HIT Policy Committee - 2010-07-21

8/9/2019 HIT Policy Committee - 2010-07-21

1/60

HHIITT

PPoolliiccyy CCoommmmiitttteeee____________________

JJuullyy 2211,, 22001100


2/60

A G E N D AHIT Policy Committee

July 21, 20109:30 a.m. to 2:45 p.m. [Eastern Time]

Renaissance Washington, DC, Dupont Circle Hotel

1143 New Hampshire Avenue, NW

Washington, DC

9:30 a.m. CALL TO ORDER Judy Sparrow

Office of the National Coordinator for Health Information Technology

9:35 a.m. Opening Remarks David Blumenthal, MD, MPP

National Coordinator for Health Information Technology

9:45 a.m. Review of the Agenda Paul Tang, Vice Chair of the Committee

10:00 a.m. Meaningful Use Rules & Certification Criteria for EHRs

Tony Trenkle, Centers for Medicare & Medicaid Services

Farzad Mostashari, ONC

11:00 a.m. ONC Reports

Doug Fridsma, ONC

11:30 a.m. Enrollment Workgroup Update

Aneesh Chopra, Chair

Sam Karp, Co-Chair

12:00 p.m. LUNCH BREAK

12:45 p.m. Privacy & Security Tiger Team Update & Recommendations

Deven McGraw, Chair

Paul Egerman, Co-Chair

1:45 p.m. Adoption-Certification Workgroup Update

Marc Probst, Co-Chair


2:15 p.m. Information Exchange Workgroup Update

Micky Tripathi, Chair


3/60

David Lansky, Co-Chair

2:30 p.m. Public Comment

2:45 p.m. Adjourn


4/60


5/60

HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 1

Health Information Technology Policy Committee

DRAFT

Summary of the June 25, 2010, Meeting

KEY TOPICS

1. Call to Order

Judy Sparrow, Office of the National Coordinator (ONC), welcomed participants to the 13th

meeting of the Health Information Technology Policy Committee (HITPC), reminded the groupthat this was a Federal Advisory Committee meeting and therefore was being conducted in

public, and conducted roll call.

2. Review of the Agenda

HIT Policy Committee Co-Chair Paul Tang reviewed the meetings schedule, which was

rearranged somewhat to accommodate the travel schedules of some participants. The groupapproved the minutes from the last HITPC meeting (held on May 19, 2010).

Action Item #1: The Committee approved the minutes from last HITPC

meeting, held May 19, 2010, by consensus.

3. Opening Remarks

National Coordinator for HIT David Blumenthal explained that the HITPCs efforts are in a

period of winding up of the first set of meaningful use standards and certifications, and looking

ahead to the next phase. Meanwhile, the Committee must pay attention to all manner of

continuing issues. Work continues on privacy and security, and they must prepare for a possiblerule on governance of the National Health Information Network (NHIN), which Congress has

tasked them with considering. Work also continues on the substrate for interoperability in the

health system through the NHIN and its standards, policies, and implementation specifications.He expressed gratitude for the hard work and dedication of the Committee.

4. ONC Update: NHIN Direct - Standards and Interoperability Framework

Doug Fridsma of ONC explained that the Office is working to support the lifecycle of standards

and interoperability. There are Meaningful Use criteria that this Committee will establish, and as

a result, standards that will be implemented into technologies and used in certification criteria.Many things happen between the time that policy decisions are made and standards are

constructed. He said he hopes to give the Committee a sense of some of the activities that occur

in between, and an understanding of the coordination that is necessary.

Doug Fridsma characterized an implementation specification as a recipe. It tells people how to

build software to do certain things. Policies have to be translated into these recipes. The goal is


6/60


to create reproducible recipes and develop tools that increase their efficiency in building these

recipes. Therefore, computational approaches are needed.

ONC also is working on linking use cases so that there is no break in the chain from the high-

level policy objectives all the way through specific standards and certification criteria. ONC is

working with the National Institute of Standards and Technology (NIST) on this effort. If thereare specific requirements that are translated into these recipes, then tools can be built to make it

easier for companies to create things that will stand up to the criteria. This framework is

intended to address whatever standards might be developed in the future, with initiatives such asthe NHIN Direct, the interoperability framework, and focused collaboration.

The first step will be to examine what needs to be accomplished and deconstruct it into the dataneeded as well as the functions to be performed. Use cases will crop up from various sources;

each of which will be broken down in this manner. Doug Fridsma used e-prescribing as an

example of use case development. The National Information Exchange Model will be used.

Paragraph descriptions will be broken down into data and function, harmonized, and all of the

pieces will be able to function together.

Doug Fridsma emphasized the importance of these activities not occurring in the abstract. Theremust be a quality check for implementation specifications: they will have to actually build it, to

have a test kitchen to make sure the recipe is correct. Pilot projects and demonstrations will be

initiated; one of the first use cases that will be put through this framework is the NHIN Direct

project.

In discussion, the following was noted:

Paul Egerman pointed out that although certification is the final step in ONCs process, it is

the starting point for industry. Once vendors have the certification criteria, it takes 1 or moreyears to develop a product. Then, it must be certified, marketed, and distributed to

customers. Therefore, it is important that this work be coordinated with the timeline of thePhase 2 certification process. He asked how ONC is coordinating this work so that it is done

in time for industry to use it. Doug Fridsma explained that given the time constraints, ONC

does not plan to wait to engage NIST and those who will be helping to implement testing

strategies. It is hoped that NHIN Direct will be ready for an HIT Standards Committee(HITSC) review in January 2011.

Gayle Harrell commented on the extremely ambitious timeline associated with these efforts.Given that early adopter hospitals are going to start purchasing systems in 2010, this work

will not be available to benefit those who are going to start purchasing systems. DougFridsma explained that the work that is already in place for 2011 will need to be backfilled

into this process. The directives for meaningful use that have come from this Committee,and the standards required to support them, already exist. As they look ahead to 2013, 2015,

and beyond, at some point they have to make sure they have the integration that needs to

occur. It will take some time to get to that point, but they must start building the framework

so that when data starts being reused for clinical decision support, etc., that there isconsistency across the standards. The only way to do that is to start now and think ahead.


7/60


David Blumenthal acknowledged that the questions regarding timeframe are important. Oneof the reasons this Committee was relatively modest in its recommendations around

exchange had to do with its recognition that the work associated with exchange issues is stillincubating. Therefore, compromises were made on the aspirations for the first stage of

meaningful use. In fact, the first stage only requires the demonstration of a capability. The

capabilities requirements of the systems that are purchased will have to be continuouslyupgraded. That represents a significant challenge, and vendors will need to be able to mature

their products after they are installed. Some vendors will be better at this process than others,

and hopefully that will be part of the discussion as systems are acquired.

5. NHIN Governance

Mary Jo Deering of ONC asked the Committee for help in establishing the governance of NHIN.This issue is essential to establishing trust in information exchange. ONC will release an initial

Request for Information in early August and will publish a Notice of Proposed Rulemaking

(NPRM) in early 2011, with a final rule expected by next summer. She presented some

rhetorical questions to HITPC members, such as is this what ONC should be asking? Whatshould ONC be asking?

A single line in the Health Information Technology for Economic and Clinical Health (HITECH)Act indicates that ONC is to establish a governance mechanism for the NHIN by rulemaking.

ONC must be sure that users have trust in how information is shared, and be confident that the

system works. Without governance, NHIN exchange cannot expand beyond the legal guidelinesand baseline of governance that currently exists. Complimentary mechanisms are being sought

to fill the gap. An HIT trust framework would be useful; Mary Jo Deering presented five

categories of attributes that are needed for trust: (1) agreed-upon business, policy, and legal

requirements; (2) transparent oversight; (3) enforcement and accountability; (4) identity

assurance; and (5) technical requirements. It is premature to know whether these five categorieswill frame the rule itself. They do represent an effective starting point, however, for HITPC

discussion. She noted that there also are questions of scope (e.g., should the NHIN be

branded, should any use of the NHIN standards lie outside of governance, when should the

governing levers that do exist be used?).

