8/9/2019 HIT Policy Committee - 2010-07-21
1/60
HHIITT
PPoolliiccyy CCoommmmiitttteeee____________________
JJuullyy 2211,, 22001100
8/9/2019 HIT Policy Committee - 2010-07-21
2/60
A G E N D AHIT Policy Committee
July 21, 20109:30 a.m. to 2:45 p.m. [Eastern Time]
Renaissance Washington, DC, Dupont Circle Hotel
1143 New Hampshire Avenue, NW
Washington, DC
9:30 a.m. CALL TO ORDER Judy Sparrow
Office of the National Coordinator for Health Information Technology
9:35 a.m. Opening Remarks David Blumenthal, MD, MPP
National Coordinator for Health Information Technology
9:45 a.m. Review of the Agenda Paul Tang, Vice Chair of the Committee
10:00 a.m. Meaningful Use Rules & Certification Criteria for EHRs
Tony Trenkle, Centers for Medicare & Medicaid Services
Farzad Mostashari, ONC
11:00 a.m. ONC Reports
Doug Fridsma, ONC
11:30 a.m. Enrollment Workgroup Update
Aneesh Chopra, Chair
Sam Karp, Co-Chair
12:00 p.m. LUNCH BREAK
12:45 p.m. Privacy & Security Tiger Team Update & Recommendations
Deven McGraw, Chair
Paul Egerman, Co-Chair
1:45 p.m. Adoption-Certification Workgroup Update
Marc Probst, Co-Chair
Paul Egerman, Co-Chair
2:15 p.m. Information Exchange Workgroup Update
Micky Tripathi, Chair
8/9/2019 HIT Policy Committee - 2010-07-21
3/60
David Lansky, Co-Chair
2:30 p.m. Public Comment
2:45 p.m. Adjourn
8/9/2019 HIT Policy Committee - 2010-07-21
4/60
8/9/2019 HIT Policy Committee - 2010-07-21
5/60
HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 1
Health Information Technology Policy Committee
DRAFT
Summary of the June 25, 2010, Meeting
KEY TOPICS
1. Call to Order
Judy Sparrow, Office of the National Coordinator (ONC), welcomed participants to the 13th
meeting of the Health Information Technology Policy Committee (HITPC), reminded the groupthat this was a Federal Advisory Committee meeting and therefore was being conducted in
public, and conducted roll call.
2. Review of the Agenda
HIT Policy Committee Co-Chair Paul Tang reviewed the meetings schedule, which was
rearranged somewhat to accommodate the travel schedules of some participants. The groupapproved the minutes from the last HITPC meeting (held on May 19, 2010).
Action Item #1: The Committee approved the minutes from last HITPC
meeting, held May 19, 2010, by consensus.
3. Opening Remarks
National Coordinator for HIT David Blumenthal explained that the HITPCs efforts are in a
period of winding up of the first set of meaningful use standards and certifications, and looking
ahead to the next phase. Meanwhile, the Committee must pay attention to all manner of
continuing issues. Work continues on privacy and security, and they must prepare for a possiblerule on governance of the National Health Information Network (NHIN), which Congress has
tasked them with considering. Work also continues on the substrate for interoperability in the
health system through the NHIN and its standards, policies, and implementation specifications.He expressed gratitude for the hard work and dedication of the Committee.
4. ONC Update: NHIN Direct - Standards and Interoperability Framework
Doug Fridsma of ONC explained that the Office is working to support the lifecycle of standards
and interoperability. There are Meaningful Use criteria that this Committee will establish, and as
a result, standards that will be implemented into technologies and used in certification criteria.Many things happen between the time that policy decisions are made and standards are
constructed. He said he hopes to give the Committee a sense of some of the activities that occur
in between, and an understanding of the coordination that is necessary.
Doug Fridsma characterized an implementation specification as a recipe. It tells people how to
build software to do certain things. Policies have to be translated into these recipes. The goal is
8/9/2019 HIT Policy Committee - 2010-07-21
6/60
HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 2
to create reproducible recipes and develop tools that increase their efficiency in building these
recipes. Therefore, computational approaches are needed.
ONC also is working on linking use cases so that there is no break in the chain from the high-
level policy objectives all the way through specific standards and certification criteria. ONC is
working with the National Institute of Standards and Technology (NIST) on this effort. If thereare specific requirements that are translated into these recipes, then tools can be built to make it
easier for companies to create things that will stand up to the criteria. This framework is
intended to address whatever standards might be developed in the future, with initiatives such asthe NHIN Direct, the interoperability framework, and focused collaboration.
The first step will be to examine what needs to be accomplished and deconstruct it into the dataneeded as well as the functions to be performed. Use cases will crop up from various sources;
each of which will be broken down in this manner. Doug Fridsma used e-prescribing as an
example of use case development. The National Information Exchange Model will be used.
Paragraph descriptions will be broken down into data and function, harmonized, and all of the
pieces will be able to function together.
Doug Fridsma emphasized the importance of these activities not occurring in the abstract. Theremust be a quality check for implementation specifications: they will have to actually build it, to
have a test kitchen to make sure the recipe is correct. Pilot projects and demonstrations will be
initiated; one of the first use cases that will be put through this framework is the NHIN Direct
project.
In discussion, the following was noted:
Paul Egerman pointed out that although certification is the final step in ONCs process, it is
the starting point for industry. Once vendors have the certification criteria, it takes 1 or moreyears to develop a product. Then, it must be certified, marketed, and distributed to
customers. Therefore, it is important that this work be coordinated with the timeline of thePhase 2 certification process. He asked how ONC is coordinating this work so that it is done
in time for industry to use it. Doug Fridsma explained that given the time constraints, ONC
does not plan to wait to engage NIST and those who will be helping to implement testing
strategies. It is hoped that NHIN Direct will be ready for an HIT Standards Committee(HITSC) review in January 2011.
Gayle Harrell commented on the extremely ambitious timeline associated with these efforts.Given that early adopter hospitals are going to start purchasing systems in 2010, this work
will not be available to benefit those who are going to start purchasing systems. DougFridsma explained that the work that is already in place for 2011 will need to be backfilled
into this process. The directives for meaningful use that have come from this Committee,and the standards required to support them, already exist. As they look ahead to 2013, 2015,
and beyond, at some point they have to make sure they have the integration that needs to
occur. It will take some time to get to that point, but they must start building the framework
so that when data starts being reused for clinical decision support, etc., that there isconsistency across the standards. The only way to do that is to start now and think ahead.
8/9/2019 HIT Policy Committee - 2010-07-21
7/60
HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 3
David Blumenthal acknowledged that the questions regarding timeframe are important. Oneof the reasons this Committee was relatively modest in its recommendations around
exchange had to do with its recognition that the work associated with exchange issues is stillincubating. Therefore, compromises were made on the aspirations for the first stage of
meaningful use. In fact, the first stage only requires the demonstration of a capability. The
capabilities requirements of the systems that are purchased will have to be continuouslyupgraded. That represents a significant challenge, and vendors will need to be able to mature
their products after they are installed. Some vendors will be better at this process than others,
and hopefully that will be part of the discussion as systems are acquired.
5. NHIN Governance
Mary Jo Deering of ONC asked the Committee for help in establishing the governance of NHIN.This issue is essential to establishing trust in information exchange. ONC will release an initial
Request for Information in early August and will publish a Notice of Proposed Rulemaking
(NPRM) in early 2011, with a final rule expected by next summer. She presented some
rhetorical questions to HITPC members, such as is this what ONC should be asking? Whatshould ONC be asking?
A single line in the Health Information Technology for Economic and Clinical Health (HITECH)Act indicates that ONC is to establish a governance mechanism for the NHIN by rulemaking.
ONC must be sure that users have trust in how information is shared, and be confident that the
system works. Without governance, NHIN exchange cannot expand beyond the legal guidelinesand baseline of governance that currently exists. Complimentary mechanisms are being sought
to fill the gap. An HIT trust framework would be useful; Mary Jo Deering presented five
categories of attributes that are needed for trust: (1) agreed-upon business, policy, and legal
requirements; (2) transparent oversight; (3) enforcement and accountability; (4) identity
assurance; and (5) technical requirements. It is premature to know whether these five categorieswill frame the rule itself. They do represent an effective starting point, however, for HITPC
discussion. She noted that there also are questions of scope (e.g., should the NHIN be
branded, should any use of the NHIN standards lie outside of governance, when should the
governing levers that do exist be used?).
