anybody into an organization that can help them do it faster. It is a matter of having market opportunities.

That is a very open issue with us. Bob?

DR. MAYES: Let me just add one other -- two other points. One is that, interestingly enough, we have had mixed reaction. We have certain sectors of the industry that say, no, don't lengthen -- whatever you do, don't lengthen it, because people will just put it off. If you give them four years, they will put off for four years doing it.

The other issue, remember, it is a two-year implementation time period. If in fact for particular sectors or overall, it becomes clear that that is not going to be an adequate time to effectively and efficiency do this, there is that time period to make adjustments. It's not like, -- February we have to adopt them, but it is not like you have to be using them by March. So there will be opportunity over the next two years to make the case whether from a particular sector or overall, about the adequacy of the time available.

We will be here all day, so if you have any further questions to either Mike or myself, feel free to grab us.

Claims and Equivalent Encounter Information

DR. MOORE: Thanks, Bob, Mike. The next team to be presenting would be the team that is working with the five transactions that are claims and claims related. The chair of that team is Barbara Redding and Jane Harman -- they are co-chairs -- from the National Center. Barbara is from the Health Care Financing Administration. Barbara, do you and Jane want to come up?

Barbara has had a great deal of experience in working with the Medicare program and the quasi-de facto standards that we have there, that are not generally used by the entire industry, but are used by a large segment of that industry, so she is quite knowledgeable about the effort and the amount of resources and time required to implement something.

Barbara, you want to take over?

DR. HARMAN: I'm Jane Harman from the National Center for Health Statistics, part of the Centers for Disease Control and Prevention, and I am going to be presenting the first part of our segment, and Barbara Redding will conclude, and we'll have plenty of time for questions at the end.

Our team was responsible for reviewing electronic transactions that would be candidates for becoming the national standards for health care claims and encounters, coordination of benefits, for insurance remittance advice and for claims status inquiry.

Our charge was to assure that regardless of which standard was chosen for each of these transactions, that standard would be identically implemented by all users. This requires the provision of an easy to follow implementation guide and a complete data dictionary.

We solicited advice from the health community, both formally and informally. We received formal advice from the National Uniform Billing Committee, an organization comprised of payers and providers who are concerned with health care billing standards by institutions and facilities, from the National Uniform Claims Committee, a similar organization concerned with health billing standards for physician and supplier claims. We also received formal advice from the work group for electronic data entry exchange, an industry group concerned with electronic transactions, and from the American Dental Association. Although not on this slide, we carefully considered the testimony presented before the National Committee on Vital and Health Statistics, Dr. Detmer's group from whom you just heard.

We believe that these four principles are of utmost importance to the standardization process. I will address each of these principles separately.

Timely data content management is imperative. By law, the standards may not be revised more than once a year. However, when revisions occur, data content updates should approve all requests approved during the past year.

The structure and format of the adopted standard, that is, how the data is arranged for electronic transaction, should remain stable for the duration of the implementation period. Annual data content updates could occur during that time. Data segments, data fields and code sets could be added, but the basic structure and architecture of the transaction would not change during the implementation period, except under extremely exceptional circumstances.

Testing of the standard transaction at the work group level is essential to evaluate the functioning of the data structures, to ascertain that the implementation guide works and to assure a smooth and relatively efficient translation for all users. Test conditions and results of this testing should be made public.

The documentation must be so complete and so unambiguous that in the famous words of my distinguished co-chair, even a woman from Mars could easily write a correct claims transaction. I don't know if that implies that HCFA has received some claims that look like they were written on Mars. They may have perhaps generated a few remittance advices that looked like they came from Mars as well.

At a minimum, that means there must be a complete unambiguous implementation guide, a universal data dictionary applicable to all of the new standard transactions, and clearly written rules explaining under which conditions particular data items must be present.

We have also worked from the principle that each of these three transactions, the claim, the encounter and coordination of benefits, would be transparent to one another. In other words, the same transaction format would serve to transmit any of these three types of transactions.

I'll turn over the rest to Barbara.

DR. REDDING: These are the committee's recommendations for standards to be adopted. Except for the retail drug claim, which would be in the National Council for Prescription Drug Programs, all of the remaining formats will be X12 formats, according to our current thinking.

There are a number of things that we need to say about data content. We are working with established data sets. The NCVHS core data set is one. Other data sets we are working with are those that have been maintained over any years by the National Uniform Claims Committee, the National Council for Prescription Drug Programs, the National Uniform Billing Committee and the American Dental Association.