The ensuing discussion included the following points:

David Blumenthal noted that this discussion begins with a task assigned by Congress: ONCshall establish a governance mechanism for the NHIN. This discussion also needs to take placedue to the broader mandate to create a broad, secure health information system. His sense is that

this will not happen by itself, that there will be a continuing need for an organizing force. Theissue is made more urgent because there is a group of organizations that are now trying to use the

NHIN to exchange data. They are trying to decide how to move forward on a set of technicaland legal issues, and the General Counsel has ruled that they cannot do much without ONC

input.

Gayle Harrell proposed that the Committee designate a significant amount of time during afuture HITPC meeting to discuss this topic. Mary Jo Deering indicated that ONC will ask both


8/60


the HITPC and HITSC to hold full joint hearings in early September. Meanwhile, she will be

working with the tiger team in August on privacy and security-related issues.

LaTanya Sweeney commented on two different methods of governance: a hands-off approach togovernance versus complete command and control. She noted that another model has worked

effectively, which is a climate that allows a lot of freedom, but in fact provides the right kind oftechnical and policy incentives that could create a convergence. She used the world wide web as

an example. She discussed an example, when the Commerce Department indicated that it did

not have the authority to force a standard for credit cards. A group of academics and institutionscollaborated, formed a consortium, and as a group with the right experts and right focus, tackled

the issue. Their work came together very quickly, and within a year people were using and

trusting the world wide web.

Neil Calman about what type of responsibility the HITPC and ONC have to ensure that duringthe implementation effort, groups are not spending a significant amount of resources on systems

and vendors that might not be able to upgrade their systems as necessary. He suggested it might

be important to define some quantum dates, as they have done with meaningful use. In this way,there will at least be some sense of stability at certain points along the timeline.

6. Meaningful Use Workgroup: Disparities Hearing Briefing

Meaningful Use Workgroup Co-Chair George Hripcsak discussed a hearing that was held on

June 4 on the topic of eliminating disparities, with a focus on finding solutions. The Workgroup

held two previous hearings, with experts providing testimony on disparities and relatedproblems. The June 4 hearing included panels on health literacy and data collection, culture,

and access. Disparities in the following areas were discussed: (1) race and ethnicity, (2)

language, (3) health literacy, (4) migrant and seasonal workers, (5) children and the elderly, and

(6) the homeless.

The underserved does not represent one group of people. It is a number of groups, and a

solution for one group may not be the solution for another. It is important to engage thecommunity in the design of solutions to their problems. George Hripcsak commented that it is

necessary to develop a sensitivity to the issues of underserved populations, and to recognize that

one or two policies will not solve the problem.

A common theme surfaced during the hearingthe importance of communication and sharing

information. It is necessary not just to look at disparities but to report them, so that it is possibleto judge how well they get addressed. Education and training will be necessary to address

disparities, as well as the trust of the community.

On July 29, the Meaningful Use Workgroup will hold a hearing on population and public health.On August 5, a hearing on care coordination is planned.

Neil Calman noted that another issue that arose during the June 4 hearing was the responsibility

to make sure that safety net providers are not left behind as electronic health records (EHRs) areimplemented. The HITPC should be monitoring the implementation rate among safety net


9/60


providers; otherwise, their patients will continue to have disparities as effort rolls out. Also, he

indicated that he has received a number of e-mails since the hearing regarding disparities aroundtreatment based on sexual orientation and gender identity.

A discussion followed the presentation, and included these highlights:

Marc Overhage emphasized that these disparities need to be addressed. The sooner standardscan be put into place for what data needs to be collected, the sooner they can start to manage

what seems to be a solvable problem.

David Blumenthal noted that ONC has identified this as a priority area, and is trying to developapproaches to assuring that its activities do not enhance disparities, and, preferably, reduce them.

He added that technology tends to be adopted first by majority groups.

Gayle Harrell said that in Florida, many safety net hospitals are underfunded. If they have largeresidency programs and clinics, then the question of whether their physicians have separate ID

numbers becomes an issue. Safety net hospitals need to be examined in a separate category,because they are facing significant challenges.

Committee members discussed how safety net hospitals and clinics should be defined. Many

facilities truly work with underserved populations, and they see themselves as safety netsalthough they may not have been identified as such by any group. The ability to identify whothey are would be very helpful.

7. Privacy and Security Tiger Team Update and Recommendations

Paul Egerman presented update for the Privacy and Security Workgroups tiger team, which has

a schedule of topics to be addressed this summer. The first topic the tiger team addressed wasmessage handling in directed exchanges. Message handling involves messages that go from one

health care entitys computer to another in the process of treating a patient. One example is the

ordering of a lab test. The team established two primary questions regarding directed exchange:

What are the policy guardrails for message handling in directed exchange? Who is responsiblefor establishing trust when messages are sent?

Four categories of message handling also were identified:

Model A - No intermediary is involved (exchange is direct from message originator to

message recipient).

Model B - The intermediary only performs routing and has no access to unencrypted personalhealth information (PHI) (the message body is encrypted and the intermediary does not

access unencrypted patient identification data).

Model C - The intermediary has access to unencrypted PHI (i.e., the patient is identifiable)but does not change the data in the message body.


10/60


Model D - The intermediary opens message and changes the message body (format and/ordata).

The tiger team offered a series of recommendations regarding directed exchange, as follows:

Unencrypted PHI exposure to an intermediary in any amount raises privacy concerns.

Fewer privacy concerns for directed exchange are found in models in which no unencryptedPHI is exposed (i.e., models A and B). ONC should encourage the use of such models.

Models C and D involve intermediary access to unencrypted PHI, introducing privacy and

safety concerns related to the intermediarys ability to view and/or modify data. Clearpolicies are needed to limit the retention of PHI and restrict its use and re-use.

The team may make further privacy policy recommendations concerning retention and reuseof data. Model D also should be required to make commitments regarding accuracy and

quality of data transformation.

Intermediaries who collect and retain audit trails of messages that include unencrypted PHIshould also be subject to policy constraints.

Intermediaries that support models C and D require contractual arrangements with themessage originators in the form of Business Associate agreements that set forth applicablepolicies and commitments and obligations.

The team also discussed who should be responsible for establishing exchange credentials. The

sender has to authenticate the receiver. How does the sender know that the message will get to

the right place? A digital credential is a certificate assigned to the computer so that when themachines talk to each other they can validate that they are the correct machine. The question is,

who is responsible for issuing these certificates?

The tiger team decided that, first and foremost, the provider must ensure the safety of the

patients information. Whoever holds the data is responsible for protecting its safety. With

respect to issuing digital credentials, providers can do that themselves or they may delegate it toan authorized credentialing service provider.

The team made the following specific recommendations:

The responsibility for maintaining the privacy and security of a patients record rests with thepatients providers. For functions like issuing digital credentials or verifying provider

identity, providers may delegate that authority to authorized credentialing service

providers.

To provide physicians and hospitals (and the public) with some reassurance that thiscredentialing responsibility is being delegated to a trustworthy organization, the federalgovernment (ONC) has a role in establishing and enforcing clear requirements and policies


11/60


about the credentialing process, which must include a requirement to validate the identity of

the organization or individual requesting a credential.

State governments can, at their option, also provide additional rules for these authorizedcredentialing service providers.

The Committee discussion that followed included these highlights:

LaTanya Sweeney noted that the recommendations and the discussion are centered on oneclass of technical solutions that relate to message passing. She discussed a survey of about50 companies around the country who have invested millions of dollars in NHIN solutions.

Many communities are making technology-related decisions, and none of the technologies

have had the benefit of going through NHIN Direct. She commented that there appears to be

an unfairness related to the process in which companies that have innovative ideas areunable to participate in NHIN Direct.