The ensuing discussion included the following points:
David Blumenthal noted that this discussion begins with a task assigned by Congress: ONCshall establish a governance mechanism for the NHIN. This discussion also needs to take placedue to the broader mandate to create a broad, secure health information system. His sense is that
this will not happen by itself, that there will be a continuing need for an organizing force. Theissue is made more urgent because there is a group of organizations that are now trying to use the
NHIN to exchange data. They are trying to decide how to move forward on a set of technicaland legal issues, and the General Counsel has ruled that they cannot do much without ONC
input.
Gayle Harrell proposed that the Committee designate a significant amount of time during afuture HITPC meeting to discuss this topic. Mary Jo Deering indicated that ONC will ask both
8/9/2019 HIT Policy Committee - 2010-07-21
8/60
HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 4
the HITPC and HITSC to hold full joint hearings in early September. Meanwhile, she will be
working with the tiger team in August on privacy and security-related issues.
LaTanya Sweeney commented on two different methods of governance: a hands-off approach togovernance versus complete command and control. She noted that another model has worked
effectively, which is a climate that allows a lot of freedom, but in fact provides the right kind oftechnical and policy incentives that could create a convergence. She used the world wide web as
an example. She discussed an example, when the Commerce Department indicated that it did
not have the authority to force a standard for credit cards. A group of academics and institutionscollaborated, formed a consortium, and as a group with the right experts and right focus, tackled
the issue. Their work came together very quickly, and within a year people were using and
trusting the world wide web.
Neil Calman about what type of responsibility the HITPC and ONC have to ensure that duringthe implementation effort, groups are not spending a significant amount of resources on systems
and vendors that might not be able to upgrade their systems as necessary. He suggested it might
be important to define some quantum dates, as they have done with meaningful use. In this way,there will at least be some sense of stability at certain points along the timeline.
6. Meaningful Use Workgroup: Disparities Hearing Briefing
Meaningful Use Workgroup Co-Chair George Hripcsak discussed a hearing that was held on
June 4 on the topic of eliminating disparities, with a focus on finding solutions. The Workgroup
held two previous hearings, with experts providing testimony on disparities and relatedproblems. The June 4 hearing included panels on health literacy and data collection, culture,
and access. Disparities in the following areas were discussed: (1) race and ethnicity, (2)
language, (3) health literacy, (4) migrant and seasonal workers, (5) children and the elderly, and
(6) the homeless.
The underserved does not represent one group of people. It is a number of groups, and a
solution for one group may not be the solution for another. It is important to engage thecommunity in the design of solutions to their problems. George Hripcsak commented that it is
necessary to develop a sensitivity to the issues of underserved populations, and to recognize that
one or two policies will not solve the problem.
A common theme surfaced during the hearingthe importance of communication and sharing
information. It is necessary not just to look at disparities but to report them, so that it is possibleto judge how well they get addressed. Education and training will be necessary to address
disparities, as well as the trust of the community.
On July 29, the Meaningful Use Workgroup will hold a hearing on population and public health.On August 5, a hearing on care coordination is planned.
Neil Calman noted that another issue that arose during the June 4 hearing was the responsibility
to make sure that safety net providers are not left behind as electronic health records (EHRs) areimplemented. The HITPC should be monitoring the implementation rate among safety net
8/9/2019 HIT Policy Committee - 2010-07-21
9/60
HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 5
providers; otherwise, their patients will continue to have disparities as effort rolls out. Also, he
indicated that he has received a number of e-mails since the hearing regarding disparities aroundtreatment based on sexual orientation and gender identity.
A discussion followed the presentation, and included these highlights:
Marc Overhage emphasized that these disparities need to be addressed. The sooner standardscan be put into place for what data needs to be collected, the sooner they can start to manage
what seems to be a solvable problem.
David Blumenthal noted that ONC has identified this as a priority area, and is trying to developapproaches to assuring that its activities do not enhance disparities, and, preferably, reduce them.
He added that technology tends to be adopted first by majority groups.
Gayle Harrell said that in Florida, many safety net hospitals are underfunded. If they have largeresidency programs and clinics, then the question of whether their physicians have separate ID
numbers becomes an issue. Safety net hospitals need to be examined in a separate category,because they are facing significant challenges.
Committee members discussed how safety net hospitals and clinics should be defined. Many
facilities truly work with underserved populations, and they see themselves as safety netsalthough they may not have been identified as such by any group. The ability to identify whothey are would be very helpful.
7. Privacy and Security Tiger Team Update and Recommendations
Paul Egerman presented update for the Privacy and Security Workgroups tiger team, which has
a schedule of topics to be addressed this summer. The first topic the tiger team addressed wasmessage handling in directed exchanges. Message handling involves messages that go from one
health care entitys computer to another in the process of treating a patient. One example is the
ordering of a lab test. The team established two primary questions regarding directed exchange:
What are the policy guardrails for message handling in directed exchange? Who is responsiblefor establishing trust when messages are sent?
Four categories of message handling also were identified:
Model A - No intermediary is involved (exchange is direct from message originator to
message recipient).
Model B - The intermediary only performs routing and has no access to unencrypted personalhealth information (PHI) (the message body is encrypted and the intermediary does not
access unencrypted patient identification data).
Model C - The intermediary has access to unencrypted PHI (i.e., the patient is identifiable)but does not change the data in the message body.
8/9/2019 HIT Policy Committee - 2010-07-21
10/60
HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 6
Model D - The intermediary opens message and changes the message body (format and/ordata).
The tiger team offered a series of recommendations regarding directed exchange, as follows:
Unencrypted PHI exposure to an intermediary in any amount raises privacy concerns.
Fewer privacy concerns for directed exchange are found in models in which no unencryptedPHI is exposed (i.e., models A and B). ONC should encourage the use of such models.
Models C and D involve intermediary access to unencrypted PHI, introducing privacy and
safety concerns related to the intermediarys ability to view and/or modify data. Clearpolicies are needed to limit the retention of PHI and restrict its use and re-use.
The team may make further privacy policy recommendations concerning retention and reuseof data. Model D also should be required to make commitments regarding accuracy and
quality of data transformation.
Intermediaries who collect and retain audit trails of messages that include unencrypted PHIshould also be subject to policy constraints.
Intermediaries that support models C and D require contractual arrangements with themessage originators in the form of Business Associate agreements that set forth applicablepolicies and commitments and obligations.
The team also discussed who should be responsible for establishing exchange credentials. The
sender has to authenticate the receiver. How does the sender know that the message will get to
the right place? A digital credential is a certificate assigned to the computer so that when themachines talk to each other they can validate that they are the correct machine. The question is,
who is responsible for issuing these certificates?
The tiger team decided that, first and foremost, the provider must ensure the safety of the
patients information. Whoever holds the data is responsible for protecting its safety. With
respect to issuing digital credentials, providers can do that themselves or they may delegate it toan authorized credentialing service provider.
The team made the following specific recommendations:
The responsibility for maintaining the privacy and security of a patients record rests with thepatients providers. For functions like issuing digital credentials or verifying provider
identity, providers may delegate that authority to authorized credentialing service
providers.
To provide physicians and hospitals (and the public) with some reassurance that thiscredentialing responsibility is being delegated to a trustworthy organization, the federalgovernment (ONC) has a role in establishing and enforcing clear requirements and policies
8/9/2019 HIT Policy Committee - 2010-07-21
11/60
HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 7
about the credentialing process, which must include a requirement to validate the identity of
the organization or individual requesting a credential.
State governments can, at their option, also provide additional rules for these authorizedcredentialing service providers.
The Committee discussion that followed included these highlights:
LaTanya Sweeney noted that the recommendations and the discussion are centered on oneclass of technical solutions that relate to message passing. She discussed a survey of about50 companies around the country who have invested millions of dollars in NHIN solutions.
Many communities are making technology-related decisions, and none of the technologies
have had the benefit of going through NHIN Direct. She commented that there appears to be
an unfairness related to the process in which companies that have innovative ideas areunable to participate in NHIN Direct.
Gayle Harrell noted that with exchange categories/models C and D, the level of policy has torise in order for the level of trust to be sufficient. Categories/models A and B are directexchange, with no intermediary. Higher degrees of accountability are necessary with C and
D.
One Committee member suggested that it seems too definitive to simply recommend that
ONC should encourage the use ofcategories/models A and B.
David Blumenthal reminded the group that there are constituencies who are asking for adviceand instructed on how best to proceed (even though this group does not have that authority).