We would like to see these committees continue to work as they have in the past, although with HIPAA, they may have more to do. We are also looking for a way to include public health organizations in the data content deliberations of the industry. We are also thinking in terms of a super set concept. We are aiming on defining a maximum data set that meets all health care community needs. For example, it would carry all the information the payer would have to have in order to honor a claim. It would also have to carry the information that a physician or a hospital would have to have in order to post their internal systems from an electronic remittance device.

The data content must be millennium ready. Any standard that would be adopted would have to be millennium ready. I believe that this means that all dates must be eight digits. I know that we can look at the date and say, well, somebody might not want to compute that particular date. But there is such a wide variety of systems involved in this, that I cannot imagine how we would be able to do that accurately.

Data content and review will be extremely important to all of us. When the proposed rule is published, it will include an inventory of data elements for each of the transactions. It will reference websites where further detail can be obtained. I would beg anyone involved in this business to read that with a critical eye and in great detail, and to send us comments if you see anything that you need that isn't there, or if you see anything that you don't need that is there, because once the final rule is in place, the data content will be set for one year or longer. The law will require all the users to accept the data sets for that time.

There have been some issues. There have been divided opinions on architecture. We have received a great deal of advice for flat files, as well as advice for X12 files.

We also received advice for dual standards, so perhaps you begin with a flat file and an X12 file and then on a date certain you would retire the flat file.

Almost all of the people that advise us did however want to see an X12 architecture in the end. The team concluded that the best way to deal with that would be to find a way to allow more migration time within the meaning of the law, so that people have time to adjust to what for some people will be a fairly significant amount of change. We would want a migration design that is equitable to all players. We are hoping that you will have some suggestions for us on what that might be.

Last but not least, the team really believes that somehow we must provide for experimentation with future technologies without subverting the standards, and we would appreciate suggestions for that regard. We all know that I care a great deal about stability, but forever is just too long for anything.

With that, questions, comments, preferences?

DR. TRACY: I am wondering, your slide did not describe the issue of claims attachments associated with the claim. I may have misread X12 837, but I believe it is silent on claims attachments. My presumption is that they are often needed to adjudicate the claim. My question is, was it merely not covered in the slide and is covered in the recommendations, or is some other action being taken regarding this important matter?

DR. REDDING: I have been asked to repeat every question, so make sure I get this right. But I think the question is, are claims attachments being addressed in the planned notice of proposed rulemaking. The answer is no. The legislation calls for standardized attachments one year later. And staff will have something ready in a year on that.

DR. EMERY; I'd like to raise a question about -- I believe you said that you were thinking about a maximum data set. I am very much concerned about the impact and the cost that that would incur to those people collecting the data, what the need is for that, the justification for that, more information about that.

We hear a lot about minimum data sets, but maximum data sets frankly scares us.

DR. REDDING: I think the question was, Jack Emery of the American Medical Association is concerned about the impact and cost of a maximum data set.

We gave that a great deal of thought. The difficulty with a minimum data set is, it means that everyone writing a claim is going to have to revise the content, depending on who the payer will be.

The team thought that since claims go from hand to hand, from payer to payer, since many people have more than one insurance policy, that a maximum data set would be simpler to manage than a minimum data set. But we are open to suggestion. If you have a plan, we would love to hear it.

DR. EMERY: I do hope you will take into consideration that there is a cost in collecting that information. To the extent that reimbursement rates then to provide that information, to provide the documentation for that little lady on Mars, adds up. It becomes cumulative. It is a very strong concern we would have about how much information then you are going to be asking.

I can appreciate your interest in trying to perhaps minimize by maximizing, but there is a cost associated with that, and we would be very concerned about that.

DR. REDDING: One of the things that we are working with the National Uniform Claims Committee now is on data conditions. That should mitigate the impact of a maximum data set, because it would carefully spell out under which conditions which pieces of data need to be present.

DR. ZUBELDIA: Your slide showed version 3070 of the standards. I understand that the DME requirements are not met by version 3070 in the claim. Are you thinking about adopting a modified standard or going to a later version of the claim that will incorporate the DME requirements?

DR. REDDING: We are hoping the next 12 will have a millennium ready solution on a website in a relatively short time. Is anyone here from X12 that could address that issue?

The question was that the version 3070 implementation guides are not all currently millennium ready, and how would we propose to deal with that.

PARTICIPANT: I'm simply wanting to request you to back the slides up about three or four to the 837, 835 transaction sets with the versions listed.

DR. OWENS: Bob Owens from the X12. What we are doing is in fact laying a process in place, so regardless of the final version of the standards selected, we will have implementation guides ready for that particular version.

What we have right now is 3070 totally done, pretty much ready to go for the ten transactions. As far as updating it to a later version, with the exception of the claim, that is pretty much just changing the 3070 to a later version.