Gayle Harrell noted that with exchange categories/models C and D, the level of policy has torise in order for the level of trust to be sufficient. Categories/models A and B are directexchange, with no intermediary. Higher degrees of accountability are necessary with C and

D.

One Committee member suggested that it seems too definitive to simply recommend that

ONC should encourage the use ofcategories/models A and B.

David Blumenthal reminded the group that there are constituencies who are asking for adviceand instructed on how best to proceed (even though this group does not have that authority).

Many states are wishing that ONC would tell them exactly how they should resolve some of

these privacy and security problems. ONC will have to make some of those decisions, and isseeking this Committees consensus advice. He asked HITPC members to keep in mind thetime urgency, the need for states to begin to be active, and need for providers to have some

confidence about the circumstances under which they can share information.

LaTanya Sweeney expressed some frustration from the perspective of a computer scientist.In her field, they start by determining the requirements and the space of technical solutions,

and they quickly rule out options. She suggested that if ONC starts off with an engineering

requirements analysis (which has largely been done with the meaningful use work), within 1month one or more useful solutions could be developed.

One Committee member indicated that message handling categories/models A and B arenecessarily cheaper, because they may be sending information that is dirty or

unintelligible. There is a very big return on investment associated with checking to makesure the appropriate things are there/not there (as in category/model C).

Action Item #2: The Committee accepted the first set of Privacy andSecurity Workgroup tiger team recommendations (related to directed

exchange), with the removal of the reference to the ONC encouraging


12/60


the use of message handling categories/models A and B. The Committee

accepted the second set of tiger team recommendations as they stand.

8. Enrollment Workgroup Update

Enrollment Workgroup Chair Aneesh Chopra presented the list of Enrollment Workgroupmembers, noting that people who work in other industries understand data sharing models that

can bring some perspective to the group. Also included is a robust group of federal partners,

stakeholders from across the federal government. The groups charge is to inventory standardsthat are already in place, identify the gaps, and develop a set of processes to address those gaps.

The Workgroup is focused on the following areas: (1) electronic matching across state and

federal data, (2) retrieval and submission of electronic documentation for verification, (3) reuseof eligibility information, (4) capability for individuals to maintain eligibility information online,

and (5) notification of eligibility.

The Workgroup needs to conceptualize standards that might be useful and work across a variety

of use cases or architectures. The goal is to create a set of architectures that match up withHITPC and HITSC principles. The Enrollment Workgroup held its first public hearing, in which

2014 implementation was discussed. Examples at state and local levels were considered, andWorkgroup members and others discussed how people are using web-based protocols. At its

next meeting, Enrollment Workgroup members will be examining a particular use case.

The discussion that followed included these points:

Aneesh Chopra noted that one of the Workgroups questions for consideration may be howbest to get hospital finance departments hooked into this idea so that they can assist in

enrollment efforts.

Gayle Harrell commented that the enrollment project is a real issue for states. Whether it isMedicaid eligibility, food stamps, or some other state-run program, the individual state bears

responsibility for enrollment projects. She asked Aneesh Chopra whether he anticipates thatthis program will roll out and states will integrate into a system, although each state may

implement their programs differently. Aneesh Chopra explained that this is why technology

must be in support of policy, and not vice versa. Their process will need to includeconveying to states regardless of how it is technically done, you need to capture this

persons name and confirm that they live in New Jersey [for example]. How you do that is

open.

Aneesh Chopra offered an example from the U.S. Postal Service (USPS), which has created asystem to verify a persons address. Any group can adopt that system: a state, a commercial

web site, etc. When the USPS designed this system, it did not presume how and in what

manner it would be consumed. It had to keep the design simple and easy to replicate.

Gayle Harrell reminded the Committee that with this enrollment effort comes very specificprivacy issues. Different states have different requirements. A plethora of issues will have

to be discussed, especially related to privacy issues.


13/60


Charles Kennedy said that in the existing market where private insurers sell health insurance,people have to fill out medical information on their insurance applications. This represents a

good source of information on the clinical side that should not be ignored.

Aneesh Chopra offered another example of a design principle: students filling out student

loan applications can go to the Internal Revenue Service web site and request that their taxinformation flow into the Department of Education student loan form. The IRS does notdirectly share that information with the Department of Education: the student controls when

and if the data flows from one agency to the other. This is the type of process and

information that the Enrollment Workgroup will be considering.

9. ONC Update: Temporary Certification Program

Steve Posnack of ONC reported that in early March, the Interim Final Rules for the temporaryand permanent certification programs were published. ONC is starting with the temporary

program first. The comment period for this temporary program ended on April 9, and the rule

was written, cleared, and published in about 9 weeks.

The final rule was published on June 24 (the day before this meeting), representing the first

significant step that will set in motion one of the processes that needs to be in place. regional

extension centers can now start formulating their plans for helping organizations get tomeaningful use. The rule establishes a process for the National Coordinator to use in authorizing

organizations to test and certify EHRs. Also, it sets the parameters for the testing of EHR

technology.

Each Committee member received a copy of the rule, including a list of all of the changes made

between the initial proposed rule and the final rule. Steve Posnack called out a few of these

changes:

Remote testing certification is now listed as the minimum option for certification.

There is a set of capabilities that must be present in order to meet meaningful use standards.There are numerous other capabilities that health care providers will actually need for their

operation. This rule is primarily concerned with the former. Testers must be able simply to

test against meaningful use certification criteria, and not a range of other services that do notspecifically address meaningful use.

Inherited certification will be possible when a certified system releases a new software

version. The producer must attest that the updated version still meets the certificationcriteria.

A list of certified EHRs will be made available.

Carol Bean of ONC explained that the temporary certification program is based on internationalstandards and best practices that look at the entities providing the testing. Testers chosen for the

temporary certification program are called ONC Authorized Testing and Certification Bodies


14/60


(ATCBs). ONC is currently in the final stages of creating the applications themselves. Already,

the Office has received more than 30 requests for the applications. The form has multiple parts.Everyone will fill out Part 1. Part 2 will be filled out differently by different entities, depending

on the scope of testing authorization they are seeking. The two parts can be submitted

separately, but an application will not be complete until both parts 1 and 2 are received.

ONC will provide a decision to authorize (or not) a testing organization within 30 days. All

applications will be reviewed by an internal review board. A list of authorized ATCBs will be

provided on the ONC web site. By late summer, it is expected that some ATCBs will be inoperation. There will be no limit on applicants, and no limit on the number of testing bodies that

can be authorized. A new web site, called CHAPEL, will aggregate lists of certified products

and technologies from the ATCBs.

10. Public Comment

Mark Siegel of GE Healthcare urged the Committee to give careful consideration to some timing

issues with regard to NHIN Direct. ONC expects that testing and certification for the 2013/2014period will need to begin by mid-2012. This is a concern, given that the next stage of

meaningful use will begin in October, 2012 for hospitals. Inconsistently, the next set ofstandards criteria will be published in the summer of 2012. These dates, which were put in as

projections, should be scrutinized to make sure that providers and vendors have what they need

for safe and effective implementation.

SUMMARY OF ACTION ITEMS:

Action Item #1: The Committee approved the minutes from last HITPC meeting, held May 19,

2010, by consensus.

Action Item #2: The Committee accepted the first set of Privacy and Security Workgroup tiger

team recommendations (related to directed exchange), with the removal of the reference to the

ONC encouraging the use ofmessage handling categories/models A and B. The Committeeaccepted the second set of tiger team recommendations as they stand.