Many states are wishing that ONC would tell them exactly how they should resolve some of
these privacy and security problems. ONC will have to make some of those decisions, and isseeking this Committees consensus advice. He asked HITPC members to keep in mind thetime urgency, the need for states to begin to be active, and need for providers to have some
confidence about the circumstances under which they can share information.
LaTanya Sweeney expressed some frustration from the perspective of a computer scientist.In her field, they start by determining the requirements and the space of technical solutions,
and they quickly rule out options. She suggested that if ONC starts off with an engineering
requirements analysis (which has largely been done with the meaningful use work), within 1month one or more useful solutions could be developed.
One Committee member indicated that message handling categories/models A and B arenecessarily cheaper, because they may be sending information that is dirty or
unintelligible. There is a very big return on investment associated with checking to makesure the appropriate things are there/not there (as in category/model C).
Action Item #2: The Committee accepted the first set of Privacy andSecurity Workgroup tiger team recommendations (related to directed
exchange), with the removal of the reference to the ONC encouraging
8/9/2019 HIT Policy Committee - 2010-07-21
12/60
HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 8
the use of message handling categories/models A and B. The Committee
accepted the second set of tiger team recommendations as they stand.
8. Enrollment Workgroup Update
Enrollment Workgroup Chair Aneesh Chopra presented the list of Enrollment Workgroupmembers, noting that people who work in other industries understand data sharing models that
can bring some perspective to the group. Also included is a robust group of federal partners,
stakeholders from across the federal government. The groups charge is to inventory standardsthat are already in place, identify the gaps, and develop a set of processes to address those gaps.
The Workgroup is focused on the following areas: (1) electronic matching across state and
federal data, (2) retrieval and submission of electronic documentation for verification, (3) reuseof eligibility information, (4) capability for individuals to maintain eligibility information online,
and (5) notification of eligibility.
The Workgroup needs to conceptualize standards that might be useful and work across a variety
of use cases or architectures. The goal is to create a set of architectures that match up withHITPC and HITSC principles. The Enrollment Workgroup held its first public hearing, in which
2014 implementation was discussed. Examples at state and local levels were considered, andWorkgroup members and others discussed how people are using web-based protocols. At its
next meeting, Enrollment Workgroup members will be examining a particular use case.
The discussion that followed included these points:
Aneesh Chopra noted that one of the Workgroups questions for consideration may be howbest to get hospital finance departments hooked into this idea so that they can assist in
enrollment efforts.
Gayle Harrell commented that the enrollment project is a real issue for states. Whether it isMedicaid eligibility, food stamps, or some other state-run program, the individual state bears
responsibility for enrollment projects. She asked Aneesh Chopra whether he anticipates thatthis program will roll out and states will integrate into a system, although each state may
implement their programs differently. Aneesh Chopra explained that this is why technology
must be in support of policy, and not vice versa. Their process will need to includeconveying to states regardless of how it is technically done, you need to capture this
persons name and confirm that they live in New Jersey [for example]. How you do that is
open.
Aneesh Chopra offered an example from the U.S. Postal Service (USPS), which has created asystem to verify a persons address. Any group can adopt that system: a state, a commercial
web site, etc. When the USPS designed this system, it did not presume how and in what
manner it would be consumed. It had to keep the design simple and easy to replicate.
Gayle Harrell reminded the Committee that with this enrollment effort comes very specificprivacy issues. Different states have different requirements. A plethora of issues will have
to be discussed, especially related to privacy issues.
8/9/2019 HIT Policy Committee - 2010-07-21
13/60
HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 9
Charles Kennedy said that in the existing market where private insurers sell health insurance,people have to fill out medical information on their insurance applications. This represents a
good source of information on the clinical side that should not be ignored.
Aneesh Chopra offered another example of a design principle: students filling out student
loan applications can go to the Internal Revenue Service web site and request that their taxinformation flow into the Department of Education student loan form. The IRS does notdirectly share that information with the Department of Education: the student controls when
and if the data flows from one agency to the other. This is the type of process and
information that the Enrollment Workgroup will be considering.
9. ONC Update: Temporary Certification Program
Steve Posnack of ONC reported that in early March, the Interim Final Rules for the temporaryand permanent certification programs were published. ONC is starting with the temporary
program first. The comment period for this temporary program ended on April 9, and the rule
was written, cleared, and published in about 9 weeks.
The final rule was published on June 24 (the day before this meeting), representing the first
significant step that will set in motion one of the processes that needs to be in place. regional
extension centers can now start formulating their plans for helping organizations get tomeaningful use. The rule establishes a process for the National Coordinator to use in authorizing
organizations to test and certify EHRs. Also, it sets the parameters for the testing of EHR
technology.
Each Committee member received a copy of the rule, including a list of all of the changes made
between the initial proposed rule and the final rule. Steve Posnack called out a few of these
changes:
Remote testing certification is now listed as the minimum option for certification.
There is a set of capabilities that must be present in order to meet meaningful use standards.There are numerous other capabilities that health care providers will actually need for their
operation. This rule is primarily concerned with the former. Testers must be able simply to
test against meaningful use certification criteria, and not a range of other services that do notspecifically address meaningful use.
Inherited certification will be possible when a certified system releases a new software
version. The producer must attest that the updated version still meets the certificationcriteria.
A list of certified EHRs will be made available.
Carol Bean of ONC explained that the temporary certification program is based on internationalstandards and best practices that look at the entities providing the testing. Testers chosen for the
temporary certification program are called ONC Authorized Testing and Certification Bodies
8/9/2019 HIT Policy Committee - 2010-07-21
14/60
HIT Policy Committee 6-25-2010 DRAFT Meeting Summary Page 10
(ATCBs). ONC is currently in the final stages of creating the applications themselves. Already,
the Office has received more than 30 requests for the applications. The form has multiple parts.Everyone will fill out Part 1. Part 2 will be filled out differently by different entities, depending
on the scope of testing authorization they are seeking. The two parts can be submitted
separately, but an application will not be complete until both parts 1 and 2 are received.
ONC will provide a decision to authorize (or not) a testing organization within 30 days. All
applications will be reviewed by an internal review board. A list of authorized ATCBs will be
provided on the ONC web site. By late summer, it is expected that some ATCBs will be inoperation. There will be no limit on applicants, and no limit on the number of testing bodies that
can be authorized. A new web site, called CHAPEL, will aggregate lists of certified products
and technologies from the ATCBs.
10. Public Comment
Mark Siegel of GE Healthcare urged the Committee to give careful consideration to some timing
issues with regard to NHIN Direct. ONC expects that testing and certification for the 2013/2014period will need to begin by mid-2012. This is a concern, given that the next stage of
meaningful use will begin in October, 2012 for hospitals. Inconsistently, the next set ofstandards criteria will be published in the summer of 2012. These dates, which were put in as
projections, should be scrutinized to make sure that providers and vendors have what they need
for safe and effective implementation.
SUMMARY OF ACTION ITEMS:
Action Item #1: The Committee approved the minutes from last HITPC meeting, held May 19,
2010, by consensus.
Action Item #2: The Committee accepted the first set of Privacy and Security Workgroup tiger
team recommendations (related to directed exchange), with the removal of the reference to the
ONC encouraging the use ofmessage handling categories/models A and B. The Committeeaccepted the second set of tiger team recommendations as they stand.
8/9/2019 HIT Policy Committee - 2010-07-21
15/60
8/9/2019 HIT Policy Committee - 2010-07-21
16/60
Medicare & Medicaid EHRIncentive Program Final Rule
Implementing the AmericanRecovery & Reinvestment Act of 2009
The Journey to Meaningful Use
Faith is the bird that sings when the dawn is stilldark. Rabindranath Tagore
2
8/9/2019 HIT Policy Committee - 2010-07-21
17/60
Overview
American Recovery & Reinvestment Act(Recovery Act) February 17, 2009
Medicare & Medicaid Electronic HealthRecord (EHR) Incentive Program Notice ofProposed Rulemaking (NPRM)
Display December 30, 2009
Publication January 13, 2010
Final Rule on Display July 13, 2010 Final Rule Published July 28, 2010
3
What did not changein the final rule
Adopted statutory provider eligibility and paymentrequirements
Meaningful Use matrix goals remained the same.
Hospital definition did not change.
EPs will still be required to demonstrate MUindividually
Clinical quality measures reporting timeline willstay the same
MU reporting period of 90 days for first year andone year thereafter.