Now, in the claim there is already work underway to make the modifications to the guide for the DME. So depending on what your final selection is, we can go either way. If you want DME in there, then we will have that and ready for an implementation guide in the later version. Our only recommendation is, if you move it to the later version for the claims standards, that you would also consider moving it to a larger version for all the others.

DR. REDDING: Well, bear in mind that we need to be able to refer to a website with implementation guides for the readers of the notice of proposed rulemaking.

DR. OWENS: That is the same one that you will have for this one, which is the Washington Publishing website.

DR. ROBINSON: You mentioned that the flat file wa not going to be adopted as the 837 for the claims.

DR. REDDING: Yes.

DR. ROBINSON: I know that the NSF 3.0 just came out. Is HCFA still going to maintain that? Because the systems are going to need a flat file to be able to process through their systems. Are you expecting the systems to be able to maintain the mapping of that, so it can process all the way through the system? Or is HCFA still going to maintain a national standard format?

DR. REDDING: HCFA will cease maintaining the national standard format at the end of any migration period that is devised, or at the end of the implementation period. We are now and will continue to provide national standard crosswalks between the national standard format and X12 formats.

DR. ROBINSON: So any updates to the 837 that need to be updated on NSF on that crosswalk, that is where you will address it, but you won't be updating the format itself?

DR. REDDING: I'm not sure I understand the question.

DR. ROBINSON: You said you will be providing crosswalks to a format, to a national format.

DR. REDDING: We currently always in our specifications include a map that shows which NSF data element is mapped to which position in an X12 guide. We would continue to do that.

DR. ROBINSON: But if you don't have a standard format, a flat file, then how are you going to crosswalk it?

DR. REDDING: Well, we will the lat year.

DR. ROBINSON: But after that?

DR. REDDING: But after that, we don't --

DR. ROBINSON: Is it going to be up to the standard maintainers then to maintain the flat file?

DR. REDDING: There will be no more flat files.

DR. ROBINSON: Well, there has to be one to be able to process it through the system all the way through. You can't take ANSE data and process it through.

DR. REDDING: With the X12 scheme, you will have to have a translator that will build you a flat file that you can use with your internal system.

DR. ROBINSON: Okay. Thanks.

DR. OWENS: Actually, I have two more questions, as long as I was up here. One is going back to the maximum data set. Is your intention to create a maximum data set for like business process, like institutional claims, physician claims, dental claims? Or is it one overriding maximum data set?

That is question one, then question two would simply be --

DR. REDDING: How about one at a time?

DR. OWENS: Okay. These are easy.

DR. REDDING: The first question was, is the maximum data set going to apply separately to institutional, dental and physician supplier claims or would it be an over set. The answer is, it will be for each individual classification of claim.

DR. OWENS: Then the second question is, has the group made a decision as to what code sets it is going to recommend for each of the business types as well? Like CPT, CDT, ICD-9.

DR. REDDING: There will be a presentation on medical coding this afternoon.

DR. ROBINSON: Barbie, you said the data content will be set for one year, after the final rule? Then it is going to be implemented over two years. Does that mean that that set is frozen for three years?

DR. REDDING: No. The question was, will the maximum data set be frozen for three years, basically, is that --

DR. ROBINSON: No, the 837 that you adopt, the 3070 or 3073 or whatever, is that going to be frozen?

DR. REDDING: Will the version be frozen?

DR. ROBINSON: For the three years specified in the legislation.

DR. REDDING: We're not recommending that necessarily the version be frozen, but we are recommending that the structure be frozen for those three years. So we would not anticipate any major rewrites, although we would anticipate that possibly as often as once a year, data might be added or subtracted.

DR. ROBINSON: So that is the same procedure you see going forward beyond the three-year implementation, too, then, would be very three years you would have a data structure change.

DR. REDDING: The question was, would that also then apply going forward after the three years. The answer is, hopefully. There could conceivably be some new requirements that would make a rewrite seem like a good idea. But we would really like to keep it stable. It would be awful to have people -- in my opinion, it would be very difficult to have people -- the early implementers are on this version, and somebody comes along a month later and it is a different version. I just think it would be awfully hard for people to follow.

DR. ROBINSON: Then on the migration time frame, you talked about the migration time frame being possible to have the 837 implemented at a later time because of the complexity and the fact that a lot of people are using other formats currently.

DR. REDDING: Yes.

DR. ROBINSON: The problem with that is, if all of the other transactions are adopted within two years, because of the fact that they interact with the 837, if you have all the other ones up in two years and not the 837, you are going to have a bigger problem than if you had insisted on having them all in the same time frame and all of them come up within the two year time frame.