15/60


16/60

Medicare & Medicaid EHRIncentive Program Final Rule

Implementing the AmericanRecovery & Reinvestment Act of 2009

The Journey to Meaningful Use

Faith is the bird that sings when the dawn is stilldark. Rabindranath Tagore

2


17/60

Overview

American Recovery & Reinvestment Act(Recovery Act) February 17, 2009

Medicare & Medicaid Electronic HealthRecord (EHR) Incentive Program Notice ofProposed Rulemaking (NPRM)

Display December 30, 2009

Publication January 13, 2010

Final Rule on Display July 13, 2010 Final Rule Published July 28, 2010

3

What did not changein the final rule

Adopted statutory provider eligibility and paymentrequirements

Meaningful Use matrix goals remained the same.

Hospital definition did not change.

EPs will still be required to demonstrate MUindividually

Clinical quality measures reporting timeline willstay the same

MU reporting period of 90 days for first year andone year thereafter.

4


18/60

What Changed from the NPRMto the Final Rule? Meaningful Use Criteria

Clinical Quality Measures

Hospital-based EPs

Medicaid acute care hospitals

Medicaid patient volume

Removed reporting period for adopt,implement or upgrade (Medicaid)

All programs will start in 2011

More clarification throughout

5

Changes to Provider Eligibility

Due to recent legislation, hospital-based EPs areonly those who see more than 90% of theirpatients in a hospital in-patient or ER setting

Medicaid included critical access hospitals in itsdefinition of acute care hospital (but incentive is

like other acute care hospitals, not following theMedicare CAH formula)

6


19/60

Medicaid Patient Volume

Medicaid EP participation hinges on patientvolume requirements.

Medicaid patient volume was significantlyclarified

Expanded definition of encounter to include any

encounter for which Medicaid had any paymentliability e.g. premiums, co-pays, waivers

Allows States to define patient volume as just

encounters or encounters plus patient panel(managed care), both or propose a newmethodology

7

Meaningful Use: Process of Defining

National Committee on Vital and Health Statistics

(NCVHS) hearings

HIT Policy Committee (HITPC) recommendations

Listening Sessions with providers/organizations

Public comments on HITPC recommendations

Comments received from the Department andthe Office of Management and Budget (OMB)

Revised based on public comments on theNPRM

8


20/60

Meaningful Use Stage 1Health Outcome Priorities* Improve quality, safety, efficiency, and reduce

health disparities

Engage patients and families in their healthcare

Improve care coordination

Improve population and public health

Ensure adequate privacy and security

protections for personal health information*Adapted from National Priorities Partnership. National Priorities and Goals: Aligning Our Efforts to Transform

Americas Healthcare. Washington, DC: National Quality Forum; 2008.

9

Meaningful Use: Changes fromthe NPRM to the Final RuleNPRM Final Rule

Meet all MU reporting objectives Must meet core set/can defer 5 from

optional menu set

25 measures for EPs/23 measures for

eligible hospitals

25 measures for EPs/24 for eligible

hospitals

Measure thresholds range from 10% to

80% of patients or orders (most at higher

range)

Measure thresholds range from 10% to

80% of patients or orders (most at lower

to middle range)Denominators To calculate the

threshold, some measures required

manual chart review

Denominators No measures require

manual chart review to calculate

threshold

Administrative transactions (claims and

eligibility) included

Administrative transactions removed

Measures for Patient-Specific Education

Resources and Advanced Directives

discussed but not proposed

Measures for Patient-Specific Education

Resources and Advanced Directives (for

hospitals) included10


21/60

Meaningful Use: Changes fromthe NPRM to the Final Rule, contdNPRM Final Rule

States could propose requirements

above/beyond MU floor, but not with

additional EHR functionality

States flexibility with Stage 1 MU is

limited to seeking CMS approval to

require 4 public health-related

objectives to be core instead of menu

Core clinical quality measures (CQM)

and specialty measure groups for EPs

Modified Core CQM and removed

specialty measure groups for EPs

90 CQM total for EPs 44 CQM total for EPs must report

total of 6

35 CQM total for eligible hospitals and

8 alternate Medicaid CQM

15 CQM total for eligible hospitals

5 CQM overlap with CHIPRA initial core

set

4 CQM overlap with CHIPRA initial core

set

11

How were MU Core ObjectivesSelected?

Overarching considerations

Statutory requirements-e.g.- e-prescribing, CQM, health informationexchange

Foundational objectives-e.g. privacy and security and those thatprovide foundational data needed for other measures, likedemographics, medication lists, etc.

Patient-centered

Patient access- e.g. clinical summaries

Patient safety-e.g.-drug-drug and drug-allergy features)

Part of providers normal practice

Looked at how the objectives aligned

Feedback received from HIT Policy Committee and commenters

12


22/60

Meaningful Use: Applicability ofObjectives and Measures Some MU objectives are not applicable to

every providers clinical practice, thus they

would not have any eligible patients oractions for the measure denominator.

In these cases, the EP, eligible hospital orCAH would be excluded from having to meetthat measure

Ex: Dentists who do not perform immunizations;Chiropractors do not e-prescribe

13

Meaningful Use: Denominators

Two types of percentage based measures areincluded to address the burden ofdemonstrating MU1. Denominator is all patients seen or admitted

during the EHR reporting period The denominator is all patients regardless of whether

their records are kept using certified EHR technology2. Denominator is actions or subsets of patients

seen or admitted during the EHR reporting period The denominator only includes patients, or actions taken

on behalf of those patients, whose records are kept usingcertified EHR technology

14


23/60

How were the Thresholds Selected

80%-Objective part of standard practice-e.g.-maintain active medication list

Others-defined on a case-by-case basisbased on commenter or clearance feedback

Example-e-prescribing set at 40% loweredfrom 75% to address concerns bycommenters regarding non-participation by

pharmacies and patient preference.

15

Meaningful Use Stage 1 Core Set

Health

Outcomes

Policy

Priority

Stage 1 Objective Stage 1 Measure

Improving

quality,

safety,

efficiency,

and

reducing

health

disparities

Use CPOE for medication orders directly entered by

any licensed healthcare professional who can enter

orders into the medical record per state, local, and

professional guidelines

More than 30% of unique patients with at least one

medication in their medication list seen by the EP or

admitted to the eligible hospital or CAH have at least

one medication entered using CPOE

Implement drug-drug and drug-allergy interaction

checks

The EP/eligible hospital/CAH has enabled this

functionality for the entire EHR reporting period

EP Only: Generate and transmit permissible

prescriptions electronically (eRx)

More than 40% of all permissible prescriptions written

by the EP are transmitted electronically using certified

EHR technology

Record demographics: preferred language, gender,

race, ethnicity, date of birth, and date and

preliminary cause of death in the event of mortality

in the eligible hospital or CAH

More than 50% of all unique patients seen by the EP or

admitted to the eligible hospital or CAH have

demographics as recorded structured data

Maintain up-to-date problem list of current and

active diagnoses



one entry or an indication that no problems are known

for the patient recorded as structured data


24/60

Meaningful Use Stage 1 Core Set, contd

Health

Outcomes

PolicyPriority


Improving

quality,

safety,

efficiency,

and

reducing

health

disparities

Maintain active medication list More t han 80% of all unique patents seen by the EP or


one entry (or an indication that the patient is not

currently prescribed any medication) recorded as

structured data

Maintain active medication al lergy l ist More than 80% of al l unique patents seen by the EP or


one entry (or an indication that the patient has no

known medication allergies) recorded as structured

data

Record and chart vital signs: height, weight, blood

pressure, calculate and display BMI, plot and display

growth charts for children 2-20 years, including BMI

For more than 50% of all unique patients age 2 and over

seen by the EP or admitted to the eligible hospital or

CAH, height, weight, and blood pressure are recorded as

structured data

Record smoking status for patients 13 years old orolder

More than 50% of all unique patients 13 years or olderseen by the EP or admitted to the eligible hospital or