4
8/9/2019 HIT Policy Committee - 2010-07-21
18/60
What Changed from the NPRMto the Final Rule? Meaningful Use Criteria
Clinical Quality Measures
Hospital-based EPs
Medicaid acute care hospitals
Medicaid patient volume
Removed reporting period for adopt,implement or upgrade (Medicaid)
All programs will start in 2011
More clarification throughout
5
Changes to Provider Eligibility
Due to recent legislation, hospital-based EPs areonly those who see more than 90% of theirpatients in a hospital in-patient or ER setting
Medicaid included critical access hospitals in itsdefinition of acute care hospital (but incentive is
like other acute care hospitals, not following theMedicare CAH formula)
6
8/9/2019 HIT Policy Committee - 2010-07-21
19/60
Medicaid Patient Volume
Medicaid EP participation hinges on patientvolume requirements.
Medicaid patient volume was significantlyclarified
Expanded definition of encounter to include any
encounter for which Medicaid had any paymentliability e.g. premiums, co-pays, waivers
Allows States to define patient volume as just
encounters or encounters plus patient panel(managed care), both or propose a newmethodology
7
Meaningful Use: Process of Defining
National Committee on Vital and Health Statistics
(NCVHS) hearings
HIT Policy Committee (HITPC) recommendations
Listening Sessions with providers/organizations
Public comments on HITPC recommendations
Comments received from the Department andthe Office of Management and Budget (OMB)
Revised based on public comments on theNPRM
8
8/9/2019 HIT Policy Committee - 2010-07-21
20/60
Meaningful Use Stage 1Health Outcome Priorities* Improve quality, safety, efficiency, and reduce
health disparities
Engage patients and families in their healthcare
Improve care coordination
Improve population and public health
Ensure adequate privacy and security
protections for personal health information*Adapted from National Priorities Partnership. National Priorities and Goals: Aligning Our Efforts to Transform
Americas Healthcare. Washington, DC: National Quality Forum; 2008.
9
Meaningful Use: Changes fromthe NPRM to the Final RuleNPRM Final Rule
Meet all MU reporting objectives Must meet core set/can defer 5 from
optional menu set
25 measures for EPs/23 measures for
eligible hospitals
25 measures for EPs/24 for eligible
hospitals
Measure thresholds range from 10% to
80% of patients or orders (most at higher
range)
Measure thresholds range from 10% to
80% of patients or orders (most at lower
to middle range)Denominators To calculate the
threshold, some measures required
manual chart review
Denominators No measures require
manual chart review to calculate
threshold
Administrative transactions (claims and
eligibility) included
Administrative transactions removed
Measures for Patient-Specific Education
Resources and Advanced Directives
discussed but not proposed
Measures for Patient-Specific Education
Resources and Advanced Directives (for
hospitals) included10
8/9/2019 HIT Policy Committee - 2010-07-21
21/60
Meaningful Use: Changes fromthe NPRM to the Final Rule, contdNPRM Final Rule
States could propose requirements
above/beyond MU floor, but not with
additional EHR functionality
States flexibility with Stage 1 MU is
limited to seeking CMS approval to
require 4 public health-related
objectives to be core instead of menu
Core clinical quality measures (CQM)
and specialty measure groups for EPs
Modified Core CQM and removed
specialty measure groups for EPs
90 CQM total for EPs 44 CQM total for EPs must report
total of 6
35 CQM total for eligible hospitals and
8 alternate Medicaid CQM
15 CQM total for eligible hospitals
5 CQM overlap with CHIPRA initial core
set
4 CQM overlap with CHIPRA initial core
set
11
How were MU Core ObjectivesSelected?
Overarching considerations
Statutory requirements-e.g.- e-prescribing, CQM, health informationexchange
Foundational objectives-e.g. privacy and security and those thatprovide foundational data needed for other measures, likedemographics, medication lists, etc.
Patient-centered
Patient access- e.g. clinical summaries
Patient safety-e.g.-drug-drug and drug-allergy features)
Part of providers normal practice
Looked at how the objectives aligned
Feedback received from HIT Policy Committee and commenters
12
8/9/2019 HIT Policy Committee - 2010-07-21
22/60
Meaningful Use: Applicability ofObjectives and Measures Some MU objectives are not applicable to
every providers clinical practice, thus they
would not have any eligible patients oractions for the measure denominator.
In these cases, the EP, eligible hospital orCAH would be excluded from having to meetthat measure
Ex: Dentists who do not perform immunizations;Chiropractors do not e-prescribe
13
Meaningful Use: Denominators
Two types of percentage based measures areincluded to address the burden ofdemonstrating MU1. Denominator is all patients seen or admitted
during the EHR reporting period The denominator is all patients regardless of whether
their records are kept using certified EHR technology2. Denominator is actions or subsets of patients
seen or admitted during the EHR reporting period The denominator only includes patients, or actions taken
on behalf of those patients, whose records are kept usingcertified EHR technology
14
8/9/2019 HIT Policy Committee - 2010-07-21
23/60
How were the Thresholds Selected
80%-Objective part of standard practice-e.g.-maintain active medication list
Others-defined on a case-by-case basisbased on commenter or clearance feedback
Example-e-prescribing set at 40% loweredfrom 75% to address concerns bycommenters regarding non-participation by
pharmacies and patient preference.
15
Meaningful Use Stage 1 Core Set
Health
Outcomes
Policy
Priority
Stage 1 Objective Stage 1 Measure
Improving
quality,
safety,
efficiency,
and
reducing
health
disparities
Use CPOE for medication orders directly entered by
any licensed healthcare professional who can enter
orders into the medical record per state, local, and
professional guidelines
More than 30% of unique patients with at least one
medication in their medication list seen by the EP or
admitted to the eligible hospital or CAH have at least
one medication entered using CPOE
Implement drug-drug and drug-allergy interaction
checks
The EP/eligible hospital/CAH has enabled this
functionality for the entire EHR reporting period
EP Only: Generate and transmit permissible
prescriptions electronically (eRx)
More than 40% of all permissible prescriptions written
by the EP are transmitted electronically using certified
EHR technology
Record demographics: preferred language, gender,
race, ethnicity, date of birth, and date and
preliminary cause of death in the event of mortality
in the eligible hospital or CAH
More than 50% of all unique patients seen by the EP or
admitted to the eligible hospital or CAH have
demographics as recorded structured data
Maintain up-to-date problem list of current and
active diagnoses
More than 80% of all unique patients seen by the EP or
admitted to the eligible hospital or CAH have at least
one entry or an indication that no problems are known
for the patient recorded as structured data
8/9/2019 HIT Policy Committee - 2010-07-21
24/60
Meaningful Use Stage 1 Core Set, contd
Health
Outcomes
PolicyPriority
Stage 1 Objective Stage 1 Measure
Improving
quality,
safety,
efficiency,
and
reducing
health
disparities
Maintain active medication list More t han 80% of all unique patents seen by the EP or
admitted to the eligible hospital or CAH have at least
one entry (or an indication that the patient is not
currently prescribed any medication) recorded as
structured data
Maintain active medication al lergy l ist More than 80% of al l unique patents seen by the EP or
admitted to the eligible hospital or CAH have at least
one entry (or an indication that the patient has no
known medication allergies) recorded as structured
data
Record and chart vital signs: height, weight, blood
pressure, calculate and display BMI, plot and display
growth charts for children 2-20 years, including BMI
For more than 50% of all unique patients age 2 and over
seen by the EP or admitted to the eligible hospital or
CAH, height, weight, and blood pressure are recorded as
structured data
Record smoking status for patients 13 years old orolder
More than 50% of all unique patients 13 years or olderseen by the EP or admitted to the eligible hospital or
CAH have smoking status recorded as structured data
Implement one clinical decision support rule and the
ability to track compliance with the rule
Implement one clinical decision support rule
Report clinical quality measures to CMS or the States For 2011, provide aggregate numerator, denominator,
and exclusions through attestation; For 2012,
electronically submit clinical quality measures
Meaningful Use Stage 1 Core Set, contd
Health
Outcomes
Policy
Priority
Stage 1 Objective Stage 1 Measure
Engage
patients and
families in
their
healthcare
Provide patients with an electronic copy of their