DR. REDDING: The question was, as far as I can tell, and correct me if I haven't got it right, but the question was, if for example all of the X12 standards except the 837 were implemented, wouldn't it be a smoother migration if there was no allowance for continuation of an old file. Is that basically what you're saying?

I don't know. The advice that we have received to date would imply that people need more time to migrate from flat file standards that are widely used. If that is not true, people have to let us know, because most of the advice that we have now basically says I have so many customers on this, that or the other flat file, I need migration time.

Tony?

DR. RIZZI: Barbara, there has been some discussion, and I haven't heard if there has been any decisions made about whether or not the HIPAA law and these standards will apply to payers and providers using an intra-net. Have you had any update on that, or any decisions made?

DR. REDDING: The question is, will these HIPAA regulations apply to people using intra-net. My question is, could you tell me more about this context for his intra-net? It could be used a variety of ways.

DR. RIZZI: The way I understand it will be used is like a proprietary communication process, where trading partners, providers who have payers in their network are going to communicate for eligibility and claims type transactions, as well as provider information on what -- I'm not an expert on this, but what I understand, a closed internet is just like a private mechanism set up using public telephone communications to communicate back and forth. Will they have to use the standards that are being mandated here, or can they continue to use proprietary flat files or whatever standards they set up?

DR. REDDING: If I have this right, you are basically saying it would be providers and payers, and instead of being on some other kind of wire, they would be on an intra-net?

I think that the intent of this law is to simplify workload for both payers and providers. So therefore, I think regardless of the transportation mode, a provider has a right to insist that a standard be accepted by a payer.

DR. MOORE: And also, the payer has a right to insist that the provider give them the standard, and they not have to go to a different format just for the provider's convenience, because they worked out a trading agreement with some other partner to do that.

So what we are thinking today is that proprietary agreements not be allowed between trading partners that have existed. If the information is flowing, what you do beyond the front door of your operation with your internal partners is your business. What HCFA does beyond the front door of a carrier intermediary is our business.

Outside of that door, -- and we can make that any format we want it. Before, the question was, I'll have to convert that to a flat file in order to process it. So will everyone who works with that data. We will make that information look in the format that we need to make it look to do efficient operations within our files, interfacing with beneficiary files, interfacing with provider files, things of that nature, has to be done in order to do the processing.

That is our decision; we set it up to be most efficient for us. But we will have to accept at the front door that standard transaction that is coming from some other trading partner. To allow different partners to have different agreements out there tends to make it more onerous and convoluted, and it is back to where we are today. For that reason, we would say no, unless we get better advice from someone else.

PARTICIPANT: Bob, I'd like to follow up with that question. That is, can trading partners that agree to not use the standard agree to do that?

DR. MOORE: No. This is a law that is mandating that a provider and a payer use the standard from their back door to their front door and vice versa. A provider may have dozens of trading partners. A payer is going to have hundreds of trading partners. How do you make that arrangement work?

In my way of thinking, as it has in the past, he who has the goal sets the rules, and the payer has been setting the rules and the providers have been dancing to those rules for many decades. We are trying to level that playing field, to make more providers come into the fold and begin doing electronic commerce. The only way we can do this is to create some standards and start getting people to do it in a uniform, consistent manner.

PARTICIPANT: I understand the department's concern about the health insurance industry strong-arming providers.

DR. MOORE: That is not the department's concern. I thought that was the provider's concern.

PARTICIPANT: Well, the provider's concern. I think the department has a concern as well. But I think about -- I work for the Blue Cross/Blue Shield Association, and we have a unique relationship between and among our plans. We have talked about this issue before.

DR. MOORE: If there is private information moving between the plans, that is between the plans. If there are services between providers and plans, that should be in the standard format.

PARTICIPANT: So then we would be allowed to use a different standard internal to --

DR. MOORE: If you are dealing with coordination of benefits between a Blue plan, I would think you would need to do it within the standard, because you are going to be dealing -- or are you saying that the Blues are all willing to deal with each other with their private proprietary standard, and then with the rest of the world where the public standard is going to be graded by these standards? Is that what you are telling me?

PARTICIPANT: I can't say exactly what it is.

DR. MOORE: If that is what you're telling me, I might agree to that, because then only the Blues are paying a price for their own internal proprietary standard. But if that is the proposal you make to me, then perhaps we on the government side will say, that is an acceptable idea, as long as you are willing -- and the Blues pay that price and you absorb it for yourselves because that is what you want.

But when you deal with the rest of the world on all these other standards, you're going to have to use the mandated standard. If that is coordination of benefits, then a health plan or any other secondary player, you will have to use the standard in order to communicate with them.

PARTICIPANT: Thank you.