CAH have smoking status recorded as structured data

Implement one clinical decision support rule and the

ability to track compliance with the rule

Implement one clinical decision support rule

Report clinical quality measures to CMS or the States For 2011, provide aggregate numerator, denominator,

and exclusions through attestation; For 2012,

electronically submit clinical quality measures

Meaningful Use Stage 1 Core Set, contd

Health

Outcomes

Policy

Priority


Engage

patients and

families in

their

healthcare

Provide patients with an electronic copy of their

health information (including diagnostic test results,

problem list, medication lists, medication allergies,

discharge summary, procedures), upon request

More than 50% of all unique patients of the EP, eligible

hospital or CAH who request an electronic copy of their

health information are provided it within 3 business

days

Hospitals Only: Provide patients with an electronic

copy of their discharge instructions at time of

discharge, upon request

More than 50% of all patients who are discharged from

an eligible hospital or CAH who request an electronic

copy of their discharge instructions are provided it

EPs Only: Provide clinical summaries for each office

visit

Clinical summaries provided to patients for more than

50% of all office visits within 3 business days

Improve care

coordination

Capability to exchange key clinical information (ex:

problem list, medication list, medication allergies,

diagnostic test results), among providers of care and

patient authorized entities electronically

Performed at least one test of the certified EHR

technologys capacity to electronically exchange key

clinical information

Ensure

adequate

privacy and

security

protections

for personal

health

information

Protect electronic health information created or

maintained by certified EHR technology through the

implementation of appropriate technical capabilities

Conduct or review a security risk analysis per 45 CFR

164.308(a)(1) and implement updates as necessary and

correct identified security deficiencies as part of the

EPs, eligible hospitals or CAHs risk management

process


25/60 1

Meaningful Use Stage 1 Menu Set

Health

Outcomes

PolicyPriority


Improving

quality,

safety,

efficiency,

and reducing

health

disparities

Implement drug-formulary checks The EP/eligible hospital/CAH has enabled this

functionality and has access to at least one internal or

external drug formulary for the entire EHR reporting

period

Hospitals Only: Record advance directives for

patients 65 years old or older

More than 50% of all unique patients 65 years old or

older admitted to the eligible hospital or CAH have an

indication of an advance directive status recorded

Incorporate clinical lab-test results into certified EHR

technology as structured data

More than 40% of all clinical lab test results ordered by

the EP, or an authorized provider of the eligible hospital

or CAH, for patients admitted during the EHR reporting

period whose results are either in a positive/negative or

numerical format are incorporated in certified EHR

technology as structured data

Generate lists of patients by specific conditions to

use for quality improvement, reduction ofdisparities, research or outreach

Generate at least one report listing patients of the EP,

eligible hospital or CAH with a specific condition

EPs Only: Send reminders to patients per patient

preference for preventive/follow-up care

More than 20% of all unique patients 65 years or older

or 5 years old or younger were sent an appropriate

reminder during the EHR reporting period

Meaningful Use Stage 1 Menu Set, contd

Health

Outcomes

Policy

Priority


Engage

patients and

families in

their health

care

EPs Only: Provide patients with timely electronic

access to their health information (including lab

results, problem list, medication lists, medication

allergies) within 4 business days of the information

being available to the EP

More than 10% of all unique patients seen by the EP are

provided timely (available to the patient within 4

business days of being updated in the certified EHR

technology) electronic access to their health

information subject to the EPs discretion to withhold

certain information

Use certified EHR technology to identify patient-

specific education resources and provide those

resources to the patient, if appropriate


admitted to the eligible hospital or CAH are provided

patient-specific education resources

Improve carecoordination

The EP, eligible hospital or CAH who receives apatient from another setting of care or provider of

care or believes an encounter is relevant should

perform medication reconciliation

The EP, eligible hospital or CAH performs medicationreconciliation for more than 50% of transitions of care

in which the patient is transitioned into the care of the

EP or admitted to the eligible hospital or CAH

The EP, eligible hospital or CAH who receives a

patient from another setting of care or provider of

care or refers their patient to another provider of

care should provide a summary of care record for

each transition of care or referral

The EP, eligible hospital or CAH who transitions or refers

their patient to another setting of care or provider of

care provides a summary of care record for more than

50% of transitions of care and referrals


26/60

Meaningful Use Stage 1 Menu Set, contd

Health

Outcomes

PolicyPriority


Improve

population

and public

health1

Capability to submit electronic data to immunization

registries or Immunization Information Systems and

actual submission in accordance with applicable law

and practice

Performed at least one test of the certified EHR

technologys capacity to submit electronic data to

immunization registries and follow-up submission if the

test is successful (unless none of the immunization

registries to which the EP, eligible hospital or CAH

submits such information have the capacity to receive

such information electronically)

Hospitals Only: Capability to submit electronic data

on reportable (as required by state or local law) lab

results to public health agencies and actual

submission in accordance with applicable law and

practice

Performed at least one test of certified EHR

technologys capacity to provide submission of

reportable lab results to public health agencies and

follow-up submission if the test is successful (unless

none of the public health agencies to which the EP,

eligible hospital or CAH submits such information have

the capacity to receive such information electronically)

Capability to submit electronic syndromic

surveillance data to public health agencies and

actual submission in accordance with applicable law

and practice

Performed at least one test of certified EHR

technologys capacity to provide electronic syndromic

surveillance data to public health agencies and follow-

up submission if the test is successful (unless none of

the public health agencies to which the EP, eligible

hospital or CAH submits such information have the

capacity to receive such information electronically)

1Unless an EP, eligible hospital or CAH has an exception for all of these objectives and measures they must complete at least one as part of theirdemonstration of the menu set in order to be a meaningful EHR user.

Future Stages

Intend to propose 2 additional Stagesthrough future rulemaking. Future Stages willexpand upon Stage 1 criteria.

Stage 1 menu set will be transitioned intocore set for Stage 2

Administrative transactions will be added

CPOE measurement will go to 60%

Will reevaluate other measures possiblyhigher thresholds

Stage 3 will be further defined in nextrulemaking 22


27/60 1

States Flexibility to Revise

Meaningful Use States can seek CMS prior approval to

require 4 MU objectives be core for theirMedicaid providers:

Generate lists of patients by specific conditions forquality improvement, reduction of disparities,research or outreach (can specify particularconditions)

Reporting to immunization registries, reportable

lab results and syndromic surveillance (canspecify for their providers how to test the datasubmission and to which specific destination)

23

Meaningful Use for EPs who Work atMultiple Sites An EP who works at multiple locations, but

does not have certified EHR technologyavailable at all of them would:

Have to have 50% of their total patient encountersat locations where certified EHR technology isavailable

Would base all meaningful use measures only onencounters that occurred at locations wherecertified EHR technology is available

24


28/60 1

MU for Hospitals that Qualify forBoth Medicare & Medicaid Payments Applies to sub-section (d) and acute care

hospitals

Attest/Report on Meaningful Use to CMS forthe Medicare EHR Incentive Program

Will be deemed meaningful users forMedicaid (even if the State has CMS approvalfor the MU flexibility around public health

objectives)

25

Clinical Quality Measures (CQM)Overview 2011 EPs, eligible hospitals and CAHs

seeking to demonstrate Meaningful Use arerequired to submit aggregate CQMnumerator, denominator, and exclusion datato CMS or the States by attestation.

2012 EPs, eligible hospitals and CAHsseeking to demonstrate Meaningful Use arerequired to electronically submit aggregateCQM numerator, denominator, and exclusiondata to CMS or the States.