health information (including diagnostic test results,
problem list, medication lists, medication allergies,
discharge summary, procedures), upon request
More than 50% of all unique patients of the EP, eligible
hospital or CAH who request an electronic copy of their
health information are provided it within 3 business
days
Hospitals Only: Provide patients with an electronic
copy of their discharge instructions at time of
discharge, upon request
More than 50% of all patients who are discharged from
an eligible hospital or CAH who request an electronic
copy of their discharge instructions are provided it
EPs Only: Provide clinical summaries for each office
visit
Clinical summaries provided to patients for more than
50% of all office visits within 3 business days
Improve care
coordination
Capability to exchange key clinical information (ex:
problem list, medication list, medication allergies,
diagnostic test results), among providers of care and
patient authorized entities electronically
Performed at least one test of the certified EHR
technologys capacity to electronically exchange key
clinical information
Ensure
adequate
privacy and
security
protections
for personal
health
information
Protect electronic health information created or
maintained by certified EHR technology through the
implementation of appropriate technical capabilities
Conduct or review a security risk analysis per 45 CFR
164.308(a)(1) and implement updates as necessary and
correct identified security deficiencies as part of the
EPs, eligible hospitals or CAHs risk management
process
8/9/2019 HIT Policy Committee - 2010-07-21
25/60 1
Meaningful Use Stage 1 Menu Set
Health
Outcomes
PolicyPriority
Stage 1 Objective Stage 1 Measure
Improving
quality,
safety,
efficiency,
and reducing
health
disparities
Implement drug-formulary checks The EP/eligible hospital/CAH has enabled this
functionality and has access to at least one internal or
external drug formulary for the entire EHR reporting
period
Hospitals Only: Record advance directives for
patients 65 years old or older
More than 50% of all unique patients 65 years old or
older admitted to the eligible hospital or CAH have an
indication of an advance directive status recorded
Incorporate clinical lab-test results into certified EHR
technology as structured data
More than 40% of all clinical lab test results ordered by
the EP, or an authorized provider of the eligible hospital
or CAH, for patients admitted during the EHR reporting
period whose results are either in a positive/negative or
numerical format are incorporated in certified EHR
technology as structured data
Generate lists of patients by specific conditions to
use for quality improvement, reduction ofdisparities, research or outreach
Generate at least one report listing patients of the EP,
eligible hospital or CAH with a specific condition
EPs Only: Send reminders to patients per patient
preference for preventive/follow-up care
More than 20% of all unique patients 65 years or older
or 5 years old or younger were sent an appropriate
reminder during the EHR reporting period
Meaningful Use Stage 1 Menu Set, contd
Health
Outcomes
Policy
Priority
Stage 1 Objective Stage 1 Measure
Engage
patients and
families in
their health
care
EPs Only: Provide patients with timely electronic
access to their health information (including lab
results, problem list, medication lists, medication
allergies) within 4 business days of the information
being available to the EP
More than 10% of all unique patients seen by the EP are
provided timely (available to the patient within 4
business days of being updated in the certified EHR
technology) electronic access to their health
information subject to the EPs discretion to withhold
certain information
Use certified EHR technology to identify patient-
specific education resources and provide those
resources to the patient, if appropriate
More than 10% of all unique patients seen by the EP or
admitted to the eligible hospital or CAH are provided
patient-specific education resources
Improve carecoordination
The EP, eligible hospital or CAH who receives apatient from another setting of care or provider of
care or believes an encounter is relevant should
perform medication reconciliation
The EP, eligible hospital or CAH performs medicationreconciliation for more than 50% of transitions of care
in which the patient is transitioned into the care of the
EP or admitted to the eligible hospital or CAH
The EP, eligible hospital or CAH who receives a
patient from another setting of care or provider of
care or refers their patient to another provider of
care should provide a summary of care record for
each transition of care or referral
The EP, eligible hospital or CAH who transitions or refers
their patient to another setting of care or provider of
care provides a summary of care record for more than
50% of transitions of care and referrals
8/9/2019 HIT Policy Committee - 2010-07-21
26/60
Meaningful Use Stage 1 Menu Set, contd
Health
Outcomes
PolicyPriority
Stage 1 Objective Stage 1 Measure
Improve
population
and public
health1
Capability to submit electronic data to immunization
registries or Immunization Information Systems and
actual submission in accordance with applicable law
and practice
Performed at least one test of the certified EHR
technologys capacity to submit electronic data to
immunization registries and follow-up submission if the
test is successful (unless none of the immunization
registries to which the EP, eligible hospital or CAH
submits such information have the capacity to receive
such information electronically)
Hospitals Only: Capability to submit electronic data
on reportable (as required by state or local law) lab
results to public health agencies and actual
submission in accordance with applicable law and
practice
Performed at least one test of certified EHR
technologys capacity to provide submission of
reportable lab results to public health agencies and
follow-up submission if the test is successful (unless
none of the public health agencies to which the EP,
eligible hospital or CAH submits such information have
the capacity to receive such information electronically)
Capability to submit electronic syndromic
surveillance data to public health agencies and
actual submission in accordance with applicable law
and practice
Performed at least one test of certified EHR
technologys capacity to provide electronic syndromic
surveillance data to public health agencies and follow-
up submission if the test is successful (unless none of
the public health agencies to which the EP, eligible
hospital or CAH submits such information have the
capacity to receive such information electronically)
1Unless an EP, eligible hospital or CAH has an exception for all of these objectives and measures they must complete at least one as part of theirdemonstration of the menu set in order to be a meaningful EHR user.
Future Stages
Intend to propose 2 additional Stagesthrough future rulemaking. Future Stages willexpand upon Stage 1 criteria.
Stage 1 menu set will be transitioned intocore set for Stage 2
Administrative transactions will be added
CPOE measurement will go to 60%
Will reevaluate other measures possiblyhigher thresholds
Stage 3 will be further defined in nextrulemaking 22
8/9/2019 HIT Policy Committee - 2010-07-21
27/60 1
States Flexibility to Revise
Meaningful Use States can seek CMS prior approval to
require 4 MU objectives be core for theirMedicaid providers:
Generate lists of patients by specific conditions forquality improvement, reduction of disparities,research or outreach (can specify particularconditions)
Reporting to immunization registries, reportable
lab results and syndromic surveillance (canspecify for their providers how to test the datasubmission and to which specific destination)
23
Meaningful Use for EPs who Work atMultiple Sites An EP who works at multiple locations, but
does not have certified EHR technologyavailable at all of them would:
Have to have 50% of their total patient encountersat locations where certified EHR technology isavailable
Would base all meaningful use measures only onencounters that occurred at locations wherecertified EHR technology is available
24
8/9/2019 HIT Policy Committee - 2010-07-21
28/60 1
MU for Hospitals that Qualify forBoth Medicare & Medicaid Payments Applies to sub-section (d) and acute care
hospitals
Attest/Report on Meaningful Use to CMS forthe Medicare EHR Incentive Program
Will be deemed meaningful users forMedicaid (even if the State has CMS approvalfor the MU flexibility around public health
objectives)
25
Clinical Quality Measures (CQM)Overview 2011 EPs, eligible hospitals and CAHs
seeking to demonstrate Meaningful Use arerequired to submit aggregate CQMnumerator, denominator, and exclusion datato CMS or the States by attestation.
2012 EPs, eligible hospitals and CAHsseeking to demonstrate Meaningful Use arerequired to electronically submit aggregateCQM numerator, denominator, and exclusiondata to CMS or the States.
