Transcript of the April 22, 2003 NCVHS Workgroup on National Health Information Infrastructure

04/22/2003

NATIONAL COMMITTEE ON VITAL AND HEALTH STATISTICS

DEPARTMENT OF HEALTH AND HUMAN SERVICES

National Health Information Infrastructure Workgroup

Hearings on the NHII Population Health Dimension

April 22, 2003

Sheraton Buckhead Hotel
3405 Lenox Road
Atlanta, GA

Proceedings By:
CASET Associates, Ltd.
10201 Lee Highway, Suite 160
Fairfax, Virginia 22030
(703) 352-0091

TABLE OF CONTENTS


P R O C E E D I N G S [8:40 a.m.]

Agenda Item: Welcome and Introductions, Dr. Lumpkin, Chair

DR. LUMPKIN: -- this meeting actually was scheduled and then rescheduled, the National Health Information Infrastructure Workgroup of the National Committee for Vital and Health Statistics. We’re going to start off with introductions around the room. I’d like to remind everyone that we are as our usual action going to be over the internet, so please speak into the microphone so people out in cyber land can hear you, and we do have a very tight schedule today so I will be keeping the speakers to their allotted time so that we can have discussion and continue with our very full and interesting agenda.

To start off with, my name is John Lumpkin and I am chair of the Workgroup, and I’m also senior vice president of the Robert Wood Johnson Foundation. Mary Jo?

DR. DEERING: I’m Mary Jo Deering, I’m the lead staff to the NHII Workgroup and deputy director for eHealth and management in the Office of Disease Prevention and Health Promotion in HHS.

DR. HARDING: I’m Richard Harding, I’m the interim chair of psychiatry at the University of South Carolina and a member of the Committee.

MR. HUNGATE: Bob Hungate, principal of Physician Patient Partnerships for Health and member of the Committee.

DR. YASNOFF: Bill Yasnoff, senior advisor, National Health Information Infrastructure, Health and Human Services.

MS. WILLIAMSON: Michelle Williamson, Health informatics specialist at the National Center for Health Statistics, CDC, and staff to the NHII Workgroup.

DR. ORTIZ: Eduardo Ortiz from the Agency for Healthcare Research and Quality. I’m the lead person at the agency for clinical informatics and I’m also staff to the NHII Working Group.

DR. FERRER: Jorge Ferrer, Centers for Medicare and Medicaid Services, medical officer.

DR. LOONSK: I’m John Loonsk, I’m the associate director for informatics at the Centers for Disease Control and Prevention.

MS. DAVIES: I’m Jac Davies, I’m with the Washington State Department of Health where I’m the assistant secretary for the division of epidemiology, health statistics, and public health laboratories.

MS. MURPHY: I’m Anne Murphy, I’m the chief legal counsel and chief privacy officer for the Illinois Department of Public Health and a speaker this morning.

DR. HUFF: I’m Stan Huff with Intermountain Health Care and the University of Utah in Salt Lake City, a member of the Committee.

DR. STEINDEL: Steve Steindel, senior advisor for standards and vocabularies, Centers for Disease Control and Prevention, liaison to the full Committee and staff to the Working Group.

MR. BLAIR: Jeff Blair, Medical Records Institute, member of the Workgroup and member of the full Committee.

MS. GREENBERG: I’m Marjorie Greenberg, National Center for Health Statistics, CDC, and executive secretary for the Committee.

MS. O’CONNOR: I’m Lilly O’Connor and I’m the director of operations for the California Cancer Registry.

MS. WEED(?): Gerri Weed from CDC, support staff to NHII.

MR. HALL: John Hall, State of Nebraska NEDSS Coordinator.

DR. LINCOLNS(?): Rob Lincolns, acting director of data management division national immunization program, CDC.

MS. WILLIAMS: Gail Williams, acting chief of the immunization registry support branch, NIP CDC.

MS. HORLICK: Gail Horlick, NIP Centers for Disease Control and Prevention, and staff to the Subcommittee on Privacy and Confidentiality.

DR. MEARS: Hi, I’m Greg Mears, I’m with the Department of Emergency Medicine at the University of North Carolina at Chapel Hill, I’m also the state EMS medical director for North Carolina.

DR. WILLIAMS: Warren Williams, Centers for Disease Control, National Immunization Program.

MR. HOPFENSPERGER: Dan Hopfensperger, program manager for the Wisconsin Immunization Program.

DR. LUMPKIN: Well, good morning. As you know the focus of this particular hearing is related to public health, also related to surveillance and other activities which is why we wanted to come down close to the CDC which is the center. Obviously there’s been a lot of national focus on the work of the Centers for Disease Control and anyone who woke up this morning to CNN saw Julie Gerberding on CNN every five minutes, I hope she’s comfortable with that quote because it’s coming back again and again and again.

MR. BLAIR: For those of us that didn’t watch CNN what did you hear?

DR. LUMPKIN: They’re doing a promo for an 8:00 show tonight on SARS and so it sort of has a couple quotes from Julie Gerberding, well one basically saying that we’re not clear on how big this is going to be because we’re just in the beginning of this epidemic. She said it actually nicer and much more succinctly. But one of the things that I wanted to talk, just to mention before we get started is that the environment in which we are operating is significantly different. As you know we as a Workgroup worked very hard in our report, we published a report over a year and, almost a year and a half ago and pretty much at that point we thought it was on to deaf ears, except for the fact that it helped Bill Yasnoff get a different job. But all of you should be aware that there has been a lot of interest on the issues raised by our report by the senior levels of the Department of Health and Human Services. In November the Institute of Medicine at the urging of the Department released a report on rapid advances in health care, one of those sections was on health informatics, and there was a roundtable in November that the Secretary attended for a full day sponsored by the Institute of Medicine which I and Don Detmer(?) presented for a one hour roundtable with three or four other people, directly with the Secretary and Harvey Feinberg, the head of the Institute of Medicine.

Since that time there was a town hall meeting in Detroit in which the Secretary opened up by commenting on the fact that there’s a major problem in this country where there’s better automation at the check-out counter in a grocery store than there is within our health system. He announced the adoption of the clinical data standards as recommended by this Committee and endorsement of the Consolidated Health Informatics Initiative, which is a combined initiative of the Departments of Defense, of Veterans Affairs, and the Department of Health and Human Services, and endorsed the proposal which FDA has now released rules for bar coding of pharmaceuticals and medical supplies, all of which represents a significant commitment at the highest levels of HHS, from the Secretary on down, to the areas that we have discussed, really beginning to move forward the agenda on the National Health Information Infrastructure, so it’s very timely that we have this discussion today to keep in focus.

At that meeting I did change my slides, which I’ve been using in doing the presentation on the National Health Information Infrastructure, and where we talk about population health I put in under parentheses there preparedness, because I think that that is a very key component of what we’re talking about that as we move this agenda forward that the new reality since September 11th has really pointed out the importance of having this ability to monitor and to use and approve the health information so that we can have a high quality, efficient and effective health care system.

So with that we’re going to move to the first panel and we’re going to start off with our first speaker who has already introduced himself, Dr. Loonsk.

Agenda Item: Panel 1: Overview of Public Health Information Network (PHIN) and Public Health Privacy Issues - PHIN Policy and Implementation - Dr. Loonsk

DR. LOONSK: Thank you. I’d like to thank the Working Group for this opportunity to speak and we do indeed feel this is a very opportune time in terms of the confluence of both the public health needs starting with West Nile, moving to Anthrax, into smallpox preparation or preparedness, and then into SARS, as well as the exciting activities that John has already mentioned around the work of this Working Group, the work of the National Committee, and the Consolidated Health Informatics, and we think this is a very opportune time to talk about these activities.

My presentation will be focused on the public health information network. There has been a history of a number of information technology initiatives related to public health that have shown the value of information technology, the Health Alert Network working on internet connectivity, alerting and distance learning. The National Electronic Disease Surveillance Systems, or NEDSS, working on disease surveillance and electronic laboratory reporting. The work in the Bioterrorism Preparedness and Response Funding, the work of the Laboratory Response Network on diagnostic capacity and information delivery, other efforts like the Epidemiologic Information Exchange about secure interactive communication, the activities around web-sites, the CDC web-site as a major tool for information dissemination as well as web-sites at state and local levels, and work on the National Health Care Safety Network. But as Dr. Lumpkin indicated, there is now a new bar for preparedness that we need to achieve, and public health is being tested by these new needs and it is a time to achieve a new level of coordination and interoperation among the different functions and organizations of public health, and that is what the Public Health Information Network is, and it has been identified by Dr. Gerberding, CDC’s new director, as one of her top three priorities for public health in her tenure at the CDC.

What’s part of the problem here? Part of the problem is that public health is diffused in its organizational implementation and involves many organizations working together and exchanging information. That the U.S. health care system from an information technology perspective is still relatively fragmented and getting information and consistent data out of it is relatively problematic still for public health. That the current information cycle in public health partly because of the many different organizations that are participating, as well as the historical categorical funding for surveillance and other activities early into particular diseases has led to an information cycle that is still long and frequently, if not mostly, involves the manual exchange of information. And as indicated earlier, that the new realities of terrorism and preparedness for disease outbreak requires a new level of operation and interoperability.

So the vision for the Public Health Information Network is indeed to transform public health by coordinating its functions and its organizations, and to enable real time data flow, at least close to real time data flow, to support computer assisted analysis and decision support, to facilitate professional collaboration, and use information technology to fully achieve the rapid dissemination of information to both public health as well as the clinical care community and the public.

The vision for the Public Health Information Network is a broad one, as I indicated cross multiple functions. It includes the areas of detection and monitoring, this is inclusive of activities early on in bioterrorism detection, in the areas of syndromic surveillance and early indicators of possible outbreaks. It includes the more routine surveillance and reporting operations of the National Electronic Disease Surveillance System, as well as the analysis of these data and the conversion of these data information at all levels of public health to make good decision.

The Public Health Information Network includes information resources and knowledge management, the ability to focus these information and present them in ways that support decision making, as well as alerting and communication and including the broad communities that I identified before, and the large and still developing information systems needs of response, having identified an outbreak, having identified an attack, the coordination and management of prophylaxis, vaccination, and other response activities is an area that still needs attention and been relatively under attended to in information systems development.

How do we get there? What type of network is this? The whole idea of having a network and naming something to try to sweep up some of these other initiatives and coordinate them in a way that can bring together the interoperability of the different functions has both positives and negatives about it. We are striving to make this as interoperable as possible, a framework that can work with other networks, that can work with other information systems, and doesn’t wall itself off from those activities. That this is a dual use network, that it needs to meet the needs of both homeland security, bioterrorism preparedness and response, as well as routine public health. For the former to be functional it needs to have a well trained and active public health workforce constantly using the system, working the activities of the system to ensure that when an event does occur it will be identified and that the capacity to manage and respond to it is present. That part of the vision for this has to be reducing the reporting burden, that it is well established that the clinical sector will not do manual entry to meet public health needs and so a major emphasis for the Public Health Information Network has been and will be on using electronic data that is accumulated or managed for clinical care purposes or for lab information management purposes, and reusing those data for public health purposes. And there’s significant evidence that indicates that this is not only, will help reduce reporting burden but will actually facilitate public health activities. That we are talking about moving toward real time, live data and continuous monitoring of the nation’s health, and that we need to support users. This is not a system to replace the public health personnel infrastructure, it’s a system to support it.

To give you an example of how this looked in a retrospective fashion post anthrax we did a significant analysis of the information flow that was necessary during the anthrax response, and part of that is represented by the different yellow arrows that are the on the screen in front of you. This represents some of the information exchange that was necessary and unfortunately the majority of information and data that was exchanged was done via telephone and one person picking up the phone and calling someone else and saying that the lab result was positive, or saying that this particular case was positive. And that does not meet the bar for preparedness that we’re trying to achieve.

So to get to this network, to get to this new level, we have been pursuing it through some of the component initiatives, a process that in retrospect looks something like this. First, to identify the relevant industry standards. These are both technical and data standards, and to do this obviously in keeping with activities of the National Committee on Vital and Health Statistics and Consolidated Health Informatics, and obviously as NHII grows to maintain harmonization in that respect. To also develop very specific specifications. You can think of these as in the example here is if the industry standard is HL7, lab result message, the specification is an implementation guide for a lab result message that unambiguously specifies that, which those data that need to be exchanged and will allow for doing the work between these different organizations of exchanging these data. There’s a lot of work that needs to be done at this level to detail these very specific data exchange and technical specifications.

We are then funding through these specifications. And last year over a billion dollars went out in a cooperative agreements, some through CDC, some through HRSA, and both of them had what were then called the IT functions and specifications, which identified the technical and data standards for this network attached to them, and the requirement exists that if these monies are used to support information technology that those information technology activities need to be done with those standards.

We also find that a necessary step is to develop transitional software that implements these standards now, otherwise we are stuck in the cycle of people recognizing the importance of standards, recognizing the importance of having data interchange specifications, and technical interchange specifications, but also recognizing that they need to do work now and need software and systems that support their current work. What we have found to be helpful in this regard is the development of functional software components that can be delivered and made available to public health participants that implement these technical standards so that they can be achieved now versus having to wait for subsequent cycles of software development and iteration. One example of that is we’ve the software for an industry standard based EBXML interorganizational data messaging system that can exchange HL7 or X-12 message content, and do that with a handshake between systems that is standards based.

We are also encouraging partners in the private sector to implement the specifications, and to indeed encourage the new interest of the private sector in public health. Public health had historically been a relative niche market for software development but the influx of monies that I’ve referred to already has brought a lot of interest in public health software development and so we were working with the private sector to encourage them to implement these standards and specifications in systems they develop.

And then the final step on this, which we have just really started to pursue, is that of supporting conformance testing to ensure that the standards are indeed implemented and to be able to have methods for the evaluation of the implementation of the specifications to assure interoperability.

The types of things that this needs in terms of ongoing needs for Public Health Information Network indeed include additional work on standards identification and specification. With the number of activities that are going on at the national level we are eager to tag onto industry standards that are identified and do work in this public health domain for internal specification development that gets us to that level of specificity to do the work of this activity. We are also working on foundational elements for public health partners that support integrated interoperable systems. Since much of the funding for information technology that has historically gone into public health has been focused around disease categories or around specific initiatives there is a need to implement shared functions or components in public health participants around directors of individuals, around data exchange, around standardized data stores and the like. I mentioned the need to develop transitional software components, those needs are ongoing. And the need to support conformance testing and integration assurance.

The three broad thrusts for achieving the Public Health Information Network can be described in these categories. One, a technical systems architecture for how systems need to be constructed to be interoperable. Two, a sub-component of that, which relates to implementing a live network for the exchange of very specific data. And three, work on a shared data model and vocabularies for public health participants.

In terms of the systems architecture part of the complexity of this as I’ve indicated before is that it relates to many different participants working together to support the public health mission. We have in funding activities been able to focus most specifically on health departments at state and local levels, and through work with HRSA have started on work around clinical care activities and integration with public health, but it also involves work in public health laboratories, and other state and federal agencies that need to participate in public health and public health response. And as evidenced through bioterrorism response, the needs of first responders and law enforcement are also significant in terms of information exchange with public health as well.

On a more specific level looking at a health department, we have made efforts on systems architecture that includes some of the areas identified in this slide, work on directors of participants in public health, both for communications in terms of alerting and notifications as well as authentication and authorization to public health systems. Working on data exchange methodologies, and I’ll talk a little bit more about that in a moment. The area of web services and interchange, that not of routine reporting character but of being able to query a different organization, for example, to determine whether someone has been vaccinated for a particular pathogen is a developing area.

The area of security to ensure that these data are well protected and that practices for continuity of operations are ensured. And increasingly, the left side of the slide, areas around standards for content delivery around the identification of content, the tagging of content, information architecture, metadata about content that facilitates its delivery in a timely fashion to those who need it.

In terms of the live network for information exchange, and really one could look at this as a component of both the technical architecture and the data exchange standards that I will talk about in a moment, the need is to specify the entire stack represented before you, to have unambiguous exchange of data, working on internet connectivity which some people point to as these systems are internet connected, then we’re at the point that they can exchange data. It’s obviously not enough. Working on having shared methods for encryption and security that will allow for the secure systems that cross organizational boundaries is the next added step. And then above that, working on the exchange of the handshake between information systems that allow for one information system to say to the other we have this data for you, the other one to say I’ve received that data, and thank you, and it’s been processed, and is in a form that we can understand. Working on above that the data models and structures for that relative to the industry standards for specification of messages. And then on top of that the specification of vocabularies and terminologies that will be used internal to those messages to ensure unambiguous exchange of information. This is the stack that needs to be achieved in this network, and this is the stack for which we have identified industry standards for implementation and are targeting the ability to have two different organizations handshake over the wire and be able to implement with completely different information systems but be able to unambiguously exchange those data.

A large part of that obviously is speaking to the messages and the common vocabulary for the exchange of this information, and in this regard we have in public health have identified an industry based data model, vocabulary and messages that are derivative of industry standards in this regard, heavily relying on the clinical standards development activities and HL7 activities around the reference information model, as well as the identification of technical standards to ensure that that full stack of interchange is achievable among these different partners. Obviously we are also very interested in interchanging with the clinical care community, and are excited about the opportunities that the National Committee on Vital and Health Statistics is enabling in this regard, and the work of the Consolidated Health Informatics activities to work on industry standards and work on messages that can allow us to interface public health with the clinical care community.

The slide indicates some of the information that we anticipate need to be exchanged, and some of the work that needs to be done. I’m not only identifying and using the industry standards that have been identified as part of these other efforts, but also working on much greater specification for the exchange of these data among participants. And as you can see in the context of public health response there is a lot of work that still needs to be done in terms of some of these specifications.

Finally, and I did talk about this a little bit before, in terms of work on data modeling and data exchange, we have targeted a public health logical data model that is derivative of the HL7 reference information model as well as work that has been done on the public health domain information model which we are continuing to harmonize with the HL7 rim. There are obviously other industry data models that need to be considered and vocabularies that need to be considered in this endeavor, and there’s a place of both accumulation and harmonization of those data models as well as achievement of adequate specificity to implement systems that can share technical components and interchange data with minimized mappings and re-mappings of those data, the idea of achieving the logical data model that can lead to physical database implementations at different organizations, as well as the messages for data interchange is the target for the Public Health Information Network activities.

Where do we stand in regard to achieving these goals? I mentioned previously that there was a great influx of funding for public health preparedness and response, over a billion dollars, $800 some odd million of that coming through a CDC cooperative agreement. At that time the IT functions and specifications that were derivative of some of the initiatives I indicated in my first slide, the work that had been done on the Health Alert Network, the work that had been done with public health partners on the National Electronic Disease Surveillance System, these IT functions and specifications have been attached to those monies and funding was done through them. Since then the CDC Information Council, which includes membership both CDC, ASTHO, and NACCHO, public health partner organizations, has approved the naming of those IT functions and specification as version one of the Public Health Information Network standards and specifications. We have as part of that activity also conducted an external review of those IT functions and specifications by the Garten(?) Group, that review is just finishing up, and the work of that review will be presented at the Public Health Information Network conference which is coming up in the early part of next month.

We are also continuing to build on and coordinate the component activities of the initiatives that have led to the Public Health Information Network including all the ones I mentioned earlier, and specifically Health Alert Network and National Electronic Disease Surveillance System and others, and have initiated some conformance testing and activities around public health preparedness and response activities, for example in the area of smallpox vaccine administration that we hope to expand on in the context of further conformance testing across the different activities I’ve indicated as necessary to achieve this broad interoperable network for public health.

So thank you very much for the opportunity, I believe you want to have questions after the full panel.

DR. LUMPKIN: Yes, we’ll go through the three speakers. At this point, before Jack starts, we’re going to dial in, thank you for joining us electronically.

Agenda Item: Panel 1: Overview of Public Health Information Network (PHIN) and Public Health Privacy Issues - PHIN - External View - Ms. Davies

MS. DAVIES: I’m Jac Davies in the Washington State Department of Health. Thanks very much to the Workgroup for the opportunity to come and speak with you this morning.

I’ve called my talk A State’s View of the PHIN, I just want to emphasize that this is largely a Washington State perspective. It does include some of the opinions I gleaned last summer when we were going through the process of looking at adopting the PHIN standards through the CIC last summer. It also includes some recent conversations I’ve had with a number of other states, but it’s largely Washington’s ideas.

I’m going to give you a little bit of an overview of what we’re doing in Washington to give you a perspective of how we’re approaching notifiable condition surveillance, also just some background on why we believe that information technology standards are important at the state level, what we see as the benefits of the PHIN, some of the concerns that we identified during the discussions last summer in our own experiences, and finally what some of our recommendations would be for the CDC and this Workgroup to consider.

We began, we’ve been actually working on a variety of things associated with NEDSS and HAN since before NEDSS and HAN existed. We had a lot of interest in electronic laboratory reporting, we had an interest in integrated data repositories, and had started on a couple activities before the NEDSS and HAN funding began. When those two programs did begin we made the decision to consolidate them under a single umbrella program called WEDSS, the Washington Electronic Disease Surveillance Systems. We decided that we weren’t going to be real creative with our acronyms, we just changed the first letter of NEDSS and ran with it.

Part of the WEDSS’s approach is recognizing that we didn’t want to have one huge information technology project that was going to try to do everything for everybody in notifiable condition surveillance. Instead we took the approach of having a number of smaller projects, each designed to address one component of notifiable conditions. And as we took that we wanted to make sure we were using national standards so that these projects were interoperable, that was the whole purpose of planning and implementing them together, and so that we would be able to work with systems outside of the state. So we had that philosophy from the very beginning.

This is just the pictorial overview of WEDSS, the idea being that in the notifiable condition system we’ve got all of the elements that actually John talked about in his presentation, the need to collect data from the initial reporter, whether it’s a laboratory, a hospital or a physician. The need for that information to be managed at the local level in Washington as in many state, local health agencies are autonomous, they’re the primary entity responsible for collecting and managing disease events. That we are managing that data in an integrated data repository, and that we are able to disseminate it and analyze it using appropriate tools, and that all this happens over a secure network, a secure system. So this is the umbrella picture of the different elements of WEDSS that we are implementing.

Now I don’t need to talk to this group about why IT standards are appropriate and necessary, I certainly realize that, but I’m going to just emphasize a few points here. One, and in particular, appropriate for notifiable condition surveillance is the issue of data sharing, and all of the aspects of data sharing. Collecting the information from a variety of entities, each with their own kinds of information systems. Being able to distribute data within an organization. We’re not a real large state health agency, I guess we’re about moderate size, but we have a variety of groups, our STD programs, our TB programs, our communicable disease programs, and when we collect data the data has to be shared across the agency. We also of course share information with other agencies, other states, we share it with our local health agencies, and of course with federal agencies, and that sharing is at the individual case record level so we have identifiable information. It’s also at the aggregate level so we can do various kinds of trends analysis. And then we of course disseminate that information back to the data reporters in different formats, to the entire health care system, and of course to the general public.

Standards around the data sharing process really simplify our work. They make it possible for us to go to a brand new reporting entity and set up very quickly a mechanism for electronically receiving the data. They make it possible for us to improve our data quality because we are getting it electronically and we know exactly what we’re getting and we’re getting it consistently. And ultimately they will save money although realistically we all know that the initial process of setting up standards and getting people to use them is not cheap.

Standards of course also support efficient use of resources by being able to make sure that we are using the same approaches, we can maximize the utility of each application, each system that we develop, and make sure that it meets our business needs. We can minimize the cost if we’re using current software engineering practices and implementing those consistently across an organization, we need fewer IT resources or at least a less diverse set of IT resources. And then it’s supportable and maintainable over time. We’ve also had a number of experiences in the last six months that had demonstrated that IT standards can help make it possible to implement new systems quickly, the smallpox vaccination program being one, SARS being another. We’re all well aware that in public health events happen fast, we have to be able to respond quickly and set up new systems. We’ve been living and breathing that with these two events.