DR. ZUBELDIA: Following up on that, Bob -- don't go away yet -- I have seen some language that during the transition period willing trading partners will be allowed to continue with existing standards. Has that been changed recently? Because I understand that after the standard is adopted, there will be a transition period during which willing trading partners will be allowed to continue with flat files or whatever standards they want to use for the transition period only. Has that changed?

DR. REDDING: The question is, will there be a transition period where proprietary standards would be usable. That is kind of what we were talking about when we were talking about a migration plan, and what would be an intelligent and equitable migration plan that would allow people time to adjust.

DR. MOORE: The decision on a migration plan hasn't been finalized. What we are trying to do here is role out to everyone where we are today, what we are thinking about. We have come to some agreement in our world on what the standards should be. The next step as you heard Mike and Bob roll out, there are a lot of other decisions on these issues: the migration, implementation, how we work through those, what are the problems.

We haven't heard from all of the community yet, but we want to put the standard up. The goal is still in the law that says the year 2000. How we get there -- if we get enough feedback that says we need to address the issues and give more time for what appears to be good and reasonable rationale for doing this, then we will address it and we will go that way. But I need to see it.

What have we heard today? We have had, I would say, hearsay, I believe this, I believe that. I'd like to see it in writing. We have to get the law changed, and before we do that, I think Congress is going to ask us to put the information on the table.

DR. EVANS: This question is along the lines of hearsay. As a payer, will the payers be required to generate outbound 837s, potentially joined with an 835 when they are primary and another payer is secondary? I think I have seen this as it relates to receiving claims electronically from Medicare, and to continue that, we would need to do that.

DR. MOORE: One of the big intents of the legislation was to provide that routing of claims, so that the provider would not be under the rules of today, of having a claim paid by the first payer, get back a remittance device, put it on paper, attach the paper to another paper claim, and submit that claim and it takes six months before that whole cycle is processed, when the payer had all the information that the second payer needed to begin with.

I think that was part of the comment that was made before, can you use a proprietary system. If you are moving data within your agreed network, whether it is the Blues which look at themselves as one large plan, that is possible, if it is proprietary information. Once you start to move information that is going to be moved to other entities that are required in order for them to do their business with that provider, then we begin to get over onto the other standard.

DR. EVANS: So that is the intent? So by February 2000, we should have that capability?

DR. MOORE: We should.

DR. EVANS: Thank you.

DR. RENSHAW: Barbara, I understand that your intent is that woman from Mars can come in and take the implementation guides and build a transaction. Do you see any provision for payer-specific limits or restrictions at all on the maximum data set and things in the implementation guide, such as claims, number of claims per transaction, number of lines per claim, any kind of boning down of what is in the implementation guide to tie into specific restrictions of a specific payer? In other words, a payer put out supplemental guidelines?

DR. REDDING: I think the question is, will there be room for payers to put out supplemental guidelines, particularly with respect to issues that are not addressed in the implementation guide, such as the number of lines in a claim. Do I have that right?

DR. RENSHAW: Basically. Those things are addressed in the transaction, but they are very large.

DR. REDDING: I hadn't really thought about that at all. I thought about a case where the woman from Mars would have the implementation guide and she would have the data dictionary. She would have the conditions that tell her what data needs to be present under what circumstances, because a line of data doesn't need to be there all the time.

But I didn't honestly think that she would think, I'll write five lines for this payer and seven for that payer. So possibly, one solution would be to adjust the numbers so that everybody can live with them.

DR. MOORE: I think one of the issues here is that when we worked in the paper world, we were limited to the 8 x 11 piece of paper. When we are moving into this world, I don't think we should let those limitations govern the way we do business. I think we need to start thinking in broader terms. If a physician claim can only handle seven line items in the past because that is all that was on the piece of paper, and now the physician wants to submit something with 10 line items, I agree that there has to be some limit, but I think that limit is something that we have to think about. But I think we ought to raise at the bar, as Mike said before, and not keep it at the same level it was with the paper in the past.

DR. RENSHAW: Would you raise the bar or lower the bar to a common point, and there would not be specific points payer by payer?

DR. MOORE: Right, because some payers have different limits within their processing capability, that their system couldn't handle until some time, 15 line items, where another system could handle up to 100 line items. So we need to be really sensitive about those conditions.

But we need to think about how we can make that happen, and bring those others who are limited to three up to a reasonable level.

DR. REDDING: And we might also want to think about adjusting the implementation guide to reflect reality, if it does not currently do that. Who is next?

DR. ANDIDORA: Hello. Thank you for soliciting comments. I would just like to make a comment.

I am representing EXACT, which is a Medicare Part B carrier. We are the largest carrier in the country. To give you an idea, we are processing about five million claims per month. So this is going to impact us very greatly. We have over 20,000 customers to deal with also.