26


29/60 1

CQM: Eligible Professionals

Core, Alternate Core, and Additional CQM setsfor EPs

EPs must report on 3 required core CQM, and if thedenominator of 1or more of the required coremeasures is 0, then EPs are required to report resultsfor up to 3 alternate core measures

EPs also must select 3 additional CQM from a set of38 CQM (other than the core/alternate core measures)

In sum, EPs must report on 6 total measures: 3

required core measures (substituting alternate coremeasures where necessary) and 3 additionalmeasures

27

CQM: Core Set for EPs

28

NQF Measure Number & PQRI

Implementation Number

Clinical Quality Measure Title

NQF 0013 Hypertension: Blood Pressure

Measurement

NQF 0028 Preventive Care and Screening Measure

Pair: a) Tobacco Use Assessment b)

Tobacco Cessation Intervention

NQF 0421

PQRI 128

Adult Weight Screening and Follow-up


30/60 1

CQM: Alternate Core Set for EPs

29

NQF Measure Number & PQRI

Implementation Number

Clinical Quality Measure Title

NQF 0024 Weight Assessment and Counseling for

Children and Adolescents

NQF 0041

PQRI 110

Preventive Care and Screening:

Influenza Immunization for Patients 50

Years Old or Older

NQF 0038 Childhood Immunization Status

CQM: Additional Set for EPs1. Diabetes: Hemoglobin A1c Poor Control2. Diabetes: Low Density Lipoprotein (LDL) Management and Control3. Diabetes: Blood Pressure Management4. Heart Failure (HF): Angiotensin-Converting Enzyme (ACE) Inhibitor or Angiotensin Receptor Blocker

(ARB) Therapy for Left Ventricular Systolic Dysfunction (LVSD)5. Coronary Artery Disease (CAD): Beta-Blocker Therapy for CAD Patients with Prior Myocardial Infarction

(MI)6. Pneumonia Vaccination Status for Older Adults7. Breast Cancer Screening8. Colorectal Cancer Screening9. Coronary Artery Disease (CAD): Oral Antiplatelet Therapy Prescribed for Patients with CAD10. Heart Failure (HF): Beta-Blocker Therapy for Left Ventricular Systolic Dysfunction (LVSD)11. Anti-depressant medication management: (a) Effective Acute Phase Treatment,(b)Effective Continuation

Phase Treatment

12. Primary Open Angle Glaucoma (POAG): Optic Nerve Evaluation13. Diabetic Retinopathy: Documentation of Presence or Absence of Macular Edema and Level of Severity of

Retinopathy14. Diabetic Retinopathy: Communication with the Physician Managing Ongoing Diabetes Care15. Asthma Pharmacologic Therapy16. Asthma Assessment17. Appropriate Testing for Children with Pharyngitis18. Oncology Breast Cancer: Hormonal Therapy for Stage IC-IIIC Estrogen Receptor/Progesterone Receptor

(ER/PR) Positive Breast Cancer19. Oncology Colon Cancer: Chemotherapy for Stage III Colon Cancer Patients

30


31/60 1

CQM: Additional Set for EPs, contd

20. Prostate Cancer: Avoidance of Overuse of Bone Scan for Staging Low Risk Prostate CancerPatients

21. Smoking and Tobacco Use Cessation, Medical assistance: a) Advising Smokers and TobaccoUsers to Quit, b) Discussing Smoking and Tobacco Use Cessation Medications, c) DiscussingSmoking and Tobacco Use Cessation Strategies

22. Diabetes: Eye Exam

23. Diabetes: Urine Screening24. Diabetes: Foot Exam

25. Coronary Artery Disease (CAD): Drug Therapy for Lowering LDL-Cholesterol26. Heart Failure (HF): Warfarin Therapy Patients with Atrial Fibrillation

27. Ischemic Vascular Disease (IVD): Blood Pressure Management

28. Ischemic Vascular Disease (IVD): Use of Aspirin or Another Antithrombotic29. Initiation and Engagement of Alcohol and Other Drug Dependence Treatment: a) Initiation, b)

Engagement

30. Prenatal Care: Screening for Human Immunodeficiency Virus (HIV)

31. Prenatal Care: Anti-D Immune Globulin32. Controlling High Blood Pressure

33. Cervical Cancer Screening

34. Chlamydia Screening for Women35. Use of Appropriate Medications for Asthma

36. Low Back Pain: Use of Imaging Studies37. Ischemic Vascular Disease (IVD): Complete Lipid Panel and LDL Control

38. Diabetes: Hemoglobin A1c Control (


32/60 1

Participation in HITECH and otherMedicare Incentive Programs for EPsOther Medicare Incentive

Program

Eligible for HITECH EHR Incentive Program?

Medicare Physician Quality

Reporting Initiative (PQRI)

Yes, if the EP is eligible.

Medicare Electronic Health

Record Demonstration (EHR

Demo)

Yes, if the EP is eligible.

Medicare Care Management

Performance Demonstration

(MCMP)

Yes, if the practice is eligible. The MCMP demo will end

before EHR incentive payments are available.

Electronic Prescribing (eRx)

Incentive Program

If the EP chooses to practice in the Medicare EHR Incentive

Program, they cannot participate in the Medicare eRx

Incentive Program simultaneously in the same program

year. If the EP chooses to participate in the Medicaid EHR

Incentive Program, they can participate in the Medicare

eRx Incentive Program simultaneously.

33

EHR Incentive Program Timeline Registration for the EHR Incentive Programs will begin in January 2011 For Medicare providers, attestation for the EHR Incentive Programs wil l

begin in April 2011 EHR incentive payments will be made 11 months after the rule is

published* For Medicaid providers, States may launch their programs in January 2011

and thereafter November 30, 2011 Last day for eligible hospitals and CAHs to register

and attest to receive an incentive payment for FFY 2011 (Medicareproviders)

February 29, 2012 Last day for EPs to register and attest to receive anincentive payment for CY 2011 (Medicare providers) 2015 Medicare payment adjustments begin for EPs and eligible hospitals

that are not meaningful users of EHR technology** 2016 Last year to receive a Medicare EHR incentive payment; Last year

to initiate participation in Medicaid EHR Incentive Program** 2021 Last year to receive Medicaid EHR incentive payment**

**Statutory

34


33/60 1

More Information

: http://www.cms.gov/EHRIncentivePrograms

35
http://www.cms.gov/EHRIncentiveProgramshttp://www.cms.gov/EHRIncentivePrograms


34/60


35/60

1

HIT Policy CommitteeHIT Policy Committee

Deven McGraw, Chair


July 21, 2010

Charge

The Tiger Teams purpose and objective is to:

Address privacy and security issues raised by ONC

Provide practical guidance on health information exchange

Evaluate the topic within a specified context

Reach a consensus in developing policy recommendations at

an appropriate level

Document decisions and conclusions

2


36/60

2

List of Members

CHAIRS:

Paul Egerman, Co-Chair,

Deven McGraw, Co-Chair, Center for Democracy & Technology

MEMBERS:

Dixie Baker, SAIC

Christine Bechtel, National Partnership for Women & Families

Rachel Block, NYS Department of Health

Carol Diamond, Markle Foundation

Judy Faulkner, EPIC Systems Corp.

Gayle Harrell, Consumer Representative/Florida

John Houston, University of Pittsburgh Medical Center; NCVHS

David Lansky, Pacific Business Group on Health

David McCallie, Cerner Corp.

Wes Rishel, Gartner

Latanya Sweeney, Carnegie Mellon University

Micky Tripathi, Massachusetts eHealth Collaborative3

Presentation Summary

Recommendations: on Fair Information Practices inHealth Information Exchan e focusin in articular on ,

collection, use and disclosure limits (including data re-

use and retention) (Deven)

Recommendations: on Consent (at a general level)(Paul)

4


37/60

3

Framing: Scope

Tiger Team focused their discussions on the purposes for proposed Stage 1

Meaningful Use (MU)

Treatment

HealthHealthInformationInformationExchangeExchange

andCoordination

of Care

QualityReporting

PublicHealth

Reporting

5

Claims andPayment

Processing

Research

PatientAccess

Note: Patient Access, Research and Claims and Payment Processing are not in scope for this initial discussion.