We see the PHIN as really providing a lot of the benefits that help address those needs that I just identified. The PHIN really can provide states with a roadmap on how we should be considering developing our information systems so that we’re being more efficient, we’re being more effective, we don’t have to go out and figure out which standards to use, which are appropriate, because we can look to see what’s already been identified at the national level and build those into our models. It also just makes sense. We do exchange data back and forth across state boundaries, we exchange it with federal agencies, previously we have had to do this on a state by state basis, we’ve had to figure out, with Oregon, for example, with Idaho, now with British Columbia, to a certain extent our neighbors in the Northwest, and that’s all been done one by one and it’s different each time, so the standard really facilitate this process. States have recognized this for a long time and have been encouraging and urging and pleading with CDC for a long time to be taking the approach that they’re now starting to take with the PHIN, so we’re delighted to see it.

And then just pragmatically, we really are looking forward to seeing the CDC and the CDC various centers and programs beginning to use common standards. There has been a proliferation of systems, each system very viable to states, each system doing good work, but the cumulative impact is huge because each one is different, each one requires a different support level, a different kind of staff, and I have started over time to call this sort of pain propagation. If you think at the CDC in an individual center, the center that developed LITS(?) for example, the system makes a lot of sense for them, it works well for them, and when you roll it out to states it can work. And then if the state gets multiple CDC applications then the state has to figure out how to handle it, being a much smaller organization. But the ultimate level of pain is at the local level where you may end of having one or two people having to run all these different applications, so it gets more complex and we’re very much looking forward to seeing the iterative development of these different CDC applications using common standards.

We do need to recognize that as with any standardization process there’s going to be some difficulties that we’re all going to encounter, and those are some of the concerns that we’ve identified. In implementing the PHIN we have to recognize that states are in different stages of maturity around their information technology and may not be able to implement all of the PHIN elements immediately or for some time to come. Part of that is driven by the fact that each state has got different policies in place. State health agencies don’t always set and in many cases, most cases, don’t set information technology policies. Those are set at the state level by a state department of information systems or similar system by a state CIO or others, and that may dictate what kind of technology state agencies can purchase. It may dictate what kind of applications, what kind of systems states can run and that may prevent states from implementing particular PHIN standards.

I wrote this slide over the weekend and was sort of patting myself on the back for sending this in early so Steve could make copies for me but then realized the disadvantage is when you want to change something at the last minute you’re stuck with all the handouts already being made. So I made the comment that one of the concerns is that some of the elements are bleeding edge, and that’s probably an over statement, it’s certainly is as John has identified, there are standards that have been selected by industry. However, for public health, which tends to be a little bit slow in adoption in many cases, they’re new to us, very new to us, and they are going to be difficult for us to implement. We have particular concerns with the EPXML that John mentioned, and also the JAVA issue which is identified in the PHIN standards. The issues there for us are not only they’re new to us, we don’t have staff who are experienced in running them, we’ve got resource issues, we also believe that these are going to drive technology choices. And as I said a moment ago, these may not be choices that we’re able to make.

We are also concerned just from the process standpoint, we fully understand that none of us have been able to take the time to do the things the way we want to since September 11th, definitely all of our lives have been fast tracked in public health, and similarly the development and adoption of the PHIN standards have been fast tracked. But realistically there has been minimal state involvement in the identification and the selection of those standards and we believe is going to cause some problems for us down the road.

Finally, on the concerns side, we want to make sure that these standards are not developed or implemented in a way that the only way that states can be successful in being PHIN compliant is to be using CDC developed systems. This is in part based on just some of the history we’re seeing with NEDSS, NEDSS being sort of one of the sources for the PHIN standards, and as I’ve said, I’ve been sort of involved in the NEDSS program from the beginning and watched it evolve over time and watched it evolve from a program that was very much standards emphasized to a program that has certainly still a focus on standards but is also now focused on specific applications developed by the CDC. And I would be strongly encouraging the CDC and this group to recognize that the emphasis needs to continue to be on the standards, not on the development of specific applications, and that we don’t lose the value of one over the driving need to have the other in place.

That leads into my recommendations, and it really is split out two ways. The PHIN is trying to accomplish a lot, the PHIN standards, trying to organize and initiate a massive change across the public health system. John and the CDC have taken on a huge effort here and it’s an admirable effort, but it needs to be an iterative effort and recognize that it’s not all going to happen at once. And I strongly recommend that for external organizations, those outside the CDC, the focus of the PHIN right now be on data exchange and standards associated with that, not on application development, so not trying to specify specific technology and specific application standards for states, but instead to focus on all the different standards associated with data sharing, including vocabulary, how the data gets moved back and forth, and security, which includes the public health director. This is something that we all recognize as a need and we believe more resource needs to be invested into formalizing and getting out the definitions around the public health directory.

Conversely, for programs inside the CDC, we really want to see the PHIN standards focus both on data exchange and application development. As I said, that’s long been a sore point with states is the proliferation of different CDC applications, each using a different technology. So we strongly encourage the CDC to apply the standards internally across the board. And having tried to do that on a much smaller scale I fully understand how difficult that can be, it’s hard to get different programs and different IT shops to all agree to use something the same.

Along the same lines there has to be a realistic timeline and in particular a prioritized implementation sequence for the PHIN standards. We can’t do all this at once so what are the ones we really do need to be focusing on right now as we’re implementing new systems at the state level.

I talked a bit earlier about wanting to make sure that there isn’t a requirement, to be PHIN compliant states use a CDC developed system. But part of that is defining what PHIN compliance means, that there needs to be further understanding of what it’s going to take to fully meet these standards and when do we get the stamp of approval, and that becomes particularly important if the funding is going to be tied to the standards. We have to know what we’re going to be measured against. And recognizing that this is all developmental and we’re in sort of a gray zone right now where we’ve got the PHIN emerging, we’ve got HAN and NEDSS still out there, but we need to start clarifying the relationship between them as well as the other programs that John mentioned. We’ve still got HAN requirements out there, we’ve still got NEDSS requirements out there, and it would help to have a roadmap as to when they’re going to come together into the PHIN and when they’re going to no longer be measured as different programs.

And finally, I put this one in yellow because I think this is my biggest point, states and also local health agencies have to be very actively involved in all aspects of the PHIN standards. This is a system wide change and all elements of the system have to be very, very involved in developing, adopting and reviewing, and in particular governing the PHIN standards. The CDC has made some very good steps, very good strides in this direction, and I would be very encouraging to make sure that that continues. And emphasizing active, active to me includes having involvement up front in identifying standards and not just having a menu presented and saying does this look ok to you. So it’s a different level of involvement that I want to make sure states have the opportunity to participate in.

So with that, actually I think I’ve run out of breath, John is the one with the cold, I’m the one who can’t talk anymore. Thank you very much again for the opportunity.

DR. LUMPKIN: Thank you. We’ll move on to Anne and then we’ll have questions, if anybody has any. I’ve only got four or five.

Agenda Item: Panel 1: Overview of Public Health Information Network (PHIN) and Public Health Privacy Issues - Privacy and Public Health - Ms. Murphy

MS. MURPHY: Thank you and good morning. I’m going to ask you to transition with me a little bit and think about changing the focus every so slightly. I think my presentation is going to ask you to consider in very broad terms the relationship between the public health system and privacy considerations. As we went around the room at the outset we all introduced ourselves, let me reiterate that I am an attorney with the Illinois Department of Public Health, I’m the chief legal counsel and chief privacy officer, and as you might imagine have been busy with those issues and many others in recent months. And want to talk in very general terms initially about the relationship between public health priorities and privacy considerations, then to talk in a bit of detail about the HIPAA privacy rule which took effect on April 14, and I have a method to my madness in wanting to do that because with those two components, with the broad view and with some discussion of the HIPAA privacy rule, there are several considerations, several key issues that this Working Group may want to consider in terms of ways to continue to foster and enhance the public health systems access to individual health information and utilization of that information in an era in which privacy considerations are being given very high priority.

In my view the public health system and privacy principles are at an interesting and critical intersection, and I say this for several reasons that I know are fairly evident to all of you, but let’s walk through them just to sort of think about it in these big picture terms. Public health activities are increasingly prominent and increasingly essential in this day and age because of bioterrorism considerations, because of emerging diseases, for a variety of different reasons that each of us confronts every single day. Those activities from a public health detection and response perspective are dependent upon access to individual health information, and so as those privacy considerations come to the fore the credibility and usability of the public health system depends upon an accommodation of those privacy principles to allow for that access to individual information.

At the same time, and as all of you know oh so much better than I, there is a better technical capability to access health data, as technology improves the ability to access it and the ability to use that data at the individual level becomes better and better. And there is an increased need, in my view, for public health authorities to exchange data with other parties, and by other parties I mean both in the public sector and also in the private sector, and I will elaborate on that in a few moments. And in the context of all of that there is a heightened sensitivity to privacy of health information, not only under federal law but also under state law as well.

Now turning to a few of those general observations I think we’ve already addressed this, both the prior speakers and I, public health activities are increasingly prominent and increasingly essential, and those three examples I think illustrate the point without much additional commentary. Public health activities depend upon, and there should be individual, the word individual, health data, whether we’re talking about communicable disease reporting or about population health assessment which in turn in my way of thinking would include epidemiological investigation, registries, research and laboratories, you are at the end of the day talking about an assessment that starts with individual health information.

Licensure and certification. This is one that I would emphasize because sometimes it gets overlooked as one thinks about the public health system. Public health is responsible in many cases for licensure and certification of health facilities. In order to appropriately do that one needs to have access to individual health information, health information with respect to residence and patients in order to assure that care is properly being delivered, and that licensure and certification standards are being met. Early detection and intervention, vital records, and generally preventing or controlling disease, injury, or disability, all of these are public health functions and all of these require access to individual health information.

In terms of the better technical capacity to access health date, syndromic surveillance certainly has been the topic of much discussion and activity, and as has already been referenced this morning, and I know is the focus of this Working Group, improved electronic linkages with providers and local health departments, and with the CDC, whether it’s at the most basic level through interconnectivity in a rural local health department, or whether it’s at the most sophisticated level, all of that is improving the technical capacity of the system and therefore is improving the potential for the system, not only to better access the data but to utilize that data once accessed.

As to my next point, the increased need for public health authorities to exchange data with other parties, I personally think that this is extremely important. I think the public health system, the traditional public health system if one looks at local health departments and state health departments, needs the assistance of others in order to make the most of the potential of that data, and having those appropriate relationships with third parties, whether we’re talking about third party researchers or service providers or law enforcement or others is extremely important. With respect to third party researchers I will say there are both the traditional researchers in terms of academia and at least in the state of Illinois we have seen other third parties come to the fore interested in doing research as well. Other third parties that may want to access the information include community based organizations and other governmental agencies at the federal, state, and local levels.

In terms of the heightened sensitivity to the privacy of health information under federal and state law, we’ll talk about HIPAA in a few moments. But I think one of the messages I do want to get across is that state law needs to be considered as well because in many instances state law is going to be more restrictive to the access and use of data than the HIPAA privacy rule might be. The HIPAA privacy rule certainly has received a lot of attention and rightfully so, but as we’ll talk about in a little bit, the HIPAA privacy rule is actually very flexible when it comes to the public health systems access to data and is really designed to continue to allow the public health system to access that data and use that data. When you look at state law, and I can only speak with authority to Illinois, if we were to look at the communicable disease code statutes with respect to HIV/AIDS and STD, mental health records, medical studies, registries, facility licensure laws, FOIA and vital records, we would see statutes that can be extremely restrictive and extremely inflexible in fact in certain circumstances in terms of the ability of the public health system in particular to release that information to third parties. And so as we talk about legal constraints certainly lets talk about HIPAA, but lets also focus our attention on what state laws may say.

Now let’s turn and talk about HIPAA for a few minutes before I get to my key issues and observations. HIPAA is in fact, the privacy rule is in fact intended to foster and perpetuate public health reporting. It is in my view fairly flexible in that regard and it is also I believe potentially misunderstood as covered entities, whether we’re talking about providers or health plans or clearinghouses, struggle with the massive change in their culture and in the various things that they need to put into place in order to comply with HIPAA, I do believe there is tremendous potential for the flexibility that is inherent in the privacy rule with respect to public health reporting to be lost in the shuffle.

And let me just quickly talk about some of the aspects of the privacy rule that do allow for that flexibility. Covered entities are allowed to continue to report information into the public health system without individual authorization under a variety of different accommodations within the privacy rule. First, to the extent that it is mandated by state law, and there are some special bells and whistles in connection with certain types of reporting, but as a general proposition I think it is fair to say that if state law mandates that that information be reported into the public health system then it can be so and it can be so consistent with the HIPAA privacy rule without the need for individual authorization.

Public health activities. There is an explicit allowance, if state law authorizes the reporting of information to a public health authority then that reporting may occur.

Health oversight activities. If state law allows access or reporting of individual health information to a health oversight body, which in many instances will include the public health system, then that reporting can occur consistent with the HIPAA privacy rule without the need for individual authorization.

There are a couple of other categories that I don’t have time to go into that may eventually be useful if one is looking at bioterrorism related reporting, those relating to a serious threat to health or safety and to disaster relief. I will also mention, although it’s not on the slide, the need to focus on accommodations for research, although I would caution that there needs to be a clear understanding of the distinction between public health practice, epidemiological investigation for example, that need not in my view meet the more cumbersome research requirements under the privacy rule but rather instead should be viewed as public health activities, and part of that distinction may hinge on whether the activity in question is being done to address a particular health problem or is being done to advance generalized knowledge. Not enough time today to go into that but something that I would certainly footnote for further consideration.

Now going back to a few of these HIPAA accommodations and talking about them in a little bit more depth, or really just sort of identifying categories of state law that may benefit from these accommodations, in our state at least, in Illinois, our communicable disease reporting would fall into the required by law category, no individual authorization is necessary, mandated lab testing, mandated access to information for licensure and certification purposes, vital records reporting that incorporates individually identifiable health information, there is in the mandated by law category, as I alluded to before, some special bells and whistles that need to be accommodated for certain kinds of reporting. In other words there are some specific requirements within the HIPAA privacy rule that need to be satisfied if you want to avail yourself of the mandated by law exception when you’re talking about disclosures for abuse and neglect, disclosures for judicial or administrative proceedings, or disclosures to law enforcement. But having said that I would also emphasize that in fact the HIPAA privacy rule does allow for those disclosures as mandated by law.

Disclosures for public health activities to a public health authority. What I want to emphasize here is that public health authority is defined by the privacy rule, not only to include governmental entities, but also to include non-governmental entities with which a traditional public health authority might contract or to which a traditional public health authority might delegate authority. So if a state health department decides that it wants to delegate public health authority to a third party through a contract, then the HIPAA privacy rule specifically indicates that that third party may be considered a public health authority to which public health reporting may occur without an individual authorization. It’s a component of the law that allows for flexibility and that allows for contracting.

Moving to health oversight, I would point that health oversight contains that same allowance when it talks about what constitutes a health oversight agency. It specifically indicates that a health oversight agency may not only be a governmental entity but also may be a third party with whom that governmental entity enters into an appropriate arrangement. And health oversight is broadly defined to include audits, investigations, inspections, and licensure of disciplinary actions.

In terms of HIPAA constraints on public health activities, really that’s a function of the activities themselves. Which activities of a public health entity may be considered covered or not covered really varies very significantly from jurisdiction to jurisdiction, whether you’re talking state or local. In the state of Illinois we consider ourselves to be a hybrid entity. To state it as directly as I can most of our activities are not covered functions under HIPAA, the vast majority of our activities are not covered functions under HIPAA. We have two programs that we have determined to be covered functions that from a technical legal perspective must meet the requirements of the HIPAA privacy rule, our blood lead screening program and our ADAP program for the provision of AIDS and HIV positive medications. Notwithstanding that, and in large measure due to the efforts of Dr. Lumpkin, we have adopted within our agency a culture of privacy, so we endeavor to achieve privacy to the fullest extent possible consistent with public health considerations but HIPAA requirements are legally mandated only for those covered functions.

In terms of key issues, and these are the four issues that I really want to offer to this group for consideration as you think about the needs of the public health system and the new era of privacy that we are all working within. I think there is a potential for reduction in reporting to public health authorities due to misperceptions and misunderstandings as to the HIPAA privacy rule, and I really would like to emphasize that to this group. As I indicated, and part of the reason I took the time to walk through some of the particulars with respect to the HIPAA privacy rule, the privacy rule in my view, and I think in the view of those who have studied it from a public health perspective, is flexible and was in fact successfully designed to allow for continued public health reporting and continued use of that information. But there is a tremendous amount of discomfort in the provider community at this point in time, tremendous potential for the baby to be thrown out with the bath water for hospitals and nursing homes and health plans even to knee jerk and say sorry, we just can’t do it, HIPAA doesn’t allow for it anymore. And therefore I think there should be strong consideration of an intensive education and communication campaign to the appropriate constituency groups, to the provider associations, to state legislator associations, AG offices and the like, to say no, in fact that is not the case, in point of fact HIPAA does allow for these things to continue to occur. We have undertaken such a campaign in Illinois and I think nationally certainly in other jurisdictions, there may be some benefit from that as well.

For those of you with a particular interest in this topic, if you don’t know about it already, there was a very good article in the April 11 issue of MMWR that talks about HIPAA privacy rule considerations in relation to public health and reflects joint guidance from the CDC and DHHS on that topic. There are some specific things I would emphasize if I were embarking upon that educational campaign in terms of flexibility with respect to satisfaction of the minimum necessary standards and flexibility with respect to the accounting requirements within the HIPAA privacy rule.

The second observation I would make is that in my view the time is ripe to have an open and public dialogue in order to facilitate innovative but appropriate data relationships between public health authorities and third parties. And remember here, I’m an attorney, I’m talking about contracts in large measure. I’m talking about coming up with documented relationships between the traditional public health system and third parties in order to expand the potential for use of that data, the potential to analyze the data, the potential to research around that data and take that data out into the field. And in that regard I would say that, as I said before, HIPAA may be more flexible than some state laws and so perhaps some of those state laws need to be reevaluated.

I also think that at a national level the public health community would benefit from some concrete discussion and maybe some model contract development around agency relationships that public health governmental agencies could enter into, what kinds of contractual arrangements could be standardized or could model agreements be developed around with appropriate confidentiality provisions built in, and I think there could be some model contract development. Those would need to be tailored to state law, but I think it would get that issue our for discussion and I think the public health community would benefit from it.

My third recommendation has to do with bioterrorism, and the fact that there is so very much going on right now in the context of bioterrorism preparedness and response, on so many different levels. But while there’s a lot going on and a lot of it is extremely positive in terms of moving the system forward, and I would point out that forensic epidemiology is one area where there’s been substantial effort, the CDC has a very intensive national campaign underway to bring together the law enforcement and public health communities in order to educate both constituencies about how you could put together a forensic epidemiology program. I will say once again that this is an area in particular where state laws may be rather inflexible. Our communicable disease code in Illinois says, and Dr. Lumpkin and I were talking about this this morning, you shall never disclose this data ever to anyone under any circumstances, including but not limited to pursuant to a court order. Well working with that in the context of forensic epidemiology is extremely difficult. HIPAA allows for it if you jump through the appropriate hoops but state law may not, and therefore I think there needs to be some attention given to that state law inflexibility in order to create the fullest potential for that interchange of information between the public health and law enforcement systems.

My final recommendation for consideration has to do with considering the increased pressure for specific health information from the media and the public in an era of bioterrorism, West Nile, and SARS. The public wants a lot of specific information and the media is more than happy to pursue diligently on their behalf, and that creates a particularly strong tension between the needs of getting information out to the public for public safety purposes, and the traditional sensitivity of the public health system to the privacy of individual information. And if you think about SARS I can assure you I have had specific conversations about this very topic numerous times over the last few weeks, how much information will you give out about the gender, the age, the date of onset, the geographic location of those who are suspect cases, and recognize that the way that those judgment calls are being made is varying quite significantly from jurisdiction to jurisdiction. What is going on in our state in terms of the release of information is not what is going on in another state, it may not even be what is going on in a local health department within our borders. So that issue needs to be considered. FOIA laws, state FOIA laws can be rather vague on this topic which is sometimes helpful and sometimes not, and FOIA laws it seems to me could be examined if one were to delve into this topic in a little bit more depth. I have a somewhat cryptic reference to litigaters in organized labor because they can be our most diligent pursuers of information aside from the media, and there are some special sensitivities that need to be addressed by the public health system in responding to those requests. But I think ultimately my recommendation here would be that the public health system should strive for consistency in the level of detail that is being offered, after giving consideration to both the privacy and the public safety considerations, and that that is a discussion that perhaps could be had on a national level. Certainly state laws need to be accommodated, but in terms of endeavoring to achieve some consistency around the extent of disclosures, some recommendations about what level of detail is necessary in fact in order to protect the public health may be a worthwhile effort.

That concludes my remarks and I thank you for your time and attention.

Agenda Item: Panel 1: Overview of Public Health Information Network (PHIN) and Public Health Privacy Issues - Questions and Discussion

DR. LUMPKIN: Great. I’d like to thank the panel for staying on time and helping us keep our tight agenda. We now have time for questions, and I will make an observation and perhaps start off with a question and then turn it back over. It seems to me that the two states represented and the CDC all happen to be engaged in a common activity beginning the second week of May, so the question is to what extent do you believe that the systems that are being put in place will be tested during TOPOFF(?), and evaluated, to the extent that you know. For those of you who don’t know, TOPOFF stands for top official drill, it’s a Congressionally mandated test of the ability to respond to a terrorist event, and it’s scheduled to begin May 10th with a bioterrorist attack in Chicago, spreading to Canada, and a dirty bomb in Seattle, so that’s the reason why the two states who just happen to be here are involved, and the CDC’s a player, too.

MS. DAVIES: In Seattle we’re in some ways rather fortunate that it’s a dirty bomb scenario because we have years and years of experience in planning an emergency preparedness around radiological events, we’re the state with Hanford(?), and so in our agency we have a radiation protection program that’s done quite a lot and they are actively involved in the work for the Seattle TOPOFF exercise. There was initially some thinking about including a passenger from Chicago coming into C-tack(?) to just let us dabble our toes in the BT event, and then we decided to not do that because we thought that the dirty bomb, there’s going to be a cyber attack, and a couple other things going on and it was just getting a little ridiculous. The things that we’re talking about under the PHIN and the Health Alert Network and so forth we’re not planning to bring into play as part of the Seattle exercise, as I said we’re going to be relying on the existing systems that were in place for radiological events. I don’t know what’s, I haven’t been involved in the planning, I don’t know what’s going on in Chicago.

MS. MURPHY: Well, I can speak primarily to the sense that TOPOFF will test our legal authorities in connection with reporting and utilization of the information. In Chicago we’ve developed a legal team that has pulled together federal, state, and local attorneys and we’ve anticipated the issues that we think are going to be raised during the exercise. We’ve also selected a few of those for special consideration and evaluation, and one of those that we selected has to do with the legal capacity of providers to report information to the public health system and also to report information to law enforcement. And we did that intentionally knowing that the exercise was going to be coming on the heels of the effective date of the privacy rule and we thought that it would be an opportunity for us to reinforce the message that we already want to get out which is yes indeed, you should continue to report this information as appropriate. Where I think things could get interesting is in the area of forensic epidemiology. The FBI is playing very, very actively in this exercise, and is looking forward to the opportunity to do a trial run on some forensic epidemiology with our local and state public health department staff, and I think we are going to work through some issues with respect to the extent that federal and state law allow for that to occur.

DR. LOONSK: I participated in TOPOFF one and if that’s an indicator, because it’s oriented, TOPOFF has been at high level offices and simulation it didn’t really get to the level of actual implementation that many of the information technology issues are actually exercised, and maybe TOPOFF two will be different, but I suspect at some level it’s going to cruise above some of where the rubber meets the road so to speak.

DR. LUMPKIN: Thank you. Other questions? I’ve got a whole list, so, Bill?