I just want to go on record as saying we are behind the standards. We think it is a great idea. All of the customers that we have talked to agree that it would be wonderful to have one standard to deal with all health insurance claims. We believe it is doable in the time frame allotted. So one thumbs up from somebody, anyway.

DR. REDDING: That comment was from EXACT Medicare. They process five million claims a month. They are all for this.

DR. FYFFE: Kathleen Fyffe with the Health Insurance Association of America. We represent about 300 commercial health insurance companies.

I have a question and a comment. I'm not clear in my mind what the response was about the proprietary networks in some of the current Blue plans or within other organizations, because of the following scenario.

Let's say that I am a physician provider in a group practice, and I have a significant percentage of claims that I submit to the local Blue plan. Am I assuming correctly that there is a proprietary format that I am currently using with that Blue plan? Yes? It is possible. My concern is that if I don't have to follow a standard format, national format for that Blue plan, then I would be discouraged from moving toward a national format that the commercial insurance companies want to use. My saving grace might be that if Medicare requires the national format, that the volumes in my office would be such that I would have so many Medicare transactions and so many commercial insurance transactions, that I would prefer to use a national standard instead of a proprietary standard.

DR. REDDING: I think basically you are saying that you believe it would discourage standardization if a physician was required to use a proprietary format with one payer and a standard with the other. I think you misunderstood what Bob was trying to say.

DR. MOORE: Let me repeat it.

DR. REDDING: The difference is whether or not the customer is external. The question was about an intra-net. I asked about who was on the intra-net, and it was physicians who deal with a particular payer.

So we would envision those people as being subject to the standard, because it deals with an external customer. However, if the payer had an internal system that communicated with another internal system, we would see that as not being a candidate for standardization, but rather for native mode, no external customer.

DR. FYFFE: No external customer, and they would not have to follow these standard transactions.

DR. REDDING: Internally, with their customers. The physician with the payer would have to follow it.

DR. MOORE: If the Blue plan is dealing with information to another Blue plan, then -- one of the issues that came up is that if I am in Michigan and I have a person that I am insuring in Michigan, they go to Florida, they receive something. They have a number of transferable benefits between the plans, so the person goes into the Florida Jacksonville Blue Cross. Then transferring that information on eligibility back to the Michigan Blue Cross plan to get it, would they have to be -- and to get the allowances and whatever else that goes with it --

DR. FYFFE: That is internal to the Blue plans.

DR. MOORE: That is internal to the Blue plans.

DR. FYFFE: All right, thank you for clarifying that.

DR. DAVIS: Bob Davis of New York State. My question is, how do you envision the standard being able to keep up with legislative mandates from the states? Every year, we have legislative requirements that happen. They usually happen late in New York State, and we are asked for that next January to have something in place to deal with some legislative mandate. Will the standard be able to accommodate those state legislative needs?

DR. REDDING: The question is, will the standard be able to accommodate and keep up with state level legislative mandates. In response, I have a question for you. Will they give us a year?

DR. DAVIS: I'll tell you, the thing that happened in New York State the last year, the law passed in June and it was implemented in January. So in the case of what we had last year, coming down the pike to us, the answer to that was no.

DR. REDDING: But in this scenario, it would have made February, and they probably would have settled for that.

What the law provides is that the updates can't be more frequent than once a year. Within that constraint, I think a lot can be done.

DR. DAVIS: So a lot has to be done to educate the state legislatures in terms of, once we have a national standard, they need a year of implementation, because you need to go to ANSE to get the element added to the data set, and then from that you need a year to implement.

DR. REDDING: Yes, or you might go to one of the content committees.

DR. DAVIS: The education of that I think is vital.

DR. MAYS: These are national standards, so a state cannot change the standard, because the change would have to apply to every state in the union.

DR. REDDING: He is not trying to change the standard, Bob. He is just trying to get it to keep up with his legislature.

DR. MAYS: What I'm saying is that this pre-empts state legislation, so the legislatures in the state can't change what a claim is.

DR. DAVIS: Let me give you the example that we have in New York State. New York State changed the reimbursement law last year. Part of the New York State reimbursement law is to say they will take and spread out the bad debt and charity, the indigent care across all payers. That law changed in January 1. Part of that law says we will now have these pool amounts, this surcharge that has to be on.

So what you're saying is, because that is not in the federal legislation, we can't do that?

DR. MAYS: No, all I'm saying is -- is that changing a claim format?

DR. DAVIS: There is claim information certainly for commercial payers who have elected to be part of the game or not elected to be part of the game. That commercial payer may or may not have things that have to be on the claim. The answer to that is, absolutely yes. So we have a state law that is trying to do something, and we think it is trying to do something good.