Health Information Exchange: Fair Information Practices

ecommen a ons or a r n orma onPractices in Health Information

Exchange

With a particular focus on Collection, Use and

Disclosure Limits (Data Reuse and Retention)

6


38/60

4

Fair Information Practices Recommended Principles andExpectations

Policy RecommendationsPolicy Recommendations -- OverarchingOverarching

1. The relationship between the patient and his or her healthcare provider is the foundation for trust in healthinformation exchange.

Thus, providers hold the trust and are ultimately

patients records.

Providers may delegate certain decisions related toexchange to others if such delegation is done in a way thatmaintains that trust.

7

Fair Information Practices Recommended Principles andExpectations (cont.)

2. Entities involved in health information exchange

including providers and third party service providerslike HIOs and intermediaries should follow the fullcomplement of fair information practices whenhandling patient information.

3. These include transparency, data integrity and quality,purpose specification, collection and use limitations,

, ,

access and control, and oversight and accountability.(ONC has articulated these in the NationwideFramework for Electronic Health InformationExchange, which was incorporated by the Policy

Committee into the Strategic Framework document.)8


39/60

5

Fair Information Practices - Specific Applications

4. We used these principles and particularly thoserelated to purpose specification, collection and uselimitation and data minimization (see definitions below) :

Purpose specification: Specify the purposes for whichpersonal data are acquired, exchanged, retained, and/orused.

Collection limitation and data minimization: Acquireinformation only by fair and lawful means, and acquire,exchange, retain, and/or use only that information

.

Use Limitation: Personal data should not be disclosed,

exchanged, retained, made available, or otherwise usedfor purposes other than those specified.

Those questions follow on the next slides9

Questions

1. Should the exchange of IIHI for treatment be limited

to treatment of the individual who is the subject of the

health information (not other patients)?

2. In order to facilitate an IIHI request, how should the

relationship between provider and patient be

confirmed?

. permitted to access IIHI through an HIO? If so, what, if

any, additional requirements should be placed on these

Providers? Should data exchange with non-HIPAA

covered entities be permitted?10


40/60

6

Questions (cont.)

4. How should public health reporting be handled?

5. How should quality reporting be handled?

6. What limits, if any, should apply to 3rd Party Service

Providers regarding data reuse?

7. What limits, if any, should be applied to retention

periods?

11

Questions (cont.)

8. Should 3rd party service Providers disclose to their

customers how the use and disclose information and ,

their privacy and security and retention policies and

procedures?

9. Are business associate agreements sufficient for

ensuring accountability?

*** The answers offered by the Tiger Team can be found inthe appendix.***

12


41/60

7

Consent

The Tiger Team moved to a discussion of the role that

-

should play in health information exchange

This discussion assumed the adoption of the foregoing

recommendation that participants in health

information exchange would adopt and be held

accountable to the full spectrum of fair information

practices

Discussion also assumed application of current law(federal and state) on consent.

13

Fundamental Principles-Patient/Provider Relationship

The relationship between the patient and his or her

heath care rovider is the foundation for trust in health

information exchange.

Providers hold the trust and are ultimately responsible for

maintaining the privacy and security of their patients records

Providers may delegate certain decisions related to exchange

to others if such delegation is done in a way that maintains thattrust.

14


42/60

8

Fundamental PrinciplesPatient Expectations

.

should not be surprised to learn what happens to their

data.

Decisions about patient choice should flow from (and

be consistent with) these fundamental principles.

15

Framing of Consent Discussion

patients participation in exchange generally (yes/no),

and we are viewing exchange from the standpoint of

Stage One of Meaningful Use.

We are not discussing more granular consent issues

.e., consen y ype o n orma on. n ec or a erJuly HIT Policy Committee meeting.).

16


43/60

9

Previous Workgroup Recommendation

current law requires) in direct exchange from one

provider to another for treatment

Provider maintains control of his/her record and makes decision

about disclosure (to whom, what information, etc.)

Maintains the trust of provider-patient relationship

17

Patient Choice to Participate in Exchanges

What factors trigger the need for patientconsent to artici ate in information exchan e?

What approach should ONC take to a nationalpolicy on choice?

Should providers have a choice as to whetherthey participate in models of exchange?

Who should educate atients about choice?

How and by whom should consent be obtained& managed?

Consent durability

18


44/60

10

1. Recommendations on Trigger Factors for Consent

What factors trigger the need by a provider to obtain thepatients consent for health information exchange withother providers?

Patients health information is no longer under control of either thepatient or the patients provider

Patients health information is retained for future use by a thirdparty/ intermediary

Patients health information is exposed to persons or entities forreasons not related to ongoing treatment (or payment for care)

Patients information is aggregated outside of a providers record orrecord of integrated delivery system/ACO with information about thepatient from other, external medical records.

The exchange is used to transmit information that is often perceivedto be more sensitive than other types of information (e.g. behavioralhealth, substance abuse, and other areas defined by NCVHS)**[parking lot for sensitive data discussion]

Significant change in the circumstances supporting an originalpatient consent

19

2 . Recommendations for Choice Model

What approach should ONC take to a national policyon choice?

Choice should be required if any of the factors in the

previous slide are present, and ONC should promote

this policy through all of its policy levers

20


45/60

11

2 . Recommendations for Choice Model (cont.)

Must be meaningful choice

ability to make outside of urgent need for care;

not compelled or used for discriminatory purposes;

full transparency and education;

choice is proportional to/commensurate with the

exchange circumstances

must be consistent with patient expectations for

privacy, health, and safety; must address break the glass scenarios

21

2.(cont.)

What approach should ONC take to a national policyon choice? (Opt-in or Opt out)?

2 . Recommendations for Choice Model (cont.)

Two views were presented

***Details descriptions of these two views are found in he

appendix***

rules and left to decisions to be made by providers and HIOs.

Other members of the team felt very strongly that, for the issues

listed on Question #1, Opt-In should be required.

22


46/60

12

3. Recommendation on Provider Choice

Should providers have a choice about participating in

Yes!

23

Summary Comment

Ultimately, to be successful, we

need to earn the trust of both

consumers and physicians.

24


47/60

13

AppendixAppendix

25

Fair Information Practices Questions / Recommendations

Consistent with the four overarching principles andexpectat ons or a r n ormat on pract ces,

we addressed the following nine specific questions:

1. Should exchange of individually identifiable health information (IIHI)for treatment be limited to treatment of the individual who is thesubject of the health information (not other patients)?

ecommen a onThe exchange of PHI for treatment should be limited to treatment of theindividual who is the subject of the information, unless the provider hasthe consent of the subject individual to access, use, exchange or disclosehis or her information to treat others. [Note: need to explore possibleexception for maternal/infant care]

26


48/60

14


2. In order to facilitate an IIHI re uest how should the relationshi

between provider and patient be confirmed?

(Recommendation)

The requesting provider, at a minimum, should provide attestation of their

treatment relationship with the individual.

This policy recommendation assumes that the requesting provider is

covered by HIPAA and state health privacy and security laws.

Requesting providers who are not covered should disclose this to the

disclosing provider before patient information is exchanged

27


3. Will Providers who are not covered by HIPAA be permitted to accessIIHI through an HIO? If so, what, if any, additional requirementsshould be laced on these Providers? Should data exchan e withnon-HIPAA covered entities be permitted?

(Recommendations)

Providers who exchange individually identifiable health information (IIHI)should be required to comply with applicable state and federal privacy andsecurity rules.

If a provider is not a HIPAA covered entity or business associate,

mechanisms to secure enforcement and accountability may include: Meaningful user criteria that require agreement to comply with the

HIPAA Privacy and Security Rules

NHIN conditions of participation

Federal funding conditions for other ONC programs

Contracts/BA agreements that hold all participants to HIPAA, statelaws, and any HIO policy requirements 28


49/60

15


4. How should public health reporting be handled?

(Recommendations)u c ea repor ng y prov ers or s ac ng on e r e a s ou a e p ace

using the least amount of identifiable data necessary to fulfill the lawful public healthpurpose for which the information is being sought. Providers should account fordisclosure per existing law. More sensitive identifiable data should be subject to higherlevels of protection.