DR. YASNOFF: Jac, you mention in your talk that you thought it would be good if CDC focused more on standards for external organizations rather than application development. And I may be, correct me if I’m taking your comments incorrectly, I think one of the concerns at CDC is that clearly speaking from Washington, you folks have the capability of building software packages but not all states have that, and so I think one of the concerns at CDC, and John you may want to comment on this as well, is that there’s an issue of helping those states who really can’t or won’t develop software with software packages. And so I wonder if in the light of your recommendation if you could comment on what you think the direction should be to meet the needs of those states who really are not in a position to develop software.

MS. DAVIES: Let me just clarify my initial comment, that in terms of the standards, within standards I would recommend a focus externally on standards around data transfer, and less on standards around application development. But I also believe, my seceding comments then on cautioning the CDC about having the PHIN process change into a process that’s focused on application development. I fully recognize the rock and the hard place, and as I said having watched the evolution of the NEDSS process, the CDC was very, very strong on standards at the beginning and that’s what states wanted and then states began saying we don’t know how to do this, we don’t know what to do with this information, we don’t know how to turn it into applications, can you help us, and that was the genesis in the NEDSS base system. So states certainly have asked for help in application development. The problem is that for somebody else to try to develop an application, this is not unique to the CDC, if we try to develop an application for a local health agency we run into the problem that we don’t really understand the locals business. It’s just the fact we don’t live it. And we’ve seen the same thing with CDC developed applications for the states. It’s difficult for a federal agency to fully understand and to address the business needs of a state agency.

Another model might be for state consortia to do joint application development, as is beginning to happen around laboratory information management systems, with the Association of Public Health Laboratories taking the lead on developing business requirements for states that states can use either to turn over to contractors or to do their own development. Similarly, the NCHS and NAPHSIS are working with state registrars to begin the development of business requirements for electronic death registration systems. That seems to be a model that certainly has a lot of advantages to it and although it’s a new model maybe one that would play out in a way that really could result in functioning state systems.

DR. LOONSK: Bill’s comments are very apt, that there are many states who are not as able as Washington State to develop systems, and there is a need for a safety net to support those states and local public health agencies. We are strongly committed to allowing for standard based systems that aren’t CDC developed to work in this network, and that is our commitment that we will continue to reiterate, and I think that part of this also can be, we can make progress in in terms of the transitional software that identified, which is more functionally oriented where component pieces of software, for example, to increasingly integrate complex systems, can be shared and that those don’t necessarily dictate particular business requirements about they’re used but enable the implementation of those standards.

DR. LUMPKIN: Ok, follow up on that and then Eduardo. Ted’s going to just follow-up.

DR. SHORTLIFFE: This is very directly related to what was just being spoken about. I’m trying to read between the lines in this comment and concerned a little bit. It seemed to me you were adding a concern that PHIN compliance would somehow or another be linked to use of applications rather than simply adoptions or integrating properly with the standards that might come out of this kind of a development activity. Wasn’t that also a point that you made? And I just wondered to what extent that in fact is something that’s been happening. Are you feeling that Washington is under some kind of pressure to adopt applications that are CDC promulgated rather than to participate in the standards development and then to make sure that the systems used are compliant with such standards?

MS. DAVIES: It’s a little early to say for PHIN, but to prior experiences, just give us pause. One is around NEDSS and the development of the NEDSS base system, and as a non-based system state, in order to make sure that we are able to send data to the CDC for example, in order to make sure that as we, what are called the PAM’s are rolled out, the programs application modules that are going to be developed to fit into the base system that are specific to CDC programs, the plus of this is getting those programs organized so the new TB system, the new STD system and so forth that are rolled out to states will be essentially modules of the base system. Well we’ve got to run those, and we’ve got to make sure that those will nest into the system we’re developing, and our comfort level right now is not real high that that’s going to happen. So that’s the first example.

The second is more recently with a smallpox vaccination program, and the PVS system, the CDC developed system to support that. Again, we did not go with that system, we went with a vendor designed system, and have had some difficulties trying to make sure that we’re able to send the data. Both systems built to the standards, but again this group, don’t need to go into the difficulty of defining and implement to standards, it’s a learning process and I just wanted to raise the flag early on that we’re not all going to go down the same road, we don’t want to be pushed down the same road.

DR. ORTIZ: Ms. Davies made a comment, I guess her last thing which was in yellow so it struck me, assure active state involvement in development, adoption, review, and governance of PHIN standards. And so when I heard that, my question I guess is more to the CDC, but also you may want to respond to this, I wasn’t sure if that meant so much that you were concerned that this hasn’t happened, or you just wanted to put that out there, so my question is really more to the CDC saying up until now, how much of all these things that have been developed have been mainly at the CDC level versus who else has had input in these systems, and just from CDC’s perspective, how much involvement do you think you have given to local and state public health officials, maybe even practicing clinicians, patients, etc., to make sure you’re getting enough input from the stakeholders to make sure that they’re concerns are being addressed?

DR. LOONSK: The processes for NEDSS and for HAN to involve state and local health departments were relatively informal, so there was a history of involvement and activities in that regard. They led to specific standards and specifications, the fast tracking that Jac alluded to was around the bioterrorism monies. There was about to be over a billion dollars that went out, over a third of which was targeted to be used for information technology development and it was going to be implemented and passed out without guidance as to the technical standards for that implementation. So in that fast track setting we took the standards that had been developed in those relatively informal processes for NEDSS and HAN and almost exclusively used them to develop the technical specifications that were attached to that cooperative agreement.

Since then we have established a more formal structure for how both the data standards and the technical standards will have stewardship by the public health partners as represented by ASTHO and NACCHO, and by CDC in the context of committees off of the CDC Information Council. So we feel that the process is more formal, we recognize the fact that in the process of trying to bring order to the bioterrorism funding that was going out the door, that it was fast tracked but we feel now in the context of the technical review on the technical standards and the stewardship by these representative groups that we have achieved a better and more formal process for the future.

DR. LUMPKIN: And I should point out that this Committee did, the NCVHS did send a very strong recommendation to the Secretary that those funds be expended in the standards based way. Richard, for the final question before the break.

DR. HARDING: Very good panel, and thank you all for being here. Several of you mentioned this issue of public access to information and it was brought up about privacy protection versus public safety and so forth. The final one though was to me public misinformation. How do we deal with that? Because you watch the war and people get these dribbles coming out about something and then get “experts” who come up with ideas about what that means and so forth. How do we avoid catastrophe’s so to speak by public health information becoming public in raw form before it is refined by the experts? What’s the policy there? How is that going to work?

MS. MURPHY: At the end of the day I think it’s not a legal question but I’ll give you an attorney’s perspective on it. Part of the challenge it seems to me, I wish there were a chief information officer here --

DR. HARDING: Like Baghdad Bob you mean?

MS. MURPHY: To lend some practical perspective to this, but I think one of the challenges is coordinating within the public health system how that information gets out and achieving coordination among components of the public health system to have the goal not be which jurisdiction gets the information out first, but to have the goal be how do you get the information out best in order to serve the public interest. And sometimes that means that if you think you’ve got the, in sort of the reality being what it is, if you feel that you represent the agency that is best able to give a balanced perspective, and is best able to process the information at hand, then unfortunately it’s going to be important to try to get there first. That’s a little circular, but I think it is the, I think John knows what I mean, it is incumbent on the public health system and I’ll take Illinois as an example, the Illinois Department of Public Health, if it sees an issue that is a moving target, if it sees a SARS or a West Nile, and it recognizes that there is the potential for misunderstanding, is someone other than we is taking that information and speculating off of it, it’s incumbent on us to get a balanced message out there first I guess is what I’m trying to say in a roundabout way.

DR. LUMPKIN: Ok, I do have a number of questions, I’m just going to ask one that if perhaps John you could give the information to the Committee a little bit later and then we do have to move into the break. And that is the Secretary testified, I think it was about two weeks ago in regards to the spending out of the funding for bioterrorism and some concerns about the degree at which that spending is occurring. I was wondering if you could provide us with some information to the extent that some assessment of the state spending on the information systems, if 30 percent of the funds are being allocated for information systems, do we think that that in fact is happening? Are there delays that may be occurring at the state level that ought to be addressed? I think over half the states have new governors, new administrations, and I suspect that there may be some areas where we ought to or we could as a Committee in our next meeting urge greater attention to implementing this important infrastructure if we had some data on that.

DR. LOONSK: The one third number was the projected number, and in terms of getting the Working Group numbers specifically on how that has played out relative to the issues about expenditures of the funds we can work to provide those relative to IT funding. Obviously as a general issue, there have been, the expenditures of funds have been problematic at times, we know that IT contracting and implementation is not the most streamlined in all circumstances, so it is a particularly pointed question.

MS. DAVIES: The fact that, just point out, that has been a huge issue for discussion in ASTHO and just to please recognize that the contracting process at the state level, including transferring funds to local health agencies is one that may not be showing up in the HHS sights as much as it should. We’ve committed all of our funding to local health agencies, the proportion that’s going to them, it’s obligated to them, they’re spending it but it’s not showing up as spending in HHS records, so just keep in mind that there’s some different of opinions between states and HHS on how much money has been spent.

DR. LUMPKIN: Understanding that, but I think the issue, and my understanding is that the expenditures for the information infrastructure primarily tends to be a state expenditure, and so we should have better records in that than other aspects of the bioterrorism infrastructure.

Let’s take a short break, we’re scheduled to return at 10:30. I’d like to thank the panel very much, it’s got the morning started off with the right approach.

DR. ZUBELDIA: -- you mentioned in Illinois you have a culture of privacy and most of your functions are not covered entities as a function under HIPAA. The question I have is what kind of legislation or regulation or statute cover the data transfer of to a public health authority after a HIPAA covered entity sends it to you, it could be state regulation, it could be local, can you tell us a little bit about that?

MS. MURPHY: I’m going to repeat the question and my apologies, it was a little bit difficult to hear it through the speaker phone with a mic point up next to the speaker phone. I think, I’m speculating that you were asking whether in effectuating a culture of privacy within our agency recognizing that very few of our functions are actually covered by the federal HIPAA requirements, how in fact we are doing that and how state law may play into that. Is that a fair summary of the question?

DR. ZUBELDIA: [Inaudible.]

MS. MURPHY: Well, what we did essentially is to piggyback off of the things that we needed to do in complying with HIPAA, so HIPAA would require you to do all of the following, to appoint a chief privacy officer, to undertake appropriate education of staff, and in our agency we decided that in order to effectuate a culture of privacy and mean it we were going to educate each and every employee within our agency including contract employees as to the privacy requirements. And we have in fact done that, over 1,000 employees were educated as to the HIPAA privacy standards and other privacy requirements. We have a centralized committee on HIPAA implementation within our agency and we have a privacy liaison now who sits on that committee and also represents each of the major program areas within our agencies, so we have the interface of information back and forth as it relates to privacy standards. We have a privacy directive that Dr. Lumpkin executed that imposes upon personnel adverse consequences if they don’t adhere to our privacy requirements. And we have detailed policies and procedures that are both HIPAA compliant and also implement privacy standards outside of our HIPAA mandated functions to the extent that we believe that those are appropriate. We have a working group between governmental agencies and the private sector so that we can exchange information with the private sector with respect to privacy requirements. And as state government we undertook the development of a draft preemption analysis in order to determine which laws within our state might conceivably be preempted by HIPAA. And if you take all of those things together what we have done is have a narrow band of activities that are technically compliant with HIPAA and a much larger band of activities that we bring into compliance with the principles imbedded within HIPAA to the extent that we reasonably can. But if we reach the conclusion that technical compliance with those HIPAA standards would impede public health services and function, and we are not required to comply with HIPAA, then we very carefully and very narrowly decide not to. And of course implicit in all of that is that if our state laws are more stringent with respect to privacy then we comply with those laws.

DR. ZUBELDIA: [Inaudible.]

DR. LUMPKIN: The question is is the situation in other states similar to Illinois, and Jac maybe you might answer for Washington.

MS. DAVIES: It is, and that it sounds like that we’ve gone through a lot of the same processes. We have also come down to identify ourselves as a hybrid entity, we only identified really one activity associated with our newborn screening program that we concluded was absolutely met the definition of requiring HIPAA compliance. We are taking the same philosophy of promoting the HIPAA provisions throughout the agency, but we are putting the emphasis on the part of the agency that’s going to require the technical level of compliance.

MR. BLAIR: First I wanted to express my appreciation for the testimony of everyone, I learned quite a bit and I found it very helpful. One of the things that I was sensitive to, though, was that I think the folks in this room, many of which have been part of the development and recommendations for the privacy regs of HIPAA are very much aware of the purpose and the conversation in this room, if it is taken out of context, may have lost the purpose of the privacy regs of HIPAA. And I just wanted to indicate that while the conversation today was focused on the flexibility that allows information to be available for public health purposes, the purpose of the privacy regs is to protect personnel health care information and a lot of things were included in that regulation to do that and that the discussion in our meeting was only that portion of the privacy regs which were intended to not impair information available for public health, but that it’s purpose was not to facilitate that.

DR. LUMPKIN: Thank you. We’re going to now take a break, we’re going to take about a ten minute break, and by my clock that will have us getting back about 10:35 or so.

[Brief break.]

DR. LUMPKIN: I would like to welcome the panel and ask you to introduce yourselves so that the folks on the internet can hear your voices and associate them with a name. Gail, if you’ll start.

MS. WILLIAMS: Good morning, I’m Gail Williams.

MS. O’CONNOR: Good morning, I’m Lilly O’Connor.

MR. HOPFENSPERGER: Dan Hopfensperger, program manager for the Wisconsin Immunization Program.

DR. MEARS: Greg Mears with North Carolina EMS.

MR. EDMONDS: I’m Larry Edmonds from the National Center on Birth Defects and Developmental Disabilities

DR. LUMPKIN: Great. This is a panel on improving reporting from primary sources to registries, and we have a full spectrum of, not a full spectrum but a cross section of registries that operate within health agencies. We’ll start off with Gail. Thank you.

Agenda Item: Panel 2: Improving Reporting from Primary Sources to Registries - Immunization Registries - Ms. Williams

MS. WILLIAMS: Good morning Chairman Lumpkin and distinguished members of the National Committee on Vital and Health Statistics, National Health Information Infrastructure Workgroup. I’m Gail Williams. I’m the acting chief of the Immunization Registry Support Branch in the National Immunization Program at the Centers for Disease Control and Prevention. Thank you for inviting me to speak with you this morning about immunization registries, tools we believe that can ensure continued successful delivery of one of our greatest public health achievements, vaccines.

Today I will discuss the status of immunization registries in the United States and the challenges that we are facing. I will then make recommendations to the Committee for your consideration on how to improve the situation.

We at CDC’s National Immunization Program believe that meeting the ongoing challenge of vaccinating the 11,000 children born on the average each day requires the development and implementation of community and state based immunization registries. Registries are confidential information systems that track childhood immunizations.

Ideally after obtaining consent a child is enrolled in an immunization registry, possibly through linkages with electronic birth certificates or at first contact with the health care system. Data are recorded at enrollment and are electronically transferred to populate the registry’s database.

At each immunization encounter, the child’s history is located in the registry’s database with the help of patient identification algorithm, and downloaded to the provider’s fully integrated, computerized information system. The provider can have confidence that the record is complete and accurate, as the registry will have assembled all immunizations the child has received regardless of when or where they were administered.

The registry will add value to the provider’s practice by providing automated decision support, reminder/recall notifications, and official documentation required by schools, camps, and day care facilities.

Is this scenario too much to hope for? We don’t think so. In fact, we have developed a Healthy People 2010 objective to have the immunization records of 95 percent of children in the United States in a fully operational immunization registry.

Currently, all of our 64 grantees that receive federal immunization funds, that’s 50 states, six large cities and eight territories or commonwealths, are developing or implementing immunization registries, and 31 percent of U.S. children are currently in an immunization registry. CDC is committed to increasing this percentage, and since 1994 has allocated $262 million dollars for immunization registry development.

Four areas continue to challenge immunization registry progress. These are ensuring the confidentiality of registry information and the privacy of registry participants. Ensuring the participation of all immunization providers and parents. Ensuring appropriate technical functioning of registries to enable high quality data collection, use, and exchange. And ensuring a sustainable funding stream for continued immunization registry support.

In an attempt to overcome the registry privacy challenge, we developed minimum specifications and implementation guidelines in collaboration with privacy experts and registry stakeholders. In 2000 the National Vaccine Advisory Committee approved these guidelines, which recommend written confidentiality policies that are consistent with applicable state, federal, and local regulations, and written authorized user agreements. Parental notification of the registry and the option to choose whether to participate. Use of registry information only for its intended purpose and specification of who has registry access and to what information that access provides. Defined penalties associated with unauthorized disclosure of registry information. And specification of the length of registry date retention and what will happen to the data at the end of that period.

Perhaps our biggest challenge is creating provider demand for registries. Focus groups have indicated that one barrier to participation is concern about the adverse impact that a single focus information system could have on office practices by requiring multiple record systems and duplicate data entry. Consequently we are working with software vendors and standards organizations to add value to their products by creating immunization registry interfaces.

We believe another stumbling block for provider participation is the quality of registry data. To improve quality we developed a set of test cases that allow us to measure the sensitivity and specificity of de-duplication algorithms currently used by registry developers to uniquely identify registry participants. In addition, we are pilot testing a process that compares provider-verified immunization histories collected in the National Immunization Survey with immunization registry records. Preliminary results indicate that this methodology will enable us to assess the quality of registry data by evaluating it against “gold standard” clinical data.

We also must ensure that registry data are used to improve the effectiveness and efficiency of our immunization programs.

Registry participation offers multiple incentives to providers and parents, including increases in immunization coverage and improvements in office efficiency. Registries have also been used to identify clusters of vaccine-associated adverse events, to identify and re-vaccinate children who received immunizations from sub-potent vaccine lots of inadequate dosages of vaccine, and to monitor the implementation of new vaccine recommendations.

Oregon’s registry data were used to assess the impact on hepatitis B vaccine administration after recommendations were made to postpone the first hepatitis B vaccine dose until two to six months of age in infants born to hepatitis B surface antigen-negative mothers. Registry data indicated a 93 percent decrease in vaccine administration during the six weeks after the recommendations were made. This is one of many examples of how registries are meeting state and local public health needs.

Since 1993, the National Immunization Program has encouraged the development of community and state based immunization registries that meet local needs. While flexible, this approach has resulted in registries that differ in functionality and operate in different electronic environments. To facilitate registry development and enable secure data exchange, core data elements, vaccine codes, technical functional standards, record exchange guidelines, and certification processes have been identified and developed by CDC in conjunction with our partners, including the National Vaccine Advisory Committee. These long standing conformance efforts are directed to promoting a single, national platform independent standard to link immunization registries with each other and with other information systems.

This slide, based on self-reported data, shows progress being made by registries at achieving some of the functional standards. Some of these functional standards are privacy and confidentiality, reminder/recall, exchange of information using the HL7 standard, information available at the time of encounter, and being able to process within four weeks of administration. Records created within six weeks from birth and including all National Vaccine Advisory Council core data elements. No standard has been achieved by all of the registries, nor has any registry yet achieved all of the standards.

Although much progress has been made in developing a nation wide network of community and state based immunization registries, much work is required before reaching the 2010 objective of increasing to 95 percent the proportion of children in a fully operational immunization registry. You can help us reach this goal by promoting registries at every opportunity as an integral data driven component of an immunization program, acknowledging the critical role that immunization registries can play as a backbone of the public health information infrastructure. Demanding the adoption of national standards. Specifically, the publication of the HIPAA claims attachment transaction that applies both the HL7 and X-12 standards will catalyze software vendors and others to make their systems compatible with the appropriate clinical data. Help us educate our provider community on HIPAA disclosure to assure providers are confident with the immunization reporting. Support Vaccines for Children Program funds for registries to ensure a sustainable funding source. And increase the accountability of registry resources at the federal, state, and local levels.

I hope that this background on the status of immunization registries and the presentation on key challenges facing registries and recommendations to improve the situation have been useful. Thank you again for the opportunity to testify, I will welcome any questions when the time is right. Thank you.

DR. LUMPKIN: Thank you very much. Dan?

Agenda Item: Panel 2: Improving Reporting form Primary Sources to Registries - Immunization Registries - Mr. Hopfensperger

MR. HOPFENSPERGER: I’m Dan Hopfensperger, I’m the program manager of the Wisconsin Immunization Program, I appreciate the opportunity to speak with you about immunization registries. In our opinion, immunization registries are key to us reaching the immunization levels as Ms. Williams outlined in the health objectives for the year 2010. In Wisconsin the public providers, the public health providers in the state of Wisconsin give approximately 30 to 35 percent of the immunizations will the private sector does approximately 65 to 70 percent, so the WIR is one of our collaborative efforts in working with the private sector to improve immunization rates, not only in our children but in all populations. And we understand that without those collaborative efforts we won’t be able to reach those goals.

I like showing this in this slide at the beginning of our presentations on the registry because to me it shows a good example why we need immunization registries. We did this as part of our implementation of our working towards a GIS mapping device, and what this shows is children or individuals that have received at least one immunization from the Dane County Public Health Program which is within the southern part of the state, the largest confluence of green, and this shows where the individuals are living at the present time. It shows you that they don’t stay where they usually are, they move all over, and that gives you an idea of why we need immunization registries. Because in moving they have multiple providers, and parents don’t always keep good immunization records, so without an immunization registry the provider either needs to delay the immunization to figure out what the child actually received, or they need to start over. And neither one are acceptable as far as we are concerned when we have the ability to determine what an immunization level is on an individual. It also as far as one of the things that we show of people going to northern Wisconsin where many of our hunting and fishing activities occur and there is an accident and where they need a tetanus immunization, it is a good opportunity to determine what was previously given.

Unfortunately time does not allow me to show you some of the other, the great functionality that we built into our system and other registries have built into their system regarding forecasting. So for instance, when you look at what an individual has previously received, based on the ACIP schedules it will make recommendations to the provider as what there should be given on the present visit or future visits. It also allows providers to do reminder recall, that if a person is due for an immunization they can re-send out a reminder notice for the child or the individual to come in for that immunization, or if they missed the immunization for a recall notice. We also give some of the things as far as inventory control, that if the immunization registry is used as intended, when they get new vaccines into their inventory they can add it to the registry and as they give immunizations it will deduct from that and it will give them idea as to when they should order more vaccine. And then it also gives us the opportunity to do immunization level assessment, not only for the private practice but for the entity, say the county, the city, the local health department jurisdiction.

This is the first screen that one would enter when they come into the immunization registry and it is a total web-base immunization registry. The data is encrypted when it is sent out or exchanged between the registry and the provider and we it’s password protected, so you have to be an authorized user and we have user agreements, not only for the organization but for individual users, the organization needs to send those agreements to us and then they must keep the individual user agreements for each of the individuals within their program that uses the registry, they need to keep those signed user agreements within their organization.

We get vital records downloads from our health statistics program. We get those downloads on a bi-weekly basis and the files are updated on a weekly basis, for instance if any information within those record change. Our system is an opt out system, when a parent gets the opportunity to opt out of the system, both when they sign up for their birth certificate they are informed that their data will be loaded onto the immunization registry and if they choose to not participate they ask for a form and they send that information to us and we take them off the registry. The other opportunity they have to opt off the system is each time they present to their individual immunization provider. In addition to that we have ongoing meetings with the Wisconsin Immunization Registry staff and our vital records staff, to make sure we’re just keeping up to date on the things that are, the nuances of the programs and such.

By and large, because of our vital records downloads, the information, the infants are most likely to be on the system by the time they are seen by their health care provider so the data entry is minimal as far as demographic data. The other use of, just one other of the uses of having this information is it gives us a good idea as to population based immunization levels as we get a little more penetration into our, when we have total populations within the system.

We’ve been working on the immunization program, on the registry, or we implemented in the fall of 1999 and then when state implementation in the spring of 2000, so to a certain extent we are in our infancy as far as implementing the system. Wisconsin has a population of approximately five million people. Our birth cohort is approximately 68,000. It is a birth to death system. Our primary focus is on infants and children but we include all immunization records within the system.