DR. MAYS: Well, the state law simply says that you have to supply the information. The issue is, would that information have to be supplied within the national standard claim format, or would people in your state have to develop another attachment or something like that to carry that forward.

DR. DAVIS: But I thought we were trying to do an administrative simplification.

DR. MAYS: Well, that is why it pre-empts state law.

DR. DAVIS: So you are saying, do an attachment. So now for all the claims in New York State where you need this, you now need to put a piece of paper on with that? That doesn't make sense to me.

DR. MOORE: Is it a different data element that you are adding to this? I haven't heard you say that.

DR. DAVIS: Yes.

DR. MOORE: Then you would have to bring your case to the standards organization and say, I want to make the change, and you do that.

DR. DAVIS: We understand that, but the question is, that is about a year process, at best it is a year process. Now, obviously when we need education of our state legislature.

DR. MOORE: And we need education on our side, because we do the same thing in the Medicare world.

DR. DAVIS: Yes, because last year our state legislature did not give us that year process.

DR. MOORE: You can't get the benefits of what we are trying to do and at the same time respond to all the legislative demands of 50 different states and a national government.

So you're right, we need to educate our people. One of the things that we have been doing all along is adding to the claim. Every time we want something in Medicare, we add it back to the claim. The claim has grown and grown and grown, until it no longer looks like a claim. It looks like a hodgepodge of a lot of information that we wanted to know about someone.

We have talked with X12 and others about how to find a way to have that information added, and do it. The claims attachment is another piece. It isn't going to be a piece of paper. It is going to be another electronic transaction that is going to carry information that isn't part of a claim.

But let's go back to another point. Medicare wants to have a DME certificate of medical necessity. Why should the entire community pay for something that Medicare wants to add to the claim? The same thing for New York. If New York has a special requirement, then we ought to find a way for New York to pay that price to process it, and for all the providers in New York to have to absorb that cost. Why transfer it to 50 other -- to all the other states and all the other payers in the country?

DR. DAVIS: I guess that brings up the bigger question, because the bigger question clearly is education, because legislatures have to be educated in terms of, this is the impact when they do make legislation like that, and the process that it will go through is whatever the process is. I think that is a very important part of this process.

DR. ST. GEORGE: Can I just add a comment to this issue?

DR. REDDING: Sure.

DR. ST. GEORGE: Actually, depending on the nature of the change in the requirement, it can probably be addressed in the existing standard, because many of the codes in the claims and on the payment remittance advices are externally maintained code tables, which allow for a much faster change.

So for instance, if you had an add-on payment or a penalty or an adjustment that actually could be handled with a claims adjustment reason code, and you wouldn't have to worry about whether you could comply with the state legislation code.

So the answer is, depending on the nature of -- if it is not a huge new element no one ever heard of, in most cases and X12 transactions would allow you to accommodate those changes.

DR. REDDING: Thank you.

DR. DONATH: There are many claims payers in the multi-employer sector that currently do not have the technology nor the monies to expend on enhancing their systems to comply with any standards that will be adopted.

It is my understanding they will then have to use clearinghouses. Now, a survey that was recently conducted by a third party administration association indicated that the cost of processing a claim would go from 25 to 40 cents a claim to 60 cents a claim if you are using a clearinghouse. Could you address that issue? Have you taken that into consideration for those plans who really do not have the monies to --

DR. REDDING: Let me repeat the question for the record. I think what you are saying is that there are many payers that don't have the money to adopt standards. They are operating electronically, though?

DR. DONATH: No. Yes, they have a computer system to process claims, but not electronically. They are entering them manually.

DR. REDDING: The Health Insurance Portability and Accountability Act of 1996 only applies to electronic operations. If you are mailing a paper claim, it is outside the purview of that legislation.

DR. DONATH: But if they are getting claims from physicians that are sending electronically, or hospitals, and they don't have the capability, won't they have to go through a clearinghouse? What is the purpose of the clearinghouse?

DR. REDDING: If you choose to do business electronically, you will have to abide by the standard and the time frames in the final rule. If that means using a clearinghouse, that is what it means. We are trying to develop a migration plan that will allow people to spread out the cost over a little bit of time.

DR. DONATH: So you're saying that if they want to continue processing claims manually, they can.

DR. REDDING: Yes. The question was, if they want to continue processing claims manually, they can. Yes, they can.

DR. MOORE: No.

DR. REDDING: No, they are paper claims, Bob.