In cases where the law requires the reporting of identifiable data (or where identifiabledata is needed to accomplish the lawful public health purpose for which the informationis sought), identifiable data may be sent. Techniques that avoid identification, includingpseudonymization, should be considered, as appropriate.

The provider is responsible for disclosures from his or her records, but may delegatelawful public health reporting to an HIO (pursuant to a business associate agreement) toperform on his or her behalf; such delegation may be on a "per request" basis or may be

a more general delegation to respond to all lawful public health requests.

The HIO may not unnecessarily retain data. When the HIO is acting on behalf of theprovider, the HIO should retain data only as needed to fulfill the services specified in itsBA/service agreement with that provider, and supporting administrative functions.

29


5. How should quality reporting be handled?

(Recommendations)

Quality data reporting by providers (or HIOs acting on their behalf) should takeplace using the least amount of identifiable data necessary to fulfill thepurpose for which the information is being sought. Providers should accountfor disclosure. More sensitive identifiable data should be subject to higherlevels of protection.

The provider is responsible for disclosures from his or her records, but maydelegate lawful quality reporting to an HIO (pursuant to a business associateagreement) to perform on his or her behalf; such delegation may be on a "perre uest" basis or ma be a more eneral dele ation to res ond to all lawful

requests.

The HIO may not unnecessarily retain data. When the HIO is acting on behalfof the provider, the HIO should retain data only as needed to fulfill the servicesspecified in its BA/service agreement with that provider, and supportingadministrative functions.

30


50/60

16


6. What limits, if any, should apply to 3rd Party Service Providers

regarding data reuse?

(Recommendation)

The principles of collection limitation, purpose specification and use

limitation should apply to Provider/3rd Party Service Provider uses of IIHI.

A third party service provider may not retain, use and disclose for any

agreement with the data provider, and supporting administrative functions,

or as required by law.

31


7. What limits, if any, should be applied to retention periods?

(Recommendation)

3rd party service providers may retain data only for as long as reasonably

necessary to perform the functions specified in the BA/service agreement

with the data provider, and supporting administrative functions. Retention

policies, must be established and disclosed and overseen; and data must

,

NIST standards and conditions set forth in the BA/service agreement.

32


51/60

17


8. Should 3rd party service providers disclose to their customers how

they use and disclose information, and their privacy and securityand retention policies and procedures?

(Recommendation)

3rd party service providers should be obligated to disclose in their

BA/service agreements with their customers how they use and disclose

-,

data, and their retention policies and procedures

33


9. Are business associate agreements sufficient for ensuring

accountability?

(Recommendation)

While significant strides have been made, business associate

agreements, by themselves, are not sufficient to address the full

complement of governance issues, including oversight, accountability and

.

34


52/60

18

Consent Option Opinion Summary

OPT - IN

architecture of the system. Technology should preserve ourvalues, and be determined by them not the other way around.

In order to gain the confidence of the public and achieve thepromised benefits from the adoption of health informationtechnology both providers and patients must be given true choiceabout whether to trust that technology and patients must have realchoice about what happens to their PHI. The only option that trulyprovides that real choice is the use the Opt In methodology. It isthe onl choice that can make a real difference in how anindividuals information is used, shared, and protected. Opt outis a choice too late; it relegates the patients choice to a secondary

consideration (after the horse is out of the barn) and undoubtedlywill feed into suspicion and distrust.

35

Consent Option Opinion Summary

ALTERNATIVE TO OPT- IN

When consent is needed, patients need to be given a Meaningful

Choice. Among other attributes, Meaningful Choice needs to be

proportionate with exchange circumstances and must provide

adequate time and knowledge to make decisions. It is more

important that we agree on these basic principles and on the

situations where choice is required, instead of trying to make

specific recommendations on the form of consent. The actual

Meaningful Choice principles and by the details of how the

exchange operates.

36


53/60


54/60

HIT Policy CommitteeAdoption Certification Workgroup

Proposed Next Steps

Paul Egerman, Chair

Marc Probst, Co-Chair

July 21, 2010

22

Agenda

The Workgroup

Recent Activities

ONC Presentations

Areas of Focus

Hearing on exploring barriers to EHR adoption

Next Steps


55/60

33

Certification/Adoption Workgroup

Chairs:

Paul Egerman Marc Probst - Intermountain Healthcare

Members: Rick Chapman - Kindred Healthcare Adam Clark - Lance Armstrong Foundation Charles Kennedy - Wellpoint Scott White - SEIU Training & Employment Fund Latanya Sweeney - Carnegie Mellon University Steve Downs - Robert Wood Johnson Foundation Joseph Heyman - American Medical Association Teri Takai State Chief Information Officer, CA Micki Tripathi - Massachusetts eHealth Collaborative George Hripcsak - Columbia University Paul Tang - Palo Alto Medical Foundation Carl Dvorak- Epic Joan Ash- Oregon Health and Science University

4

Recent Activities

Continued focus on Certification efforts

Discussions with ONC Staff on mostappropriate areas to support

Presentations from Melinda Buntin and NedEllington from ONC

Identification and prioritization of areas of focus

Definition of proposed hearing to focus onbarriers to EHR adoption


56/60

5

ONC Presentations

Melinda Buntin Director, Office of Economic Analysis & Modeling

Data Collection and Analysis

Modeling of Adoption

Supporting/Encouraging Adoption

ONC Performance Measurement

Ned Ellington Director, HITRC, Office of Provider Adoption Support

Provider Support

REC issues

Knowledge Sharing Network

Research and Resources (sharing best practices)

6

ONC Presentations (continued)

Specific actions discussed where Workgroupcan support ONC teams:

Participation in expert panel looking at initial models

Individual discussion/expert support to ONC teams

Aggregation of ideas from vendor/user communities


57/60

7

Areas of focus specifically discussed

Adoption challenges faced by specific marketsegments (Thoughtful non-Adopters)

Coordination with Implementation Workgroup(HIT Standards Committee)

Monitor the Certification Process foreffectiveness

8

Areas of focus - other

REC Best Practices

EHR Best Practices (tips and techniques)

Training & Education

Success Stories on Adoption

Patient Access to Data Issues

EHR Safety

HIE Adoption

Workforce issues

Specific Physician issues


58/60

9

Hearing: Exploring Barriers to EHR Adoption

Hearing on exploring barriers to EHR adoption:tools for the small- and medium-sized end

users

Separate sessions for physicians and hospitals

Focus on small- and medium-sized end users

Elicit input from vendors and practitioners

Focus on barriers to adoption and lessons learned

Goal is to provide ONC with better

understanding of the barriers andrecommendations for overcoming them

10

Next Steps

Support Modeling Conference (MelindaBuntin)

Work with ONC on Barriers Hearing

Follow-up Workgroup conference call onprioritizing action items


59/60


60/60

HIT Policy CommitteeInformation ExchangeWorkgroup

Micky Tripathi, Chair

David Lansky, Co-Chair

Workgroup Members

Chair: Micky Tripathi MA e-health Collaborative

Co-Chair: David Lansky Pacific Business Group on Health

Members: Judy Faulkner Epic

Connie W. Delaney University of Minnesota, Nursing

Gayle Harrell

Michael Klag Johns Hopkins School of Public Health

Deven McGraw Center for Democracy & Technology

Latanya Sweeney Carnegie Mellon University

Charles Kennedy WellPoint, Inc.

Paul Egerman

James Golden Minnesota Department of Health

Dave Goetz Department of Finance and Administration, TN

Jonah Frohlich California Health & Human Services

Steven Stack AMA

George Hripcsak Columbia University

Seth Foldy Wisconsin

Jim Buehler Centers for Disease Control and Prevention

Jessica Kahn Centers for Medicare & Medicaid

Documents

HIT Policy Committee - 2010-07-21