26
8/9/2019 HIT Policy Committee - 2010-07-21
29/60 1
CQM: Eligible Professionals
Core, Alternate Core, and Additional CQM setsfor EPs
EPs must report on 3 required core CQM, and if thedenominator of 1or more of the required coremeasures is 0, then EPs are required to report resultsfor up to 3 alternate core measures
EPs also must select 3 additional CQM from a set of38 CQM (other than the core/alternate core measures)
In sum, EPs must report on 6 total measures: 3
required core measures (substituting alternate coremeasures where necessary) and 3 additionalmeasures
27
CQM: Core Set for EPs
28
NQF Measure Number & PQRI
Implementation Number
Clinical Quality Measure Title
NQF 0013 Hypertension: Blood Pressure
Measurement
NQF 0028 Preventive Care and Screening Measure
Pair: a) Tobacco Use Assessment b)
Tobacco Cessation Intervention
NQF 0421
PQRI 128
Adult Weight Screening and Follow-up
8/9/2019 HIT Policy Committee - 2010-07-21
30/60 1
CQM: Alternate Core Set for EPs
29
NQF Measure Number & PQRI
Implementation Number
Clinical Quality Measure Title
NQF 0024 Weight Assessment and Counseling for
Children and Adolescents
NQF 0041
PQRI 110
Preventive Care and Screening:
Influenza Immunization for Patients 50
Years Old or Older
NQF 0038 Childhood Immunization Status
CQM: Additional Set for EPs1. Diabetes: Hemoglobin A1c Poor Control2. Diabetes: Low Density Lipoprotein (LDL) Management and Control3. Diabetes: Blood Pressure Management4. Heart Failure (HF): Angiotensin-Converting Enzyme (ACE) Inhibitor or Angiotensin Receptor Blocker
(ARB) Therapy for Left Ventricular Systolic Dysfunction (LVSD)5. Coronary Artery Disease (CAD): Beta-Blocker Therapy for CAD Patients with Prior Myocardial Infarction
(MI)6. Pneumonia Vaccination Status for Older Adults7. Breast Cancer Screening8. Colorectal Cancer Screening9. Coronary Artery Disease (CAD): Oral Antiplatelet Therapy Prescribed for Patients with CAD10. Heart Failure (HF): Beta-Blocker Therapy for Left Ventricular Systolic Dysfunction (LVSD)11. Anti-depressant medication management: (a) Effective Acute Phase Treatment,(b)Effective Continuation
Phase Treatment
12. Primary Open Angle Glaucoma (POAG): Optic Nerve Evaluation13. Diabetic Retinopathy: Documentation of Presence or Absence of Macular Edema and Level of Severity of
Retinopathy14. Diabetic Retinopathy: Communication with the Physician Managing Ongoing Diabetes Care15. Asthma Pharmacologic Therapy16. Asthma Assessment17. Appropriate Testing for Children with Pharyngitis18. Oncology Breast Cancer: Hormonal Therapy for Stage IC-IIIC Estrogen Receptor/Progesterone Receptor
(ER/PR) Positive Breast Cancer19. Oncology Colon Cancer: Chemotherapy for Stage III Colon Cancer Patients
30
8/9/2019 HIT Policy Committee - 2010-07-21
31/60 1
CQM: Additional Set for EPs, contd
20. Prostate Cancer: Avoidance of Overuse of Bone Scan for Staging Low Risk Prostate CancerPatients
21. Smoking and Tobacco Use Cessation, Medical assistance: a) Advising Smokers and TobaccoUsers to Quit, b) Discussing Smoking and Tobacco Use Cessation Medications, c) DiscussingSmoking and Tobacco Use Cessation Strategies
22. Diabetes: Eye Exam
23. Diabetes: Urine Screening24. Diabetes: Foot Exam
25. Coronary Artery Disease (CAD): Drug Therapy for Lowering LDL-Cholesterol26. Heart Failure (HF): Warfarin Therapy Patients with Atrial Fibrillation
27. Ischemic Vascular Disease (IVD): Blood Pressure Management
28. Ischemic Vascular Disease (IVD): Use of Aspirin or Another Antithrombotic29. Initiation and Engagement of Alcohol and Other Drug Dependence Treatment: a) Initiation, b)
Engagement
30. Prenatal Care: Screening for Human Immunodeficiency Virus (HIV)
31. Prenatal Care: Anti-D Immune Globulin32. Controlling High Blood Pressure
33. Cervical Cancer Screening
34. Chlamydia Screening for Women35. Use of Appropriate Medications for Asthma
36. Low Back Pain: Use of Imaging Studies37. Ischemic Vascular Disease (IVD): Complete Lipid Panel and LDL Control
38. Diabetes: Hemoglobin A1c Control (
8/9/2019 HIT Policy Committee - 2010-07-21
32/60 1
Participation in HITECH and otherMedicare Incentive Programs for EPsOther Medicare Incentive
Program
Eligible for HITECH EHR Incentive Program?
Medicare Physician Quality
Reporting Initiative (PQRI)
Yes, if the EP is eligible.
Medicare Electronic Health
Record Demonstration (EHR
Demo)
Yes, if the EP is eligible.
Medicare Care Management
Performance Demonstration
(MCMP)
Yes, if the practice is eligible. The MCMP demo will end
before EHR incentive payments are available.
Electronic Prescribing (eRx)
Incentive Program
If the EP chooses to practice in the Medicare EHR Incentive
Program, they cannot participate in the Medicare eRx
Incentive Program simultaneously in the same program
year. If the EP chooses to participate in the Medicaid EHR
Incentive Program, they can participate in the Medicare
eRx Incentive Program simultaneously.
33
EHR Incentive Program Timeline Registration for the EHR Incentive Programs will begin in January 2011 For Medicare providers, attestation for the EHR Incentive Programs wil l
begin in April 2011 EHR incentive payments will be made 11 months after the rule is
published* For Medicaid providers, States may launch their programs in January 2011
and thereafter November 30, 2011 Last day for eligible hospitals and CAHs to register
and attest to receive an incentive payment for FFY 2011 (Medicareproviders)
February 29, 2012 Last day for EPs to register and attest to receive anincentive payment for CY 2011 (Medicare providers) 2015 Medicare payment adjustments begin for EPs and eligible hospitals
that are not meaningful users of EHR technology** 2016 Last year to receive a Medicare EHR incentive payment; Last year
to initiate participation in Medicaid EHR Incentive Program** 2021 Last year to receive Medicaid EHR incentive payment**
**Statutory
34
8/9/2019 HIT Policy Committee - 2010-07-21
33/60 1
More Information
: http://www.cms.gov/EHRIncentivePrograms
35
http://www.cms.gov/EHRIncentiveProgramshttp://www.cms.gov/EHRIncentivePrograms8/9/2019 HIT Policy Committee - 2010-07-21
34/60
8/9/2019 HIT Policy Committee - 2010-07-21
35/60
1
HIT Policy CommitteeHIT Policy Committee
Deven McGraw, Chair
Paul Egerman, Co-Chair
July 21, 2010
Charge
The Tiger Teams purpose and objective is to:
Address privacy and security issues raised by ONC
Provide practical guidance on health information exchange
Evaluate the topic within a specified context
Reach a consensus in developing policy recommendations at
an appropriate level
Document decisions and conclusions
2
8/9/2019 HIT Policy Committee - 2010-07-21
36/60
2
List of Members
CHAIRS:
Paul Egerman, Co-Chair,
Deven McGraw, Co-Chair, Center for Democracy & Technology
MEMBERS:
Dixie Baker, SAIC
Christine Bechtel, National Partnership for Women & Families
Rachel Block, NYS Department of Health
Carol Diamond, Markle Foundation
Judy Faulkner, EPIC Systems Corp.
Gayle Harrell, Consumer Representative/Florida
John Houston, University of Pittsburgh Medical Center; NCVHS
David Lansky, Pacific Business Group on Health
David McCallie, Cerner Corp.
Wes Rishel, Gartner
Latanya Sweeney, Carnegie Mellon University
Micky Tripathi, Massachusetts eHealth Collaborative3
Presentation Summary
Recommendations: on Fair Information Practices inHealth Information Exchan e focusin in articular on ,
collection, use and disclosure limits (including data re-
use and retention) (Deven)
Recommendations: on Consent (at a general level)(Paul)
4
8/9/2019 HIT Policy Committee - 2010-07-21
37/60
3
Framing: Scope
Tiger Team focused their discussions on the purposes for proposed Stage 1
Meaningful Use (MU)
Treatment
HealthHealthInformationInformationExchangeExchange
andCoordination
of Care
QualityReporting
PublicHealth
Reporting
5
Claims andPayment
Processing
Research
PatientAccess
Note: Patient Access, Research and Claims and Payment Processing are not in scope for this initial discussion.
Health Information Exchange: Fair Information Practices
ecommen a ons or a r n orma onPractices in Health Information
Exchange
With a particular focus on Collection, Use and
Disclosure Limits (Data Reuse and Retention)
6
8/9/2019 HIT Policy Committee - 2010-07-21
38/60
4
Fair Information Practices Recommended Principles andExpectations
Policy RecommendationsPolicy Recommendations -- OverarchingOverarching
1. The relationship between the patient and his or her healthcare provider is the foundation for trust in healthinformation exchange.
Thus, providers hold the trust and are ultimately
patients records.
Providers may delegate certain decisions related toexchange to others if such delegation is done in a way thatmaintains that trust.
7
Fair Information Practices Recommended Principles andExpectations (cont.)