DR. MOORE: No, no. She is a plan. All plans and all payers have to develop the capability to receive electronic transactions, period. Providers have an option. They may or may not do it electronically. If they choose to do it electronically, -- and that was one of my earlier slides -- they must use the standard. They may not take another standard. Or they can go on paper.

But she is a plan. Therefore, she has to develop the capability or contract out to a clearinghouse or some third party the capability to receive that information, and convert it to whatever she needs, paper or whatever.

DR. DONATH: So then I do go back to the question, has that been taken into consideration, because it will add cost based on this study.

DR. MOORE: We have not taken that into consideration. The law says that all plans must do it, and it says all payers. Small plans are given an additional year, and small plans are those with 50 or less participants. So it would be -- the requirement is there for you to do it. The only way for us to back out of that requirement is to say we have to change the law. For that, we have to go to Congress and we have to have the documentation.

DR. DONATH: I just have one other question. Sometimes managed care organizations, claims are sent to managed care organizations or PPOs for precertification and repricing. Are you considering the standards or are you establishing the standards for multiple routings of a claim that is sent electronically? Because it would be more than one organization handling the same claim.

DR. REDDING: I believe the guides provide for multiple routing, but beyond that, no. What is on the website is what you'll get, in terms of the implementation guide and how the envelopes work.

DR. ROBINSON: The way we envisioned it is, the HMO receives the claim from the provider and reprices it or what have you, and then forwards the 837 as modified to you for payment. So you would still be getting an 837 transaction.

DR. FYFFE: I'd like some clarification on whether or not it is a black and white issue as to whether this federal law supersedes state law, because there is an out. According to the language, and I am not an attorney, it says that there is -- except as provided in paragraph two, and paragraph two has lots of exceptions, this standard shall supersede any contrary provision of state law, except if the Secretary determines it is necessary to prevent fraud and abuse, to insure appropriate state regulation of insurance and health plans for state reporting on health care delivery costs, or for other purposes.

DR. REDDING: I'm no attorney, either.

DR. FYFFE: Yes. So what I'm saying is, for the purpose of the audience here, I think that this is something that counsel or other attorneys have to take a look at, because I don't think it is a clear-cut, black and white answer. Just a comment.

DR. OWENS: Barbie, I would just like to clarify a couple of things relative to the X12 standard from comments earlier. The HIPAA law requires no more than once per year change. The X12 standard itself allows for three iterations of the standard each year.

Also, as John St. George mentioned earlier, in addition to code sets there are provisions for specific mark-up percentages. So the example you gave, sir, is already definitely addressed in the standard. So the idea is that you would have a common implementation with a minimum data set. That is what we are trying to advocate here. That is what the law requires. If it is specific, I need to charge $1.10 instead of $1.00 for a particular service, that certainly is a variant. The transactions do not mandate how much you charge for a particular service.

So I just wanted to make that clarification.

DR. MOORE: One last question, and then we're going to break for lunch, and we'll be back at 12:30. It is 12:00.

DR. TRACY: I thought about the response that I got from Barbara to my last question, so I have a new one. I hope she will act with some forbearance.

You indicated that there is an extra year before the claim attachment material is addressed. My concern is in the first year of mandatory implementation, there is going to be a void, where you haven't said anything about claims attachments. Can you describe for me how you would expect people to comply to the first year of required submissions, when only the primary claim and not the attachments have been addressed?

DR. MOORE: We hope to expedite the claims attachment, and we are already starting working with that. There was a work group that was established. I know you said you weren't aware of anything that had been accomplished yet with HL7 and X12.

The issue here is that the claims attachments for most information going to the payer is clinical in nature to make the adjudication of that claim. The claim is inappropriate, and we have bastardized the claim over years by adding that kind of information to it, rather than sticking with where we were. So now we are going to have to address that problem.

We started a joint work group to look at one, and we have at least nine different entities that are participating with that, payer and provider groups, so that we can address what are the maximum possible attachments that payers want, what are the things that they are asking for, so that we can identify them and codify them, then work that out.

We have started already with that, and we will be working through those. It is a team that is led by one of Bobby's staff, doing that. We hope to have that answer next summer at this time. August of next year, that standard is to be submitted to the Secretary, and adoption is to be done by February of '99. We hope to beat that time frame, because we are taking advantage of what we are learning here, the issues that are there, and we hope to have that particular standard ready when the others are, even though we are given more time. The time is mainly because of the complexity and the lack of use of it today.

But I can't give you a definite answer that it is going to be there on the year 2000. But we are going to try to make it there by then.

Have a nice lunch. There are a lot of places available. There is a snack bar upstairs, I understand. I'll see you back here at 1:30. We have three more groups to cover.

(The meeting adjourned for lunch at 12:02 p.m., to reconvene at 1:30 p.m.)