We have 2.5 million clients within the system, many of them are from birth downloads, however, we have over 17 million immunizations within the system in that short period of time. 5,000 immunizations are entered into the system either through inventory where they enter the immunizations as they give them or through historical immunizations that are electronically downloaded and I’ll discuss that a little bit more later. We have over 500 providers on the system at 1500 sites. When we bring on a provider we call, say for instance as a large health entity, a clinical practice, we will count them as one provider but they may have multiple offices or health care providers within that system. We have over 7,200 users, at any one time we have over 1,000 users accessing the WIR at any given time. We have also allowed schools to use the registry and we have over 1500 schools using the data on the registry. We do not allow schools to enter data, it is look up access only. The reasons we have done that is because we have concerns about data quality from the schools, it is in our opinion, and from the studies that we’ve seen it’s fine for monitoring as far as immunization levels regarding the law, however we considered the registry to be a gold standard and unless we’re absolutely sure that that data is accurate, we will not put it in the registry and there are other concerns regarding the Family Educational Rights Privacy Act as far as the use of that data within the system.

This gives you an idea of the number of children that we have within the Wisconsin Immunization Registry, we started the birth downloads in 1995. So prior to that the only way we would have them on the system is through the enter of immunization records, so that explains why we have 100 percent of immunizations, 100 percent with immunizations prior to 1995. However, I think what’s significant about that prior to the 1995 again considering that our birth downloads, our birth cohort is approximately 68,000 children, we are getting pretty good penetration with the registry as far as, and to the private provider in public health sector. Post 1995 as you can see as far as our penetration and again we’re doing pretty well there but we still have a long way to go.

One of the things that I was asked to talk about is some of the things that we do within the Medicaid program, and this just gives you an idea since 1990 the number of children of clients on Medicaid that are on the system and those with immunizations, then the percent that have immunizations and the average number of immunizations per client.

The interface solutions that we have talked about and some of this was discussed by Dr. Loonsk, is in one of the things that we have tried to do and I want to reiterate what Dr. Loonsk said is we need to avoid the double entry of data if at all possible because providers, especially in the private sector, are not going to participate if they have to enter the data more than once. So we have tried, and we needed it to be flexible how we obtained that data or how we exchange that data back and forth. And the way we’ve done that with a majority of our providers is through a flat file ASCII transfer of data that they download into our system. And we can do that on an ongoing basis or a one time basis to get all their immunization information into the system. We’ve entered again, over 500 to 600 private providers historical information into the system using this fashion. We also have the health level HL7 standard that were developed by CDC, and our system is HL7 compliant. Our immunization registry either meets or is close to meeting the functional standards as described by CDC and as described by Ms. Williams.

The interface solutions, the interface options that we have are single direction from the provider where they can download all their information through the flat file transfer and then anytime they want to look up an immunization record they can just do it by entry into the system. The other option is a single direction to the provider, where they enter all the data into the registry and then we take a flat file, transfer off of that, and send it back to them for entry into their billing systems or to their electronic data systems. And then we have the bi-directional to any authorized user and that is primarily through the HL7 standard. It is by this that we have another privately run registry within the state of Wisconsin that we interact with the HL7 standard. We are also in the process of developing, and again, most of the downloads we do right now or the transfer of data is done a batch download basis because that’s how the providers that we work with wanted it, but we also have a number of providers that are going to electronic medical records, and they don’t want to have to enter their system and exit out of their system to go into ours to figure out what the immunization records are so we are in the process of developing a real time interface with electronic medical records. So their electronic medical record will immediately go to ours to look at what immunizations we’re giving and download that information into their system.

I need reiterate Ms. Davies from Washington was saying as far as the HL7 standards are concerned, because in my understanding there will not be a national based registry, only a number of state based registries that will talk to each other using the HL7 standard. However, one thing that needs to be taken into consideration is the different requirements that may occur by individual states as far as their vital statistic requirements are concerned, and we’re trying to do some of those things with our bordering states but we need to take into consideration, and as she stated, on a state by state basis as far as sharing that information and it is not as easy as just making a phone call, there are different requirements that have to met.

As far as collaboration with Medicaid, our collaboration with Medicaid actually started during the ’89-’90 outbreak of measles, the measles outbreak of ‘89-’90. Measles were primarily occurring within the Medicaid eligible individuals so we figured out that it was to our benefit and to their benefit to work together to improve the immunization registries of not only Medicaid eligible people but all people within the state of Wisconsin. At that time we were all part of the same division, in 2000 there was a reorganization, then the Division of Public Health and the Division of Health Care Financing, but we are still within the same department.

Our collaboration on the registry began in 1995 where they assisted in the scoping and analysis document and then in the fall of 1998 where we actually started the development of the immunization registry as we have today. My understanding we are one of the few states where the registry has been developed as a collaboration between Medicaid and public health.

As far as the two agencies are concerned, there’s joint overall responsibility for system design and operation of the system, but however the data itself is managed by public health. Then we have joint responsibility for fiscal oversight, for all aspects for the registry and joint responsibility for oversight of all future service level agreements between the vendor and the department. Medicaid data to WIR comes by either downloads of Medicaid billing data into the WIR or Medicaid managed care or, we are a Medicaid state, as far as Medicaid patients are concerned, primarily the majority of individuals are children on Medicaid are through managed care, and we have provider agreements set up between the managed care organizations to get their information as well. And then we also get regular data entry by participating health care providers. This is one of the screens that we have as far as client demographic data and as you can see on the bottom it has funding and program eligibility as far as if they’re eligible for VFC, Medicaid, and some of the other issues.

I want to point out to you in the upper right hand corner that you’ll see Social Security number up there. The only reason that is up there is because, it is not used for any one of the identifiers for the patient, however, and once it is entered the screen disappears, so if the provider makes a mistake in entering the data and they’ve entered it they need to contact us in order to change it. The reason we have it on there is we intend in the future to make this accessible to parents to find the immunization records for either themselves or their children and it will be done so by Social Security number and it will be one hit and one hit only. So nobody ever sees that data once it is entered.

Again, some of the things that Medicaid is using the data for is the Government Performance and Results Act, known as GPRA. It was enacted in 1993 and it’s to provide accountability for programs by all parts of the federal government, and programs that are to define performance objectives, undertake improvement activities, and demonstrate improvement. In Wisconsin the Division of Health Care Financing is the primary leader of the GPRA initiative with assistance from the immunization program. The measurement that we’ll be using is the rate of two year old Medicaid enrollees who have been fully immunized and by fully immunized we are talking about four DTP, three polio, 1 MMR, 3 HIB, and 3 hepatitis B. And the Wisconsin immunization registry serves as the primary data source for that measurement.

Other Medicaid initiatives that will be used with the WIR is to assess immunization coverage data, to target outreach to high risk areas, and some of that will be used through our GIS programming, and then to target performance measurement improvement that they will be using with their managed care organizations to monitor their performance as part of their contract.

Future enhancements to the system. We want to develop electronic hyper link to the VAERS program, the VAERS is the Vaccine Adverse Event Report System. Right now we have the ability to go on and get to the form itself but we are working with CDC where that information would be provided electronically directly into VAERS. As I mentioned, we are also in the process of developing a real time interface with an electronic medical record system. GIS mapping proponent, again, the program is for mapping, so we can determine pockets of need, not only in the public sector but in the private sector as well through the Medicaid outreach.

We want to do automatic ordering of state supplied vaccines so it’s again, so the providers as the vaccine inventory reaches a certain threshold that they can electronically order their vaccines from us, this would be vaccine for children eligible providers. And one of the other things I also mentioned was the parent access to the immunization records through the internet, and then one of the things again, to make it user friendly is electronic signature for a paperless system.

Our immunization registry was developed with public money so therefore we’ve made it available to other states and public health programs at no cost. That gives us the opportunity for cost sharing for future enhancements. So far the other states that are using it is the Minnesota Department of Health, which is good for us because it is one of the border states of Wisconsin and as I mentioned we are in the process of the vital records people as far as the sharing of the data, and again some of the other states that are using the system and U.S. Virgin Islands territory. The Gundersen Lutheran Medical Center is a private entity within the state of Wisconsin that took the software in its entirety and loaded it onto their systems and our building their medical records system around the registry.

And this is just the contact information for myself and our project manager. Thank you very much.

DR. LUMPKIN: Thank you.

Agenda Item: Panel 2: Improving Reporting from Primary Sources to Registries - Cancer Registries - Ms. O’Connor

MS. O’CONNOR: Thank you for inviting me to present to you today. Last July Warren Williams actually of the CDC and Barry Gordon also presented to you regarding the California Cancer Registry. Today I will cover reporting to the California Cancer Registry from its early beginning, the current status, and what we hope to later achieve.

First I would like to start by giving you a brief background about our registry before discussing our electronic reporting systems. I will also discuss the creation of our state wide cancer database and the path that we’re taking to facilitate cancer reporting in California.

Our primary sources report to ten designated regional registries. The CCR is part of CDC’s national program of cancer registries, and also now as of all of the original registries, in fact the entire state of California, are also now part of the National Institutes Surveillance Epidemiology and End Results Program. Prior to 2001 the two regions had belonged to SEER, and that is region one and eight in the San Francisco area, and region nine in the Las Angeles area. Each of our regional registry functions as a central registry and we at the CCR further do the consolidation of the reports sent to us to create the state wide cancer data.

Our primary reporting sources include 450 hospitals, of which 150 have a cancer approved program by the American College of Surgeons. Have 8,000 physicians, 400 pathology laboratory, for the 135,000 new cancer cases that are identified annually. In Dr. Gordon’s presentation to this workshop he described our rapid implementation of state wide cancer reporting by creating standards and providing software, C/NET. Our standards essentially mandated an ASCII layout to all our vendors so that our hospitals that are not using the software that we provide can report to us using this particular layout. We have also have just begun to implement standards for pathology laboratory electronic reporting. For physicians we also have standards for their manual reporting using an abstract form, and for some physicians who have opted that the regional registry staff collect the data for them, those registry staff essentially collect the data at the physicians offices using the C/NET software.

This is a current view of our data system. Our reporting sources primarily report to the regional registry as I said earlier. Three of our regions, the two older C regions have their own regional database, and so as region 7/10 also has its regional database. All of those reporting essentially provide us the report for our data for California. However, I will speak to you later on about the creation of our state wide data.

With this current view we have key issues about our current system. These issues are in regards to the rapid case finding, the data extraction, obviously data integrity and management, our enterprise management, our partnership development and maintenance, and data utilization. Today I will only focus on those first three issues for improvement.

Case finding is not timely, it’s not within 12 months, and primarily part of this is the fact that the information is not only for the diagnosis of the cancer patient but we also want information on treatment. The manual review of the pathology report is laborious. We are moving towards direct electronic reporting from hospitals and free standing pathology laboratories. In 2000 we undertook two pilot projects funded by CDC, electronic case finding from pathology laboratories in two of our regions. In one of these pilots an electronic review of the pathology report using word lists and SNOMED showed that two percent of the malignant cases were not identified to SNOMED. It also showed that whether one uses the word list or SNOMED to identify malignant cases, electronic pathology case finding tremendously facilitates cancer reporting, a laborious process can be improved on by not having to manually review 100 percent of the pathology report for which about 80 percent are not reportable malignant cases. Thus, electronic case finding is a strong focus in California with several projects underway.

E-Path projects are in hospitals and in our stand alone laboratories. One project captures messages from discharge and pathology systems in the hospital. A large stand alone laboratory also sends electronic files to one of our regions where an automated pathology routing is used to distribute these pathology reports to other regions.

Last year we implemented a new cancer data management system, EUREKA. The project’s objectives including the creation of a single consolidated state wide cancer database, and electronic interfaces between the EUREKA and the data systems in region 1, 8, 7, 10, and 9. EUREKA is an internet based application and is current used by regions two to six. The CCR office is the host site with the hardware, software and storage. CCR staff is also responsible for the version release and back-up.

For the regions with their own data system our EUREKA sub system has been created that follows the transmission from EUREKA to these regions, and the regions to EUREKA using XML. For each of these regions, a regional sub system is being completed to extract data from their system to send through EUREKA and to apply data from EUREKA to their databases. The migration of these regions cases is targeted to occur prior to May 31st 2003, so that indeed by June 1st 2003 the CCR will have a single consolidated state wide database. Thereafter the transmission from EURKEA to these regions and vice versa can occur on a daily basis as updates occur.

However, data integrity management continues to be a business issue for us under this system since it requires different computer edits and requires integration of the management of these databases. For example, when data changes occurs the viability of the state wide databases is jeopardized if these changes are not synchronized among the four data management systems. In addition, the system also demands that our efforts in maintaining software to be used at the hospital and by our regions are coordinated.

We also have issues regarding data extraction. We request physicians to report on a cancer case that we have identified and cannot complete due to incomplete or conflicting information. Currently, letters are sent to physicians to complete the abstract form. For those that opted to have regional staff complete the abstract for them, the letter is a notification to the physician of the staffs forthcoming visit to their office to complete this process. This process of following back to physician’s offices is labor intensive. Our plans for the future are to pre-populate an abstract for them to key entry or provide or for provide for a web based reporting.

With all these developments in our data system we will have a complex cancer reporting system, therefore, we created this view of California’s future cancer data system. The requirements for this future view includes direct reporting from hospitals and pathology laboratories, web-based physician reporting, and a single data management system state wide with one database. Otherwise, we decrease our efficiencies with negative impact in our ability to use the cancer data. It also makes it difficult for our reporting sources to report the data, therefore at the same time that we’re completing current project we are planning future projects to simplify this complex reporting system that we have.

In summary although we have implemented a workable cancer data system in California it is a complex reporting system. Our future view is to improve on this system and make it easier for our reporting sources to comply with the cancer reporting requirements, to rapidly identify cancer cases, and to continue to strive towards a viable state wide database. In this manner our data will be more accessible for purposes of cancer surveillance and control, and for other research studies.

Thank you.

Agenda Item: Panel 2: Improving Reporting from Primary Sources to Registries - Birth Defects Registries - Mr. Edmonds

MR. EDMONDS: Thank you for inviting me to testify. I’m from the National Center on Birth Defects and Developmental Disabilities, which is the newest center at CDC, so we’re fairly new on the block, and as I’ll talk about, birth defects surveillance is really a fairly recent activity.

I think it’s important to understand the importance of birth defects in this country, which most people really don’t I think. Around three percent of all children born every year have a major birth defect, so that translates into a lot of children affected with serious medical problems. I think the exciting thing is the last few years we’ve learned that there are some causes that we can prevent with folic acid, like neural tube defects, and our focus hopefully the next few years we’re learning on more risk factors and developing more prevention activities. The way our program works and many of CDC is through this standard operation procedure of collect good quality data, use that data for epidemiologic research, and find causes of birth defects and other diseases, and develop effective prevention programs.

A little bit of history about birth defects surveillance since we are a fairly recent activity is most birth defect surveillance programs in this country and in Europe started in the last 60’s due to the epidemic of Thalidomide and limb malformations which is ironic that Thalidomide is now back on the market in the last two or three years. In response to that CDC set up the Metropolitan Atlanta Congenital Defects Program which has operated continuously since 1968. And that has really become the model for a lot of the state programs.

In the ‘70’s there really were only about three states in this country that had surveillance programs, and over the ‘80’s more and more developed. But all those programs developed because of state interest in funding. A really important activity or Act happened in 1996 with the Birth Defects Prevention Act being passed. And in that Act it mandated to CDC with some appropriations to fund states to develop surveillance programs, and they also mandated to CDC to develop regional centers for birth defects research, which we have implemented. And as I’ll show you on the map in a minute, now we have 35 states roughly that are operating birth defects surveillance programs, and one of the big differences that happened because of that 1996 Act was we received funding to help states, and that’s what we’ve done since that time, is we have a number of cooperative agreements with states.

The purposes of these surveillance programs is also changed quite a bit. In the early years when Atlanta started and the European programs, they were really set up to detect epidemics and quantify morbidity mortality and do epidemiologic research. Now we have two distinct funding activities with the states and with research. And the states focus more now on using the data for public health programs, and I’ll show you that. This is a map that does not translate very well in your black and white handouts but this is just to give you an impression of what’s going on in the country now, that most states have an operational program, they run 35, or they are planning to implement a program. These four, these white states on this map, actually four of them are applying for an RFA in our center that’s actually due at the end of this month.

The cooperative agreements we fund with the states, and there are 33 of them that have current awards, focus on the two main activities, research and also collecting surveillance data for public health programs. And these are the activities we’re wanting the surveillance program to focus on, collecting quality data and improve access to children to care, get them into special health care needs program or referrals, we want them to focus on timely ascertainment of NTD programs and develop prevention activities in this area, and we want them to focus on prenatally diagnosed cases because it’s becoming more and more important in our surveillance programs. And we want to evaluate the surveillance programs and the intervention activities like folic acid prevention.

This is a map of the states that we have cooperative agreements with currently. The large number 02011 is around 20 states in that cooperate agreement that are in a three year cycle. They receive funds of approximately $100,000 to $200,000 per year. The one on the left, 00094 is one that is expiring and being re-competed this month, and we hope to make awards in about eight to ten states there. The centers are an activity that we started in 1996 to do etiologic research of birth defects. We currently have ten centers that are doing a collaborative national case control study and we have approximately 14,000 interviews with families in that database, and we also collect DNA from the families through beckle(?) cell collection.

Because CDC is fairly new in this activity of funding states there are a number of different approaches that are going on out there, and these were historically some of those approaches. Some people might remember the collaborative perinatal project, and in that study they examined babies with a standard protocol, but it was a very small number, only 50,000 pregnancies. This is actually being planned right now for the new National Children’s Study which will take a similar approach, probably be more expanded.

Probably the model surveillance system in this country currently for birth defects is the second bullet, where programs send out their staff to go in and review medical records, go into nurseries, NICU’s, maybe specialty clinics like cardiac centers, go into laboratories to get chromosomal analysis and maybe some screening programs. So this is probably the best approach we have currently. The other approaches are many states mandate birth defects be reported by hospitals and physicians, and probably over 30 states have laws specifically for birth defects. Another common program is to link multiple data sets to identify all children. And then also vital records have been around for a very long time that have a check off box for birth defects, but not a very efficient way to collect data.

I think it’s because these very different ways that the data is collected among the states, I think this slides always intrigued me is when you see data or read studies to understand what the quality of the data and what it represents, this is a slide that Bing Chalen(?) from Sweden put out a few years ago. The A baby is the baby, what it really is, what the baby has, his birth defects. The B baby is what a physician might see and what he diagnosis. And then C you start writing down this in a medical record. D is what might be abstracted from the medical record, and E is the code for the baby. So you lose a lot of specificity obviously in this and the specificity is really critical to what we need to know the baby has in doing studies.

These are some of the data collection methods that are going on. We have a number of programs that go out and abstract and fill out reports by their own staff. We have printed abstracted that are done by other agencies. We have electronic filing and reporting by staffs and hospitals through laptops and some web-based reporting. And we have electronic reporting from agencies that send batch reports in to programs. And then we have a few that are scanning, one scans reports from printed records.

There are kind of two approaches I want to talk about basically is linkage of data and integration of data. And many birth defect programs link data sets together, they will link their state registry data to maybe newborn screening, birth certificates, and so on. And a number of them link them together to create a final birth file that they can do analysis or surveillance from. We have one program and many more being encouraged to do this to link to environmental databases, and a number of just operational systems right now that don’t currently link to any of their registries or databases. This graphic here is the District of Columbia that shows a link system that brings together immunization registries, newborn hearing screening, birth defects, and metabolic to one database.

These are some of the programs that we consider to be integrated databases, and some states do this now where they will have a system for hospitals to report that will have a screen for newborn hearing screening, one for immunization and one for birth defects, so the hospital staff enter that into it and report it to the central registry at the health department. Through the National Birth Defects Prevention Study we have a central registry at CDC with all of our collaborators on the study. And all the data is integrated into this one database and there are three main parts to that, the biologic database, the interview database, and the clinical database, which a medical geneticist reviews before we interview the families. That is all replicated back up to CDC on a monthly basis through the secure data network, and then we provide them back the databases to do analysis from.

What are some of our challenges? In a number of the states, as you heard this morning, many problems with HIPAA and FRPA issues, and there’s a lot of misinterpretation of what the rules are. So if some states are trying to have to explain that to hospitals, that they have public health authority to get to the data, but this is continuing to be a problem and I assume it will be for a while. In some states we have legislative restraints to keep programs from sharing data with appropriate partners. Funding is obviously a challenge because CDC does not fund these programs at a very large amount. Data integration issues, the technology of how we do this effectively. And probably one of the important things we’re trying to emphasize through the surveillance programs is to get timely data and quality data, and this is always a challenge without the funds necessary. Prenatal surveillance, now with some defects like neural tube defects we have a very large percentage of these cases that are identified prenatally and terminated and without knowing about those cases we can’t truly evaluate our intervention activities. And I think just continuing the moment of what’s happened over the last ten years, we’ve made a lot of progress but there’s a lot way to go with these surveillance programs.

Some things that we have achieved that we’re proud of is the establishment of the National Birth Defects Prevention Network, private organization much like NACR is for cancer surveillance programs, that one of their main activities we’re involved in right now is developing standard guidelines and approaches to birth defect surveillance, so the states have a book, a benchmark to look at of what should be standard practice. The network does collect data from 30 states every year and put out a report about the rates of birth defects and articles on birth defects, and we receive a supplement from the Tertology(?) Scientific Journal where we publish that data from the states.

We have started with the network a rapid ascertainment program for neural tube defects so we can evaluate the impact folic acid fortification and prevention activities had on NTD’s and it did, we found a reduction of about 30 percent of NTD’s up through 2000, so we’re continuing to do that with the states, that they report this data to us on a quarterly basis.

As I said with the National Birth Defects Prevention Study monthly we’re replicating all the data from the various research centers and giving them back the analytic databases.

Future plans, we hope to have out the guidelines and standards from the Birth Defects Prevention Network in January of ’04. We will fund the new cooperative agreements this September with the states. We’re continue to encourage the states to work on data integration and I think this is going to be one of the emphasis -- future is how do we integrate newborn hearing screening, metabolic birth defects, and a number of other activities are center of supports --

And we will obviously continue to provide technical assistance to all the states for all these activities.

There are two or three slides at the end I just put in for your information about some of the approaches to surveillance and there’s one slide in here that shows how the rates of birth defects can vary by the method of collection, which is really I think very important, and it goes back to the baby slide.

Thank you.

Agenda Item: Panel 2: Improving Reporting from Primary Sources to Registries - ED, EMS, and Trauma Registries - Dr. Mears

DR. MEARS: I’m going to have to talk very quick and also you’re going to have to understand that the topic that I have, which is emergency and trauma registries, is so broad, and it also is an environment which man of you are very unfamiliar with. And because of that I’ve kind of had to elect to give you a little bit of background of where I live within the emergency department clinically and also within EMS systems, but also give you the issues that we have difficulties with at the local system level.

I wanted to start out with this quote which was from Pat Williams who’s the general manager with the Orlando Magic, and several years ago back when his team was not doing very well early in the season he said “We can’t win at home. We can’t win on the road. As general manager I just can’t figure out where else to play.” And this has a lot of relevance to registries because registries have to be used locally but at the same time they have to be of value on the road at the state and at the national level. And if we can’t win in all those areas then we’ve got some issues, and I want to come back and give you an answer to this later on in the presentation.

The other thing I wanted to do was kind of attach this to a real world scenario to you. Here is an example of a motor vehicle accident or there was a rollover, there was a four year old who happened to be riding in the passenger seat, there was an airbag deployment. EMS arrived, as they were resuscitating this child they had a little bit of difficulty determining what size of airway equipment that the child should have being a four year old, they often don’t see this age group often in their practice. They then handed this patient off to a helicopter crew who then transported the patient to a facility, although not necessarily the appropriate trauma facility. Again, mainly from not dealing with four years olds they didn’t recognize some of the clinical syndrome that was going on with trauma. The patient then had to be transported to a pediatric trauma center. In the meantime while in the emergency department there were also some issues in that the trauma center, not dealing with children, didn’t recognize the need to prophylacticly load a head injured child with sematic embolisms and the child had a seizure, and the end result is the outcome was not as good as we would like it to be. Now all those things are very common in the health care world, not the bad outcomes, not the mistakes, but the fact that in this three hour time period we crossed four different health care providers, and that is something that is very unique in registries because typically when you enter the threshold of the emergency department then you have at least some control over the information and how it’s used in the clinical care.