2. Entities involved in health information exchange
including providers and third party service providerslike HIOs and intermediaries should follow the fullcomplement of fair information practices whenhandling patient information.
3. These include transparency, data integrity and quality,purpose specification, collection and use limitations,
, ,
access and control, and oversight and accountability.(ONC has articulated these in the NationwideFramework for Electronic Health InformationExchange, which was incorporated by the Policy
Committee into the Strategic Framework document.)8
8/9/2019 HIT Policy Committee - 2010-07-21
39/60
5
Fair Information Practices - Specific Applications
4. We used these principles and particularly thoserelated to purpose specification, collection and uselimitation and data minimization (see definitions below) :
Purpose specification: Specify the purposes for whichpersonal data are acquired, exchanged, retained, and/orused.
Collection limitation and data minimization: Acquireinformation only by fair and lawful means, and acquire,exchange, retain, and/or use only that information
.
Use Limitation: Personal data should not be disclosed,
exchanged, retained, made available, or otherwise usedfor purposes other than those specified.
Those questions follow on the next slides9
Questions
1. Should the exchange of IIHI for treatment be limited
to treatment of the individual who is the subject of the
health information (not other patients)?
2. In order to facilitate an IIHI request, how should the
relationship between provider and patient be
confirmed?
. permitted to access IIHI through an HIO? If so, what, if
any, additional requirements should be placed on these
Providers? Should data exchange with non-HIPAA
covered entities be permitted?10
8/9/2019 HIT Policy Committee - 2010-07-21
40/60
6
Questions (cont.)
4. How should public health reporting be handled?
5. How should quality reporting be handled?
6. What limits, if any, should apply to 3rd Party Service
Providers regarding data reuse?
7. What limits, if any, should be applied to retention
periods?
11
Questions (cont.)
8. Should 3rd party service Providers disclose to their
customers how the use and disclose information and ,
their privacy and security and retention policies and
procedures?
9. Are business associate agreements sufficient for
ensuring accountability?
*** The answers offered by the Tiger Team can be found inthe appendix.***
12
8/9/2019 HIT Policy Committee - 2010-07-21
41/60
7
Consent
The Tiger Team moved to a discussion of the role that
-
should play in health information exchange
This discussion assumed the adoption of the foregoing
recommendation that participants in health
information exchange would adopt and be held
accountable to the full spectrum of fair information
practices
Discussion also assumed application of current law(federal and state) on consent.
13
Fundamental Principles-Patient/Provider Relationship
The relationship between the patient and his or her
heath care rovider is the foundation for trust in health
information exchange.
Providers hold the trust and are ultimately responsible for
maintaining the privacy and security of their patients records
Providers may delegate certain decisions related to exchange
to others if such delegation is done in a way that maintains thattrust.
14
8/9/2019 HIT Policy Committee - 2010-07-21
42/60
8
Fundamental PrinciplesPatient Expectations
.
should not be surprised to learn what happens to their
data.
Decisions about patient choice should flow from (and
be consistent with) these fundamental principles.
15
Framing of Consent Discussion
patients participation in exchange generally (yes/no),
and we are viewing exchange from the standpoint of
Stage One of Meaningful Use.
We are not discussing more granular consent issues
.e., consen y ype o n orma on. n ec or a erJuly HIT Policy Committee meeting.).
16
8/9/2019 HIT Policy Committee - 2010-07-21
43/60
9
Previous Workgroup Recommendation
current law requires) in direct exchange from one
provider to another for treatment
Provider maintains control of his/her record and makes decision
about disclosure (to whom, what information, etc.)
Maintains the trust of provider-patient relationship
17
Patient Choice to Participate in Exchanges
What factors trigger the need for patientconsent to artici ate in information exchan e?
What approach should ONC take to a nationalpolicy on choice?
Should providers have a choice as to whetherthey participate in models of exchange?
Who should educate atients about choice?
How and by whom should consent be obtained& managed?
Consent durability
18
8/9/2019 HIT Policy Committee - 2010-07-21
44/60
10
1. Recommendations on Trigger Factors for Consent
What factors trigger the need by a provider to obtain thepatients consent for health information exchange withother providers?
Patients health information is no longer under control of either thepatient or the patients provider
Patients health information is retained for future use by a thirdparty/ intermediary
Patients health information is exposed to persons or entities forreasons not related to ongoing treatment (or payment for care)
Patients information is aggregated outside of a providers record orrecord of integrated delivery system/ACO with information about thepatient from other, external medical records.
The exchange is used to transmit information that is often perceivedto be more sensitive than other types of information (e.g. behavioralhealth, substance abuse, and other areas defined by NCVHS)**[parking lot for sensitive data discussion]
Significant change in the circumstances supporting an originalpatient consent
19
2 . Recommendations for Choice Model
What approach should ONC take to a national policyon choice?
Choice should be required if any of the factors in the
previous slide are present, and ONC should promote
this policy through all of its policy levers
20
8/9/2019 HIT Policy Committee - 2010-07-21
45/60
11
2 . Recommendations for Choice Model (cont.)
Must be meaningful choice
ability to make outside of urgent need for care;
not compelled or used for discriminatory purposes;
full transparency and education;
choice is proportional to/commensurate with the
exchange circumstances
must be consistent with patient expectations for
privacy, health, and safety; must address break the glass scenarios
21
2.(cont.)
What approach should ONC take to a national policyon choice? (Opt-in or Opt out)?
2 . Recommendations for Choice Model (cont.)
Two views were presented
***Details descriptions of these two views are found in he
appendix***
rules and left to decisions to be made by providers and HIOs.
Other members of the team felt very strongly that, for the issues
listed on Question #1, Opt-In should be required.
22
8/9/2019 HIT Policy Committee - 2010-07-21
46/60
12
3. Recommendation on Provider Choice
Should providers have a choice about participating in
Yes!
23
Summary Comment
Ultimately, to be successful, we
need to earn the trust of both
consumers and physicians.
24
8/9/2019 HIT Policy Committee - 2010-07-21
47/60
13
AppendixAppendix
25
Fair Information Practices Questions / Recommendations
Consistent with the four overarching principles andexpectat ons or a r n ormat on pract ces,
we addressed the following nine specific questions:
1. Should exchange of individually identifiable health information (IIHI)for treatment be limited to treatment of the individual who is thesubject of the health information (not other patients)?
ecommen a onThe exchange of PHI for treatment should be limited to treatment of theindividual who is the subject of the information, unless the provider hasthe consent of the subject individual to access, use, exchange or disclosehis or her information to treat others. [Note: need to explore possibleexception for maternal/infant care]
26
8/9/2019 HIT Policy Committee - 2010-07-21
48/60
14
Fair Information Practices Questions / Recommendations
2. In order to facilitate an IIHI re uest how should the relationshi
between provider and patient be confirmed?
(Recommendation)
The requesting provider, at a minimum, should provide attestation of their
treatment relationship with the individual.
This policy recommendation assumes that the requesting provider is
covered by HIPAA and state health privacy and security laws.
Requesting providers who are not covered should disclose this to the
disclosing provider before patient information is exchanged
27
Fair Information Practices Questions / Recommendations
3. Will Providers who are not covered by HIPAA be permitted to accessIIHI through an HIO? If so, what, if any, additional requirementsshould be laced on these Providers? Should data exchan e withnon-HIPAA covered entities be permitted?
(Recommendations)
Providers who exchange individually identifiable health information (IIHI)should be required to comply with applicable state and federal privacy andsecurity rules.
If a provider is not a HIPAA covered entity or business associate,
mechanisms to secure enforcement and accountability may include: Meaningful user criteria that require agreement to comply with the
HIPAA Privacy and Security Rules
NHIN conditions of participation
Federal funding conditions for other ONC programs
Contracts/BA agreements that hold all participants to HIPAA, statelaws, and any HIO policy requirements 28
8/9/2019 HIT Policy Committee - 2010-07-21
49/60
15
Fair Information Practices Questions / Recommendations
4. How should public health reporting be handled?
(Recommendations)u c ea repor ng y prov ers or s ac ng on e r e a s ou a e p ace
using the least amount of identifiable data necessary to fulfill the lawful public healthpurpose for which the information is being sought. Providers should account fordisclosure per existing law. More sensitive identifiable data should be subject to higherlevels of protection.
In cases where the law requires the reporting of identifiable data (or where identifiabledata is needed to accomplish the lawful public health purpose for which the informationis sought), identifiable data may be sent. Techniques that avoid identification, includingpseudonymization, should be considered, as appropriate.