The experience that we have at North Carolina is very diverse. We house a North Carolina pre-hospital medical information system which we call PreMIS, which is a web based medical records system for EMS. There is a mandated participation in this and we are currently ramping up so that full participation is required by July of 2004. Currently about 60 percent of the state uses the system.

We also house the North Carolina Emergency Department Database, or the NCEDD project. This is actually a project that’s partially been funded from the CDC as a demonstration project for an emergency department registry and database. This is very early in its implementation phase, I should also note that both of these projects are also funded through the CDC and HRSA bioterrorism grants to be a part of the surveillance for bioterrorism. We also house the North Carolina Trauma Registry which has been one of the long standing project that we’ve had, it’s been in existence now for some 20 years plus. Actually it was one of the grandfathers to the NTDB system which is currently housed at the American College of Surgeons. There are other registries and involvement that we have, we also have a lot of collaboration with traffic and crash records and we try to do a lot of linkage and work linking those records together.

We’re also involved in some national projects including the development of a National EMS Information System or Registry. And in the handout this web link is not there, but I would encourage you to go to www.nemsis.org for some information about a project to develop an EMS registry nationally for EMS specifically.

At the local implementation level we have experience with local agencies with our PreMIS system with the national registry development also at the hospital level with the ED data set, the North Carolina Trauma Registry. We also are involved through scientific advisory boards with the National Registry for CPR and a North Carolina Stroke Registry Project which is also funded from the CDC.

For this talk I’m going to zoom in, and I’m going to zoom in at a very high lever on EMS trauma and emergency department data only. One of the first things I wanted to pointed out actually this was pulled from your position paper on NHII, where it had the three balls or the three circles that were overlapping with the health care provider of population health and personal health. The important thing to understand at the local level and especially with EMS and trauma is that there is a delivery model which is critical to all three of these events, and that as you change your delivery model you significantly impact each of those three balls. And the way that I depicted this is that those three balls are balanced on the delivery model. In an EMS environment when you send an ambulance out to a patient, if you don’t use that resource appropriately you leave the community uncovered for the next event. You also have a diversity of issues which you may be called into action to respond for and you may not know those until you get there which caused a whole lot of issues with the delivery model. As I was even giving you in the case presentation the delivery of patients to the appropriate facility are important. I usually use this to wake people up but you guys are doing great.

This was actually taken from the American Heart Association and I just kind of altered it to represent information. It is very important to the pre-hospital and the emergency department environment that we know what happened before and after we take care of a patient, and this chain of survival is very important in the trauma scenario, crash data needs to be linked to EMS data which needs to be linked to emergency department, and then finally to the hospital and final outcome data.

I’m not going to talk about national and state sources to any great degree but I did want to give you just this little analogy. This is a target with a bull’s-eye, and often when we develop registries we develop a national data set which is the red center dot of the bull’s-eye. That tends to expand at the state level and then to the local level because obviously the closer you get to the patient the more data that you can use to help evaluate your system and clinical care. Unfortunately, most of the data sets are often designed at the national level and this brings into a problem that sometimes this bull’s-eye isn’t exactly in the center where the state and the local systems need it to be, and at times we even see this bull’s-eye completely off the target. So we need to be very careful as we design data sets and standards that the local and the state systems have an understanding of this.

The other piece that is very important and is more important to emergency departments and trauma and EMS than in other registries is that there is a wealth of data that exists outside the patient care report or that clinical record. We have no ability working in an isolated fashion like you do with an EMS crew or with a helicopter and a trauma crew to have access to each of those data points. It’s important therefore that those be linked. If there’s electronic data it needs to be moved electronically so that it’s a part of that record, and that it is impossible for us in one to two men crews to do all of the documentation from all these data sources. There has to be some help and it has to be from the use of technology.

The other piece that I just wanted to point out, and I’m not going to go through all this, but in the national EMS information system or registry project we involved all of these organizations in a consensus type process, and it’s very important, especially as you get out into more of the community health picture or into that bottom of the triangle so to speak where you actually touch patients out in their own environment, that all of these organizations that are involved in this have a say in how it is done. And the only way to have a successful project is to incorporate input from the organizations that touch those patients.

The other area that I wanted to hit on before I start giving you some feedback into systems from the local perspective is that with trauma, with EMS, and in the emergency department, there is a quality management triangle or loop. The care that the patient is receives is very local but the quality, and that could be defined by the system performance or by the patient care, is the target. What happens is the data identifies the issues of quality, it drives how you deploy resources, both people and equipment, and then how those resources then transcribe or translate into quality, and that is a continuous loop.

As registries have been developed, historically at least, when you try to compare things within a hospital or beyond the acute resuscitation phase, registries have failed to identify what the system components are and therefore have been of little or less use to local systems when they actually analyze their process and their system.

This is a result of a survey that we did in North Carolina about four years ago and the question was to EMS services, if there was data that you handed to the national level, what would it be useful to be used for from your perspective. And they identified these four main issues. Education to drive curriculums and local education. Outcomes, and for EMS we needed something more than death because even though we do have patients die on occasion we only have patients in our hands for a small period of time and really the best outcome we can measure with EMS at this point in time typically is death, and we needed better measures of outcome than that so that we can evaluate our system and our performance. Research, we needed to be able to identify problems, target issues, and come up with some really quality evidence based answers. And of course we needed to be able to justify what we do from a reimbursement standpoint.

So now I’m going to get into kind of some feedback issues. First there’s kind of a disclosure. As registries are developed they’re often developed from the data users perspective and they often, even though this is registry 101 kinds of things, the data collector often is not as involved and not a significant of a part of that as they could be, and as registries are deployed across EMS and trauma especially the data collectors are the ones that typically have more of a part in driving these because there are so many system issues that have to be defined and that’s a little different then the traditional registries the CDC is familiar with.

All of that aside, local providers are interested in data. They’re interested in improving care, they’re interested in public health, they’re interested in reducing errors. They understand that we have to collect data, it has to be aggregated, it has to be analyzed, but they want to make sure that it’s defined well, that it’s safe, it’s confidential, and most importantly to a local provider, it has to be accessible to them and be usable. Linking data with other data sources has got to happen and they understand the whole is greater than the sum of the parts.

Technology has to be used to support these concepts. Unfortunately, especially in the EMS environment, technology is often at least one evolution to two evolutions away from being functional, so there’s a lot of projects that kicked out under investigative technology or technology which hasn’t become standardized, and that in a sense has caused some failures that otherwise might have caused systems to be successful. Data entry whenever is possible needs to be automated, we need to be touching patients and taking care of patients and not documenting whenever possible. There has to be issues of confidentiality and privacy, we’ve talked about HIPAA this morning, and I concur with all the discussion that has occurred so far. The issues at the local level, though, with especially volunteer and systems which have been on the edge from a budgetary perspective for the last five years now, especially in North Carolina, is the issue of these resources and the cost associated with it has to be supportable by that local system, and not be an overburden.

Obviously, the migration to electronic systems is going to be lengthy but the local system believes that that will occur and they’re not opposed to it.

From a data collection perspective local systems collect data not only for a medical record but for use for local data analysis. They need to make decisions on how they take care of patients, how a system responds and how a system performs, both at the individual and at the resource level, such as the type of equipment, type of vehicle, and type of services which are required. We need to be able to standardize our care so that we can reduce errors, and we need to be able to justify to the system what our reimbursement is. EMS is an unusual structure in that we can apply a $2500 dollars life saving technique like thrombocytics in the field, we still get paid the $400 dollars that we would whether or not we did it or not. So we have to adjust our resources and our services based on a fixed pot of money and we have no automized reimbursement which makes us even more look closely at how we design our systems and what kind of level of performance and what services we provide to our community, and that’s why each EMS environment is unique as is for most cases the trauma environments as well.

Where we are right now locally is very little information on the local level is collected. It’s improving certainly in North Carolina with our initiative, we’re gaining great steps daily. But still most systems are paper, they’re transitioning to electronic, and there’s still a lot of manual entry. Data standards across the national level are very variable, even the MITSA(?) data set, which is a uniform pre-hospital data set for EMS which came out in the mid ‘90’s, we’re currently revising that to version two. When we asked states if they were following these data sets and using them, 43 of the 50 said that they were but there was still significant variation in how they defined each of those variables even though they stated they were collecting it. This made the data really non-aggregable and very limited from a usefulness perspective. Several models of data collection across the systems, we have some very great technology that’s being deployed, in Mississippi there’s an Oracle IHAB(?) system that’s being deployed for trauma registries and also to work with some EMS data, in North Carolina there’s an initiative, and in several other states there’s some very cutting edge initiatives to tackle the issues of trauma EMS and ED data. But still compared to the maturity of the CDC data systems we are still barely in our infancy.

Where we want to be. I mentioned most of these things and I’ve more or less divided this for you as a list. The one thing I did want to touch on on this slide is that there really is a need for a unique identifier. As I mentioned in the opening case you cross four different health care providers in three hours, how can you expect that data to ever come back together and be used in a meaningful manner. And certainly we would be your largest proponent of anyone for a unique identifier that would allow us to be able to follow patients through the system.

How and what kind of resources do we need? We need help for a technical assistance perspective. We need model administrative and statutory languages. The question is mandatory participation has the time come, certainly the issues of bioterrorism and some of the funding pathways that have come down to the states have put this question up front. Still there’s a shortage of resources at the local level to deploy if the mandation was required. And currently the state of funding, at least to my knowledge in the last five years, there’s only been $250,000 dollars which has been applied from the federal system to EMS data. There’s been another $250,000 applied to trauma registries. There have been some pilot projects done in the CDC for emergency department data systems, but all three of those combined are very under-whelmed compared to the amount of money that’s put in the other registry systems in the health care environment. So there’s a significant need for some support to develop these systems, and I think as the health care market matures the understanding of the impact of these early pieces of health care system on patients is critical and if we don’t shore up these systems it’s going to make it very difficult for us to really look outcomes even beyond the emergency department, so these pieces have to be pulled into that chain of survival in order for us to really be taking quality care of a patient, and also have a good perspective of community health.

Local systems would like to see educational requirements being put into the curriculums of health care providers on data and documentation. Very few curriculums of any health care provider had any education with respect to documentation in medical records, and all of the issues that you and I deal with on a daily basis.

I just put this in from a perspective of the state, but what I really would like to summarize and come down to is that there really needs to be some resources applied to EMS emergency department and trauma data systems, not only in implementing them which is going to be a challenge in itself but supporting future development, oversight, administration, all of those pieces like in any registry are lacking in this environment.

And then I wanted to close with a couple of examples and then get back to those cases. “Relationships are the current of the future” and that was a quote by Ricardo Martinez who is an ex NITZ(?) EMS division head or actually an NITZ chief, and this was actually a quote that came out of a process where they developed a document called the EMS Agenda for the Future, and this document really laid the groundwork for where EMS currently stands and where it should be in the future in more of a public health/community health role as a part of the health are system. And locally we all believe that and have adopted that.

If we get back to the quote if we can’t win at home, can’t win on the road, how do you solve that riddle, well the answer is we have to play everywhere at the same time, and that’s the purpose and that’s the ideal registry. If we can create a data system that where locally the system can be used and the data can be in a real time format to allow them to make systems decisions but at the same time that can be passed up into the regional, state, and national levels, for that use then we have won the game.

Back to this case, if we use the information system in a quality management loop this case would have sounded more like this. You have a rollover of a sport utility vehicle with a four year old in the front passenger seat and the airbag deploys. EMS arrives, using the registry it was noted that the personnel had had little contact with pediatrics over the past year, they had therefore then been through an airway course and are able to quite comfortably manage the airway of a child and they also happen to notice that there was criteria from a head injury to transport this patient directly to a trauma center. The trauma center having used the trauma registry and having created clinical guidelines and had a clinical guide pathway to administer anti-convulsants, the child didn’t seize and there was a good outcome. It was also noted that this child was riding in the front seat of a vehicle where they are not supposed to, and for airbag deployment in the front seat the recommendations are 12 years are older. That’s a great example then to take back to the community in an injury prevention program, educate the community so that hopefully the four year old would never have gotten injured to begin with.

So I’ll stop there. Thank you.

DR. LUMPKIN: Thank you. Questions?

Agenda Item: Panel 2: Improving Reporting from Primary Sources to Registries - Questions and Discussion

DR. DEERING: I have a question for Mr. Hopfensperger who’s just sitting down and it has to do with the screen that you showed where you mentioned that Social Security elements are there for data entry and then don’t show up later but the reason that they’re kept is that at some point in the future parents will be able to search by Social Security number for their kids shots, which I think any parent in the room is looking forward to that. And I wanted to get a little bit more detail about your plans for that and how you expect to get there and what would be the implications. For example, clearly in terms of a ratio of convenience to sensitivity, kids immunization records score very high, but have you had, two questions. First of all have you had any discussions with parents or with groups or do you have any issues around that this is the beginning of some use of the Social Security number for health information, has anyone voiced any of those concerns? And then secondly and perhaps even more important, presuming that this moves forward and I certainly hope it will, you mention that there are seven other states that are using your software now. What would have to happen at some point in the future for a parent who moved to one of those other states to be able to use the registry to find their kids immunization record?

MR. HOPFENSPERGER: The first question as far as the Social Security number, this is still a concept in our mind as far as how we’re going to develop this system. We have had some discussions as far as the use of the Social Security number but because we were expecting that to be somewhat limited concern, because again it is totally optional as far as the parent being, us entering that data into the system, and again because nobody else will ever see that information we’re fairly confident that it should be an acceptable practice. But again, it is not mandatory in any way but at this point it was the only way that we have been able to determine as far as ease of access to the system by the parent where a number that they will have accessible to them. There’s some discussion about a unique identifier but the concern is that the parents would be able to accurately and conveniently store that information. Again it will be one hit and one hit only, if they do not hit directly on that one child they will not be able to access the record.

As far as the interstate sharing of data, those are concerns that I mentioned as far as vital records requirements vary from state to state and we need to ensure that the organizations that we enter into agreements to as far in the sharing of data understand the requirements that we have within our state and meet those requirements as far as access to the data. It will be a health care provider, again it won’t be on a mass download on data, it will be one hit and one hit only, but that interstate sharing of data I think is something that needs more investigation on our part. Because that is the key to immunization registries on a state by state basis and that is why the HL7 standard was developed for the systems to electronically be able to talk to each other. But the concerns are, that we have found, is being able to share that data with the different requirements that the states may have, if indeed they’re population based registries because we have our own security and confidentiality concerns to deal with, but we also have, because we are using vital record data we have to abide by the requirements that they face within their systems.

DR. ZUBELDIA: Several of you have mentioned how in your state you’re using both the HL7 standard for data interchange and for proprietary -- we’re going to achieve a National Health Information Infrastructure at some point, we need to compare on several standards that will allow the exchange of data from state to state -- not only they can continually identify -- but also be able to transfer the data from one registry to the next registry, and the practice management vendors, national practice management vendors will be able to program these registry requirements into their systems and establish a commonality of the data. How much of an impediment is this going to be? What is the percentage of your registry input that comes in a standard HL7 type of format as opposed to a flat file and how have you done any studies comparing the requirements from one state to another?

MR. HOPFENSPERGER: This is Dan Hopfensperger. As far as when we accept flat file information we have defined data sets based on the CDC requirements as far as how the data needs to be structured within the flat file transfer, so I think we have that ability to not necessarily meet the HL7 standard but the data standards are consistent with HL7 to my understanding. As far as our immunization registry, and I think what you were referred to was the common client index as far as being able to share information with other systems, we have been asked for instance to build lead within the program and have lead levels or other information within the system that would make it a little bit more of a medical record more so than just an immunization record, and we have sort of tried to avoid those type of additions to our system, but we would use it as, we’ve looked at it as the hub for which other spokes would be developed on as far as other data management systems.

DR. MEARS: This is Greg Mears. The issue with HL7 and the EMS and trauma, and some degree less in the emergency department, is that it’s kind of like going camping and then trying to get cable TV. In an disconnected environment with a messaging scheme HL7 is very difficult. There are also very few definitions which relate to pre-hospital care and all of that has been a very significant hindrance and in fact I know of no EMS data system that has been able to use HL7 because of those constraints.

MS. WILLIAMS: I also wanted to mention that CDC has a kind of national look at what the immunization registries are doing with our grantees. Currently there’s not a whole lot of the immunization registries that are using HL7 although CDC has published the HL7 implementation guide that is available on the web-site and is also available to our grantees in supporting them to adopt the HL7 standards.

DR. LUMPKIN: Let me perhaps follow up on that question because I think Kepa’s question raises an important issue for us as a Committee. And that is to what extent do we see a separate messaging standard for each registry versus some sort of more uniform system of sending information? And this may be something we may want to discuss with the Standards and Security Subcommittee because to the extent that the claims attachment standard may be useful or other sorts of methodologies of allowing the abstraction of certain clinical information, on certain types of illnesses, procedures and so forth, that then can go into the public health system and to the registry environment. I think that perhaps we need to look at that within those systems where it’s the result of a health care encounter. And then the other area that we may want to look at is the pre-hospital environment, to what extent are in fact are data collection systems and messaging standards not addressing those issues, particularly if there are particular data fields and code sets that don’t apply very appropriately to the health care setting. I’m not sure that that’s the case, many of those are derived from commonly used data standards, ISS for instance is derived, or can be extrapolated either from direct data entry or through extrapolation from ICD-9 codes, so that’s an area of interest that we may want to look at for our recommendations.

DR. MEARS: The other thing that I would add to the pre-hospital piece is that EMS does not make a diagnosis, so ISS, ICD-9, all those are diagnostic codes. We’re problem oriented, our curriculums don’t teach final diagnosis, we often don’t have the data to make a final diagnosis, so the code sets that are involved in those systems are not functional.

DR. ORTIZ: Hi, this is for Mr. Hopfensperger. On your second slide you showed the kind of catchment area and all the little dots of places that had at least one immunization from your health department area. I’m just curious in terms of in that catchment area if you could tell us why sites or clients do not participate, if any, I don’t know if this means that 100 percent of the eligible sites are participating, or are there some sites that at this point are not participating, and if so what are the reasons, especially if they’re related to more technical issues in terms of computerized system infrastructure problems, etc., etc. And then the other thing, which is just something I’m interested and curious is you also gave the individuals the option to opt out, and I’m just wondering if you have information in terms of what percentage of the individuals are opting out and why they would choose to opt out. The first question is the one I’m more interested in.

MR. HOPFENSPERGER: I can give you some information on both. As far as again, this shows only, the slide shows only an individual who has received an immunization, it doesn’t necessarily show all the providers that are on the system. One of the difficulties with any system, registry deployment, we do not have legislation within the state of Wisconsin that requires providers to participate. Some states have gone through with that requirement, we have chose not to because our thinking was that you cannot mandate cooperation, and if you fail to get that legislation you’ve dug yourself a pretty deep hole. So we are trying to sell the system on the merits of the system. And there are some providers that again are waiting, if they have electronic medical record systems, for instance, and we don’t have that interface set up. They’re waiting for that to occur so they don’t have the double entry of data. We have some providers that don’t have the wherewithal or have computers within their practices, that is becoming fewer and far between, but there are still programs out there, individual provider offices, that do not have the ability to electronically interface with the system, they may have hard copy records or that type of thing. So we are trying to do as much as we can to make the system user friendly so we can make it a system more likely to be used by providers. In addition to, if we are bringing a new provider for instance that just has their records in hard copy form, we will make staff available to go out to that office, to enter their data into the system, or send that data to us and we will enter it into the system, for historical records.

Now as far as your opt out question, there’s a number of concerns by people that just have concerns about being in a registry of any type that don’t want their information within the system. We were receiving early on to the tune of about two opt out forms a week, and I was getting a little nervous about that because I thought that was somewhat excessive. But when you look at it, 52 weeks in the year times two is 100 records, when you have a birth cohort of approximately 68,000 children it wasn’t overly significant. What we have chosen to do in the opt out system is we have not taken the individual completely off the system. We lock that record, that nobody can enter that record, if they try to enter information it will show on the screen that this record has been locked. Now the reason we have done this, and actually I lost this argument because I was thinking if it needs to be taken off, it needs to be taken off altogether. However, if some provider in the future wants to go in and enter that data, and that record is not locked, that information can be entered, that demographic or individual information can be entered back into the system. In our discussions with privacy advocates they agreed to the way we were doing was the best way. Now interesting to that is we are getting requests to take information off the system and I have said if you’re going to request --

MR. BLAIR: Could you clarify, when you say off the system you mean people accessing it or you mean deleting information?

MR. HOPFENSPERGER: Individuals would like their individual client information taken off the system.

MR. BLAIR: Deleted.

MR. HOPFENSPERGER: Deleted from the system, I’m sorry. So they have sent requests, in doing so my suggestion was they give us the name first so we can see if the individual is even on the system, and the response was well what we would like you to do that even if we’re not on the system to put the name in to lock it out so it can’t be used for future use, which seemed to me to be somewhat incongruent because essentially you’re entering them into a registry in order to take them out. However, there are individuals out there that privacy is an issue, so we try to meet those requirements and those needs as best we can.

DR. LUMPKIN: Bill and then Ted.

DR. YASNOFF: I’m wondering if there’s been any successful interstate exchange, electronic exchange of immunization registry data, and if so what the extent of that exchange is at the present time.

MR. HOPFENSPERGER: I know I can speak for us. We’ve had individuals call us to ask for immunization records on an individual and we are able to find them, but as far as the systems electronically able to link we have not established that yet.

MS. WILLIAMS: As far as I know at CDC it has not been a successful effort currently. There have been some states where they know that there’s records in another state and they have tried to pretty much call them and get the information but not electronically, I don’t think it has been successful.

DR. SHORTLIFFE: I have several possible questions, but I guess the one I’d like to ask right now given our time is for Ms. Williams, it really has to do with the incentives on the provider into the spectrum for participating in registries. I mean a lot of the funding efforts have gone into the creation of the registries themselves, and this probably is a general question, not just for immunization, I happen to have had personal experience recently in trying to identify the fiscal and organizational incentives for providers to make the investments necessary to provide electronic submission of data into in our case the New York City registry, immunization registry. Significant systems development was done at our institution with grant funding, actually from CDC. Now that basically the system is up, it’s running, it does automatic submission of data and download of data, also from the city health department records in the registry there, and we’re not trying to operationalize this activity. And the institution is looking for the fiscal justification for them to actually make the annual investment necessary to keep the system up and running, it requires programmers, analysts, etc., to work for the institution to do that. So is there an organized approach or thinking from CDC’s perspective about this? I think this is a question that probably generalizes across all the registries that we’re discussing and I’d just be interested in what the kind of incentive plans are to encourage other than pure regulatory requirements the provider organizations to be more engaged in spending the money necessary for doing this. The vaccines for children is one piece of this I recognize and that’s the argument we’re trying to make that applies well in the vaccine case, it may not across all the other registries.

MS. WILLIAMS: Well first let me say that CDC has come up with the 12 functional standards, I mentioned them in my slides, and that’s kind of like the guiding principle that the states are using to develop their immunization registries, and one of those functional standards all the states are trying to increase provider participation. And how they go about doing that it’s up to the states. Primarily it’s an education based effort. As far as incentives to the providers, outside of legislation we can’t do much in that regard but the providers will benefit from immunization registries because they will have access to accurate information on the vaccines children have received. They will be able to estimate the vaccine coverage in a given area. They’ll be able to find out for some of the vaccines that were sub-potent, they’ll be able to track those children and be able to give them updated vaccinations or re-vaccinate them. Also I think one of the primary concerns with providers is a de-duplication of information in the registry and also one of their primary concerns is having to enter records twice. I think once it gets to a point where providers are educated about the system they’ll see that a registry is cost effective, one, and it is efficient, because it will save on time. I think if we could encourage education and encourage them to take a look at the system to say that this is something that will work, and it’s almost like a hands on approach, one they get an opportunity to use it they’ll see where the benefits are. But I think it’s just making that first step is our biggest challenge.

DR. SHORTLIFFE: I guess I should have been clearer. The individual practitioners see tremendous benefit from such a system, they use it in patient care, in the case of immunization registries it’s really relevant to their everyday care of those same patients, and avoiding manual duplication of effort, etc., these are all very clearly big issues for them. It’s just that the investment in this kind of a system occurs not at the level of the individual provider in a large health care organization but at the level of the organization as a whole, and the benefits are incredibly distributed over many, many providers and are very hard to realize centrally in terms of fiscal benefits for the organization and hard to measure quality benefits, so I think, I was really talking about how do you get the organization to feel they should invest in it when all they’re hearing is sort of oh it really helps us from the individual practitioners but it’s hard for them to put a dollar value on that.

MR. HOPFENSPERGER: If I could make a comment on that? A couple studies have been done on the increase of office efficiencies by the use of immunization registries and I’ll use data look up as an example. I think one of the things that I made a mistake on early on was we wanted to get all the providers on board and then bring the school on. One of the things that providers fear, or not fear but don’t really care for, is the start of the school season where they have to go over their medical records and dig up the immunization records of their patients and then give them to the parent or give them to the school because that costs money in order to go and look up that record. With immunization registries the ease of look up of record is significantly increased as far as being able to locate that record. So there are some cost savings there. Inventory control as far as not giving duplicate immunizations, there’s been a cost savings there, the billing data type information, the comparison. However, I think one of the big initiatives is quality improvement. There are HEDIS requirements that the provider needs to be able, on the systems level, need to be able to comply with. And if there are immunizations out there that they don’t have access to, that was say given by a public provider and the private provider never hears about it, they don’t have the ability to take advantage of that information, and by use of immunization registries where you have all the immunizations that the child received whether you gave them or not, that will improve your HEDIS measurements. We have major providers in Southeastern Wisconsin where we have our large population based, that have come on system wide, and by them coming on the other large systems, the more data you have in there it’s a little more appealing to be on there. So it’s kind of domino effect, you get some of the bigger providers on board and the others will follow because there are some quality improvement issues.

DR. LUMPKIN: Let me perhaps ask the last question and then we need to take a break for lunch because we’re actually overdue and there’s a rumor that some of us have airplanes at the back end so if we don’t stay on schedule that’s going to be a problem.

We have three registries here at either state, state level registries, were any of those three registries developed using or converted to address the NEDSS standards?

MR. HOPFENSPERGER: I’m not really sure, I know we went to HL7 standards, I’m not sure we’ve been able to look at the NEDSS standards.

DR. LUMPKIN: Then my follow-up question is, because we have two national programs, both of which have some involvement in funding, and that is do you require compatibility with the NEDSS standards as a criteria for getting funding either for immunizations or the birth defects registries?

MR. EDMONDS: For the State Birth Defects Surveillance Programs we don’t have a requirement that they report to us, we’re assisting them in developing programs for state use.

DR. LUMPKIN: But you give them money.

MR. EDMONDS: We do give them money, yes, and we are developing standards and guidelines through the National Birth Defects Prevention Network, so we’re heading there.

DR. LUMPKIN: I’m going to kind of pin you down because you didn’t answer my question, because those standards as I’m quite familiar, very much like the infections disease standards and so on that are developed with CSTE, are not necessarily NEDSS compatible standards. I mean they may be but they’re not necessarily. So the question is do you require as a condition of accepting funding that the systems that are developed are NEDSS compatible?

MR. EDMONDS: No, at this point we do not.

MS. WILLIAMS: For immunization registries we do not make that a requirement to use the NEDSS standards, although I think Dr. Loonsk was saying earlier that PHIN is, I guess they’re going to be working with NEDSS and I know that some people in our organization are going to be working to collaborate on those efforts.

DR. LUMPKIN: I’m not saying that in a critical sense because the NEDSS standards have only been out for a year or two and so it’s a question of at some point are we going to harmonize the system if conceptually NEDSS is considered to be the core of surveillance systems, of which registries are a piece, then we have to think about a strategy to begin to do that harmonization.

MS. O’CONNOR: In a cancer registry, in the development of our electronic pathology laboratory system, we are working with the people that are using the NEDSS standards so hopefully we have with this collaboration we’re pretty much aware of what they’re doing.

DR. LUMPKIN: Great. Well, thank you very much, I think this panel has been very, very useful for us as we continue our deliberations. We’re now going to move to a lunch break. We will start at 1:30. Again I would like to remind everyone that we want to start on time so we can end on time for those of us who have airplanes to catch. Thank you.

[Whereupon, at 12:36 p.m., the meeting was recessed, to reconvene at 1:44 p.m., the same afternoon, April 22, 2003.]


A F T E R N O O N S E S S I O N [1:44 p.m.]

DR. LUMPKIN: Ok, we are going to get started. We have a full afternoon of all sorts of good stuff. Let’s see, we’re going to go through the first three speakers, take a very, very short break, which means long enough for the folks over there to take their break, and then we’re going to re-continue, so that will be about five minutes and then we’re going to go on because we do need to adjourn very close if not a little bit before the scheduled time for people who have airplanes so we want everyone to be able to participate in the discussion. I just wanted to mention one item. In some of the draft agendas we’ve put out there was discussion about potentially having some recommendations that would go to the July meeting of the full Committee, I’m sorry the June meeting of the full Committee. I think that we probably should look at developing those recommendations at our group meeting in June and then bringing them to the full Committee in September, for the September meeting.

Ok, if I can ask the panelists to introduce themselves so that the folks on the internet can recognize their voices and then we’ll start off with Claire, who will be followed by Claire.

DR. BROOME: I’m Claire Broome, advisor to the director of CDC for integrated health information systems. And John’s allusion is to the fact that I’m actually combining two topics into one integrated presentation.

DR. LUMPKIN: We like that kind of integrative approach.

MR. HALL: I’m John Hall, I’m with the state of Nebraska, I work for the state epidemiologist and I’m the NEDSS coordinator, assisting with implementation of the NEDSS based system in Nebraska.

DR. LUMPKIN: And for those of you who may not have recognized that voice, that’s Kepa Zubeldia who’s a member of the Committee who is not here physically, but is here virtually. Claire.

Agenda Item: Panel 3: Public Health Surveillance and the NHII - Overview of System/System Deployment - Dr. Broome

DR. BROOME: It’s a real pleasure to have the opportunity to update NCVHS and particularly this Workgroup dealing with the NHII on how things are progressing with our commitment to have public health surveillance based on systems which use standards for interoperability and in fact the standards which the NCVHS has recommended. So I’ll be talking about very specifically how we’re approaching surveillance through the National Electronic Disease Surveillance System, which is a component of the Public Health Information Network that you heard about this morning. So some of this I’m very briefly going to go over information that you’ve heard before, so the slides may look a little familiar, but I will try to add in additional information that has become available as we’ve moved ahead with development and deployment, and then I will bring you up to date on where we are with the deployment activities. And then John actually will really be providing the actual experience with a state which has been a real collaborator basically the beta tester for the NEDSS based system that I’ll discuss.

So you’re all very aware of the limitations of our current approach to surveillance, the multiplicity of categorical systems, the fact that some of the information still comes in by paper forms, it’s not timely, it’s not complete, we’re getting a lot of push back from our partners in the health sector who find their burden on respondents unacceptable, and our systems are for a long time have been pretty similar to what was used in the 19th century rather than what we’d like to see for the 21st century.

To remind you of how NEDSS is trying to address these issues, this is a broad initiative, it is not another stovepipe system, and it has been developed using the national data and information system standards that you heard about from John Loonsk this morning, and in fact the NEDSS standards were subsumed into and are part of the Public Health Information Network standards. These standards are directed towards surveillance at the state and local health department level, because that is the unit in this country responsible for public health practice and public health surveillance.

The data standards have both a conceptual data model and then that’s been taken down to the level of both the logical data model and also the physical database model for the NEDSS base system. This was derived in the context of the HL7 reference information model, but one of the points I’d like to make is that these are both evolving models, and it has been a real challenge to try to think about how these can evolve harmoniously. We have a number of CDC personnel who participate actively in the HL7 process including membership on the Board of Directors, and we’re very committed to being compatible with the HL7 rim. But we have identified areas where public health has data needs or relationships among data elements which shall we say stretch the rim and I think it’s important to recognize the need for thoughtful versioning and compatibility and that it’s going to be an ongoing challenge. As I mentioned the NEDSS system architecture is basically a core part of the Public Health Information Network architecture which is posted on the CDC web-site and referenced in my Power Point.

One of the critical tools that we see as part of this real transformation of public health surveillance is the utilization of electronic data transfer to the health department from the health care system using the messaging standards that this Committee has endorsed and that are the HL7 messaging. Let me just mention also that we recognize the need to support our public health partners in participating in a messaging architecture, so CDC has developed an EBXML routing mechanisms, it’s totally independent of the NEDSS base system, but it basically provides an EBXML application that can be used basically as the secure authentication and transport mechanism for these messages, and we’re pilot testing that with New York State currently. It will also be used by the NEDSS base system but it is completely separable from that because we recognize that the messaging standards are really the heart of what we’re trying to do. Obviously a lot of attention paid to security standards, I’ll provide a little more information on some of what we’re doing there. And even though this has started as a way to basically replace the current plethora of infectious disease surveillance systems, it is in no way specific to infectious disease, and we’re doing some activities to move beyond the infectious disease area currently.

This is just the overview, unfortunately my laser pointer is a favorite toy of my third grader, and it seems to have disappeared from my briefcase. But in any case, this just shows a schematic of what the architecture looks like, and the only points I’d like to make from this schematic are that the kinds of messages that we’re interested in cover the full gambit of the HL7 suite of messages. So we’re working very actively with the 2.X messages from clinical laboratories, and you’ll hear a little bit about that from Nebraska, and the potential impact on public health surveillance. But we also are actively developing a version three message that will serve to notify CDC of the cases of notifiable disease, which health departments report to CDC, so we’ve been very actively engaged with HL7 in both developing the messages, the XML scheme, and also that will go into ballot at HL7. So this basically just shows that we’re working with a range of HL7 messages and we’re also looking to move beyond clinical laboratory data as the target for the messaging system and are doing some interesting pilot demonstrations with a broader range of clinical data.

One of the other points that I haven’t mentioned so far is also this does incorporate the PHIN concept of an LDAP(?) that can be sharable among different levels of the system and also among different systems that the health department would be using.

As you know, we started with planning grants to all 50 states and six cities and one territory in the fiscal year 2000, then we proceeded to have funding available to cover 36 jurisdictions. 16 of those opted to implemented state level systems that would be compatible with the NEDSS standards, so this is one approach that having defined standards offers. An additional 20 were funded who propose to use the NEDSS base system. In 2002 over a billion dollars went out to the states and local public health departments to increase preparedness capacity. The initial estimate was that 30 percent of that funding was going toward IT investments, and of course the grant guidance from CDC and HRSA incorporated the PHIN standards as a prerequisite for use of IT investment funding. As those of you who work in states know only too well, since the initial planning went on we have been overtaken by events like smallpox, vaccination strategies, and let alone SARS, so the actual demands and responsibilities for the states have greatly complicated this. John’s nodding his head, it’s an interesting challenge. It makes it all the more important that we do have some core funding for NEDSS which we can continue to try to use to leverage progress in the state and local health department information systems.

So the NEDSS base system as you remember is a NEDSS compatible system for state and local use that’s being developed by an experienced web software developer, the Computer Sciences Corporation, in close collaboration with CDC and with state and local partners. The base system includes as you’d expect core demographics, it is a person based system and it does incorporate the HL7 messaging capability. It’s also been very helpful as a specific implementation of the standards. As you know, standards are great but until you actually turn them into working systems I don’t think you’re really there, so this has forced us to wrestle with everything from the concrete details of the messaging implementation guides schema and the database model for the system. You’ll hear about the production experience in Nebraska and we are working on an accelerated deployment to the other 20 states. Version 1.0 includes the sort of standard up to 93 notifiable diseases as well as modules for more detailed information collection about vaccine preventable diseases, hepatitis, bacterial meningitis and pneumonia.

Just to briefly give you an overview of system security, one of the intents has been to have a system that was able to adapt to local circumstances, and to provide a very substantial degree of control for access to the sensitive information which public health receives. So there’s basically a four dimensional security model based on what program areas the users allowed to access, what geographic areas are appropriate for the user to access, whether the user has permission to view only, to edit or delete, and also which forms the user is authorized to work with. And of course all of this is keyed to the LDAP directory.

A couple of other points about the base system, it is as the PHIN standards build in, open architecture/J2EE, we’ve talked about the messaging a lot, and of course as a person base system it can handle longitudinal follow-up which is quite important for a number of public health functions such as follow of a TB case.

Where are we now? In 2003 the NEDSS grants offer the NEDSS base system to any interested state. We’ve received the applications from all of the states and are in the process of making those awards. We’ve also instituted a systematic change management process which includes state partners and also people from around CDC. We are tracking in Clear Quest the requested enhancements to the NEDSS base system, we’ve already incorporated about I think 85 of those inputs into, in the best Microsoft tradition, version 1.02, but more substantively we’re looking to have some major upgrades for version 1.1 which is due July 31st ’03 and then looking beyond that to incorporate broader functionality in 1.2 and 2.0, so we clearly recognize this as something that with our partners is an ongoing evolving process.

Of great interest to NCVHS is the issue of conformance testing. You all have asked us how are we going to know whether what is built in fact is compatible with the PHIN standards, whether it’s built by us or by our state partners. And we take that very seriously, we’ve explored a number of options. At this point we have a plan to do testing for message content and transport that is a near term deliverable and we also have a session at the PHIN conference which is coming up May 13th to 15th to discuss definitions and approaches to compatibility testing with our partners.

So a couple of other points I’d like to make in terms of how we’ve been approaching this and how it meshes with what NCVHS we think has been trying to accomplish. Obviously this does provide a specific implementation of NCVHS and CHI, the eGov project endorsed standards, and we are working with partners through both the eHealth Initiative and the Markle Foundation to encourage use of standards in clinical care services. We also of course in our work with our public health partners and in our funding documents are requiring the use of these standards, and also trying to facilitate the ability to use that software in many settings.

So how do we think we can help encourage progress toward NHII? We do think that this is a critical time. Actually when I made this slide it was the awareness of the need for preparedness. I would say right now the threat that we’re facing with SARS may be the even easier way to communicate to folks why this is so critical. We are actively involved in public/private partnerships because we recognize that the NHII is not about any one institution or any one area, it requires an active collaboration among all of the myriad partners who are critical accomplishing progress. But we do think that we provide both the ability for clinical partners to fulfill their responsibilities to the general public in terms of identifying notifiable diseases or newly emerging diseases or a previously undetected bioterrorist event. But we also believe that doing it using the NHII standards will decrease the burden on respondents and we’re trying to do this with our partners so that for example we’ve had an active collaboration with the FDA to develop a version three adverse event reporting message, so that again, a clinical care partner would be able to use similar tools and mechanisms for reporting thereby we hope reducing the respondent burden.

So I’ll stop at this point. Do you want to go ahead and do presentations, questions?

DR. LUMPKIN: What I’d like to do is to go to John, I’m going to modify the schedule a little bit, perhaps what we’ll do is about 15 minutes or so of questions after the two of you present, take the break and then we’ll take the second group.

Agenda Item: Panel 3: Public Health Surveillance and the NHII - Use Experience - NEDSS Base System - Mr. Hall

MR. HALL: Good afternoon. Thanks for the opportunity to come and speak to the group today. In 1997 the Nebraska Department of Public Health Laboratory located in Lincoln Nebraska was closed as a cost saving measure. The state public health laboratory function was then combined with the laboratory at the University of Nebraska Medical Center, a teaching hospital in Omaha about 60 miles northeast of Lincoln. The laboratory relocation severed many long established information channels and made public health data collection extremely challenging. Our state epidemiologist, Dr. Tom Safranick(?) saw the need and value of an electronic laboratory reporting system. With Tom’s leadership health and human services partnered with the University Medical Center and a local software company to develop a web-based laboratory data reporting in order entry system to help resolve these new problems. We call this system Phillip, it’s operational and it continues to grow and provide a vital service.

Later when we saw the opportunity to participate in the NEDSS base system we knew immediately that the NEDSS base system was something that the state of Nebraska wanted to do. We made a successful grant application to the CDC and are now one of the first states to implement the NEDSS base system.

This is how our state public health surveillance organizations are organized. The state population is approximately 1.7 million persons. Douglas and Lancaster Counties, Omaha and Lincoln, represent our two major urban centers. These two health departments perform surveillance within their counties. The remainder of the states’ counties are covered by the state Health and Human Service Public Health Assurance Division. While we do have other organized county and regional health departments, it has not been feasible for these agencies to engage in surveillance, and that’s generally because of the low population densities in other parts of the state. This may change as rural and urban populations shift, we may see an increase in the number of public health surveillance entities in Nebraska, and this is an important point, not to be ignored in the design of the NEDSS base system.

Our main collaborators in Nebraska are the two county health departments, the University of Nebraska Medical Center, and the State Information Management Services. The management and staff at these organizations have made a huge contribution in time and energy to the project. We would not be as far along today without their help.

The University Medical Center provides key elements of NEDSS base system infrastructure and management support. The Medical Center is also Health and Human Services partner in the development of the Public Health Laboratory Information Program that I mentioned earlier called Phillip. Like I said, Phillip allows internet ordering of public health laboratory tests and the reporting of those test results. The development of Phillip was a fitting precursor to the NEDSS base system rollout at the Medical Center’s location.

The Nebraska State Information Management Services developed our single site log on portal, we call Guardian, which I’ll describe later. The Information Management Services will also provide key infrastructure support for the NEDSS base system as we migrate the NEDSS base system to their location in Lincoln. I must also mention the Computer Science Corporation and its field deployment team. They provided strong and high quality support during the system implementation and have been an excellent partner.

This slide is a real world example of what we’re trying to avoid. The dates on this form show one month transpired from the time a sample arrived at the laboratory until the results were reported to Health and Human Services.

Early in 2002 the epistaff(?) at the three using organizations got their first exposure to the NEDSS base system. Upon the release of version 1.0 the pace of training increased in preparation to go live and to thoroughly vet the system. From the time we began using the pre-production system we conducted weekly teleconferences. The conference calls included end users, system developers, and project managers. These calls were very beneficial, many end user suggestions discussed during these calls were implemented.

Finally, on January 13th, 2003, the system went live. At Nebraska Health and Human Services Dennis Leschinsky, our lead epidemiology investigator, entered the very first case record into the NEDSS base system. We continued testing in preparation for the phase out of NETSS, one system NEDSS will replace.

These are the anticipated benefits to us of the NEDSS base system. I must add we are in the first stages of using the NEDSS base system and have not fully realized many of these benefits. Currently Lab Corp. is the only laboratory sending data into the NEDSS base system, and this data is currently moving into a test instance of the NEDSS base system and is not available to our end users at this time. We are planning to begin Lab Corp. data feed in our operational NEDSS base system beginning May 5th, after the latest version of the messaging system is installed.

We have three public health entities actively using this system, Douglas County Health Department, Lancaster County Health Department, and the Nebraska Health and Human Services System. And these are the disease categories that we currently track.

This is a photo of the activity as the first case record was entered, shown here Dennis Leschinsky at the keyboard, Sergei Lee of Computer Science Corporation, field team manager, Jeff Geering the Nebraska project manager, and Debra Horne a data entry specialist. Pretty dramatic.

These 3,000 records represent all our hospital, laboratory, and health care professional trading partners. Since January over 800 laboratory tests have been entered manually, and hepatitis represents our largest volume. Our live lab core data feed will be implemented in the first part of May, and this is where we’re at now and the future holds many challenges.

The most immediate challenge is the NETSS - NEDSS parallel testing. And the first test is to say NETSS and NEDSS in the same sentence. This testing is to verify system reporting to CDC. We currently enter data in both NETSS and NEDSS systems and compare the output data after it arrives at CDC. Each reporting entity then participates in a weekly conference call with the CDC and CSC and all the program managers to help resolve any discrepancies. And of course NETSS is one legacy disease reporting system that the NEDSS system hopefully will replace. We also need to do data validation by comparing our current incoming paper with our electronic laboratory data reports as they arrive.

Our initial end user acceptance has been excellent. Our health department partners are eager to learn and use the system. If electronic lab reports contain insufficient information automatic routing to the proper program area will not occur, this task will then be accomplished manually. We have not felt the pressure of hundreds of lab reports coming into the system and do not fully understand the administrative burden this may present, and after going through this I realize probably what we’re going to have to do is establish some discipline on the part of our trading partners so we’ll see how all of that works.

State law does not specifically address, our state law does not specifically address electronic lab reporting. Current reporting rules presuppose the paper system. We need to rewrite our rules to facilitate electronic reporting and possibly offer some incentives to reporting entities. The very process of administrative rule change will provide an opportunity to solicit buy-in. We will need to be innovative in our approach to facilitate full participation by our public health trading partners. Only with adequate infrastructure, ease of use, and proper motivation will we gain their trust and cooperation. Even with highly motivated trading partners we will remain confronted with a variety of data streams. Moving the data toward a common standard will remain a challenge with a variety of solutions, and picking the optimum solution will require careful analysis and planning.

To assist in the smooth NEDSS base system implementation several individuals devoted significant time to the initial download of hospitals, clinics, labs, physicians, and other health care physicians. We hand entered several thousand records. To fully benefit from a unified NEDSS base system it would be very beneficial for the epistaff to have access to current and historical data. Much of our current epidata is stored in the NETSS and other systems while the NEDSS base system has reporting and analysis capacity it will be limited until the data stored grows or we incorporate legacy data. As lab reporting via the NEDSS base system continues and grows we need to develop procedures to handle those results for which a NEDSS base PAM has not been developed.

On the following slides I will provide some unique views of the Nebraska NEDSS base system and Guardian. Guardian is our single log on portal developed by our State Information Management Service, it allows our trading partners a single access site to each of our current web-based information systems, that being NEDSS, Phillip, and the Health Alert Network. It also allows tighter access control by system administrators. The Guardian system has growth potential and accommodates single site administration for access to many users.

This is a screen shot of our Guardian single log on site that provides access to the NEDSS and Phillip’s systems and can accommodate access to any future system. And then this slide shows Guardian access to multiple systems in administrative tools. These are hyper links, there in the center of the screen, and they will direct the end user to the appropriate system.

This is one of the NEDSS screen shots to allow those of you who have not seen the system to get an idea of what it looks like. This particular page is where you initially determine through a look up feature if an individual is contained in the system. This look up feature is for any person, either health care professional or patient, and a similar screen is for organizations, if you need to look up an organization.

We see the following areas of public health and vital statistics as having the greatest potential benefit through integration with the NEDSS base system. Most of these programs share the same infrastructure, personnel, and collect a common data set. It makes sense to move towards a common interface for shared data and we think the NEDSS base system could provide that common interface.

Now when I said that these systems share the same infrastructure, personnel, and collect a common data set, you need to remember that Nebraska is 1.7 million people and our state Health and Human Services we incorporate a lot of programs that in other states in parts of the country are housed in other cities, counties, so we do have a cooperative advantage there when we try to work with other parts of Health and Human Services.

And then this is a photo of one of our county health departments getting some training from Toni Desilvo(?) of Computer Science Corporation.

Now if I might I’d like to just show one slide here that is an output of the NEDSS base system that shows the different diseases that have been entered and tracked into the system. Let’s see if I can do this. This is a report that was generated by the NEDSS base system with a reporting utility and it shows the different diseases that have currently been entered into the system.

Thank you.

Agenda Item: Panel 3: Public Health Surveillance and the NHII - Questions and Discussion

DR. LUMPKIN: Great, let’s go to questions. I just have a couple of quick factual questions, and maybe I missed it, the individual providers of health care also report diseases --

MR. HALL: Excuse me?