The provider is responsible for disclosures from his or her records, but may delegatelawful public health reporting to an HIO (pursuant to a business associate agreement) toperform on his or her behalf; such delegation may be on a "per request" basis or may be
a more general delegation to respond to all lawful public health requests.
The HIO may not unnecessarily retain data. When the HIO is acting on behalf of theprovider, the HIO should retain data only as needed to fulfill the services specified in itsBA/service agreement with that provider, and supporting administrative functions.
29
Fair Information Practices Questions / Recommendations
5. How should quality reporting be handled?
(Recommendations)
Quality data reporting by providers (or HIOs acting on their behalf) should takeplace using the least amount of identifiable data necessary to fulfill thepurpose for which the information is being sought. Providers should accountfor disclosure. More sensitive identifiable data should be subject to higherlevels of protection.
The provider is responsible for disclosures from his or her records, but maydelegate lawful quality reporting to an HIO (pursuant to a business associateagreement) to perform on his or her behalf; such delegation may be on a "perre uest" basis or ma be a more eneral dele ation to res ond to all lawful
requests.
The HIO may not unnecessarily retain data. When the HIO is acting on behalfof the provider, the HIO should retain data only as needed to fulfill the servicesspecified in its BA/service agreement with that provider, and supportingadministrative functions.
30
8/9/2019 HIT Policy Committee - 2010-07-21
50/60
16
Fair Information Practices Questions / Recommendations
6. What limits, if any, should apply to 3rd Party Service Providers
regarding data reuse?
(Recommendation)
The principles of collection limitation, purpose specification and use
limitation should apply to Provider/3rd Party Service Provider uses of IIHI.
A third party service provider may not retain, use and disclose for any
agreement with the data provider, and supporting administrative functions,
or as required by law.
31
Fair Information Practices Questions / Recommendations
7. What limits, if any, should be applied to retention periods?
(Recommendation)
3rd party service providers may retain data only for as long as reasonably
necessary to perform the functions specified in the BA/service agreement
with the data provider, and supporting administrative functions. Retention
policies, must be established and disclosed and overseen; and data must
,
NIST standards and conditions set forth in the BA/service agreement.
32
8/9/2019 HIT Policy Committee - 2010-07-21
51/60
17
Fair Information Practices Questions / Recommendations
8. Should 3rd party service providers disclose to their customers how
they use and disclose information, and their privacy and securityand retention policies and procedures?
(Recommendation)
3rd party service providers should be obligated to disclose in their
BA/service agreements with their customers how they use and disclose
-,
data, and their retention policies and procedures
33
Fair Information Practices Questions / Recommendations
9. Are business associate agreements sufficient for ensuring
accountability?
(Recommendation)
While significant strides have been made, business associate
agreements, by themselves, are not sufficient to address the full
complement of governance issues, including oversight, accountability and
.
34
8/9/2019 HIT Policy Committee - 2010-07-21
52/60
18
Consent Option Opinion Summary
OPT - IN
architecture of the system. Technology should preserve ourvalues, and be determined by them not the other way around.
In order to gain the confidence of the public and achieve thepromised benefits from the adoption of health informationtechnology both providers and patients must be given true choiceabout whether to trust that technology and patients must have realchoice about what happens to their PHI. The only option that trulyprovides that real choice is the use the Opt In methodology. It isthe onl choice that can make a real difference in how anindividuals information is used, shared, and protected. Opt outis a choice too late; it relegates the patients choice to a secondary
consideration (after the horse is out of the barn) and undoubtedlywill feed into suspicion and distrust.
35
Consent Option Opinion Summary
ALTERNATIVE TO OPT- IN
When consent is needed, patients need to be given a Meaningful
Choice. Among other attributes, Meaningful Choice needs to be
proportionate with exchange circumstances and must provide
adequate time and knowledge to make decisions. It is more
important that we agree on these basic principles and on the
situations where choice is required, instead of trying to make
specific recommendations on the form of consent. The actual
Meaningful Choice principles and by the details of how the
exchange operates.
36
8/9/2019 HIT Policy Committee - 2010-07-21
53/60
8/9/2019 HIT Policy Committee - 2010-07-21
54/60
HIT Policy CommitteeAdoption Certification Workgroup
Proposed Next Steps
Paul Egerman, Chair
Marc Probst, Co-Chair
July 21, 2010
22
Agenda
The Workgroup
Recent Activities
ONC Presentations
Areas of Focus
Hearing on exploring barriers to EHR adoption
Next Steps
8/9/2019 HIT Policy Committee - 2010-07-21
55/60
33
Certification/Adoption Workgroup
Chairs:
Paul Egerman Marc Probst - Intermountain Healthcare
Members: Rick Chapman - Kindred Healthcare Adam Clark - Lance Armstrong Foundation Charles Kennedy - Wellpoint Scott White - SEIU Training & Employment Fund Latanya Sweeney - Carnegie Mellon University Steve Downs - Robert Wood Johnson Foundation Joseph Heyman - American Medical Association Teri Takai State Chief Information Officer, CA Micki Tripathi - Massachusetts eHealth Collaborative George Hripcsak - Columbia University Paul Tang - Palo Alto Medical Foundation Carl Dvorak- Epic Joan Ash- Oregon Health and Science University
4
Recent Activities
Continued focus on Certification efforts
Discussions with ONC Staff on mostappropriate areas to support
Presentations from Melinda Buntin and NedEllington from ONC
Identification and prioritization of areas of focus
Definition of proposed hearing to focus onbarriers to EHR adoption
8/9/2019 HIT Policy Committee - 2010-07-21
56/60
5
ONC Presentations
Melinda Buntin Director, Office of Economic Analysis & Modeling
Data Collection and Analysis
Modeling of Adoption
Supporting/Encouraging Adoption
ONC Performance Measurement
Ned Ellington Director, HITRC, Office of Provider Adoption Support
Provider Support
REC issues
Knowledge Sharing Network
Research and Resources (sharing best practices)
6
ONC Presentations (continued)
Specific actions discussed where Workgroupcan support ONC teams:
Participation in expert panel looking at initial models
Individual discussion/expert support to ONC teams
Aggregation of ideas from vendor/user communities
8/9/2019 HIT Policy Committee - 2010-07-21
57/60
7
Areas of focus specifically discussed
Adoption challenges faced by specific marketsegments (Thoughtful non-Adopters)
Coordination with Implementation Workgroup(HIT Standards Committee)
Monitor the Certification Process foreffectiveness
8
Areas of focus - other
REC Best Practices
EHR Best Practices (tips and techniques)
Training & Education
Success Stories on Adoption
Patient Access to Data Issues
EHR Safety
HIE Adoption
Workforce issues
Specific Physician issues
8/9/2019 HIT Policy Committee - 2010-07-21
58/60
9
Hearing: Exploring Barriers to EHR Adoption
Hearing on exploring barriers to EHR adoption:tools for the small- and medium-sized end
users
Separate sessions for physicians and hospitals
Focus on small- and medium-sized end users
Elicit input from vendors and practitioners
Focus on barriers to adoption and lessons learned
Goal is to provide ONC with better
understanding of the barriers andrecommendations for overcoming them
10
Next Steps
Support Modeling Conference (MelindaBuntin)
Work with ONC on Barriers Hearing
Follow-up Workgroup conference call onprioritizing action items
8/9/2019 HIT Policy Committee - 2010-07-21
59/60
8/9/2019 HIT Policy Committee - 2010-07-21
60/60
HIT Policy CommitteeInformation ExchangeWorkgroup
Micky Tripathi, Chair
David Lansky, Co-Chair
Workgroup Members
Chair: Micky Tripathi MA e-health Collaborative
Co-Chair: David Lansky Pacific Business Group on Health
Members: Judy Faulkner Epic
Connie W. Delaney University of Minnesota, Nursing
Gayle Harrell
Michael Klag Johns Hopkins School of Public Health
Deven McGraw Center for Democracy & Technology
Latanya Sweeney Carnegie Mellon University
Charles Kennedy WellPoint, Inc.
Paul Egerman
James Golden Minnesota Department of Health
Dave Goetz Department of Finance and Administration, TN
Jonah Frohlich California Health & Human Services
Steven Stack AMA
George Hripcsak Columbia University
Seth Foldy Wisconsin
Jim Buehler Centers for Disease Control and Prevention
Jessica Kahn Centers for Medicare & Medicaid