DR. LUMPKIN: Individual providers of health care report diseases, like for instance group A strep invasive is not a laboratory diagnosis, it would be a clinical diagnosis, so the normal reporting mechanisms of doctors and --

MR. HALL: We need to remember this is data that has been entered by our epistaff and they’ve done some leg work on these cases, this is not the result of a direct raw laboratory feed, so this is a result of an investigation.

DR. LUMPKIN: And the laboratory reporting that’s going to go into place I think May 5th you said, is that going to be a batch mode reporting or is it going to be interactive? So does someone at the lab have to enter in the reports or is this a tape to tape kind of thing from their system?

DR. BROOME: It’s an automatic messaging, using the message system that I described, the EBXML wrapper and then we worked with Lab Corp. to apply appropriate filtering to send reports of notifiable conditions, lab results which indicate notifiable conditions. And if I could just add in response to your first question we’re basically in a transitional era and the system is designed to support the traditional patterns of disease reporting by providers although it does of course permit those to be entered in a web based system. The part which really gets you into real time reporting is the electronic messaging from pre-existing databases. One of the enhancements would be to have a web screen on which providers could enter data that’s not currently feasible and even when it is you’re still going to have the problem of the providers actually taking the action to pull up a screen and enter so we don’t really see that as cutting dramatically into the problems with completeness and timeliness, we’re much more interested in continuing to work with clinical partners to enhance the ability to work with messaging from electronic systems.

DR. DEERING: This is a question for Claire, and there may be others in the room who know the answer to this. I’m interested in sort of the states interest in the utilization of the base, they’re take up of the base system because as I looked at your slides, back in 2001 when you first put it out there were 16 states that if I understand it correctly were going to develop their own systems, but that were NEDSS compatible, and that there were some that opted to go with the NEDSS base system. I think I heard you say that with the latest round of funding all states had applied to use the NEDSS base system. Is that correct and what does that mean?

DR. BROOME: No, what I was saying was that we basically made it available to any state that requested it, we basically said we’re trying to accelerate the capacity to participate in this system and also the base system is now at a stage where there’s something to deploy and so this year we did offer it to anybody who would be interested. As I said we’re still going through the applications so we don’t yet know how many states have actually requested it.

DR. LUMPKIN: Other questions?

DR. BROOME: One item I wanted to draw folks attention to, on the table which was up there I think it was 600 hepatitis C results, and for those of you who are not intimately involved in public health surveillance you might not have sort of recognized the importance of that, but in fact, 639. The issue here is I think it illustrates a way in which lab based electronic surveillance has the potential to really help public health with something that’s been very difficult to manage and that is it’s a chronic disease people get repetitively tested, you’ve got a lot of duplicate results, or not duplicates but results on the same individual, and you really want to know what are incident cases and you also want to know what is really one patient and how are they doing over time. It also is a very high volume disease, it’s also one where people may not know they’re carriers, so this system incorporates several possibilities. First of all it’s person based so it should help with the issue of linking the multiple test results to whichever patient they belong to within limits. Secondly, just the sheer burden of entering the data is taken care of. Thirdly, a number of these reports may come from blood screening, and people, this may be a way of identifying new cases that weren’t previously known the health care system or the public health system. So we think this is a very interesting area to sort of take a look at how it may change our knowledge of hepatitis C epidemiology and our ability to have our public health personnel actually think about what they should be doing as opposed to just being data entry clerks.

DR. LUMPKIN: I assume that obviously one of the key strategies in implementing NEDSS will be the migration of legacy data into the system and maybe you might want to comment since NETSS is also a CDC based, or new generate system, what the plans are to allow that migration and whether or not the migrations plan would include, migrate into a more standardized database so those states that are actually developing their own system would be able to benefit from that experience.

DR. BROOME: As you know, it’s a really complex area. We obviously have a lot invested in trying to facilitate the NETSS to NEDSS migration for lots of reasons, and we in fact are working out mapping strategies and tools which we think can facilitate that. It’s a huge undertaking as anybody knows who’s tried to do these kinds of systems. So we’re basically approaching it in several different ways, one is by helping, providing tools and helping with migration for the core legacy data sets. But we’ve also recognized that we cannot staff all of the legacy data issues but we are facilitating access to technical assistance to help states with legacy migration or integration with other systems that they would like to take on, so there’s a couple of strategies. The tools are certainly available. The folks in the epidemiology program office led by Robert Fagen and Dan Sosin have been very interested and supportive of this process and will continue to be involved.

DR. LUMPKIN: Thank you. Other questions? I think we all find this kind of fascinating. I’m just wondering that maybe perhaps at one of the lunches or something we may be able to see a demonstration of this at our next meeting, where we may have one or two computers set up at the Humphrey Building, if we are. But we’ll look into that and maybe we can have a laptop which can through the portal and allow people to sort of get the look and feel of this system in Nebraska, that might be a very interesting thing.

DR. BROOME: We could do that or else also we do have a demo that’s loaded on a couple of laptops, for places that may have challenges. But the other thing I was going to say, we certainly would welcome any involvement and participation in the Public Health Information Network conference May 13th to 15th, we’ve already got 450 people pre-registered, not pre-registered, registered, and I think it’s going to be a really exciting opportunity, lots of exhibits and demos, both of the base system but also of the state developed systems, also obviously extends to cover the alerting and information architecture aspects of PHIN so it’s not just NEDSS. And a lot of opportunity for feedback and looking at prototypes for enhancements to the base system, etc.

DR. LUMPKIN: Great. Thank you very much. We’re going to take a five minute break while the next panel gets set up and then we will return.

[Brief break.]

DR. LUMPKIN: We’re going to move forward with our final panel of the evening, afternoon, and once again I’d like to ask the panel to introduce themselves so the folks on the internet can recognize their voices.

DR. PLATT: I’m Richard Platt from Harvard Medical School.

MR. MORRIS: I’m Tim Morris from the Centers for Disease Control.

DR. SOSIN: I’m Dan Sosin also from CDC and the epidemiology program office.

DR. LUMPKIN: Richard?

Agenda Item: Panel 3: Public Health Surveillance and the NHII - BT Event Detection and Other Surveillance Using Health System Data - Dr. Platt

DR. PLATT: Well thanks very much for inviting me to speak with you for a bit. I’m going to talk about a number of incidences in which the private health care delivery system can play an important role in supporting public health purposes. The worked example will be of syndromic surveillance program that we’re developing with CDC for the immediate purpose of early detection of bioterrorism events, but before I get there I’d like to make a few comments about the really substantial opportunities that we have I think to establish partnerships between the private health care delivery system, particularly health plans, by which I mean that large motley group of organizations that in one way or another provide some form of prepaid health care for about 180 million citizens of the U.S. I’m not talking just about staff model HMO’s but virtually every kind of organized system of prepaid health care. They have three important attributes that I think make them the logical partners for the public health system. Perhaps the most important is that they deal with defined populations, and so there’s a basis of their work and their knowledge that is immediately translatable to a public health purposes.

The second, and the reason I think you invited me here today is I have a great deal of information about the people for whose care they’re responsible, about the health status of those people, their care, in most of the locations that care is delivered, and they know something about the outcomes of that care. But I should also say that they bring an invaluable additional asset which is the networks of providers and the access to members themselves because through them they are able to intervene to improve the delivery of care in a number of ways.

Now the National Bioterrorism Syndromics Surveillance Demonstration Project is a system that is based on office visits and calls to nurse triage and health information centers. This is a system that is completely transparent to the individuals who are either receiving care or delivering care. It involves about 20 million people in 50 states and we’re building a centralized reporting capacity for the organizations that participate. I should be careful with my verb tense, we are we think days away from having this slide, we’re exchanging test data sets at the moment, our goal has been to be live in April and I don’t know us to be going to fail that yet.

PARTICIPANT: [Inaudible.]

DR. PLATT: These are partners who were chosen because they were ready to participate at the time we were ready to get started. The partners are shown on this slide, they include CDC, the American Association of Health Plans, Harvard Medical School, my home academic institution, the health plans shown on the slide, and UPTOM(?), which is a nurse call center which operates in all those 50 states and is responsible for the large majority of the covered lives.

This map shows the distribution of the participating sites, the yellow dots are the health plans that are actively creating data, the blue dots are organizations that are in various stages of discussion with us, ready to start as soon as we can write a check, some of them in contemplation mode. And you can see the approximate density of the population, these are three digit zip code areas covered by UPTOM. So except in the small number of white areas there are some individuals resident in each of those three digit zip code areas.

The design features of this demonstration project are first that we are building it so that it is scalable to a very large number of data reporters, and our goal is to be able to accommodate as many clinical reporting sites as possible. Second, health plans, the only place data extracts on a server that they control, that is in our thinking through the organization of this reporting system one of the barriers that we saw to participation was reluctance by health plans to place what they consider to be not only confidential but proprietary data in a database that’s outside their control. And so we’ve organized this system in a way that allows them to put the data that are needed to create reports on a server that they control, and then the analysis and reporting are performed by programs that the data center provides to them. So their work is to create that data set on their own server and then we used internet based communications, we’re using the EDM XML communication software that Claire described earlier. The encounter level data stays with the health plan or the provider until there’s specific need for it by a health department.

Our belief is that this should be adaptable to a number of other uses. Let me show you in a schematic form what happens. The health plan extracts, assigns diagnoses during encounters, that’s work that clinicians do using electronic medical records or that nurse consultants do as they interact with individuals who call the nurse call centers, so that is their regular work, assigning these diagnoses and recording it in electronic form, there is no paper intermediary in these clinical encounters. Each night the health plan extracts from the days encounters the encounters that have a diagnosis code of interest. We’re using a set of diagnosis codes that CDC and the Department of Defense have developed. The software that we provide identifies new episodes of illness, that is finding not only diagnoses of interest but ensuring that these individuals have not had medical contact in the preceding six weeks for the same kind of illness. And it maps these individuals to the zip code in which they live, we can do this because these are defined populations, we know what the membership is, and so periodically we geocode all the addresses of the members.

All that takes place behind the fire wall of the participating health plans though remember that all they need to do is create that nightly extract, that’s their new work. The communication each night between the health plan and the data center is a report of count by zip code for each syndrome, so it’s just a set of numbers. The data center aggregates data from different reporters, in all the areas where we have one of the health plans there are at least two reporting entities, so we know both the population at risk in each of those zip codes for each of those reporters and we can put them together. And then we use that aggregated data each night to look for clusters, I won’t take time now though I’d be happy to answer questions about how we look for those clusters, but it’s among the most interesting things we do and we put that data on a web-site that has both public and private areas. When there is a cluster that exceeds a threshold whose size can vary according to the wishes of the health department in the area where the cluster occurs we are prepared to notify the health department using Health Alert Network or EPIX(?) or whatever the health department tells us it wants us to use, that there is a cluster in a specific syndrome of a certain magnitude in a specific zip code. Some of the plans are reporting census tracks so sometimes we have better geographic information about that.

We have the capability to use this two way communication between the data center and the health plans to instruct that server that has all of the encounter information to create a line list and to send it to the health department without any human intermediary. In fact the health plans have specifically not agreed to our using that capability, preferring instead that in addition to our notifying the health department about an alert that we use a similar mechanism to notify a clinical responder in the health department who will then communicate with the health department to exchange additional information. So this is an issue of health plan control over the data rather than a technical limitation.

We’ve worked hard to make this be both compatible with the systems that CDC is otherwise developing and to enable it to serve other uses beyond early alerting for bioterrorism. First we’re using the syndrome definitions that CDC and Department of Defense are developing. Secondly, we are flexible in our ability to add new syndromes. We’ve been running essentially the system in Massachusetts for about a year and a half and within a month of our activating it the public health department asked us if we could develop a new syndrome corresponding to influenza like illness, it was quite straightforward to do and so since November of 2001 we’ve been reporting influenza like illness through this system. We’re in discussion now about creating a syndrome that would correspond at least roughly to SARS. This has the potential for ad hoc queries, this two way communications capability allows us to transparently submit new queries to the encounter database that lives on the plan servers. This is NEDSS compliant, all the software is open source and the protocols and the code either are now or will be in the public domain.

It seems to us that there are a number of extensions that if this proves to be a useful system, and I appreciate that the issue here is not the technical capabilities but our deciding together that the information that’s obtainable at the level of syndromes really serves an important public health purpose. If it does it seems pretty straightforward to extend this general approach to ambulatory settings that don’t have defined populations, that would be important, for instance, for looking at say emergency room data, for using antibiotic dispensing data and the large number of fee for service care locations that still exist.

The advantages that we see of this distributed model in which as we think of it the information of interest leaves the health plans but most of the data stays with them are several. First, we think it’s consistent with most patients expectations that their confidential personal information will be used as sparingly as possible to accomplish public health missions. That’s important partly because we think it’s important to accommodate patients interest, party because the health plans care about that, that is when we have approached health plans they’ve been very thoughtful about it. They’re concerned at one level about the meeting legal requirements like HIPAA and it’s pretty clear that HIPAA isn’t a barrier to this kind of reporting, but the large number of other issues that aren’t legal barriers but are other kinds of barriers are concerns to them.

As an example the Scott and White Health Plan joined us a couple of months ago, they sought us out so they were interested in participating in the Syndromic Surveillance Program. As part of their press release they included this comment that I thought captured the sense of I think all the health plans, as important as this is we would not have agreed to participate if we could not retain absolute control over our confidential patient information. So the issue here is not whether they are allowed to do it, or even whether they could be persuaded to do it, because I think in fact with time many health plans might be persuaded to do it, but we were interested in getting started now, and this was a way that made it easier to do that. By the way, there are fewer requirements for data security, that is if we think in a HIPAA framework, everything that leaves the health plans is de-identified, that is these are simple counts and so they meet the HIPAA standard of saying there is not requirement for a waiver, there is not requirement for disclosure, this information is really de-identified.

And finally, because of this architecture health plans can have access to all the identifiable information as they need it, subject of course to the health plans agreeing to make it available, and the plans that are participating in this demonstration project clearly intend to make it available.

That’s all I intend to say for this moment about the Syndromic Surveillance Program but I do want to mention to you a couple of other kinds of uses of health plan data to support important public health purposes. I think maybe the longest running of them is the Vaccine Safety Data Link which is organized by the CDC through the National Immunization Program. That is comprised of seven HMO’s that together have a birth cohort of about 100,000 newborns per year, they follow this population through age 18, so there are at any given time about two million individuals, children, under observation. It’s been operating since about 1990 and has been the source of our best information on vaccine problems, for instance the demonstration of fibril seizure risk after DTP and MMR or the first good quantitative data on the risk of endoceception(?) after rotavirus immunization. It’s also been the source of really invaluable information that has shown that vaccines aren’t dangerous in ways that had been imagined, for instance showing that reliably that there’s no excess of asthma or diabetes after pediatric immunization.

The second example that I’d like to show you comes from an AHRQ and FDA sponsored program called the Center for Education and Research in Therapeutics, the so called CERT’s Program. It’s 11 HMO’s, ten million people under observation looking at therapeutics, and just to give you a flavor for the kind of information that has come from this kind of program that really is unavailable in other settings are these four percent of women have received an anti-depressant drug during pregnancy, class C drug. Two percent of children receive a drug that’s not labeled for pediatric use. And discouraging, five percent of the elderly have recently received a drug that’s on the always avoid list, clinical consensus never use these drugs in the elderly and one in 20 receives them.

Other kinds of contributions, these are all data rich examples that I’ve given you but I do want to mention that health plans in partnership with public health agencies can play an instrumental role in understanding the reasons for the success or failure of public health initiatives such as smoking prevention and cessation programs, long list of others, and health plans can be important agents in the dissemination and implementation of major public health initiatives such as cancer screening programs.

My conclusion is a simple one, I think there’s an enormous opportunity here. The private health care delivery system and especially the health plans that care for a majority of the U.S. population I think can provide unique support for public health activities.

Thanks.

Agenda Item: Panel 3: Public Health Surveillance and the NHII - Unique Aspect of BT Event System - Mr. Morris

MR. MORRIS: I appreciate the opportunity to speak with you today. I’m going to talk about something that’s been quite a bit in the news and is a pretty hot topic. It’s about bioterrorism response, in particular the information flow and data exchange that generally happens and although it’s not all automated, there is some infrastructure in place, some not. A lot of what I’ll be talking about is really the information flow and not so much the technology, although I would like to touch on some pieces of the technology, some high level requirements, specifically in the area of routing information because as you’ll see as we go through the presentation routing in an ELR sense from commercial labs to a NEDSS base system or in other situations is sometimes it’s straight line. In a bioterrorism outbreak information flows everywhere and there are many, many partners that are on the ground at the same time or participating and many laboratories in a bioterrorism even would be supporting the testing in such an event.

I’m just going to start off with the information exchange, things that probably everybody knows. Who can send and receive information? That’s an important thing, again, my theme will be routing of information and the policy of routing, because there are some real vagaries and some requirements there that we haven’t fully discovered yet and I think it’s important to do so. What information is exchanged? Again, at what level is there aggregate roll up, do you de-identify data for certain audiences? Again, in all of these bioterrorism events law enforcement will be involved because these are criminal events. When is information exchanged between specific partners appropriate? Again, that gets to who and where and what data is appropriate for what audience. And how is the information formatted and transported? This gets to the standards questions that Claire talked about some and the NEDSS presentation that are central to all of this.

This is an animated slide that will kind of depict a high level view of what might happen in an anthrax situation similar to what happened in 2001 with AMI where you had a person present with clinical symptoms, certainly an astute physician recognized this and there was follow-up done. So we would see that the person presents with the symptoms, state health department would be notified, they might notify CDC. And then specimens would be sent to a laboratory and the Laboratory Response Network. There is a laboratory group that is managed out of CDC that provides both validated tests and proficiency testing and the re-agents, and it’s a lab group probably around 150 or so laboratories around the country that can do different levels of confirmatory testing. So in this case it might be sent there. Results returned back to the clinical site, and then returned to the state health department. Or there might be an investigator on the site, at the clinical site that would get these results.

Of course, again, it would be a criminal event, law enforcement notified, federal response entities. Depending on the scope of this, because at this point with this type of situation, no source of exposure has been identified, you just have a case that is real. And just like in the AMI situation they identified in that case a second individual from there and so it was isolated to the work place. Response teams would go, be state or in this case assistance was asked of CDC so they responded, again you’re going to do a lot of environmental testing at the source. The major load in the anthrax situation was laboratory testing of environmental specimens. And just about every laboratory in the network of laboratories for the Laboratory Response Network were taking samples and doing assays, so it was quite a load and the information flow for that, again at the time with lack of infrastructure was on paper, was in emails, and it’s a situation where we need to get some enhanced infrastructure for it. Again, in this situation, you might identify the exposure cohort, provide intervention, and then report findings back to the state health department and possibly to CDC, depending on the field teams that are deployed.

And again, like I said in the beginning, all the response partners, I’m sure I’ve left some off of this list, but it’s quite an impressive list. And when you would think that all of these agencies might be involved in one event it’s pretty scary as far as information flow.

Information types that we would exchange, again, my background is laboratory science and what we’ve been working on quite a bit is with the Laboratory Response Network in moving laboratory messages. But again, you would want to be able to move case contact data, laboratory orders, results, intervention data, environmental data, and then spatial data here, not in the order of mapping, but when you describe a building and a contaminated building and the extent of exposure, to be able to define the number of people that really were exposed so you don’t provide prophylaxis to those that don’t need it, you want to know where the testing is positive and then for remediation purposes as well. And then as Dan will talk about the health alerts and the recommendations.

This is just a little animated slide to kind of give an example of what would happen. Let’s say there’s an event here in Tampa and they begin sending specimens to the lab in Miami, it becomes overwhelmed, then they start routing to Jacksonville, then to Columbia, and then possibly to the CDC in Atlanta. Now this could be based just on overwhelming load at the different labs, it could also be based on the levels of testing proficiency that each of these labs might be able to do. CDC did a lot of confirmatory testing during the anthrax events of 2001 and a lot of the characterization of isolets(?). And so what this is meant to give an example of is that in a lot of cases states might be building infrastructure to communicate with their laboratories within their state and then with the NND messages to CDC, maybe with Lab Corp. and some other large commercial labs on the receive side. But what this means is that due to the distributed nature of the load of testing, any public health entity would need to be able to send test orders and receive information from any one of the labs on the Laboratory Response Network, depending on how the event unfolds.

And this next slide just talks about some of the routing requirements at a high level. Again, any health entity to any Laboratory Response Network lab, and obviously they might exchange data with entities outside their jurisdiction, both laboratory data as well as you consider an outbreak in a place like New York City where you have several states and jurisdictions that are very close together, many of those people work in New York City. Case reporting, notifying health departments of the people where their state of residence is or their jurisdiction.

Default routes must be supported. There’s going to be some partners that different labs and different public health departments routinely exchange data with but then during events temporary routes should be easily configurable for during an event.

Talking more about routing infrastructure, information flow in emergencies must be close to real time, this really drives to both standard transport and standard content, because you don’t want to be mapping and trying to decide how you’re going to move information during an event.

Emergency data exchange partners may not be the same as routine partners. And this is an important one as well, as the same network should be used for routine and emergency data exchange. There are a lot of different systems out there, you look at LEXNET(?) for food safety, you look at many different things, and a laboratory might be cross function, they may be a vet lab, they may be doing public health human specimens, they may be part of the Laboratory Response Network, or be a food lab, and you don’t want them to have to deal with many different conduits for moving information, so this is an important one to make sure that we can accomplish.

Collaboration agreements, again, may not be in place. This gets to the point that the clients that you exchange data with are not always going to be same as they are, you might have some defaults but it will change.

And our network, the PHIN must support dynamic registration of new nodes because as we evolve this network you don’t want to maintain all the information on the client of what nodes are available for you to exchange. And so as new sites come on line as a data exchange partner whether it’s LRN labs or state health departments or other nodes that the rest of the clients in the network need to be able to discover that.

And that gets to supporting dynamic discovery of new nodes, and services. The second level of that is services where you could say well I can receive and parse a message of this type, or I can’t parse it but go ahead and drop it in this garbage can and I’ll do what I can with it. Or some might just set up something to say I’m just receiving, send me everything and I’ll do with it what I will when it gets inside. Inside the fire wall of the state or laboratory there’s a whole host of complexities about routing information once it gets into systems or directly to systems that I won’t cover here but needs to be looked at.

And another big one at the bottom is the network must support authentication across multiple security boundaries with a single set of credentials. This is one of the most important things I think because you don’t want to, if you’re going to communicate with 50, 60 different entities plus 150, 200 laboratories, when you’re exchanging that data you don’t want to have authentication credentials for each one. You need to be able to, just like you log on and password, if you get on the network you log on once and you can go and you’re granted access to different resources.

And how do we do all this? Interoperability, obviously, again it’s what the PHIN standards are about. And there’s two different types here, one is the physical and the other is semantic. In the physical it’s more about the transport, the EBXML, the security encryption, PKI, directory services, LDAP. And the service repository here is really related to the EBXML which is part of that standard for exposing services and other data about the EBXML protocols.

And then semantic again, is the terminology or vocabulary with LOINK, SNOMED, others, and the list goes on there. Formatting, again HL7 version two and three messages and parsing. But it’s important to note the distinction there. The physical, the message that goes in the EBXML wrapper. EBXML is agnostic to what’s in it, it’s just the transport, but we do need compatible transport so that you’re not trying to map to different services on the fly.

Open issues, again, routing, I talked about this a lot, is state and local laws governing data. Other laws, just the general issues that we always face here but in a much more dynamic situation, and how can we in an emergency move this data to be able to respond quickly.

Authentication, again, that’s about the credentials and single sign on. Infrastructure, again, gets to a common vision of what the PHIN needs to be as a broad implementation of standard transport, implementation at the state and local level and others. Vocabulary maintenance again is a big one on the terminology or formatting side so that, for things that we send regularly we can have some standard coding systems and make sure that those are used in the messages that we exchange.

Another really big one is identifier name spaces, both for organizations, people in the directory, but when you get down to messaging it goes down to the instance of the messaging system that you’re using, that you have to identify in the directory and other spaces. When we looked into a lot of the business requirements for laboratory messages in this type of dynamic network laboratory specimen excessioning(?), again tying, because you can have different systems at different places that will assign the same excession(?) number. You have to have some way of identifying the names space so that broadly across, as it jumps to different places, the context for that specimen can be kept. Case identifiers again, and then like I say the context across multiple clients for the name spaces.

The keys to success just to kind of sum up are implementation of standards. I know you hear that all the time but it can’t be understated. Discovery and implementation of routing policy and procedures. This is large because we can build technology to move data but people have to have the trust that the control are in place, that the routing is there, and that they are in control of where their data is moving, and that’s a very important piece that we need to, it’s not fully discovered yet but we need to do so.

Expansion of the infrastructure in general, local levels, state levels, federal levels, and all the clients. Available expertise, state/local across the board, again, for both the messaging content and the implementation of the messaging components, laboratory systems, integration, NEDSS compatible system integration. And the other one, like I said, one of the bigger ones is the central authority for authentication credentials and identify binding.

Thank you.

Agenda Item: Panel 3: Public Health Surveillance and the NHII - Alert System - Dr. Sosin

DR. SOSIN: Well good afternoon. It’s a pleasure to anchor your other stuff panel. It was clearly a very challenging day for all of you so I’ll do my best to stay on time if I still have any? Do I have time still?

I learned two lessons recently and I apologize for both of them. The first when I came in was that you’re a small group and you appreciate handouts, and I didn’t bring those but hopefully Steve can get whatever you need subsequently to you. The second was that I should never ad lib when I’m giving transcribed hearing presentations, so I apologize for that but I will try to keep it from getting too dry.

As a part of a recent effort coordinated by CDC with state and local health departments intended to strengthen infectious disease detection efforts in major metropolitan areas, CDC worked with eight large cities, metropolitan areas to asses their epidemiology and surveillance capacity for bioterrorism surveillance, and to identify some short term technical assistance opportunities. Teams were made up of a mid to senior level epidemiologists, a public health advisory, and an informatics fellow, and the teams visited the cities, conducted interviews with key staff, and completed a 70 page interview instrument that was structured around the BT guidance, there you go, 70 pages, but it was in-person interviews so it wasn’t that bad. And it was multiple different people so it wasn’t that bad. And 50 of the pages were the data sources issues, so if you didn’t have one you didn’t have to answer those sections.

The survey was structured as I was saying around the BT guidance that came out for the cooperative agreements out of the Department of Health and Human Services in the focus area B, and addressed training for public health staff, addressed notifiable disease education for clinicians, addressed alerting within the public health community, and alerting between public health and the clinical community. It addressed routine reportable disease systems, notification systems for disease reporting, 24 hours a day, seven days a week, so these 24/7 reporting systems as we refer to them. And it conducted an inventory basically of data sources in use in the cities to support early detection of disease outbreaks.

Through a process of reviewing the combined results from these eight cities, and meeting with the cities and their respective states, we identified clinician alerting and 24/7 call systems as a critical dyad in support of timely and sensitive disease reporting between clinical medicine and public health. These two public health functions serve as a vital link in an information exchange loop, wherein public health can alert the clinical community of threats or risks for disease transmission, effecting changes then in clinical practice behaviors, and the clinical community can readily reach public health experts for reporting and consultation. I will focus now on the alerting arm.

This matrix, which is visible, good, summarizes survey results for the eight large cities by categories, and this is just the alerting section of that matrix. There were four groupings of questions around directories for clinicians and for public health and emergency response staff, alerting mechanisms for clinicians, internet availability and the local health department, and the use of EPIX for security communications within public health. As you see in the first three rows, or first two rows in particular, there was significant limitations in the completeness of clinician directories, especially primary care clinicians, although also facility based clinicians.

In the second grouping you can note that fax systems for alerting the clinician community were most prevalent, although there was considerable variability in the communities ability to get rapid faxing out given the limited number of phone lines in the facilities doing the faxing, and for some sites relationships that the cities had with third parties like the Medical Society to get the alerts out. Email was seen as the most promising technology for blast messaging, but noted to be of limited use currently in daily clinical practice and short supply in the directories.

In the third grouping internet access is available in all the city health departments as a venue for posting and sharing information, although desktop access was limited in three of the eight cities, those L’s reflect limited, X’s indicate an activity in place, and blank indicates that it’s not in place.

Also EPIX was noted to be accessible in seven of the eight city health departments, however, limitations were noted with respect to the number of staff in the local health department with access, and with respect to training, particularly around security implications for using EPIX.

In narrowing then our focus for technical assistance to clinician alerting in these 24/7 call systems, we drafted a set of proposed standards and possible solutions with an emphasis on solutions that could be applied with minimal additional effort to an unlimited number of cities that might be interested. The proposed standards concerning alerting mechanisms included having two or more mechanisms for alerting the clinicians, such as fax and email, having a well defined alerting protocol, have an ability to distribute messages within two hours for those most urgent messages and a variety of other such standards.

Clinician directory standards included items such as procedures for updating directories on a regular schedule and removing duplicate entries, aiming for at least 75 percent of clinicians in the directory overall, and a 100 percent of key specialties such as infectious disease experts. And including specialty information and discipline information in the director as well as multiple mechanisms for contacting the clinicians. We also included some standards around EPIX because local health department access to timely and critical public health alerts is a key step in providing alerts to the local clinical community. John?

DR. LUMPKIN: I’m not sure we’re all familiar with EPIX, could you just take maybe two minutes and maybe describe that?

DR. SOSIN: Well, EPIX is a secure network for sharing information within a defined public health community, there’s a process of applying, of getting access to EPIX, and then it allows for exchange of information within the public health community that would not be readily sharable outside that public health community. So interests are defined when you sign up for EPIX in terms of the areas of interests, whether that’s infectious diseases or occupational health, etc., and you can receive alerts when the posting occur in those areas. You can post information when you’re in the midst of an investigation, you think that others should know or be looking at this, or you want to hear from others, are any of you looking at this similar kind of an issue. It’s a web-based, internet based forum for having that kind of exchange. But it is limited access and it’s a secure access which is in many ways its impediment to use is the security that comes with having that secure exchange forum. So it’s intended to support alerting in a pre sort of public, when you’re not ready to have that information shared beyond the public health practitioner community.

After establishing or laying out these proposed standards and possible solutions we revisited the cities to review these standards with them and the solutions, and assess their current capacity to achieve them. Most of the standards were acceptable goals for the cities, but not yet achieved. We received input on possible solutions to help meet those standards.

As a result of this city input CDC leadership chose to focus technical assistance for clinician alerting on supporting alerting message templates for urgent communications with clinicians, that is the format and content that would be modeled in these alerts, on exploration of commercial clinician databases as a way to seed clinician directories, and on brokering a communication technology services contract so that jurisdictions can contract directly for standardized alerting services as needed to meet otherwise unmet standards. This contract is intended to maintain local jurisdiction over and affiliation with the alerts, while assuring that technological capacity for rapid broadcast is available via multiple mechanisms. Additionally we have arranged for direct technical assistance in these cities with EPIX to enroll key staff as identified and getting state support for that. And then to provide training to the local health department as necessary.

CDC leadership also identified, just to give you a sense, priorities for technical assistance in 24/7 reporting systems, model triage protocols for handling calls routed through an answering service to assure that the appropriate calls get urgent health department attention, drafting performance criteria for 24/7 systems to support testing and improvement of these systems, and a similar communication technology services contract for handling dedicated 24/7 disease reporting lines. These technical assistance activities are currently underway, we’re receiving comments from within CDC and the city and start partners through an EPIX forum.

So some key lessons we’ve learned with respect to alerting include that alerting serves multiple functions, or at least two key functions at the local level. One, to assure timely communications between public health and clinical medical that can affect changes in practice behaviors, such as testing behaviors or reporting by clinical medicine. And two, to improve reporting and consultation by building stronger relationships between clinicians and their local public health partners. So the obvious one is the first one, that there’s a communication link and information to share. The less necessarily obvious one is that this mechanism of alerting has served and is viewed as an important link between the local health department and the clinician community. Consequently, federal support for alerting should strengthen the local health department relationship with clinicians in their community, not supercede it by becoming the primary source of information. Timely public health information is an important currency for local public health to build credible links to clinicians that will foster better reporting and consultation relationships. Special attention is needed to build the system this way rather than a path of less resistance which routes key public health information directly from federal public health to practicing clinicians.

Additional lessons learned include that while many cities focus on building relationships with their clinical communities around the terrorism preparedness activities, city clinician directories were deemed inadequate by all but one of the cities. This was especially true for reaching primary care providers in the community. And despite the limitations of fax as a modern communication technology, it appears to be the most prevalent means of quickly reaching clinicians, practicing clinicians today. Even so, an ability to broadcast most urgent alerts within two hours is limited at the city level.

Additional guidance needs identified during the assessment included a need to define common levels of urgency for alerts, and also that they can be linked to attributes in the clinician directories, and thus simply distribution at a given alert urgency level. The need for additional IT standards concerning confirmation of message receipt and management of distribution lists such as the de-duplication of repeated numbers and addresses. And the need for alerting protocols that help script in advance the conditions for alerting, defining which messages are suitable in which situations.

Lastly, we conducted a generalizability study of the eight city results. We shared the assessment results with 12 additional large cities, and surveyed them regarding the applicability of the results to their own jurisdictions. We found that the range of detection, surveillance capacities, and priorities for technical assistance were similar in the additional 12 cities as with the first eight. We also found that no substantially new requests for technical assistance were identified by the additional 12 cities. So basically we heard it all in the first eight.

While nine of the 12 cities concurred with clinician alerting and 24/7 reporting systems as being the top priorities to strengthen disease detection capacity, guidance on syndromic surveillance was the most common request outside of these areas.

We have thus concluded that the detailed assessments we conducted in the eight cities are reflective of the epidemiology and surveillance capacity for bioterrorism detection in most large metropolitan areas. We consider this information to be a rich resource to support technical assistance to improve surveillance preparedness in cities.

Thank you.

DR. LUMPKIN: First before we get into the final question period I did want to thank Steve and Michele for putting together the excellent panels we’ve had all day, it’s really been quite a worthwhile venture. Thank you. Seeing no questions, Ted?

Agenda Item: Panel 3: Public Health Surveillance and the NHII - Questions and Discussion

DR. SHORTLIFFE: I had a question back for Dr. Platt and your discussion, so I’ve been saving it but I think it’s still relevant. You described this interesting way of soliciting the involvement of the plan epitomized by that Scott and White quotation in your talk. But you also emphasized that if there were a public health need to go back and get individually identified data that there were mechanisms by which the public health departments could go back to the provider organizations if I understood correctly. So I’m wondering, and maybe you stated it but I didn’t catch it, what kind of prior commitments do you have from the participating health plans about their willingness to accept such queries? And what are the criteria for when one of those is viewed as appropriate and are there sort of up front agreements about when there will be a suitable response versus those kinds of requests, because ultimately this is the issue that often comes is what if I really need to find that patient that is captured in this data set, and then suddenly the issue of access to that private information has to be dealt with.

DR. PLATT: All of the participating plans have made a commitment to provide 24/7 coverage by a clinical responder, an individual who has full access to not only the data that live in that daily extract but the full text records that are contained in the electronic data system. And our view is that once there is an alert then all the existing public health reporting requirements and relationships kick into effect, so our view is that this sort of separation of the data creates sort of two bins. One that we have determined to be completely de-identified, and the rest of the data exchange falls under traditional public health private health care delivery system interactions, triggered this time by much better ability to know that there’s something about which to have a conversation.

DR. SHORTLIFFE: Understood and that makes perfect sense, but it does point that your improved system for gathering the data in a de-identified way may trigger more such queries or more specific such queries and that might in certain settings lead people to be cautious again about participating, I guess that was what I was anticipating.

DR. PLATT: Fair enough. This is really unknown territory so I can’t tell you how all those interactions will play out. So not having a lot of work examples it’s a little hard to know. I think all of those responders are expecting to be responsive to queries from the public health departments. The part that we have really fleshed out is the ability to construct new ad hoc queries of the extracted data that the health plans control and so those are sort of to be determined. The technical part is extremely straightforward and it would look from the public health agency’s perspective as though they were just typing a regular old query and they’d get a response back with no noticeable delay. The permissions to use that, though, need sorting out. Our view is that that’s more likely to happen if the plans understand that they have some control over that then if we ask them to make a commitment up front, but it’s really a moving target.

DR. BROOME: I also think that that what’s been learned with some of the syndromic surveillance that’s been done is that you may not a custom investigation in response to an alert, it may be sufficient to get a line listing of a little more information about the geographic location, the age, the clinical syndrome and that may be sufficient either to say gee, something’s really going on that needs investigation or to say that this is just noise. I think that will be helpful in allaying the kind of potential for increased burden.

DR. PLATT: Thank you. In Massachusetts we haven’t had to go beyond those line lists, in every instance where there’s been a concern the line list has been all that’s been needed, and those are created every day, they sit on the server, they’re ready to transmit as soon as there’s a question.

DR. HARDING: Ted asked my question much better than I could have but I have just a quick question. When the health plans forward a “cluster” and it’s picked up, what’s picked up? Is it an ICD diagnosis or a set of symptoms that’s picked up? How would SARS have been picked up? Would it have been because everybody was coming in with 100.4 temperature and cough and been in Asia or would it have been an ICD code would have said a pneumonia or what?

DR. PLATT: Most of the plans are using ICD-9 codes and so what’s extracted are ICD-9 codes and vital signs, so there’s a measured temperature and diagnoses. The software we provide them aggregates those encounters into syndromes and we’re using the mapping that CDC developed. The nurse call center doesn’t use ICD-9 codes, they use a different clinical guidelines system that we’ve mapped to the syndromes. It’s possible to drill back down but sort of the line lists that we create though preserve the ICD-9 codes that were used, so when there is a cluster it’s possible to see what the assigned diagnoses were, and so a SARS like illness/syndrome might require a fever and a diagnosis of cough or shortness of breath, things that are recognized to be part of a syndrome. There is no ability to capture a travel history in this.

DR. BROOME: Partly with Rich’s system it works very well because they’re ambulatory visits. When you’re restricted to ICD coding in a hospitalized patient, of course, that doesn’t arrive rapidly enough to really help with real time detection. So certainly one of our messages to the Committee and anybody who’ll listen is the sooner these broader use of standards based electronic records the better. But the other point I wanted to make is in addition to vital signs, which is actually not that commonly available but Rich’s group is able to obtain in ICD’s, we’re also looking at other electronic sources like test ordering, and that could be another source that in some instances is electronic and could be a good tip-off for a severe respiratory illness like orders for blood cultures, orders for respiratory viral testing, orders for the new SARS test when it’s available.

DR. PLATT: Actually thank you again. Claire’s suggestion we actually built that into our system, it wasn’t part of our original specs, so we capture all the CPT codes for diagnostic testing, and I think the line lists, those are built into our syndrome definitions but the line lists show what tests have been ordered, so that was a change on the fly since we got started.

MR. HUNGATE: I am impressed by all that I hear. Let me try to put a lay person patient spin on it that comes from a privacy point of view and get your reaction to that. I think there’s kind of an enigma in that the better the system works in identifying the points of interest the more probability there is that some individual is going to get called by somebody that’s a surprise, that the better the system works the greater the fear of the system may be, surveillance itself almost implies big brother. I hear you talk about EPIX as a secure communication system, but how do you convince me as a lay person that that’s true, that it really is secure? There’s a problem here that I think people that are very close to the issues think they’re doing a good job but those that are far away from it have no way of knowing, have no way of assessing. So how do you deal with that?

DR. PLATT: Well, one level is to say that the only time that those identified discussions take place is when there’s something unusual, which is unusual. It’s part of what’s given the health plans some comfort in participating, is they don’t envision having to defend a policy in which every encounter with belly pain results in an identified record disappearing into the public health system no matter how well maintained. And it’s their belief that it’s sort of community standard that would pass the sniff test for them to be passing identified information when there appears to be an unusual cluster.

DR. BROOME: I think we have an enormous challenge both to ensure that our systems are secure and that they collect the minimal data necessary to fulfill important public health functions, but also to communicate effectively about what’s being done. And I think there’s various approaches that we have taken and will continue to take. I guess some of those can be based on collecting what’s essentially a minimal data set or in some cases fully de-identified data. But I would hope there’s also, the flip side of it that this collection really is targeted for the public good and it may be very important for folks that we have our finger on the pulse of where SARS may be showing up, and I think that there’s an opportunity to educate people that public health has a long history of having individually identifiable information and respecting the need for security of that data and also of being able to communicate reasonably diplomatically.

MR. HUNGATE: I heard it but my experience with serious issues is that when somebody else gets control of the agenda you lose control, and that headlines are critical. So if SARS is a place where this is really important and it’s really visible, then it seems to me that Nightline coverage of SARS and how the new neighbor of information about what’s going on lives with me daily, deals with the tensions in a very public way before there is very much problem we can anticipate some bad reactions and it seems to me getting them dealt with in the USA Today format rather than a public health education format is kind of what I’m arguing for. I don’t know how to do that, I just kind of feel like we need something that communicates in a very simple way.

DR. SOSIN: It’s a really nice point and I think for me it helps to distinguish security of data from the public health function which requires actually contacting folks. When New York City looks at some of their syndromic data and they have to follow-up and they call people, they call people and say we notice you were in the hospital, we were checking to see how you’re doing now and to make sure that it’s nothing that’s lingered, that they have a protocol for actually doing that follow-up. But that is a routine function of public health departments, a contact around communicable diseases, diseases of public health importance, to be able to contact the public and gather additional information to assure the broader public safety. And being able to communicate that issue as distinct from the data management security issue I think is an important way to address it too.

DR. LUMPKIN: And just to put that in a somewhat broader perspective, there are over 100 different disease diagnoses for which today before the development of these systems people may be contacted by a public health system, whether it be PKU, whether it be Tuberculosis or even sexually transmitted diseases, so I think it does have to be put within that context because this is not a one way street. We have this perception that surveillance is monitoring what’s going on but the purpose, and it goes back to snow in 1854, the purpose is to take the handle off the pump and stop the outbreak. And I think to the extent that we can communicate that, the problem is, and this is my experience in dealing with the media, is the media will put in the newspaper and on Nightline what they’re interested in. And as much as you may craft it, it’s one of those adages in the media which has been titled if it bleeds it leads, and trying to put the good news on there is extremely, extremely difficult. Mary Jo?

DR. DEERING: I’d like to ask something that gets to sort of the reverse of something that Claire touched upon, several of you touched upon, which is the burden of reporting, and it’s the burden of receiving. And it would probably be mostly addressed to CDC and representatives of the public health agencies but maybe to some of the large health plans as well and it has to do with I would say the more perfect our systems, I mean clearly the more data we’re shuffling around, and as we fund these systems and as we do our planning, the question is to what extent are we building into the funding arrangements the human resources development, I mean I think the CIA calls this the hument, human intelligence component that we need there. And is there anything that public policy needs to know, has anyone been able to come up with a cute little quotient that says gee, for every hundred billion or hundred million in an IT system that you fund you need X numbers of new FTE’s to analyze it? What are you seeing in that sense, the ability to analyze and process and make intelligent use out of this?

DR. BROOME: I think you’re absolutely right and in addition to the fact that you need human beings to make sense of it, to do the investigation, to do the analysis and the follow-up, we anticipate that these systems that are more complete will uncover more disease than we’re currently aware of, so there’s very interesting educational challenge in pointing out to people that the country is not suddenly experienced a double of communicable disease, which is what they saw in Hawaii, but that in fact guess what, previously your health department was not aware of a lot of what they probably should have been. So I don’t have a magic number for you but we recognize that that’s very important. We do hope that moving folks from sort of being data entry clerks to being public health investigators will be a gain for the system, but we have not been saying that we’re going to be able to decrease the number of public health personnel, we think in fact the converse is true. I also should point out that these are complex systems, so some of the increase in personnel or at least the shift in personnel will involve greater investment in skilled IT professionals and John Hall could certainly testify to that in terms of the sort of transition and the need for different skill sets and positions. And finally, I would be remiss if I didn’t look to Dan to also point out that we do not think these IT systems replace astute clinicians, responsive health departments and trained public health workers acting independent of the systems but hopefully supported in an improved way with the surveillance systems.

DR. SOSIN: Just one thing I would add is that unfortunately, or fortunately, I’m not sure yet, that the default is going to be that these systems are tuned to the level of resources that we have to respond. In syndromic surveillance as an example of how that will play out, that the thresholds will be set according, and even in cities that have been doing this, the thresholds get set according to what their response capability is. And as we learn more about the appropriateness of responding and the need to respond we may have the opportunity then to build those staff accordingly. But it is a huge issue and is clearly a piece that remains not fully addressed. It’s sort of akin to me in my medical training that MRI’s came out at the time I was in training and nobody really knew what MRI’s meant but everybody was ordering them because you could get more definition of something and we weren’t quite sure what that was, and syndromic surveillance in some way is sort of leading that edge. There’s this opportunity to mine data, let’s mine it and we’ll deal with the consequences later, and right now we’re sort of just going to go to the limits of what the capacity can handle and respond to those until we get more evidence that we should be doing more of that.

DR. DEERING: I just thought it was perhaps important to put it on the table because I think many of us around here are public servants and it is not appropriate for us to argue for more of us, Congress doesn’t like to hear that, but I think that the NCVHS can play a role in whatever it does to make sure that every time it discusses these issues that hand in glove goes this human resources requirements, and that certainly that HHS as it looks at what it does about the NHII should not be wowed only by the technology and the infrastructure and all this new wonderful information that we can move around, but what are the human necessities. Because we know we’re being downsized, we’re going to be downsized, and those of us who have been here long enough who are doing ten jobs rather than only the five that we started with know that that is the pattern. So I think that it would be helpful for an advisory committee to make these points that the government can’t make in its own defense. End of self pleading.

DR. LUMPKIN: And I would like to point out that for those of us in the private sector it’s our role to help support those in the public sector.

I do have a comment more than a question about the survey that you discussed of the eight cities, and a little bit of a concern of an approach that looks at a city based unit of analysis. If I can use an example of, it won’t be a city where I live now, but for instance the population in the city of Chicago is about 2.9 million, Cook County itself outside of Chicago has a population around 2.5 million, and the metropolitan area when you include those, Cook County, is in the neighborhood of six and a half to seven million. If you take a simple event like a Bulls game, only about 18 percent of the people who attend a Bulls game live in the city of Chicago, and so the problem gets even worse when you look at it even if you were to look at it on a state basis where there are over 260,000 people who go into the city of Chicago from Wisconsin and Indiana on a daily basis. So the need to really make sure that while when we look at cities that our unit of analysis is not so narrow that we limit the ability to detect. For instance, communicating with clinicians, clinicians are not licensed by the city, they’re licensed by the state and the state’s more likely to have some sort of relationship with them and that depends from state to state whether or not it’s the state health agency. So I think it’s important as a data step but it’s also equally important to put that within the context of these systems are not existing in isolation in cities.

DR. SOSIN: That’s an excellent point and thank you for that comment. I think what you see in the recommendations and the focus areas that we took is exactly that intention to be able to address technical assistance aspects of alerting and 24/7 systems which are just as relevant to a state, to any county, any city in the country, and therefore provide technical assistance that’s also generalizable in that manner for very much those reasons that there were some arbitrary decisions around how we approached the geographic and geopolitical units that we did address and that we wanted to see that as broadly applicable as possible.

DR. LUMPKIN: And in my former role I would say I was glad that you did the city because obviously one doesn’t want to necessarily be put under the microscope, but in my current role I think it’s appropriate to put states under the microscope as well as cities. Other questions?

I’d like to thank the panel very much. I think we’ve had a very full day, a lot of things to think about. In June we will be meeting as a Workgroup, we will begin to put together this and the prior panels into some recommendations that will focus in for the September meeting. For those of you who are responsible for the weather outside, much appreciation, it’s been a very strange spring, it’s nice to be a little bit warm on some sort of consistent basis, and so we’ll see you all in June.

[Whereupon at 4:00 p.m. the meeting was adjourned.]